a3a6f7b5bfa8bfa2726f60a4c427636e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a3a6f7b5bfa8bfa2726f60a4c427636e_JaffaCakes118
Size

1.2MB
MD5

a3a6f7b5bfa8bfa2726f60a4c427636e
SHA1

97db6b9028c8165fe86c0af0b71cf2c44755a74e
SHA256

5dd4f00661ffa45c33760bf8177863de90822ce9f6ebeb08383e82f9ab0dd9c7
SHA512

9b253e21e06eb4d681074eeb67c96bfbe1baf7c19150b9ff14076075fea7d27744a6cd5ca6987d3dec42e1c8f338d8cc2990bf50d8667b655319bebd6e8b6198
SSDEEP

24576:Lvywqpg8X4S58L+0nhLQhQr0JZklE9z1hxTjGT0+I6s9I6:LvKXPY+0nOhQ6ky9zxTKTj7sD

Score

1^/10

Malware Config

Signatures

Files

a3a6f7b5bfa8bfa2726f60a4c427636e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dd92c01bd2d302f434ab736c90f35b62

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/12/2015, 00:00

Not After

06/02/2018, 23:59

Subject

CN=BeiJing Baidu Netcom Science Technology Co.\, Ltd,OU=\ Engineering Excellence,O=BeiJing Baidu Netcom Science Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:8c:6e:85:8b:a3:ae:d8:9a:6e:c8:57:8f:4f:30:55:54:75:af:aa
Signer

Actual PE Digest

cd:8c:6e:85:8b:a3:ae:d8:9a:6e:c8:57:8f:4f:30:55:54:75:af:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\dl\Hao123Downloader\Hao123Downloader\bin\Hao123Downloader.pdb

Imports

kernel32

GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetFileSize
WriteFile
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
SetFilePointer
ReleaseSemaphore
CreateSemaphoreW
CreateEventW
ResumeThread
GetExitCodeThread
TerminateThread
InterlockedIncrement
WaitForMultipleObjects
InterlockedDecrement
SetEvent
GetVolumeInformationW
GetLocalTime
DeviceIoControl
GetCommandLineW
CreateFileW
GetFileTime
CopyFileW
FreeResource
GetTempPathW
GetLocaleInfoW
GetNumberFormatW
GetModuleFileNameW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
WaitForSingleObject
CloseHandle
CreateProcessW
Sleep
MoveFileExW
GetVersionExW
lstrcmpiW
lstrcatW
GetFullPathNameW
GetTickCount
CreateDirectoryW
lstrcpynW
lstrcmpA
LocalAlloc
LocalFree
WideCharToMultiByte
GetLastError
lstrlenA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFileAttributesW
RaiseException
lstrcpyW
lstrlenW
GetModuleHandleW
lstrcmpW
GetUserDefaultUILanguage
MulDiv
IsBadStringPtrW
SetEnvironmentVariableA
CompareStringW
GetFullPathNameA
FreeLibrary
LoadLibraryW
CreateFileA
GetProcAddress
GetCurrentProcess
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
FlushFileBuffers
WriteConsoleW
LockResource
SizeofResource
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
RtlUnwind
FindClose
GetDriveTypeW
FindFirstFileExW
DeleteFileW
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
GetStringTypeW
IsProcessorFeaturePresent
PeekNamedPipe
GetFileType
SetCurrentDirectoryW
GetConsoleCP
GetConsoleMode
HeapCreate
GetTimeZoneInformation
GetStdHandle
ExitProcess
SetHandleCount
FatalAppExitA
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
SetStdHandle
SetEndOfFile
LoadLibraryA

