8c68b21ab85fe07d52f8089220237019_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c68b21ab85fe07d52f8089220237019_JaffaCakes118
Size

1.3MB
MD5

8c68b21ab85fe07d52f8089220237019
SHA1

dfe8e17bbeb3bdf842f513dea2e6e3dd3ccb71c6
SHA256

d0fb9530a310d52acca88add4fca313aff87f766b86f4eae38eba3feff53f676
SHA512

4531df3ec119a18596f5c02f6a7a1e6d8db0fa02d54756ce5d655f4c870aea98ad767e04e92d5c9f09c6e66f058b24b9a10ae0a1565e7f00c61a5d9411a3ec6e
SSDEEP

24576:msEtll++FtrAdmYEWHD78fFK7T4fX9A4hArbtBrv0udWc:mi+FpJZfF8T0NARrbvrJdH

Score

1^/10

Malware Config

Signatures

Files

8c68b21ab85fe07d52f8089220237019_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3c1480367f9b1850f0ec51c587976aa8

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:0f:ad:bc:e9:93:6c:e0:f1:09:87:51:9c:38:eb:cc
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/01/2019, 00:00

Not After

26/01/2022, 12:00

Subject

SERIALNUMBER=91320804MA1MKN9Q0G,CN=Anhui Shabake Network Technology Co.\, Ltd.,OU=运营,O=Anhui Shabake Network Technology Co.\, Ltd.,L=Ma'anshan,ST=Anhui,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13094d6127616e7368616e,1.3.6.1.4.1.311.60.2.1.2=#1305416e687569,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:7c:33:ee:46:05:e4:25:8c:bd:eb:c8:f6:9d:83:02:51:7b:e9:16:bb:36:14:dc:3a:f0:70:c5:66:8b:0d:2b
Signer

Actual PE Digest

76:7c:33:ee:46:05:e4:25:8c:bd:eb:c8:f6:9d:83:02:51:7b:e9:16:bb:36:14:dc:3a:f0:70:c5:66:8b:0d:2b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\456.pdb

Imports

comctl32

ord17

ws2_32

ioctlsocket
gethostname
htonl
ntohl
send
gethostbyname
closesocket
socket
recv
setsockopt
htons
connect
getaddrinfo
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
bind
getpeername
getsockname
getsockopt
ntohs
WSAIoctl
freeaddrinfo
recvfrom
sendto
accept
listen

kernel32

GetModuleFileNameW
GlobalUnlock
FlushInstructionCache
SetLastError
lstrcmpiW
LoadLibraryA
GetLocalTime
GetFileAttributesA
SetFileAttributesA
FreeResource
GetVersionExA
InterlockedExchange
GetModuleHandleA
GetThreadContext
SetThreadContext
VirtualQuery
InterlockedCompareExchange
VirtualFree
VirtualAlloc
VirtualProtect
SuspendThread
WriteFile
ReadFile
SetFilePointer
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
WideCharToMultiByte
lstrlenW
GlobalSize
GlobalFree
GetFileSize
OutputDebugStringW
LocalAlloc
LocalReAlloc
LocalLock
LocalUnlock
LocalSize
LocalFree
lstrcpynW
lstrcpyW
CreateThread
ResetEvent
SetProcessWorkingSetSize
GetTempFileNameW
DeleteFileW
GetExitCodeThread
IsBadReadPtr
GetVersionExW
GetSystemInfo
Process32First
TerminateProcess
Process32FirstW
Process32Next
Process32NextW
GetSystemDirectoryW
FileTimeToSystemTime
GlobalAlloc
SetEndOfFile
LoadLibraryW
SleepEx
InterlockedIncrement
VerifyVersionInfoA
FormatMessageA
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
GetPrivateProfileIntA
SwitchToThread
DeviceIoControl
GetFullPathNameW
SetStdHandle
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
RtlUnwind
GetCommandLineW
ExitThread
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetStringTypeW
LoadLibraryExW
FreeLibrary
FindClose
GlobalLock
lstrlenA
SetEnvironmentVariableA
WriteConsoleW
GetTimeZoneInformation
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
HeapDestroy
LeaveCriticalSection
RaiseException
GetLastError
ResumeThread
TerminateThread
DeleteFileA
SetFileAttributesW
WaitForMultipleObjects
CreateEventW
GetTempPathW
MultiByteToWideChar
GetSystemDirectoryA
GetFileAttributesW
GetTickCount
SetEvent
WaitForSingleObject
GetSystemTime
GetFileTime
CreateDirectoryA
CreateFileW
SystemTimeToFileTime
GetProcAddress
GetCurrentThread
GetTempPathA
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
CreateFileMappingW
GetModuleHandleW
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
CreateMutexW
CreateFileA
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceExW
Sleep
InterlockedDecrement
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
VerSetConditionMask

