94bac923a60fe43fef96da887c1e5cde_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

94bac923a60fe43fef96da887c1e5cde_JaffaCakes118
Size

3.1MB
MD5

94bac923a60fe43fef96da887c1e5cde
SHA1

439dca5c0bda0b5e8761b4022d159f266f696c4d
SHA256

d8b0e5d8e6aaec826fc02f360d9b4fc5b1b7d827adb36fc1b84c9f74f7400f18
SHA512

d45f545254312feb63deec49aa24a3af00871bd7e0f52af5c93a35152740495802a034c7917d75a2292f0ee2059654743a5e16bbd1e0dc0e161e2748c4f1a697
SSDEEP

49152:ohceGuXh+BW1btYGO5QbL3uZu7RXoX7cQTUnmTvNQxVFoJ8oc:oSkh7YGO5QbL3uK8ZvN+V9

Score

1^/10

Malware Config

Signatures

Files

94bac923a60fe43fef96da887c1e5cde_JaffaCakes118
.exe windows:5 windows x86 arch:x86

891ec8a405b1ff70ab54f9039062b7e8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/10/2017, 00:00

Not After

12/11/2019, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/10/2017, 00:00

Not After

12/11/2019, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:5e:42:f1:8a:eb:38:a0:41:4d:2b:57:cb:41:7d:27:d1:62:5e:c1:46:db:45:a8:b3:de:20:2e:d5:05:b8:43
Signer

Actual PE Digest

43:5e:42:f1:8a:eb:38:a0:41:4d:2b:57:cb:41:7d:27:d1:62:5e:c1:46:db:45:a8:b3:de:20:2e:d5:05:b8:43

Digest Algorithm

sha256

PE Digest Matches

true

25:e6:b5:b7:18:8a:63:96:5c:3f:5b:85:70:90:05:79:b4:e1:5c:8f
Signer

Actual PE Digest

25:e6:b5:b7:18:8a:63:96:5c:3f:5b:85:70:90:05:79:b4:e1:5c:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\srf_develop\ShuRuFa\程序\Trunk\Bin\pdbmap\WanNengWB\MainExe.pdb

Imports

kernel32

lstrcmpiW
LocalFree
GlobalAlloc
GlobalLock
GlobalUnlock
WriteFile
GetStdHandle
OpenProcess
GetTempPathW
GetWindowsDirectoryW
InterlockedDecrement
GetExitCodeProcess
CopyFileW
MoveFileExW
RemoveDirectoryW
GetSystemInfo
MulDiv
LCMapStringW
lstrcpyW
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
Sleep
CreateThread
TlsAlloc
GlobalAddAtomW
HeapDestroy
GetSystemTime
FormatMessageA
LoadLibraryA
GetTempPathA
DeleteFileA
GetFileAttributesA
UnlockFile
LockFileEx
LockFile
SetEnvironmentVariableA
GetFullPathNameA
SetEndOfFile
FlushFileBuffers
ReleaseMutex
LocalAlloc
GetTimeZoneInformation
SetFilePointerEx
SetStdHandle
HeapSize
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CompareStringW
GetStartupInfoW
TlsFree
TerminateProcess
SetLastError
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
RaiseException
GetCommandLineW
AreFileApisANSI
ExitProcess
HeapReAlloc
GetFullPathNameW
LoadLibraryExW
ExitThread
GetSystemTimeAsFileTime
WriteConsoleW
GetModuleHandleExW
GetFileType
IsProcessorFeaturePresent
IsDebuggerPresent
SetFilePointer
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetStringTypeW
InterlockedExchange
DecodePointer
EncodePointer
InterlockedIncrement
ReadProcessMemory
FindResourceExW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
GetEnvironmentStringsW
WaitForSingleObject
CreateMutexW
FindClose
FindNextFileW
FindFirstFileW
SizeofResource
LockResource
LoadResource
FindResourceW
SetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
DosDateTimeToFileTime
TlsGetValue
TlsSetValue
DeleteFileW
GetTickCount
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
GetEnvironmentVariableW
GetVersionExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryPerformanceCounter
GetPrivateProfileStringW
QueryPerformanceFrequency
SetUnhandledExceptionFilter
SetErrorMode
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
CreateDirectoryW
GetModuleFileNameW
LoadLibraryW
WritePrivateProfileStringW
CloseHandle
CreateProcessW
GetPrivateProfileIntW
GetLocalTime
HeapFree
GetLastError
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapAlloc
FreeEnvironmentStringsW

