2e787f3fe31aa505d81920ab88b7fd09_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e787f3fe31aa505d81920ab88b7fd09_JaffaCakes118
Size

221KB
MD5

2e787f3fe31aa505d81920ab88b7fd09
SHA1

38d01127cb412f35d1304d447a3b1d52acbb36ef
SHA256

4cc45bb3894a710e8e7e90967d36c7c8ca9fd0463a94389aa4df482bb88b5a0d
SHA512

bb0b2167733097bfe714c3240b9392f56261feaa4bcf164cff967685a9ca804b261b2780adc54c8d98ef5a38cddd5b1712bd82da15a0d6550d44610eb85d0c60
SSDEEP

3072:wzfSHUO5lcjKokiJSDsctVrDpC+fbXofOAHx4gTLnW8XTxBRb:wzfe5iKFiJSD7JPbXofOA6GW2d7b

Score

1^/10

Malware Config

Signatures

Files

2e787f3fe31aa505d81920ab88b7fd09_JaffaCakes118
.dll windows:4 windows x86 arch:x86

eb2521d8eb4b65f67c41af251bd4830d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:46:1b:9d:41:28:b9:6d:65:5c:84:ae:18:31:02:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/05/2010, 00:00

Not After

10/05/2013, 23:59

Subject

CN=Hang Zhou H3C Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=H3C Support,O=Hang Zhou H3C Technologies Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:c3:25:98:34:2f:ab:7a:b7:93:4f:c6:14:50:e0:c7:a3:03:52:fb
Signer

Actual PE Digest

bb:c3:25:98:34:2f:ab:7a:b7:93:4f:c6:14:50:e0:c7:a3:03:52:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\iNodeCode\w06701_view_UpOpt\iNodeVob\8021XCode\EADClient\build\win32\vc8\Release\X1Face.pdb

Imports

crypt32

CertCloseStore
CertOpenStore

h3c_utility

?utl_ReleaseCertAttrValString@@YAXPAD@Z
CSPW_Free
?GetUserInfoFromSecKeyEX@@YAKPADPAU_UserInfo@@PAK@Z
?utl_GetCertAttrValString@@YAPADPBU_CERT_CONTEXT@@K@Z
CSP_GetHash
utl_GetCommonProgramFiles
utl_AutoRunFunction
utl_GetCurLangCode
?utl_IsvalidConName@@YAHPAD@Z
?utl_SendMsgFromUI2UI@@YAHGGPAEKKK@Z
?utl_SendMsgFromUI2Auth@@YAHGGPAEKKK@Z
?utl_IsUACEnable@@YAHXZ
utl_OSIsVistaHigher
?IsNicEnabled@@YAHK@Z
?L2GetList@@YAJPAPAU_W32N_LIST_ENTRY@@@Z
?UpdateDeviceList@@YAKPAU_W32N_LIST_ENTRY@@PAX@Z
utl_LoadOnexCusInfo
utl_LoadComnCusInfo
?utl_IsvalidUserName@@YAHPAD@Z
?utl_TrimRightSz@@YAXPAD@Z
utl_GetRealStr
utl_encrpt
?utl_WriteLog@@YAXPBDW4ENUM_LOG_TYPE@@0K@Z
utl_decrpt
CSP_CryptAcquireContext

