00a86d3ed4efe8559236a19e1529300d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00a86d3ed4efe8559236a19e1529300d_JaffaCakes118
Size

115KB
MD5

00a86d3ed4efe8559236a19e1529300d
SHA1

0c6b2deb48a62245f089cb8fb56e7315cb79f26f
SHA256

3f7df8de9cc4cdbf8e05a2ac227ed85f4f1b4bb2037a072a259ad668a66dc2a9
SHA512

2bb3e1b4f65c447d73c1f18f04fcb09b6da60b88476e99dae74a8b1490e306dbbe59a80d87539066f48e4608e4b479a7d3b75a6df22f14bac1edf29e9549c396
SSDEEP

3072:TOoipKLP3fssbGn8jeCS/ZaldDg6MsyXr1cc:6eL3lcrqVMsyX+c

Score

1^/10

Malware Config

Signatures

Files

00a86d3ed4efe8559236a19e1529300d_JaffaCakes118
.rar
Eula.txt
Tcpview.exe
.exe windows:4 windows x86 arch:x86

664ad68120361779226e0c390ff4562b

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:af:37:d0:67:a7:41:20:5c:42:d7:ec:64:f8:e2:34:4c:fd:c4:cb
Signer

Actual PE Digest

bf:af:37:d0:67:a7:41:20:5c:42:d7:ec:64:f8:e2:34:4c:fd:c4:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws2_32

connect
send
recv
closesocket
WSAStartup
socket
gethostbyaddr
htonl
htons
getservbyport
ntohs
ntohl
WSAGetLastError
gethostbyname
gethostname

iphlpapi

SetTcpEntry
GetTcpTable
GetUdpTable

comctl32

ord17
ord6
ImageList_Create
ImageList_ReplaceIcon
CreateToolbarEx

kernel32

OpenProcess
CreateEventA
DeviceIoControl
GetCurrentProcessId
DuplicateHandle
GetModuleFileNameA
DeleteFileA
GetSystemDirectoryA
GetVersion
FormatMessageA
GetTickCount
SetEvent
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcatA
HeapFree
lstrlenA
lstrcpyA
HeapAlloc
GetProcessHeap
GetUserDefaultLangID
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSection
ExpandEnvironmentStringsA
SetFilePointer
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
Sleep
GetFileType
SetHandleCount
GetStdHandle
ExitProcess
ReadProcessMemory
HeapDestroy
VirtualAlloc
VirtualFree
DeleteCriticalSection
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RtlUnwind
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
IsDebuggerPresent
WriteConsoleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetVersionExA
GetCommandLineA
HeapReAlloc
CreateThread
ResumeThread
ExitThread
GetProcAddress
SetLastError
CreateFileA
FindResourceA
LoadResource
SizeofResource
LockResource
GetCurrentProcess
GetLastError
CloseHandle
LocalAlloc
LoadLibraryA
HeapCreate
LocalFree
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
ReadFile
GetEnvironmentStringsW

user32

TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
LoadMenuA
InsertMenuA
GetMessageA
PostQuitMessage
LoadStringA
DialogBoxParamA
GetSubMenu
EnableMenuItem
TrackPopupMenu
UpdateWindow
LoadAcceleratorsA
CreateMenu
DestroyIcon
SetDlgItemTextA
GetParent
ChildWindowFromPoint
InvalidateRect
SetCapture
ReleaseCapture
SetWindowLongA
GetWindowLongA
GetClientRect
CreateWindowExA
SetFocus
CallWindowProcA
GetSysColor
LoadIconA
DrawIconEx
InvalidateRgn
SetWindowPos
GetMenu
CheckMenuItem
SetTimer
KillTimer
GetWindowRect
IsIconic
IsZoomed
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetFocus
GetDC
DrawTextA
ReleaseDC
GetSystemMetrics
MoveWindow
ShowWindow
ClientToScreen
ScreenToClient
PostMessageA
DestroyWindow
DefWindowProcA
MessageBoxA
DialogBoxIndirectParamA
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
LoadCursorA
SetCursor
InflateRect
SendMessageA
GetCursorPos