user32

UnionRect
DefWindowProcW
IsWindow
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
SendMessageW
LoadImageW
GetSystemMetrics
CallWindowProcW
GetPropW
SetPropW
AdjustWindowRectEx
GetMenu
EnumChildWindows
IsWindowVisible
FindWindowExW
GetKeyState
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
UpdateLayeredWindow
InvalidateRect
SetCapture
ReleaseCapture
SystemParametersInfoW
GetDC
SetWindowRgn
SetFocus
GetFocus
GetClassNameW
GetCursorPos
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
ReleaseDC
InflateRect
TranslateMessage
GetMessageW
PeekMessageW
EnableWindow
DrawFocusRect
DrawTextW
DrawIconEx
CharPrevW
SetRect
IsIconic
UpdateWindow
DestroyIcon
GetIconInfo
KillTimer
CreateCaret
GetWindowRect
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
CreatePopupMenu
GetCaretPos
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
FillRect
InvalidateRgn
MoveWindow
CreateAcceleratorTableW
ScreenToClient
IsZoomed
PostQuitMessage
DestroyWindow
CharNextW
GetWindowLongW
ShowWindow
GetDesktopWindow
PtInRect
IntersectRect
OffsetRect
SetCursor
LoadCursorW
PostMessageW
wsprintfW
SetWindowLongW
SetTimer
DispatchMessageW
HideCaret
MessageBoxW

advapi32

RegCloseKey
CreateProcessAsUserW
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegCreateKeyExW
SaferCloseLevel
SaferComputeTokenFromLevel
SaferCreateLevel

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetMalloc
ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
ReleaseStgMedium
OleLockRunning
CLSIDFromString
CLSIDFromProgID
StgCreateDocfile
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject
OleCreateStaticFromData
OleDuplicateData
CoInitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

PathFindExtensionW
PathFileExistsW
PathAppendW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

urlmon

URLDownloadToFileW
ObtainUserAgentString

wininet

InternetCheckConnectionW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetSetOptionW
InternetOpenW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpReadData
WinHttpCrackUrl

crypt32

CryptMsgGetParam
CryptDecodeObject
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject

wintrust

WinVerifyTrust

iphlpapi

GetAdaptersInfo

gdi32

OffsetRgn
PtInRegion
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CombineRgn
StretchBlt
CreateRoundRectRgn
GetDIBits
GetObjectW
CreateRectRgn
GetBitmapBits
DeleteDC
LineTo
MoveToEx
CreateFontIndirectW
Rectangle
GetStockObject
RoundRect
GetTextExtentPoint32W
SetBkMode
SetTextColor
GdiFlush
TextOutW
DeleteObject
SelectObject
GetTextMetricsW
CreateCompatibleDC
SaveDC
BitBlt
RestoreDC
CreateDIBSection
SetWindowOrgEx
SetStretchBltMode
GetCharABCWidthsW
SetBkColor
GetDeviceCaps
SetBitmapBits
CreateCompatibleBitmap
CreateSolidBrush
CreatePatternBrush
CreateDCW
SetDIBColorTable
CreatePen

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipReleaseDC
GdipSaveGraphics
GdipDrawImageI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipSaveImageToStream
GdiplusStartup
GdiplusShutdown
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreatePath
GdipDeletePath
GdipDeleteGraphics
GdipDeleteFont
GdipGetImageWidth
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesColorKeys
GdipSetImageAttributesWrapMode
GdipCreateSolidFill
GdipSetPenDashStyle
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipAddPathLineI
GdipAddPathArcI
GdipCreateFromHDC
GdipSaveImageToFile
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipDrawString
GdipMeasureString
GdipDrawImageRectRectI
GdipCreateFontFromDC
GdipCloneBrush
GdipGraphicsClear
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCloneImage
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

Sections

.text
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd92c01bd2d302f434ab736c90f35b62

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

cd:8c:6e:85:8b:a3:ae:d8:9a:6e:c8:57:8f:4f:30:55:54:75:af:aaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

urlmon

wininet

userenv

winhttp

crypt32

wintrust

iphlpapi

gdi32

comctl32

gdiplus

imm32

Sections

.text Size: 836KB - Virtual size: 835KB

.rdata Size: 212KB - Virtual size: 211KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 142KB - Virtual size: 141KB

.reloc Size: 50KB - Virtual size: 49KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

cd:8c:6e:85:8b:a3:ae:d8:9a:6e:c8:57:8f:4f:30:55:54:75:af:aa
Signer

.text
Size: 836KB - Virtual size: 835KB

.rdata
Size: 212KB - Virtual size: 211KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 142KB - Virtual size: 141KB

.reloc
Size: 50KB - Virtual size: 49KB