8d037640648711c745b62b37cbfab819_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d037640648711c745b62b37cbfab819_JaffaCakes118
Size

1.3MB
MD5

8d037640648711c745b62b37cbfab819
SHA1

5c8a1f44227d2a9c51b788024b1cd0bf74099e25
SHA256

619b7d3e89d72f9328540aff79199e723103f259ee497d888ec1abc9175a34fa
SHA512

d5d498e27e2b6c36389db8311820a32db31ef61ca0a408b6abc9d7f46ad721494ab04fdc3a94f8bf48eaf5fdade765c189476f1c20a19317a1e580f37c2303bf
SSDEEP

24576:UMkCzXdOmkLGslIrnjgCHsa1Qs8dEPW6PtE1BmmD5u2pe1UIEmPMBFWOu456H7er:ddFsa8w1QsUF61E1B1peSI84H7iF0ZX8

Score

1^/10

Malware Config

Signatures

Files

8d037640648711c745b62b37cbfab819_JaffaCakes118
.exe windows:5 windows x86 arch:x86

92880e1d6e433e93108ffc48bfd63316

Code Sign

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/10/2017, 00:00

Not After

12/11/2019, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

eb:1a:6f:ce:0e:bb:89:36:74:5d:29:7a:2a:53:3f:14:30:aa:9f:d4:70:29:02:99:50:dd:8c:6f:18:29:74:00
Signer

Actual PE Digest

eb:1a:6f:ce:0e:bb:89:36:74:5d:29:7a:2a:53:3f:14:30:aa:9f:d4:70:29:02:99:50:dd:8c:6f:18:29:74:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\svn\LiuLanQi\ChengXu\Trunk\Bin\pdbmap\Pudding\WnUninstall.pdb

Imports

kernel32

SetEndOfFile
WriteConsoleW
GetFullPathNameW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleHandleExW
RtlUnwind
DosDateTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFilePointer
ExitProcess
MulDiv
FreeResource
GetCurrentDirectoryW
GetACP
ExpandEnvironmentStringsA
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
FormatMessageA
SleepEx
InitializeCriticalSection
LoadLibraryExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedDecrement
InterlockedIncrement
DecodePointer
FindResourceExW
WriteFile
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetVolumeInformationW
GetSystemDirectoryW
FindResourceW
SizeofResource
LoadResource
LockResource
lstrcpyW
CreateThread
GetPrivateProfileIntW
Sleep
SetUnhandledExceptionFilter
SetPriorityClass
OutputDebugStringA
DeviceIoControl
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
VerifyVersionInfoW
GetVersionExW
MoveFileExW
CopyFileW
FindNextFileW
FindFirstFileW
DeleteFileW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
CreateProcessW
GetModuleHandleW
LoadLibraryW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
OutputDebugStringW
lstrcmpiW
GetTickCount
FileTimeToSystemTime
IsDebuggerPresent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
FlushFileBuffers
CompareStringW
GetSystemInfo
GetLocalTime
CloseHandle
FindClose
ReadFile
GetFileSize
WaitForSingleObject
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
GetLastError
TlsAlloc
CreateEventW
SetLastError
TerminateProcess
GetCurrentThreadId
GetExitCodeProcess
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GlobalUnlock
GlobalLock
EncodePointer
GlobalAlloc
GetProcAddress
FreeLibrary
VerSetConditionMask
WritePrivateProfileStringW
GetPrivateProfileStringW
DuplicateHandle
GetModuleFileNameW

user32

DrawTextW
CharPrevW
MonitorFromPoint
MessageBoxW
IsIconic
FillRect
GetPropW
SetPropW
EnableWindow
SetRect
SetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
MonitorFromWindow
InvalidateRgn
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CharNextW
LoadStringW
InvalidateRect
SetTimer
PostQuitMessage
OffsetRect
GetCursorPos
IsWindow
SendMessageW
GetMonitorInfoW
PtInRect
LoadCursorW
SetWindowLongW
GetWindowLongW
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
wsprintfW
GetParent
GetDesktopWindow
GetWindowRect
GetWindowTextW
GetFocus
PostMessageW
SetCursor
InflateRect
GetMessageW
TranslateMessage
DispatchMessageW
IsZoomed
SetFocus
GetKeyState
SetCapture
ReleaseCapture
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
GetClientRect
ScreenToClient
MapWindowPoints
IsRectEmpty
GetWindow
IntersectRect
CreateCaret
SetWindowRgn

gdi32

GetStockObject
Rectangle
RestoreDC
SaveDC
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreatePen
GetDeviceCaps
CreateRoundRectRgn
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
CreateFontIndirectW
GetObjectA
CreateCompatibleBitmap
TextOutW
MoveToEx
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
BitBlt
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetTextExtentPoint32W

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
RegCreateKeyExA
RegEnumKeyW
RegOpenKeyW
RegSetValueExW
CryptDestroyKey
CryptGetHashParam
CryptImportKey
CryptEncrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CLSIDFromProgID
CLSIDFromString
RevokeDragDrop
RegisterDragDrop
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
OleLockRunning

oleaut32

VariantInit
VarUI4FromStr
VariantClear
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
SHDeleteKeyW
ord219

gdiplus

GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipAlloc
GdipFree
GdipCloneImage
GdipMeasureString
GdipDrawArcI
GdipGetImageWidth
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipDrawImageRectI
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipCreateLineBrushI
GdipSetTextRenderingHint
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipDrawImageRectRect
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDeleteBrush

iphlpapi

GetAdaptersInfo

comctl32

ord17
_TrackMouseEvent

wldap32

ord26
ord46
ord14
ord216
ord208
ord41
ord118
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord145

ws2_32

connect
closesocket
bind
WSASetLastError
select
getpeername
WSAGetLastError
send
recv
WSACleanup
WSAStartup
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
__WSAFDIsSet

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

Sections

.text
Size: 759KB - Virtual size: 759KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92880e1d6e433e93108ffc48bfd63316

Code Sign

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

eb:1a:6f:ce:0e:bb:89:36:74:5d:29:7a:2a:53:3f:14:30:aa:9f:d4:70:29:02:99:50:dd:8c:6f:18:29:74:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

iphlpapi

comctl32

wldap32

ws2_32

imm32

Sections

.text Size: 759KB - Virtual size: 759KB

.rdata Size: 183KB - Virtual size: 183KB

.data Size: 9KB - Virtual size: 25KB

.gfids Size: 512B - Virtual size: 380B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 356KB - Virtual size: 355KB

.reloc Size: 42KB - Virtual size: 42KB

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

eb:1a:6f:ce:0e:bb:89:36:74:5d:29:7a:2a:53:3f:14:30:aa:9f:d4:70:29:02:99:50:dd:8c:6f:18:29:74:00
Signer

.text
Size: 759KB - Virtual size: 759KB

.rdata
Size: 183KB - Virtual size: 183KB

.data
Size: 9KB - Virtual size: 25KB

.gfids
Size: 512B - Virtual size: 380B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 356KB - Virtual size: 355KB

.reloc
Size: 42KB - Virtual size: 42KB