b2b4786569ebf0e3d9e96d7145142674_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b2b4786569ebf0e3d9e96d7145142674_JaffaCakes118
Size

2.8MB
MD5

b2b4786569ebf0e3d9e96d7145142674
SHA1

47e0c40f448747b16f07c38e765925918cfd7897
SHA256

0ddda1f0058ef0c3c05952d127a8517f6bfcdbe07d0689e26374470e8ebd1f7b
SHA512

7886b42c23e6e3fedb8c1fbb01888448751391f8763816124dde660ee7dd861474dd3b412f7cdd281dd1aa5c419290f6711ca4f4e3407359161875a46e96f869
SSDEEP

49152:cfe5fdTT0LLygXtKKxDDGrwr94vDxRG9vkzCaInKayCrAC4wVu0ToxAML:TpdTT0JXtK1rwr9gxRG9s3InKayCrGwQ

Score

1^/10

Malware Config

Signatures

Files

b2b4786569ebf0e3d9e96d7145142674_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a7106e1385fc873a4b54efc34030850f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:83:ec:95:45:f3:15:9b:de:9a:63:c1:63:58:7a:66:a8:b3:d4:3c:ff:a1:9c:96:d3:ff:c8:af:29:ad:88:c2
Signer

Actual PE Digest

b6:83:ec:95:45:f3:15:9b:de:9a:63:c1:63:58:7a:66:a8:b3:d4:3c:ff:a1:9c:96:d3:ff:c8:af:29:ad:88:c2

Digest Algorithm

sha256

PE Digest Matches

true

f3:4b:24:95:5f:35:16:d6:e6:de:34:09:3c:d1:88:0e:77:3b:da:7c
Signer

Actual PE Digest

f3:4b:24:95:5f:35:16:d6:e6:de:34:09:3c:d1:88:0e:77:3b:da:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htons
ntohl
htonl

psapi

GetModuleInformation
GetModuleFileNameExW

kernel32

GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
InterlockedCompareExchange
InterlockedExchange
WritePrivateProfileStringW
MultiByteToWideChar
FindFirstFileW
FindClose
FreeLibrary
GetLogicalDrives
CopyFileW
GetDriveTypeW
DeleteFileW
GetFileSize
ReadFile
WriteFile
LocalFree
ExpandEnvironmentStringsW
GetCurrentProcessId
IsBadWritePtr
GetSystemDirectoryW
InterlockedIncrement
VirtualAlloc
GetWindowsDirectoryW
InterlockedDecrement
DuplicateHandle
VirtualFree
SetDllDirectoryW
GetCommandLineW
FreeResource
LoadLibraryExW
GetPrivateProfileStringW
TerminateThread
WaitForMultipleObjects
GetCurrentThreadId
CreateMutexW
GetLongPathNameW
RaiseException
GetFullPathNameW
CreateFileMappingW
MapViewOfFileEx
OpenFileMappingW
UnmapViewOfFile
GetCPInfo
MapViewOfFile
OpenMutexW
SetFilePointer
GetSystemTime
SystemTimeToFileTime
OutputDebugStringW
GetLocalTime
FindNextFileW
SetLastError
FlushInstructionCache
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
ReadProcessMemory
VirtualAllocEx
lstrcpynW
GetSystemTimeAsFileTime
CreateRemoteThread
ResumeThread
GetTempPathW
WriteProcessMemory
OpenEventW
MoveFileExW
CreateDirectoryW
SwitchToThread
ReleaseMutex
CreateThread
ReadDirectoryChangesW
Module32FirstW
Module32NextW
GetExitCodeThread
GetVersion
GetModuleHandleExW
FileTimeToLocalFileTime
FileTimeToSystemTime
RemoveDirectoryW
GetFileAttributesExW
GetModuleFileNameA
GetTempFileNameW
GetFileAttributesW
VirtualQuery
GetSystemInfo
GetSystemDefaultLangID
LoadLibraryA
ResetEvent
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
IsDebuggerPresent
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
VirtualProtectEx
GetThreadContext
SetThreadContext
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetStdHandle
ExitProcess
VirtualQueryEx
SuspendThread
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetOEMCP
IsValidCodePage
HeapCreate
VirtualProtect
WideCharToMultiByte
lstrlenW
TlsSetValue
TlsGetValue
TlsFree
SetUnhandledExceptionFilter
TlsAlloc
GetUserDefaultLCID
EnumSystemLocalesA
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetTimeZoneInformation
CompareStringA
CompareStringW
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
IsValidLocale
GetModuleFileNameW
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
LoadLibraryW
CreateFileW
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
GetLastError
ProcessIdToSessionId
CompareFileTime
GetProcessTimes
OpenProcess
SleepEx
Thread32Next
Thread32First
Sleep
CreateProcessW
GetModuleHandleW
GetProcAddress
GetVersionExW
Process32NextW
lstrcmpiW
DeviceIoControl
Process32FirstW
CreateToolhelp32Snapshot
GetThreadTimes
OpenThread
GetCurrentProcess
CloseHandle
IsProcessorFeaturePresent
ExitThread
UnhandledExceptionFilter
GetCommandLineA
RtlUnwind
GetDriveTypeA
CreateFileA
SetEndOfFile
SetEnvironmentVariableA
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MoveFileW
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
FreeEnvironmentStringsA

