ab53f53daa102cca331c14bd5d43e189_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab53f53daa102cca331c14bd5d43e189_JaffaCakes118
Size

7.8MB
MD5

ab53f53daa102cca331c14bd5d43e189
SHA1

911c154b694eb793357d1357804803b7dd4aa996
SHA256

dc01974ded94bd6979a573fbbe7ee8c32ef9b37f2630fe92c6c1edd6fddc02b2
SHA512

7c6e23a21d7ac7500fe5b9004f63d5e305a2a5262ebe34b3929a33885bbc4c19431dc119cae6b629ee06774548b4ffa86c7a620d9f996fbe0d2f96144a235b02
SSDEEP

98304:q6lORNSSWDcpMHkGqXwPgJeMeaTJLXnm/LtdHU0IxMEnZVQCj:q6lOKJeMEGqXwPlMeaThXmZ7AjQCj

Score

1^/10

Malware Config

Signatures

Files

ab53f53daa102cca331c14bd5d43e189_JaffaCakes118
.exe windows:5 windows x64 arch:x64

b651dc2748a8e58f77a913e4f47b90b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

72:d5:ca:f5:9a:3c:c6:44:c5:73:e1:3e:a0:89:2e:ab
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2015, 00:00

Not After

14/05/2018, 23:59

Subject

CN=Youngzsoft Co.\, Ltd.,OU=Software Development,O=Youngzsoft Co.\, Ltd.,L=Changsha,ST=Hunan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:57:46:68:0a:a4:4c:97:a0:bc:df:dd:86:0c:4c:11:d2:a2:80:69
Signer

Actual PE Digest

73:57:46:68:0a:a4:4c:97:a0:bc:df:dd:86:0c:4c:11:d2:a2:80:69

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Work\SVN\ccboot\Release\x64\CCBoot.pdb

Imports

kernel32

GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
LCMapStringW
GetConsoleCP
HeapQueryInformation
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
GetFileType
SetStdHandle
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
VirtualQuery
RtlPcToFileHeader
RaiseException
RtlUnwindEx
SetConsoleCtrlHandler
HeapReAlloc
ExitProcess
SizeofResource
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
SetErrorMode
FindResourceExW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
IsValidLocale
HeapSize
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
VirtualProtect
GetModuleHandleA
FreeResource
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
lstrcmpW
MulDiv
DuplicateHandle
OutputDebugStringW
lstrlenA
GetLocalTime
TerminateThread
GetVersion
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetLocaleInfoW
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
GetFileSize
SetFilePointer
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetFileInformationByHandle
GetFileSizeEx
SetEndOfFile
GetVolumeNameForVolumeMountPointW
CreateEventW
SetEvent
MapUserPhysicalPages
FreeUserPhysicalPages
VirtualFree
VirtualAlloc
AllocateUserPhysicalPages
GetSystemInfo
RemoveDirectoryW
GetComputerNameW
HeapFree
GetProcessHeap
HeapAlloc
OutputDebugStringA
GetCompressedFileSizeW
MoveFileExW
GetOverlappedResult
GetDiskFreeSpaceW
SystemTimeToFileTime
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
CopyFileExW
MoveFileW
GetTempPathW
LoadLibraryExW
LocalAlloc
FormatMessageW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
WriteFile
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
lstrcatW
ReadFile
GetFileAttributesW
GetCommandLineW
SetFileAttributesW
ExpandEnvironmentStringsW
GetVersionExW
CreateMutexW
GetSystemTime
LocalFree
WideCharToMultiByte
GlobalMemoryStatusEx
GetVolumeInformationW
CopyFileW
GetDiskFreeSpaceExW
DeviceIoControl
DeleteFileW
GetCurrentProcess
GetPrivateProfileSectionNamesW
GlobalUnlock
GlobalLock
GetSystemTimes
SetLastError
GetPrivateProfileStringW
GetSystemDirectoryW
GetTickCount
GetDriveTypeW
GetLogicalDrives
GlobalFree
GlobalAlloc
CreateFileW
MultiByteToWideChar
GetModuleHandleW
CreateThread
DeleteCriticalSection
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileIntW
GetWindowsDirectoryW
CreateDirectoryW
WaitForSingleObject
CreateProcessW
GetStartupInfoW
GetLastError
lstrcpyW
Sleep
lstrlenW
LeaveCriticalSection
CloseHandle
EnterCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
GetConsoleMode

