ac5a5005d1b6b7cb62056661b0e44acd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac5a5005d1b6b7cb62056661b0e44acd_JaffaCakes118
Size

1.1MB
MD5

ac5a5005d1b6b7cb62056661b0e44acd
SHA1

f0aeda89a792f40d46cb8fc27a7b9f59b5aa17a9
SHA256

1d62b761b488bec9ccb80f17eece6157aef28ec8df24e873783710bf6299f040
SHA512

f03b127eb1515adc5e5d0eb9aa396ff97ade1880b43ba27aed6800e1956f8c79c2503f20b3d99cb9ab37328c05121e961e950f031b53670313741542baeba929
SSDEEP

24576:WSdwe/lzFKsYDUOq9rsAApedZa1yJV3hteRogTMau4xM:WSCeNzMsYDUxoAAEdZa1ybRt+TMWxM

Score

1^/10

Malware Config

Signatures

Files

ac5a5005d1b6b7cb62056661b0e44acd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

191904ae4bab44c3ec51ec339b90e6da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:86:44:63:bb:bc:2e:4e:67:d4:27:71:e4:cb:d9:a5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/04/2017, 00:00

Not After

04/02/2020, 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,OU=RD Department,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:e0:b5:be:99:0e:46:a6:96:3f:d9:a1:0d:d4:bb:ac
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/04/2017, 00:00

Not After

03/02/2020, 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,OU=RD Department,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b6:8a:8f:9e:fc:d7:43:7e:2c:64:59:b9:fa:c2:b4:22:f2:23:bf:d1:26:90:bd:d1:4e:9a:b8:f2:dd:24:c4:0c
Signer

Actual PE Digest

b6:8a:8f:9e:fc:d7:43:7e:2c:64:59:b9:fa:c2:b4:22:f2:23:bf:d1:26:90:bd:d1:4e:9a:b8:f2:dd:24:c4:0c

Digest Algorithm

sha256

PE Digest Matches

true

a6:5a:86:fc:96:a0:3f:f0:bd:10:b1:f7:87:5e:b4:44:e1:0d:d6:32
Signer

Actual PE Digest

a6:5a:86:fc:96:a0:3f:f0:bd:10:b1:f7:87:5e:b4:44:e1:0d:d6:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\func_improvement_20160101_branch\Build\Release\WPSOffice\wtoolex\newupdate.pdb

Imports

kernel32

GlobalFree
GlobalHandle
SetProcessWorkingSetSize
WaitForMultipleObjects
GetOverlappedResult
CancelIo
WaitNamedPipeW
FindClose
RemoveDirectoryW
FindNextFileW
MoveFileExW
FindFirstFileW
GetExitCodeProcess
GetModuleHandleA
ReadProcessMemory
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ProcessIdToSessionId
GetTempPathW
GetCurrentThread
GetVersion
GetLocalTime
ResetEvent
ResumeThread
InterlockedExchange
MoveFileW
GetExitCodeThread
ExitProcess
SetUnhandledExceptionFilter
CreateEventW
SetEvent
GlobalLock
GlobalUnlock
lstrcmpW
GlobalAlloc
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetFullPathNameA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
lstrcatW
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCPInfo
LCMapStringW
GetDriveTypeA
GetFileInformationByHandle
ExitThread
VirtualQuery
GetSystemInfo
VirtualProtect
FindFirstFileExW
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
RtlUnwind
GetStartupInfoW
HeapSetInformation
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
DecodePointer
EncodePointer
GetUserDefaultUILanguage
GetPrivateProfileSectionW
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
FormatMessageA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
InitializeCriticalSection
GetVersionExA
CreatePipe
GetStartupInfoA
CreateProcessA
WinExec
lstrcpyW
GetWindowsDirectoryW
MulDiv
FindResourceExW
LockResource
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileAttributesW
GetSystemDefaultLangID
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
FlushInstructionCache
Sleep
OpenMutexW
GetCommandLineW
OpenProcess
TerminateProcess
CopyFileW
WritePrivateProfileStringW
GetDiskFreeSpaceExW
GetTempFileNameW
GetCurrentProcess
LocalFree
SetEnvironmentVariableW
GetVersionExW
GetEnvironmentVariableW
GetPrivateProfileStringW
CreateFileA
DeviceIoControl
GetPrivateProfileIntW
LoadLibraryA
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrcmpiW
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
CreateThread
GetLastError
ReadFile
TerminateThread
GetProcAddress
CreateMutexW
GetModuleFileNameW
GetTickCount
WaitForSingleObject
CreateFileW
GetFileSize
WriteFile
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
SetFilePointer
CloseHandle
ReleaseMutex
GetFileAttributesExW
DeleteFileW
lstrlenW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
LoadLibraryW
GetLocaleInfoW

