ae8e8c4ec0e63255aabaf462dfcb6f07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae8e8c4ec0e63255aabaf462dfcb6f07_JaffaCakes118
Size

260KB
MD5

ae8e8c4ec0e63255aabaf462dfcb6f07
SHA1

aa480df82c08a95f77231a3b3e2eb8ec01b6d8a6
SHA256

f57ae619f2200cef05390461afa30489bb3340347f3bfbc10a339d46775cd54d
SHA512

7077872d1c4d071518a895bcf8ba0c4c11326c256151038689cf7119759296aec747bec15ec4f3d280e9c2a8b297f8c4d2ac46d2f59390fcf2b36d75a8f2e44e
SSDEEP

6144:oWlFEkgNh7z8sD09bEZ5slQk1m0EqRaup1:v4P8sqaslQk1m0fa0

Score

1^/10

Malware Config

Signatures

Files

ae8e8c4ec0e63255aabaf462dfcb6f07_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2c1d7e94a6c239f9c641fabc3ec18ea4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/05/2015, 00:00

Not After

06/06/2018, 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:b4:1d:1d:23:d3:7a:20:85:3b:a2:41:d2:74:f4:d2:87:01:95:b9
Signer

Actual PE Digest

eb:b4:1d:1d:23:d3:7a:20:85:3b:a2:41:d2:74:f4:d2:87:01:95:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
RtlUnwind
RaiseException
GetDriveTypeW
FindFirstFileW
ExitThread
CreateThread
GetCommandLineA
HeapAlloc
HeapFree
VirtualAlloc
HeapReAlloc
HeapSize
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetFullPathNameW
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetLocaleInfoW
CreateFileW
LCMapStringW
LCMapStringA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
GetDriveTypeA
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetOEMCP
GetCPInfo
GetLocaleInfoA
InterlockedExchange
GlobalFlags
CreateFileA
FindClose
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
FileTimeToSystemTime
lstrcmpA
GlobalGetAtomNameA
InterlockedIncrement
GetModuleHandleW
CompareStringA
FreeLibrary
InterlockedDecrement
GetModuleHandleA
GetProcAddress
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameA
CreateEventA
SetEvent
GetCurrentThreadId
SetThreadPriority
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
GetLastError
SetLastError
Sleep
TerminateThread
CloseHandle
WaitForSingleObject
GetExitCodeThread
WaitForMultipleObjects
lstrlenA
DeleteFileW
GetFileAttributesW
SuspendThread
ResumeThread
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
GetStartupInfoA
SizeofResource

user32

PostQuitMessage
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ClientToScreen
ShowWindow
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
MessageBoxA
GetSubMenu
GetMenuItemCount
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
SetPropA
GetMenuItemID
GetMenuState
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
SendMessageA
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
GetWindowThreadProcessId
UnhookWindowsHookEx
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextA
LoadCursorA

gdi32

ScaleWindowExtEx
DeleteDC
GetStockObject
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetSetOptionA
HttpQueryInfoA

winmm

timeGetTime

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

??0DownloadHelper@@QAE@ABV0@@Z
??0DownloadHelper@@QAE@XZ
??0Thread@@QAE@ABV0@@Z
??0Thread@@QAE@XZ
??1DownloadHelper@@UAE@XZ
??1Thread@@UAE@XZ
??4DownloadHelper@@QAEAAV0@ABV0@@Z
??4Thread@@QAEAAV0@ABV0@@Z
??_7DownloadHelper@@6B@
??_7Thread@@6B@
?Resume@DownloadHelper@@QAEHXZ
?Suspend@DownloadHelper@@QAEHXZ
?addDownloadTask@DownloadHelper@@QAE_NPBDPB_W@Z
?detach@Thread@@QAEXXZ
?exist@DownloadHelper@@AAE_NH@Z
?join@Thread@@QAEPAXXZ
?resume@Thread@@QAEXXZ
?run@DownloadHelper@@UAEPAXPAX@Z
?setOnFinish@DownloadHelper@@QAEXP6AXXZ@Z
?sleep@Thread@@SAXI@Z
?start@Thread@@QAEHPAX@Z
?startDownload@DownloadHelper@@QAE_NXZ
?stop@Thread@@QAEXXZ
?stopDownload@DownloadHelper@@QAE_NXZ
?suspend@Thread@@QAEXXZ

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c1d7e94a6c239f9c641fabc3ec18ea4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

eb:b4:1d:1d:23:d3:7a:20:85:3b:a2:41:d2:74:f4:d2:87:01:95:b9Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

wininet

winmm

oleaut32

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 176KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 28KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

eb:b4:1d:1d:23:d3:7a:20:85:3b:a2:41:d2:74:f4:d2:87:01:95:b9
Signer

.text
Size: 176KB - Virtual size: 176KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 28KB