user32

GetMenuStringW
IsMenu
PtInRect
CharLowerBuffW
CharUpperBuffW
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowRgn
IsZoomed
GetPropW
DrawTextW
EqualRect
IsRectEmpty
OffsetRect
MapWindowPoints
GetActiveWindow
SetClassLongW
GetClassLongW
IntersectRect
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
SetCursor
RemovePropW
SetPropW
GetCapture
UpdateLayeredWindow
GetMenuItemCount
SetRectEmpty
CopyRect
GetSystemMetrics
LoadImageW
FlashWindowEx
TrackPopupMenu
EndMenu
GetIconInfo
DestroyCursor
UnregisterClassW
EnumDisplaySettingsW
DispatchMessageW
SendMessageW
IsWindow
ShowWindow
TranslateMessage
SetForegroundWindow
GetMessageW
DefWindowProcW
UpdateWindow
CreateWindowExW
PeekMessageW
RegisterClassExW
LoadCursorW
PostQuitMessage
CharNextA
MessageBoxW
PostMessageW
GetDesktopWindow
EnableWindow
PostThreadMessageW
GetSubMenu
LoadMenuW
DestroyMenu
GetSystemMenu
EnableMenuItem
SetWindowTextA
DialogBoxParamW
EndPaint
DestroyWindow
ScreenToClient
CharNextW
wsprintfW
SetWindowPos
SystemParametersInfoW
SetCursorPos
LoadIconW
GetClientRect
KillTimer
GetWindowRect
SetTimer
ClientToScreen
MoveWindow
CallWindowProcW
ReleaseCapture
GetSysColor
RedrawWindow
EndDialog
SetWindowLongW
ReleaseDC
GetClassNameW
GetWindowTextW
GetWindowLongW
InvalidateRect
GetDC
BeginPaint
SetFocus
GetKeyState
GetParent
GetFocus
SetCapture
FillRect

gdi32

SetTextColor
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
CreateBitmap
CreatePatternBrush
PatBlt
SetBkColor
GetBkColor
GetBkMode
GetTextColor
SetRectRgn
CreateRoundRectRgn
ExtCreateRegion
GetRegionData
GetViewportOrgEx
GetCurrentObject
GetClipBox
EnumFontsW
SetViewportOrgEx
SelectClipRgn
CreateRectRgn
CreateDIBSection
StretchBlt
SetDIBColorTable
SetBkMode
CreateFontW
GetDIBColorTable
TextOutW
TextOutA
DeleteDC
CreateSolidBrush
GetStockObject
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
CombineRgn
BitBlt

advapi32

CryptAcquireContextA
RegQueryInfoKeyW
RegDeleteKeyW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW

shell32

ord165

ole32

CoTaskMemRealloc
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
StgCreateDocfile
OleCreate
OleInitialize

oleaut32

VarUI4FromStr
VariantInit
VariantChangeType
LoadTypeLi
SysFreeString
VariantClear
GetErrorInfo
DispGetIDsOfNames
SysAllocString

gdiplus

GdipDrawRectangle
GdipFillRectangle
GdipLoadImageFromStream
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipFillPieI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteBrush
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipDisposeImage
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImageHeight
GdipFree
GdiplusShutdown
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipDrawLinesI

msimg32

TransparentBlt
AlphaBlend

crypt32

CertFreeCertificateContext

wldap32

ord35
ord33
ord32
ord30
ord200
ord301
ord27
ord26
ord22
ord41
ord50
ord79
ord143
ord46
ord211
ord60

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c1480367f9b1850f0ec51c587976aa8

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

01:0f:ad:bc:e9:93:6c:e0:f1:09:87:51:9c:38:eb:ccCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

76:7c:33:ee:46:05:e4:25:8c:bd:eb:c8:f6:9d:83:02:51:7b:e9:16:bb:36:14:dc:3a:f0:70:c5:66:8b:0d:2bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

msimg32

crypt32

wldap32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 203KB - Virtual size: 202KB

.data Size: 27KB - Virtual size: 43KB

.rsrc Size: 47KB - Virtual size: 46KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

01:0f:ad:bc:e9:93:6c:e0:f1:09:87:51:9c:38:eb:cc
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

76:7c:33:ee:46:05:e4:25:8c:bd:eb:c8:f6:9d:83:02:51:7b:e9:16:bb:36:14:dc:3a:f0:70:c5:66:8b:0d:2b
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 203KB - Virtual size: 202KB

.data
Size: 27KB - Virtual size: 43KB

.rsrc
Size: 47KB - Virtual size: 46KB