0b2379ed30732c11dc3c9d8629b05337_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b2379ed30732c11dc3c9d8629b05337_JaffaCakes118
Size

224KB
MD5

0b2379ed30732c11dc3c9d8629b05337
SHA1

1602988a0d807657a1dfe862a0e5af8bc84e35c8
SHA256

aaa0cedfc0e0a2094c2e934cec6080aeb1c7053682bcf934667903226fac6eb4
SHA512

b3dcc543f29123e6eaba2b8a43c84a438ef52f6685756da68008b4076b00359e3e8b5d4a2b9628e23cec6612bcb084dd3aec314e91c617a4aa5b7bcea8ad8de2
SSDEEP

3072:Tg8bOpiu5O/742twNLIW4Lo9xfTuYHgdQpRZZtzCsdTEPgm0B0+zto:jypiua4xLIbi3HgdQnZXCmTEPT0nK

Score

1^/10

Malware Config

Signatures

Files

0b2379ed30732c11dc3c9d8629b05337_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5ebd40ce0ee7f76f078b4a7f30d11cd8

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

90:8e:16:08:0e:68:94:14:35:0e:52:c5:b8:ff:91:17
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

10/12/2009, 00:00

Not After

10/12/2010, 23:59

Subject

CN=北京易通无线信息技术有限公司,OU=WoSign Class 3 Code Signing,O=北京易通无线信息技术有限公司,L=崇文区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

e5:03:73:91:73:ef:34:20:69:42:57:cc:26:fb:76:87:b3:bc:92:34
Signer

Actual PE Digest

e5:03:73:91:73:ef:34:20:69:42:57:cc:26:fb:76:87:b3:bc:92:34

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetServiceStatus
SetSecurityDescriptorDacl
OpenServiceA
DeleteService
CloseServiceHandle
QueryServiceStatus
ControlService
StartServiceA
CreateServiceA
RegCreateKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterServiceCtrlHandlerA
OpenProcessToken
OpenSCManagerA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce

user32

CharLowerBuffW

psapi

GetModuleBaseNameW
EnumProcesses
EnumProcessModules

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

shell32

SHGetFolderPathA

kernel32

InterlockedDecrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetExitCodeProcess
SetStdHandle
GetModuleFileNameA
MultiByteToWideChar
SetLastError
CloseHandle
GetVersionExA
GetSystemDirectoryA
Sleep
TerminateProcess
CreateToolhelp32Snapshot
Process32First
GetLastError
Process32Next
CreateThread
TerminateThread
OpenProcess
CreateProcessA
OpenMutexA
CreateMutexA
WaitForSingleObject
ReleaseMutex
VirtualQueryEx
ReadProcessMemory
GetCurrentProcess
WriteProcessMemory
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcessId
GetTickCount
DeleteFileA
GetCurrentThreadId
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineA
RtlUnwind
RaiseException
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
WriteFile
GetStdHandle
LoadLibraryA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetFileAttributesA
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA

Exports

Exports

InstallService
RundllInstall
RundllUninstall
ServiceMain
UninstallService

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ebd40ce0ee7f76f078b4a7f30d11cd8

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

90:8e:16:08:0e:68:94:14:35:0e:52:c5:b8:ff:91:17Certificate

Extended Key Usages

Key Usages

e5:03:73:91:73:ef:34:20:69:42:57:cc:26:fb:76:87:b3:bc:92:34Signer

Headers

File Characteristics

Imports

advapi32

user32

psapi

ole32

shell32

kernel32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 133KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 12KB - Virtual size: 10KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

90:8e:16:08:0e:68:94:14:35:0e:52:c5:b8:ff:91:17
Certificate

e5:03:73:91:73:ef:34:20:69:42:57:cc:26:fb:76:87:b3:bc:92:34
Signer

.text
Size: 136KB - Virtual size: 133KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 12KB - Virtual size: 10KB