h3c_utilityui

utlUI_CertFreeCertificateContext
utlUI_CryptUIDlgSelectCertificateFromStore

mfc80

ord2178
ord2405
ord2468
ord2387
ord2385
ord4580
ord2403
ord4104
ord2902
ord2415
ord2392
ord2408
ord6067
ord2594
ord2413
ord5807
ord2396
ord2398
ord2400
ord2394
ord2410
ord2657
ord2390
ord1405
ord934
ord930
ord932
ord928
ord923
ord5233
ord5403
ord5235
ord5960
ord1600
ord4282
ord2164
ord4722
ord5833
ord3182
ord3403
ord4735
ord4212
ord3928
ord2663
ord5203
ord4262
ord4185
ord4486
ord6275
ord3949
ord5073
ord2644
ord1908
ord3709
ord5152
ord3719
ord4244
ord3718
ord1401
ord2533
ord3946
ord2646
ord1617
ord2540
ord1620
ord2862
ord5912
ord2714
ord6724
ord4307
ord2835
ord2731
ord1551
ord2537
ord1670
ord5200
ord1671
ord1599
ord2020
ord354
ord1655
ord4890
ord605
ord1656
ord5182
ord1964
ord3552
ord516
ord718
ord3667
ord2372
ord2172
ord4190
ord4617
ord4867
ord4720
ord5211
ord4736
ord4844
ord4797
ord5070
ord5072
ord5071
ord6747
ord578
ord1412
ord5563
ord2271
ord911
ord762
ord304
ord524
ord721
ord526
ord980
ord3668
ord3294
ord4272
ord1521
ord4280
ord4583
ord5212
ord1402
ord5915
ord6725
ord1582
ord2036
ord1327
ord6090
ord3204
ord4320
ord3441
ord876
ord1123
ord1280
ord2322
ord310
ord1934
ord3210
ord314
ord6754
ord297
ord784
ord1903
ord2169
ord4261
ord5214
ord781
ord6703
ord2991
ord299
ord1489
ord760
ord572
ord3997
ord620
ord908
ord4109
ord3684
ord3761
ord3195
ord1191
ord1185
ord1187
ord3333
ord4481
ord2838
ord5566
ord5213
ord3683
ord5230
ord4568
ord3948
ord2248
ord5226
ord566
ord5224
ord757
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord3830
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3641
ord1522
ord1794
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord764
ord581
ord1209
ord1177
ord1175
ord1201
ord1120
ord1167
ord1917
ord371
ord1098
ord1208
ord1206
ord1092
ord1037
ord1084
ord315
ord765
ord372
ord4213

msvcr80

_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
wcslen
__CxxFrameHandler3
_recalloc
malloc
calloc
wcscpy_s
_resetstkoflw
_initterm_e
strncpy
isspace
free
strncmp
?what@exception@std@@UBEPBDXZ
strstr
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
sprintf_s
sprintf
memcpy
memset
_stricmp
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_CxxThrowException
??0exception@std@@QAE@XZ
_amsg_exit

kernel32

GetPrivateProfileIntA
GetPrivateProfileStringA
Sleep
lstrlenW
GetStringTypeExA
lstrcmpiW
GetLastError
GetACP
GetStringTypeExW
CompareStringA
GetEnvironmentVariableA
CompareStringW
lstrcmpiA
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
InterlockedExchange
GetVersion
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetEnvironmentVariableW
GetSystemTimeAsFileTime
GetCurrentProcessId
LocalFree
LocalAlloc
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
lstrcpyA

user32

CharUpperW
GetDlgItem
SendMessageA
SetTimer
EnableWindow
CharLowerA
CharUpperA
CharLowerW
KillTimer
SetWindowLongA
MessageBoxA
IsWindow
GetParent

gdi32

DeleteObject
CreateFontIndirectA
CreateSolidBrush

shell32

ShellExecuteA

oleaut32

SysFreeString

msvcp80

?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

Exports

Exports

X1_PtFaceCfg
X1_PtFaceCreate
X1_PtFaceFree
X1_PtFaceInit
X1_PtFaceMenu
X1_PtFaceMsg
X1_PtFaceShow

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb2521d8eb4b65f67c41af251bd4830d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5f:46:1b:9d:41:28:b9:6d:65:5c:84:ae:18:31:02:f4Certificate

Extended Key Usages

Key Usages

bb:c3:25:98:34:2f:ab:7a:b7:93:4f:c6:14:50:e0:c7:a3:03:52:fbSigner

Headers

File Characteristics

PDB Paths

Imports

crypt32

h3c_utility

h3c_utilityui

mfc80

msvcr80

kernel32

user32

gdi32

shell32

oleaut32

msvcp80

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 100KB - Virtual size: 97KB

.reloc Size: 12KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5f:46:1b:9d:41:28:b9:6d:65:5c:84:ae:18:31:02:f4
Certificate

bb:c3:25:98:34:2f:ab:7a:b7:93:4f:c6:14:50:e0:c7:a3:03:52:fb
Signer

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 100KB - Virtual size: 97KB

.reloc
Size: 12KB - Virtual size: 8KB