a7057f6e1d4b78b5c0dcdbe24a772ce1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7057f6e1d4b78b5c0dcdbe24a772ce1_JaffaCakes118
Size

6.2MB
MD5

a7057f6e1d4b78b5c0dcdbe24a772ce1
SHA1

0b22917600452bd95dfa334b94e4240a717115e7
SHA256

4d93629ac021adb56da5d59b367472e3fd2b74fe37693fe72136c04636fd26e3
SHA512

e24c0116a8cd57ee9e01cffab4ca2dd559857b337ecc38a7fdb2bebff7217cca04a4d76311999191d66378ce996375b246267b5b5562789cd3cd3a52344af62b
SSDEEP

98304:pYlgA8pIr/6VztgRajPMghpwh1vEJaN5wyopM2RXIFw+U:pYlgA8pDjg+p42OyyopM2R7

Score

1^/10

Malware Config

Signatures

Files

a7057f6e1d4b78b5c0dcdbe24a772ce1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9307b33bc4b9fbead5f0d15d8e147be7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:85:b8:b4:7c:28:b3:b2:13:a9:65:d2:42:87:a4:fd
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

10/05/2018, 00:00

Not After

09/06/2019, 23:59

Subject

CN=(주)호넷,OU=IT Team,O=(주)호넷,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:e0:ba:e1:b4:26:2c:67:78:bb:e2:d1:d9:a5:e5:b8:c7:27:98:41
Signer

Actual PE Digest

1f:e0:ba:e1:b4:26:2c:67:78:bb:e2:d1:d9:a5:e5:b8:c7:27:98:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\svn_local\웹하드\filehon_new_app\src\Client\Down\Release\Down.pdb

Imports

urlmon

URLDownloadToFileA

user32

GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
IsCharLowerA
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
WaitMessage
CharUpperBuffA
CopyIcon
FrameRect
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongA
DestroyAcceleratorTable
SetParent
LoadAcceleratorsW
PostThreadMessageA
GetNextDlgGroupItem
GetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
MessageBeep
GetSystemMenu
LoadMenuW
DeleteMenu
UnregisterClassA
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
RealChildWindowFromPoint
GetMenuItemInfoA
InflateRect
CharNextA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyIcon
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
InvalidateRgn
IntersectRect
CopyAcceleratorTableA
SetRectEmpty
LoadCursorA
GetSysColorBrush
RegisterClipboardFormatA
SetWindowContextHelpId
FindWindowA
LoadIconA
ShowWindow
SendMessageA
SetTimer
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
KillTimer
CloseWindow
InvalidateRect
EnableWindow
GetSysColor
SetCursor
UpdateWindow
RedrawWindow
CallWindowProcA
MessageBoxA
SetWindowLongA
IsWindow
GetWindowRect
GetParent
ReleaseCapture
PtInRect
SetRect
LoadBitmapW
MapVirtualKeyExA
SubtractRect
DestroyCursor
GetWindowRgn
GetClientRect
ClientToScreen
GetDC
ReleaseDC
GetActiveWindow
GetCapture
SetCapture
WindowFromPoint
GetWindowLongA
GetSystemMetrics
SetWindowRgn
PostMessageA
MapDialogRect
ShowOwnedPopups
GetMessageA
TranslateMessage
PostQuitMessage
DrawStateA
MapVirtualKeyA
GetKeyNameTextA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
CharUpperA
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
LoadCursorW
DrawIcon
SystemParametersInfoA
OffsetRect
IsRectEmpty
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
ValidateRect
CreateWindowExA
GetClassInfoExA
RegisterClassA
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
GetMenu
GetWindow
GetDlgCtrlID
CopyRect
FillRect
LoadImageA
GetClassNameA
EnumChildWindows
MapWindowPoints
RegisterWindowMessageA
keybd_event
GetClassInfoA
GetKeyState
ReplyMessage
LoadIconW
SetWindowPos
ExitWindowsEx
GetForegroundWindow
GetFocus
IsChild
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
GetMenuStringA
GetMenuState
AdjustWindowRectEx
IsIconic

