95258252728fb8a7f52c012c554f6112_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

95258252728fb8a7f52c012c554f6112_JaffaCakes118
Size

1.5MB
MD5

95258252728fb8a7f52c012c554f6112
SHA1

53d43c7a098043f1cba834c0fe90a46c680ba843
SHA256

58088e4afaefe1ec2f91c572fc1099e33515c9aa756f530b0812ddcb76d72d2b
SHA512

7e898fd8fefe3ed2536dd3a9d2522f046d524188b44257756a8fdd9dc43727150ff2bdd7c9c5df918b43e52649fdd77c9b4ae36253e8b26531feb8512c73c247
SSDEEP

24576:Xjq/whO6gKAm5bP14KsZ7nN50xVoFQRmhPfozJ8PyBnPLdZwp/dzw:Tq/aPHsZ7g6Im9foSiLTwp/dzw

Score

1^/10

Malware Config

Signatures

Files

95258252728fb8a7f52c012c554f6112_JaffaCakes118
.exe windows:4 windows x86 arch:x86

293f02eb5f38ab08839cb2e24d92de54

Code Sign

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/10/2017, 00:00

Not After

12/11/2019, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/10/2017, 00:00

Not After

12/11/2019, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:bc:1f:67:27:4f:85:2c:d1:e0:73:b2:0b:0d:bb:4a:1b:2f:22:4a:78:03:6c:32:86:0c:a8:05:b1:33:0f:54
Signer

Actual PE Digest

6c:bc:1f:67:27:4f:85:2c:d1:e0:73:b2:0b:0d:bb:4a:1b:2f:22:4a:78:03:6c:32:86:0c:a8:05:b1:33:0f:54

Digest Algorithm

sha256

PE Digest Matches

true

46:60:c4:1d:fb:ee:ee:8d:28:48:85:f6:59:46:aa:92:89:46:3e:28
Signer

Actual PE Digest

46:60:c4:1d:fb:ee:ee:8d:28:48:85:f6:59:46:aa:92:89:46:3e:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\jenkins\workspace\srf_develop\ShuRuFa\程序\Trunk\Bin\pdbmap\WanNengWB\SkinReg32.pdb

Imports

shlwapi

PathFileExistsW

kernel32

GetLongPathNameW
MoveFileW
VirtualAlloc
VirtualFree
LoadLibraryA
IsBadReadPtr
HeapFree
GetProcessHeap
HeapAlloc
TlsAlloc
SetConsoleMode
ReadConsoleInputA
GetFileInformationByHandle
ExitThread
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
CreateThread
Sleep
FlushConsoleInputBuffer
GlobalMemoryStatus
FindFirstFileA
GetVersion
WaitForMultipleObjects
PeekNamedPipe
GetSystemDirectoryA
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
SetConsoleCtrlHandler
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
CreateFileA
InterlockedDecrement
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetFileSize
ReadFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineW
WaitForSingleObject
QueryPerformanceFrequency
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetEnvironmentVariableW
GetVersionExW
QueryPerformanceCounter
SetUnhandledExceptionFilter
SetErrorMode
VirtualProtect
GetModuleFileNameW
GetCurrentProcessId
GetCurrentProcess
GetLocalTime
GetPrivateProfileIntW
CreateProcessW
WritePrivateProfileStringW
LoadLibraryW
GetProcAddress
DeleteFileW
FreeLibrary
GetLastError
GetTickCount
TlsSetValue
TlsGetValue
GetCurrentThreadId
GetFileAttributesW
CreateFileW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CloseHandle
SetFileAttributesW
MultiByteToWideChar
CopyFileW
GetPrivateProfileStringW
CreateDirectoryW
SetStdHandle
GetStartupInfoA
SetHandleCount
GetFileType
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapDestroy
HeapSize
SetLastError
WideCharToMultiByte
GetTempPathW
GetFullPathNameA
GetCurrentDirectoryA
ExpandEnvironmentStringsW
TlsFree
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetVersionExA
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
GetSystemTimeAsFileTime

user32

GetDesktopWindow
GetWindowRect
MessageBoxW
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
FindWindowW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW

ole32

CLSIDFromString

urlmon

URLDownloadToFileW

ws2_32

shutdown
gethostname
ioctlsocket
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
closesocket
socket
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
WSASetLastError
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
sendto
recvfrom
accept
listen

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 996KB - Virtual size: 992KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

293f02eb5f38ab08839cb2e24d92de54

Code Sign

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

6c:bc:1f:67:27:4f:85:2c:d1:e0:73:b2:0b:0d:bb:4a:1b:2f:22:4a:78:03:6c:32:86:0c:a8:05:b1:33:0f:54Signer

46:60:c4:1d:fb:ee:ee:8d:28:48:85:f6:59:46:aa:92:89:46:3e:28Signer

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

urlmon

ws2_32

Exports

Exports

Sections

.text Size: 996KB - Virtual size: 992KB

.rdata Size: 276KB - Virtual size: 273KB

.data Size: 44KB - Virtual size: 70KB

.rsrc Size: 164KB - Virtual size: 160KB

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

6c:bc:1f:67:27:4f:85:2c:d1:e0:73:b2:0b:0d:bb:4a:1b:2f:22:4a:78:03:6c:32:86:0c:a8:05:b1:33:0f:54
Signer

46:60:c4:1d:fb:ee:ee:8d:28:48:85:f6:59:46:aa:92:89:46:3e:28
Signer

.text
Size: 996KB - Virtual size: 992KB

.rdata
Size: 276KB - Virtual size: 273KB

.data
Size: 44KB - Virtual size: 70KB

.rsrc
Size: 164KB - Virtual size: 160KB