user32

RegisterClassExW
CallWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
DefWindowProcW
DestroyMenu
InsertMenuItemW
RemoveMenu
EnableMenuItem
LoadImageW
LoadCursorW
ExitWindowsEx
MessageBoxW
GetKeyState
LoadIconW
IsIconic
SwitchToThisWindow
CreateDialogIndirectParamW
SetTimer
GetClassInfoExW
EnumWindows
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
SetRect
CreateAcceleratorTableW
SetFocus
DestroyAcceleratorTable
RegisterWindowMessageW
CreateWindowExW
SendMessageW
PostMessageW
GetCursorPos
GetMenuItemID
SetMenuDefaultItem
LoadMenuW
GetMonitorInfoW
MonitorFromPoint
TrackPopupMenu
GetSubMenu
SetForegroundWindow
LoadStringW
SendMessageTimeoutW
GetActiveWindow
PeekMessageW
CharNextW
DestroyWindow
UnregisterClassA
wsprintfW
GetParent
KillTimer
IsWindow
EnumDisplayMonitors
GetWindow
GetClassNameW
RedrawWindow
InvalidateRgn
GetFocus
MapDialogRect
IsDialogMessageW
SetWindowContextHelpId
IsChild
SendDlgItemMessageW
DrawTextW
SetWindowTextW
GetSystemMetrics
PostQuitMessage
SetWindowPos
GetWindowLongW
DialogBoxIndirectParamW
GetDC
GetWindowRect
ShowWindow
SetCursor
DestroyIcon
GetDesktopWindow
FindWindowW
LoadBitmapW
FillRect
CreateIconIndirect
ReleaseDC
GetIconInfo
SetWindowRgn
GetDlgItem
IsWindowVisible
ScreenToClient
MoveWindow
CopyRect
DestroyCursor
GetSysColor
CopyIcon
EndPaint
BeginPaint
InflateRect
PtInRect
ReleaseCapture
DrawEdge
DrawFocusRect
GetCapture
SystemParametersInfoW
AdjustWindowRectEx
GetDlgCtrlID
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ClientToScreen
GetClientRect
GetMenu
DialogBoxParamW
CreateDialogParamW
EndDialog
SetWindowLongW

gdi32

BitBlt
CreateDIBSection
SetBkColor
SetTextColor
SetBkMode
CreateSolidBrush
CreateFontIndirectW
GetDeviceCaps
CombineRgn
GetPixel
CreateRectRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
StretchBlt
CreatePen
SelectObject
DeleteDC
DeleteObject
LineTo
GetTextMetricsW
MoveToEx
GetStockObject
GetTextExtentPoint32W
SetTextJustification
TextOutW
CreateRoundRectRgn
GetObjectW

shell32

Shell_NotifyIconW
ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW

ole32

CoInitialize
CoCreateGuid
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleSetClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

VariantInit
VariantChangeType
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VarUI4FromStr
VariantCopy
VariantClear
SysStringLen
SysAllocStringLen
DispCallFunc
OleCreateFontIndirect
LoadRegTypeLi

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RevertToSelf
RegOpenCurrentUser
ImpersonateLoggedOnUser
OpenProcessToken
RegQueryValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
EqualSid
IsValidSid
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
GetUserNameW
GetNamedSecurityInfoW
GetAclInformation
GetAce
CopySid
SetNamedSecurityInfoW
OpenThreadToken
InitializeAcl
AddAce
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
DuplicateTokenEx
GetLengthSid
SetTokenInformation
CryptGetHashParam
CreateProcessAsUserW
GetTokenInformation

wininet

DeleteUrlCacheEntryW
InternetQueryDataAvailable
InternetErrorDlg
InternetReadFile
InternetCrackUrlW
InternetAttemptConnect
InternetOpenW
InternetSetOptionExW
InternetConnectW
HttpOpenRequestW
InternetSetOptionW
HttpAddRequestHeadersW
HttpSendRequestW
InternetCloseHandle
HttpQueryInfoW

ws2_32

WSAStartup
gethostbyname
inet_ntoa
WSACleanup
gethostname
ioctlsocket
listen
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathAppendW

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_Destroy
ord17

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessImageFileNameW

userenv

UnloadUserProfile

wldap32

ord46
ord41
ord27
ord301
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143
ord211
ord22

Sections

.text
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

191904ae4bab44c3ec51ec339b90e6da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

60:86:44:63:bb:bc:2e:4e:67:d4:27:71:e4:cb:d9:a5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

44:e0:b5:be:99:0e:46:a6:96:3f:d9:a1:0d:d4:bb:acCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

b6:8a:8f:9e:fc:d7:43:7e:2c:64:59:b9:fa:c2:b4:22:f2:23:bf:d1:26:90:bd:d1:4e:9a:b8:f2:dd:24:c4:0cSigner

a6:5a:86:fc:96:a0:3f:f0:bd:10:b1:f7:87:5e:b4:44:e1:0d:d6:32Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

wininet

ws2_32

shlwapi

comctl32

version

psapi

userenv

wldap32

Sections

.text Size: 754KB - Virtual size: 754KB

.rdata Size: 226KB - Virtual size: 225KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 80KB - Virtual size: 79KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:86:44:63:bb:bc:2e:4e:67:d4:27:71:e4:cb:d9:a5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

44:e0:b5:be:99:0e:46:a6:96:3f:d9:a1:0d:d4:bb:ac
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

b6:8a:8f:9e:fc:d7:43:7e:2c:64:59:b9:fa:c2:b4:22:f2:23:bf:d1:26:90:bd:d1:4e:9a:b8:f2:dd:24:c4:0c
Signer

a6:5a:86:fc:96:a0:3f:f0:bd:10:b1:f7:87:5e:b4:44:e1:0d:d6:32
Signer

.text
Size: 754KB - Virtual size: 754KB

.rdata
Size: 226KB - Virtual size: 225KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 80KB - Virtual size: 79KB