kernel32

LocalAlloc
InterlockedIncrement
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileAttributesA
GetFileTime
GetTempFileNameA
GlobalFlags
GetCPInfo
GetOEMCP
GetSystemDirectoryW
GetACP
GetFileAttributesExA
GetFileSizeEx
GetCurrentDirectoryA
GetTempPathA
GetWindowsDirectoryA
GetNumberFormatA
GetProfileIntA
SearchPathA
VirtualProtect
FindResourceExW
EncodePointer
DecodePointer
RtlUnwind
FindFirstFileExA
RaiseException
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
ExitThread
CreateThread
HeapSetInformation
GetStartupInfoW
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitProcess
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsValidCodePage
LCMapStringW
GetStdHandle
GetTimeZoneInformation
GetStringTypeW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetDriveTypeW
CompareStringW
WriteConsoleW
GetCurrentDirectoryW
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
ResumeThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
GetModuleHandleW
InterlockedExchange
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetFullPathNameA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
lstrcmpiA
GetThreadLocale
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
ActivateActCtx
DeactivateActCtx
lstrcmpW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
CopyFileA
GlobalSize
lstrlenW
FindResourceA
GetUserDefaultLangID
FreeResource
GetExitCodeThread
GetSystemInfo
GetCurrentThread
SetThreadPriority
TerminateThread
SetEvent
CreateEventA
SetErrorMode
SetUnhandledExceptionFilter
GetLocalTime
GetCurrentProcessId
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineA
CreateMutexA
Sleep
GetTickCount
OpenProcess
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
lstrcpynA
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
InterlockedDecrement
lstrlenA
OutputDebugStringA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
lstrcpyA
GetCurrentThreadId
GetVolumeInformationA
CreateDirectoryA
FindFirstFileA
FindClose
GetDiskFreeSpaceExA
DeleteFileA
GetModuleHandleA
GetCurrentProcess
DuplicateHandle
GetExitCodeProcess
CreateRemoteThread
GetLastError
WaitForSingleObject
SetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileA
SetFilePointer
WriteFile
CloseHandle
MultiByteToWideChar
GetModuleFileNameA

gdi32

CreateSolidBrush
GetStockObject
PatBlt
DeleteObject
SetPixelV
GetTextFaceA
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPaletteEntries
ExtFloodFill
EnumFontFamiliesExA
SetPixel
SetDIBColorTable
OffsetRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Polyline
CreatePolygonRgn
CreateRoundRectRgn
SetRectRgn
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateDIBitmap
GetTextColor
GetBkColor
GetRgnBox
CreateFontIndirectA
CreateRectRgnIndirect
CreateHatchBrush
GetObjectType
SelectPalette
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
Ellipse
LPtoDP
CreateEllipticRgn
SetTextColor
CopyMetaFileA
CreateDCA
GetPixel
CreateRectRgn
CreateFontA
GetTextExtentPoint32A
Rectangle
GetDeviceCaps
CreatePen
CreateDIBSection
ExtCreateRegion
CombineRgn
StretchBlt
CreateCompatibleDC
SelectObject
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
GetObjectA

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegConnectRegistryA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
OpenProcessToken

shell32

DragQueryFileA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderA
DragFinish
SHGetFileInfoA
ShellExecuteA
Shell_NotifyIconA
ShellExecuteExA
SHGetSpecialFolderPathA
SHGetDesktopFolder

comctl32

ord17
ImageList_GetIconSize

shlwapi

UrlUnescapeA
PathFindFileNameA
StrFormatByteSize64A
PathGetArgsA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA

ole32

RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromProgID
CoCreateGuid
CoInitializeEx
CLSIDFromString
CreateStreamOnHGlobal
OleDraw
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VarBstrFromDate
OleCreateFontIndirect
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
SysAllocStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantChangeType
SysFreeString

oledlg

ord8

ws2_32

WSAStartup
WSACleanup
closesocket
WSAGetLastError
select
connect
htons
inet_addr
socket
__WSAFDIsSet
recv
WSASocketA
WSAConnect
setsockopt
WSAWaitForMultipleEvents
WSASend
WSARecv

gdiplus

GdipAlloc
GdipFree
GdiplusShutdown
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageGraphicsContext

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpAddRequestHeadersA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetQueryDataAvailable
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
DeleteUrlCacheEntry

nat

ord5
ord15
ord16
ord17
ord22
ord23
ord21
ord18

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9307b33bc4b9fbead5f0d15d8e147be7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:85:b8:b4:7c:28:b3:b2:13:a9:65:d2:42:87:a4:fdCertificate

Extended Key Usages

Key Usages

1f:e0:ba:e1:b4:26:2c:67:78:bb:e2:d1:d9:a5:e5:b8:c7:27:98:41Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

user32

kernel32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

ws2_32

gdiplus

version

wininet

nat

oleacc

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 333KB - Virtual size: 332KB

.data Size: 27KB - Virtual size: 59KB

.rsrc Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 194KB - Virtual size: 193KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:85:b8:b4:7c:28:b3:b2:13:a9:65:d2:42:87:a4:fd
Certificate

1f:e0:ba:e1:b4:26:2c:67:78:bb:e2:d1:d9:a5:e5:b8:c7:27:98:41
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 333KB - Virtual size: 332KB

.data
Size: 27KB - Virtual size: 59KB

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 194KB - Virtual size: 193KB