user32

SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetWindowPos
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindowLongPtrW
WindowFromPoint
GetWindowTextLengthW
GetWindowTextW
SetScrollPos
SetFocus
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetMenuState
GetMenuStringW
GetClassInfoW
OffsetRect
ReleaseCapture
SetCapture
GetNextDlgGroupItem
ClientToScreen
LoadCursorW
SetMenu
GetTopWindow
SetActiveWindow
GetForegroundWindow
RemovePropW
GetPropW
SetPropW
GetClassLongPtrW
GetCapture
IsChild
WinHelpW
ScreenToClient
GetWindowRect
LoadMenuW
InsertMenuW
MsgWaitForMultipleObjects
EnableWindow
SendDlgItemMessageA
RegisterWindowMessageW
EndDialog
GetNextDlgTabItem
GetDesktopWindow
SetRectEmpty
UnionRect
DestroyMenu
SendMessageW
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
IsZoomed
GetAsyncKeyState
MapDialogRect
CharNextW
CharUpperW
SetWindowContextHelpId
GetSysColorBrush
UnregisterClassW
CopyAcceleratorTableW
InvalidateRgn
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
LoadIconW
DeleteMenu
GetSubMenu
GetClientRect
InvalidateRect
GetDlgItem
SetForegroundWindow
IsIconic
SetTimer
RegisterDeviceNotificationW
UnregisterDeviceNotification
wsprintfW
ModifyMenuW
IsMenu
GetClassNameW
GetWindow
MessageBoxW
KillTimer
LoadImageW
PostQuitMessage
AppendMenuW
GetSystemMenu
EnableMenuItem
GetMenuItemID
GetMenuItemCount
GetMenu
MoveWindow
TranslateAcceleratorW
LoadAcceleratorsW
GetWindowLongW
RedrawWindow
GetScrollPos
DrawFocusRect
DrawEdge
IsRectEmpty
SetRect
ReleaseDC
GetDC
FillRect
IsWindow
TranslateMessage
PeekMessageW
DispatchMessageW
InflateRect
CopyRect
PtInRect
GetSysColor
DestroyWindow
PostMessageW
FindWindowW
GetCursorPos
GetParent
CheckMenuItem
CreateDialogIndirectParamW
GetSystemMetrics
DrawIcon
IsWindowVisible
SetCursor
ExitWindowsEx
ShowWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
UpdateWindow

gdi32

GetMapMode
GetTextColor
GetTextMetricsW
CreateHatchBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
TextOutW
RectVisible
PtVisible
GetWindowExtEx
EnumFontFamiliesExW
CreateSolidBrush
CreateFontW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetTextExtentPoint32W
GetStockObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps
CreatePen
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
CreateRectRgnIndirect
ExtTextOutW
GetBkColor
SaveDC
RestoreDC
SetBkMode
SetROP2
SetMapMode
ExcludeClipRect
IntersectClipRect
GetRgnBox
GetViewportExtEx
LineTo
MoveToEx
DeleteObject
OffsetViewportOrgEx
SetViewportOrgEx
Escape