user32

GetQueueStatus
SetTimer
FindWindowA
IsIconic
GetLastInputInfo
MsgWaitForMultipleObjectsEx
GetUserObjectInformationW
GetDesktopWindow
wsprintfW
WaitMessage
CallNextHookEx
RegisterWindowMessageW
LoadCursorW
KillTimer
RegisterClassExW
TranslateMessage
GetMessageW
CreateWindowExW
PostQuitMessage
GetWindowLongW
DestroyWindow
SetWindowLongW
IsWindow
CallWindowProcW
CharNextW
DefWindowProcW
PostMessageW
MessageBoxW
SendMessageTimeoutW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
SetThreadDesktop
CloseDesktop
SendMessageW
ShowWindow
CharUpperW
GetWindowThreadProcessId
FindWindowExW
FindWindowW
UnregisterClassW
EnumWindows
GetClassInfoExW
GetForegroundWindow
UnregisterClassA
CreateDesktopW

advapi32

RegCreateKeyW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
RegOpenKeyW
RevertToSelf
GetUserNameW
RegQueryInfoKeyW
DeleteService
ChangeServiceConfig2W
CreateServiceW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
StartServiceW
ConvertSidToStringSidW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
LookupAccountNameW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
CreateProcessAsUserW
DuplicateTokenEx
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoTaskMemFree
CoInitializeEx
CoTaskMemRealloc
CoUninitialize
CoCreateGuid
CoInitializeSecurity
CoFreeLibrary
CoLoadLibrary
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoSetProxyBlanket
CoTaskMemAlloc
CoInitialize
StringFromGUID2
CLSIDFromProgID

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
SysAllocStringLen
SysFreeString
VariantClear
VarUI4FromStr
SysAllocString
SysStringLen

shlwapi

PathCombineW
PathRemoveFileSpecW
PathAddExtensionW
PathRemoveExtensionW
PathQuoteSpacesW
PathIsDirectoryW
SHDeleteKeyW
PathUnquoteSpacesW
PathFindFileNameA
PathFileExistsW
PathAppendW
PathFindFileNameW
PathAddBackslashW

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetGetConnectedState
InternetCloseHandle

Exports

Exports

Tx8Dl_InitDownloadEngine
Tx8Dl_LoadRoutine
Tx8Dl_Main
Tx8Dl_NotifyQuit

Sections

.text
Size: 508KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7106e1385fc873a4b54efc34030850f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

b6:83:ec:95:45:f3:15:9b:de:9a:63:c1:63:58:7a:66:a8:b3:d4:3c:ff:a1:9c:96:d3:ff:c8:af:29:ad:88:c2Signer

f3:4b:24:95:5f:35:16:d6:e6:de:34:09:3c:d1:88:0e:77:3b:da:7cSigner

Headers

File Characteristics

Imports

ws2_32

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

wtsapi32

version

netapi32

wininet

Exports

Exports

Sections

.text Size: 508KB - Virtual size: 506KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 124KB - Virtual size: 159KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 52KB - Virtual size: 48KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

b6:83:ec:95:45:f3:15:9b:de:9a:63:c1:63:58:7a:66:a8:b3:d4:3c:ff:a1:9c:96:d3:ff:c8:af:29:ad:88:c2
Signer

f3:4b:24:95:5f:35:16:d6:e6:de:34:09:3c:d1:88:0e:77:3b:da:7c
Signer

.text
Size: 508KB - Virtual size: 506KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 124KB - Virtual size: 159KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 52KB - Virtual size: 48KB