user32

SetMenuInfo
DestroyMenu
DeleteMenu
CreatePopupMenu
CreateMenu
GetClientRect
FillRect
ScreenToClient
MessageBeep
GetAsyncKeyState
GetDlgItemInt
SetDlgItemInt
EnableMenuItem
CallWindowProcW
ModifyMenuW
SetTimer
RemoveMenu
TrackPopupMenu
CharNextW
KillTimer
GetFocus
IsWindow
SendMessageTimeoutW
GetWindowTextW
FindWindowW
MessageBoxW
InsertMenuW
ShowWindow
PostMessageW
UnregisterHotKey
DrawTextW
IsWindowVisible
InvalidateRect
SetRect
PtInRect
ClientToScreen
SetCursor
LoadCursorW
GetDC
ReleaseDC
GetKeyState
GetWindowThreadProcessId
SendMessageW
GetKeyboardState
GetGUIThreadInfo
GetForegroundWindow
GetWindowLongW
SetWindowsHookExW
UnhookWindowsHookEx
keybd_event
CallNextHookEx
GetParent
GetWindowRect
AttachThreadInput
GetCaretPos
LoadKeyboardLayoutW
GetKeyboardLayoutList
GetKeyboardLayout
GetCursorPos
WindowFromPoint
GetClassNameW
SetWindowLongW
MoveWindow
SetWindowPos
PostQuitMessage
DefWindowProcW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
RegisterClassExW
CreateWindowExW
DestroyWindow
BringWindowToTop
OffsetRect
UpdateLayeredWindow
SetCapture
ReleaseCapture
BeginPaint
EndPaint
SetForegroundWindow
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
IsClipboardFormatAvailable
GetClipboardData
GetDesktopWindow
GetSystemMetrics
FindWindowExW
CharLowerW
MonitorFromPoint
GetDlgItemTextW
SetFocus
LoadIconW
GetWindowInfo
RegisterHotKey
IsIconic
GetDlgItem
EndDialog
SetDlgItemTextW
SetWindowTextW
DialogBoxParamW
RegisterWindowMessageW
SystemParametersInfoW
EnumDisplayMonitors
GetMonitorInfoW

gdi32

LineTo
MoveToEx
CreatePen
ExcludeClipRect
CreateDIBSection
GetTextExtentPointW
GetStockObject
CreateCompatibleDC
SelectObject
DeleteObject
GetDeviceCaps
CreateFontIndirectW
SetBkMode
SetTextColor
CreateCompatibleBitmap
BitBlt
CreateICW
EnumFontsW
CreateSolidBrush
CreateFontW
DeleteDC
GetTextExtentPoint32W
CreateBitmap
GetObjectW
CreateDCW
GetDIBits

advapi32

InitializeAcl
SetSecurityInfo
LookupAccountSidW
GetTokenInformation
RegCreateKeyExW
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountNameW
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
GetAce
EqualSid
AddAce
AddAccessAllowedAce

shell32

SHAppBarMessage
Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromString
CreateStreamOnHGlobal

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

shlwapi

PathFileExistsA
PathFileExistsW

gdiplus

GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipBitmapSetPixel
GdipDrawLineI
GdipCloneStringFormat
GdipFillPath
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipBitmapGetPixel
GdipSetImageAttributesColorKeys
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipGetLogFontW
GdipCloneBitmapAreaI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAddPathLineI
GdipAddPathArcI
GdipDeletePath
GdipCreatePath
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipDrawString
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipFree
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageRawFormat
GdipGetGenericFontFamilySansSerif
GdipSetImageAttributesColorMatrix
GdipFillRectangleI
GdiplusStartup
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipStringFormatGetGenericTypographic
GdipBitmapLockBits

imm32

ImmGetIMEFileNameW

psapi

GetModuleFileNameExW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

891ec8a405b1ff70ab54f9039062b7e8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

43:5e:42:f1:8a:eb:38:a0:41:4d:2b:57:cb:41:7d:27:d1:62:5e:c1:46:db:45:a8:b3:de:20:2e:d5:05:b8:43Signer

25:e6:b5:b7:18:8a:63:96:5c:3f:5b:85:70:90:05:79:b4:e1:5c:8fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

imm32

psapi

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 330KB - Virtual size: 330KB

.data Size: 184KB - Virtual size: 215KB

.rsrc Size: 731KB - Virtual size: 730KB

.reloc Size: 178KB - Virtual size: 178KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

43:5e:42:f1:8a:eb:38:a0:41:4d:2b:57:cb:41:7d:27:d1:62:5e:c1:46:db:45:a8:b3:de:20:2e:d5:05:b8:43
Signer

25:e6:b5:b7:18:8a:63:96:5c:3f:5b:85:70:90:05:79:b4:e1:5c:8f
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 330KB - Virtual size: 330KB

.data
Size: 184KB - Virtual size: 215KB

.rsrc
Size: 731KB - Virtual size: 730KB

.reloc
Size: 178KB - Virtual size: 178KB