9ae41fa8bcf2ebcc18a5c1386217e7c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9ae41fa8bcf2ebcc18a5c1386217e7c9_JaffaCakes118
Size

645KB
MD5

9ae41fa8bcf2ebcc18a5c1386217e7c9
SHA1

66ab1d2c03e7182f6edfc81e18cf5d5242596cca
SHA256

c2f44db4baf0b78acc501601339a778a157f96ef6cf1c523618e5a76f7d281fc
SHA512

a5f3aefb818b91ec4cf712cd267b40fde61f47aa4bb8030b73816c11e6a378afa3ad7e8342ed004bd9afbf9268f1b34394d78796867e9d338c8700ddf5e9c70c
SSDEEP

6144:cVn/auF+PjDQxfg7cTX94r7Um0JhMTz95nUQcTg6HYs2w4npOqnCLLQC08mLbHz:6DF+PjcfKcJ4fo0E5HepOCC6

Score

1^/10

Malware Config

Signatures

Files

9ae41fa8bcf2ebcc18a5c1386217e7c9_JaffaCakes118
.exe windows:6 windows x86 arch:x86

9b54db1f97888a7c0fb62894102a2754

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:46:ab:ed:6e:f7:18:7d:45:52:46:06:20:aa:62:0f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/01/2017, 00:00

Not After

14/07/2018, 23:59

Subject

CN=HANCOM. INC\,,O=HANCOM. INC\,,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c3:14:0e:26:e4:26:c8:0d:ea:22:60:6b:1c:7f:a5:5e:12:a2:9c:aa:c0:2d:b0:38:3f:03:61:73:90:73:70:c0
Signer

Actual PE Digest

c3:14:0e:26:e4:26:c8:0d:ea:22:60:6b:1c:7f:a5:5e:12:a2:9c:aa:c0:2d:b0:38:3f:03:61:73:90:73:70:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\HOffice90-Master-2013\Build\WindowsOfficeViewer\Bin\KeyLayout.pdb

Imports

kernel32

InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsProcessorFeaturePresent
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
VirtualAlloc
VirtualFree
IsDebuggerPresent
MulDiv
GetSystemDefaultLangID
FreeLibrary
SetCurrentDirectoryW
GetCurrentDirectoryW
FlushInstructionCache
GetCurrentProcess
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DecodePointer
GetCurrentThreadId
CreateSemaphoreW
GetModuleHandleExW
LoadLibraryW
SetEnvironmentVariableW
GetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
lstrcmpW
GetStringTypeW
ExpandEnvironmentStringsA
LoadLibraryExA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
GetProcAddress

user32

ClientToScreen
LoadIconW
DrawIcon
RegisterWindowMessageW
CharNextW
MessageBoxW
FindWindowW
GetParent
SetForegroundWindow
BringWindowToTop
CreateWindowExW
LoadCursorW
CopyRect
SetRect
GetKeyboardLayout
GetClassInfoExW
RegisterClassExW
SetWindowTextW
GetLastActivePopup
GetDesktopWindow
MoveWindow
GetWindowRect
IsWindow
KillTimer
DestroyIcon
UnregisterClassW
IsIconic
DefWindowProcW
DestroyCursor
CallWindowProcW
SetWindowLongW
GetKeyState
SendMessageW
SetCursor
InvalidateRect
ShowWindow
SetFocus
DestroyWindow
GetWindowLongW
GetDC
FillRect
OffsetRect
ReleaseDC
GetClientRect
PtInRect

advapi32

RegSetValueExW
RegOpenKeyExA
RegOpenKeyW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

OleInitialize
OleUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx

gdi32

GetFontData
GetOutlineTextMetricsW
SetTextAlign
GetTextColor
GetGlyphIndicesW
GetCharABCWidthsI
CreateFontIndirectW
DeleteObject
CreateFontW
CreatePen
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetDeviceCaps
SetBkMode
SetTextColor
ExtTextOutW
GetStockObject
RoundRect
BitBlt
DeleteDC

msvcp120

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

kernel

GetKernelEngine

msvcr120

__CxxFrameHandler3
__RTDynamicCast
_libm_sse2_cos_precise
_libm_sse2_sin_precise
iswascii
realloc
iswspace
__RTtypeid
??9type_info@@QBE_NABV0@@Z
_vsnwprintf_s
_CxxThrowException
_except_handler4_common
??3@YAXPAX@Z
wcscpy_s
wcsrchr
wcsncpy_s
wcscat_s
_purecall
vswprintf_s
malloc
free
memcpy_s
wcsstr
_recalloc
??_V@YAXPAX@Z
??2@YAPAXI@Z
memmove
_wsplitpath_s
_wmakepath_s
exit
_wcsicmp
swprintf_s
wcsncmp
calloc
_wcsupr_s
iswxdigit
_wfopen_s
fread
fclose
fwrite
qsort
memset
iswdigit
iswlower
wcschr
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
memcpy

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

hncprocessobject

HncReleaseProcessObject
HncCreateProcessObject

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b54db1f97888a7c0fb62894102a2754

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1c:46:ab:ed:6e:f7:18:7d:45:52:46:06:20:aa:62:0fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

c3:14:0e:26:e4:26:c8:0d:ea:22:60:6b:1c:7f:a5:5e:12:a2:9c:aa:c0:2d:b0:38:3f:03:61:73:90:73:70:c0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

gdi32

msvcp120

kernel

msvcr120

version

hncprocessobject

Sections

.text Size: 250KB - Virtual size: 249KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 56KB - Virtual size: 75KB

.rsrc Size: 284KB - Virtual size: 284KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1c:46:ab:ed:6e:f7:18:7d:45:52:46:06:20:aa:62:0f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

c3:14:0e:26:e4:26:c8:0d:ea:22:60:6b:1c:7f:a5:5e:12:a2:9c:aa:c0:2d:b0:38:3f:03:61:73:90:73:70:c0
Signer

.text
Size: 250KB - Virtual size: 249KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 56KB - Virtual size: 75KB

.rsrc
Size: 284KB - Virtual size: 284KB