8d3b24855e383ed6070c3da2c5a1bfe4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8d3b24855e383ed6070c3da2c5a1bfe4_JaffaCakes118
Size

6.2MB
MD5

8d3b24855e383ed6070c3da2c5a1bfe4
SHA1

266b07df83b54e0bedfb37e36c0ad7e3087b82f7
SHA256

03cebd94d10cf77abafc8f8717a7d760a5ed19fe4740a06f0d4a17d476a7295c
SHA512

93ee83fb49a4a2e06e72e308a3a4ce65e1f8b4631d2bca32dcaafaba8fc2002a22f798729c662d591a3adfca55faf658f6c8e20c3f0e19d8bcd8dde6dd70a827
SSDEEP

196608:RE4e5q7Hc0zwexEzmAscUwG35uIqNVlq2CmAcH1OtKG:+pffexEzgQNLVlb1stp

Score

1^/10

Malware Config

Signatures

Files

8d3b24855e383ed6070c3da2c5a1bfe4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

593d066e399a02efa9e223ce9337d7e2

Code Sign

6a:ca:4e:38:6e:57:5c:76:cb:81:84:7b:74:f5:0b:54
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

05/01/2016, 07:48

Not After

05/01/2017, 07:48

Subject

CN=南京空指针软件科技有限公司,O=南京空指针软件科技有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:41:13:c0:22:f9:3f:b4:fd:fd:86:a9:51:c3:20:8f:9b:97:54:30
Signer

Actual PE Digest

7b:41:13:c0:22:f9:3f:b4:fd:fd:86:a9:51:c3:20:8f:9b:97:54:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryW
lstrcmpiW
CopyFileW
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcess
OpenProcess
SetLastError
TerminateProcess
Process32NextW
GetLastError
LocalFree
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
LocalAlloc
CreateDirectoryA
CreateFileA
WriteFile
WideCharToMultiByte
MultiByteToWideChar
FindClose
FindNextFileW
MoveFileExW
DeleteFileW
lstrlenA
SetEnvironmentVariableA
ReadConsoleW
ReadFile
SetEndOfFile
LCMapStringW
CompareStringW
FindFirstFileExW
OutputDebugStringW
GetStringTypeW
HeapReAlloc
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetTimeZoneInformation
HeapSize
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetStdHandle
GetStartupInfoW
TlsFree
CreateProcessW
CloseHandle
InterlockedDecrement
SizeofResource
LoadResource
FindResourceW
GetModuleHandleW
GetSystemTime
GetPrivateProfileStringW
lstrlenW
CreateFileW
WritePrivateProfileStringW
GetModuleFileNameW
GetExitCodeThread
WaitForSingleObject
GetVersionExW
GetTickCount
CreateDirectoryW
LoadLibraryW
FreeLibrary
Sleep
OpenMutexW
lstrcmpW
TlsSetValue
TlsGetValue
lstrcpyW
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetConsoleMode
lstrcatW
GetConsoleCP
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
GetSystemTimeAsFileTime
HeapAlloc
LoadLibraryExW
ExitThread
GetCurrentThreadId
CreateThread
EncodePointer
HeapFree
GlobalMemoryStatus
DecodePointer
GetProcAddress
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection

user32

SendMessageW
wsprintfW
PostQuitMessage
MessageBoxW
TranslateMessage
GetDesktopWindow
DispatchMessageW
PeekMessageW
SetWindowTextW

gdi32

GetObjectW
GetStockObject
CreateFontIndirectW

advapi32

RegSetValueExW
RegEnumKeyExA
GetUserNameW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathFileExistsA
PathFileExistsW
StrRChrIW

d3d9

Direct3DCreate9

ws2_32

WSAStartup

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

oleaut32

SysAllocString
VariantClear
SysFreeString

wininet

InternetCloseHandle
InternetReadFile
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetOpenW
InternetConnectW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

593d066e399a02efa9e223ce9337d7e2

Code Sign

6a:ca:4e:38:6e:57:5c:76:cb:81:84:7b:74:f5:0b:54Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

7b:41:13:c0:22:f9:3f:b4:fd:fd:86:a9:51:c3:20:8f:9b:97:54:30Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

version

shlwapi

d3d9

ws2_32

setupapi

oleaut32

wininet

iphlpapi

Sections

.text Size: 149KB - Virtual size: 149KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 14KB - Virtual size: 22KB

.rsrc Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 8KB - Virtual size: 7KB

6a:ca:4e:38:6e:57:5c:76:cb:81:84:7b:74:f5:0b:54
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

7b:41:13:c0:22:f9:3f:b4:fd:fd:86:a9:51:c3:20:8f:9b:97:54:30
Signer

.text
Size: 149KB - Virtual size: 149KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 14KB - Virtual size: 22KB

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 8KB - Virtual size: 7KB