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetKeySecurity
CopySid
MakeSelfRelativeSD
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CreateServiceW
DeleteService
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
CloseServiceHandle
OpenSCManagerW
RegCreateKeyW
FreeSid
AllocateAndInitializeSid
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueW
RegQueryInfoKeyW
SetSecurityDescriptorGroup
RegGetKeySecurity
RegDeleteKeyW
SetSecurityDescriptorOwner
SetNamedSecurityInfoW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegUnLoadKeyW
RegLoadKeyW
LookupAccountNameW
IsValidSid
LsaOpenPolicy
LsaEnumerateAccountRights
LsaFreeMemory
LsaClose
LsaAddAccountRights
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
RegConnectRegistryW
RegEnumKeyExW
SetEntriesInAclW
GetSecurityDescriptorControl
ConvertSecurityDescriptorToStringSecurityDescriptorW
LookupAccountSidW
ConvertSidToStringSidW
GetAclInformation
GetAce
EqualSid
DeleteAce
IsValidAcl
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAce
MapGenericMask
ConvertStringSidToSidW
GetKernelObjectSecurity
GetNamedSecurityInfoW
IsValidSecurityDescriptor
SetSecurityInfo
GetSecurityDescriptorLength

shell32

SHChangeNotify
ShellExecuteW
Shell_NotifyIconW
ord190
SHOpenFolderAndSelectItems
ord155
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
StrStrIW
PathIsDirectoryW
PathFindFileNameW
PathRemoveFileSpecW
PathIsNetworkPathW
PathRelativePathToW
PathIsRelativeW
PathAppendW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoInitializeEx
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoUninitialize
CoSetProxyBlanket
CoQueryProxyBlanket
CoInitializeSecurity
CoInitialize
CoCreateInstance
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
CoRegisterMessageFilter

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
VariantChangeType
OleCreateFontIndirect
VariantCopy
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantInit
SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VarUdateFromDate
VarDateFromStr

ws2_32

connect
listen
WSAGetLastError
WSACloseEvent
WSASetLastError
accept
getsockname
recvfrom
WSACleanup
setsockopt
WSAStartup
inet_ntoa
__WSAFDIsSet
select
sendto
htons
socket
closesocket
gethostbyname
inet_addr
send
bind
ntohs
WSAIoctl
shutdown
recv
htonl
ntohl
getnameinfo
WSACreateEvent

wininet

InternetGetConnectedState
HttpQueryInfoW
HttpAddRequestHeadersW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW

pdh

PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
PdhGetFormattedCounterValue

iphlpapi

GetAdaptersInfo
SendARP
NotifyAddrChange
GetExtendedTcpTable
GetExtendedUdpTable
GetNetworkParams

rpcrt4

UuidCreate

dnsapi

DnsQuery_W
DnsFree

netapi32

NetShareAdd
NetShareDel
NetApiBufferFree
DsGetDcNameW
NetUseDel

mpr

WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

psapi

GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExW

setupapi

SetupOpenInfFileW
SetupCloseInfFile
SetupGetFieldCount
SetupGetStringFieldW
SetupFindNextLine
SetupGetMultiSzFieldW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupFindFirstLineW

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpen

crypt32

CryptUnprotectData
CryptProtectData

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 659KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b651dc2748a8e58f77a913e4f47b90b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

72:d5:ca:f5:9a:3c:c6:44:c5:73:e1:3e:a0:89:2e:abCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

73:57:46:68:0a:a4:4c:97:a0:bc:df:dd:86:0c:4c:11:d2:a2:80:69Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

pdh

iphlpapi

rpcrt4

dnsapi

netapi32

mpr

psapi

setupapi

winhttp

crypt32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 659KB - Virtual size: 659KB

.data Size: 24KB - Virtual size: 2.1MB

.pdata Size: 116KB - Virtual size: 115KB

.rsrc Size: 5.0MB - Virtual size: 5.0MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

72:d5:ca:f5:9a:3c:c6:44:c5:73:e1:3e:a0:89:2e:ab
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

73:57:46:68:0a:a4:4c:97:a0:bc:df:dd:86:0c:4c:11:d2:a2:80:69
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 659KB - Virtual size: 659KB

.data
Size: 24KB - Virtual size: 2.1MB

.pdata
Size: 116KB - Virtual size: 115KB

.rsrc
Size: 5.0MB - Virtual size: 5.0MB