gdi32

CreateSolidBrush
EndDoc
EndPage
StartPage
StartDocA
SetMapMode
GetDeviceCaps
SetBkMode
SetTextColor
SelectObject
CreateFontIndirectA
GetObjectA
GetStockObject
GetTextExtentPoint32A
ExtTextOutA
SetBkColor
DeleteObject
GetTextMetricsA
CreateCompatibleDC

comdlg32

ChooseFontA
PrintDlgA
GetSaveFileNameA

advapi32

RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA
SHGetFileInfoA

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tcpvcon.exe
.exe windows:4 windows x86 arch:x86

11eff32a7b19ad6475a53bce251dd53d

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:f9:cc:7e:62:29:c7:46:f4:dd:78:5f:3d:58:3c:51:47:bd:87:5e
Signer

Actual PE Digest

6e:f9:cc:7e:62:29:c7:46:f4:dd:78:5f:3d:58:3c:51:47:bd:87:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Tcpview\Release\Tcpvcon.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

htonl
getservbyport
gethostbyaddr
gethostname
WSAStartup
htons

iphlpapi

GetTcpTable
GetUdpTable

kernel32

DeviceIoControl
OpenProcess
GetModuleFileNameA
ReadProcessMemory
DuplicateHandle
CreateEventA
GetVersion
GetCurrentProcessId
DeleteFileA
EnterCriticalSection
GetUserDefaultLangID
TerminateProcess
HeapFree
InitializeCriticalSection
GetTickCount
GetProcessHeap
LeaveCriticalSection
HeapAlloc
WriteConsoleA
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapSize
Sleep
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetStdHandle
GetSystemDirectoryA
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RtlUnwind
GetConsoleMode
GetConsoleCP
GetConsoleOutputCP
WideCharToMultiByte
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVersionExA
GetCommandLineA
HeapReAlloc
GetLocaleInfoA
SetEndOfFile
ReadFile
LoadLibraryA
LocalFree
LocalAlloc
LockResource
CloseHandle
SizeofResource
GetProcAddress
FindResourceA
SetLastError
GetLastError
GetCurrentProcess
CreateFileA
GetModuleHandleA
LoadResource
GetStringTypeW
GetStringTypeA
SetStdHandle
WriteConsoleW
ExitProcess
GetEnvironmentStrings

user32

PostMessageA
MessageBoxA
GetSysColorBrush
SendMessageA
InflateRect
SetWindowTextA
DialogBoxIndirectParamA
LoadCursorA
SetCursor
GetDlgItem
EndDialog

gdi32

StartPage
StartDocA
EndPage
EndDoc
SetMapMode
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
LookupPrivilegeValueA
RegSetValueExA
OpenProcessToken
RegDeleteKeyA
AdjustTokenPrivileges
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tcpview.chm
.chm
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

664ad68120361779226e0c390ff4562b

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

bf:af:37:d0:67:a7:41:20:5c:42:d7:ec:64:f8:e2:34:4c:fd:c4:cbSigner

Headers

File Characteristics

Imports

version

ws2_32

iphlpapi

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 24KB - Virtual size: 21KB

11eff32a7b19ad6475a53bce251dd53d

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

6e:f9:cc:7e:62:29:c7:46:f4:dd:78:5f:3d:58:3c:51:47:bd:87:5eSigner

Headers

File Characteristics

PDB Paths

Imports

version

ws2_32

iphlpapi

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 24KB - Virtual size: 20KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

bf:af:37:d0:67:a7:41:20:5c:42:d7:ec:64:f8:e2:34:4c:fd:c4:cb
Signer

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 24KB - Virtual size: 21KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6e:f9:cc:7e:62:29:c7:46:f4:dd:78:5f:3d:58:3c:51:47:bd:87:5e
Signer

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 24KB - Virtual size: 20KB