a6a5ea9a35a371dea5dd9402a2dd2068_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a6a5ea9a35a371dea5dd9402a2dd2068_JaffaCakes118
Size

1.2MB
MD5

a6a5ea9a35a371dea5dd9402a2dd2068
SHA1

bde733317ec4cf71ab4377fd60ddd3a47c5f0ba0
SHA256

62d6b0ad13769ea793e4036425762b709d5233ef10702b398bc46c927a4d2c39
SHA512

de35def9d376d4819429c95728b844bcddc56284df7c227b325f018cde77c3076c61e1b6139cfca42a9a84cfea0ec8604044aab1937106c82366b5bc85ce03bf
SSDEEP

24576:NgKtqOwtwnaWsodjVcsDaqzAX0SptWcuU7nkRdnNUA+cv+Xtt:NDtqEn7sKcsOqUHjuU7nmdnP+cv+9t

Score

1^/10

Malware Config

Signatures

Files

a6a5ea9a35a371dea5dd9402a2dd2068_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f4887e4b2efc080c49dc209f980e5682

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:36:c4:6e:12:0b:5d:58:48:dc:27:cb:84:46:bc:b3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/05/2017, 00:00

Not After

01/05/2018, 23:59

Subject

CN=Huai'an Qianfeng Network Technology Co.\, Ltd.,OU=运营,O=Huai'an Qianfeng Network Technology Co.\, Ltd.,L=Huai'an,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:a8:bb:d3:3f:93:57:0c:db:3d:7c:96:cd:47:7e:5d
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/05/2017, 00:00

Not After

08/05/2018, 23:59

Subject

SERIALNUMBER=91320829MA1MMFMA1D,CN=Huai'an Qianfeng Network Technology Co.\, Ltd.,OU=运营,O=Huai'an Qianfeng Network Technology Co.\, Ltd.,L=Huai'an,ST=Jiangsu,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074875616927616e,1.3.6.1.4.1.311.60.2.1.2=#13074a69616e677375,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:e3:10:16:07:15:b1:62:0f:ba:4b:d4:c8:b1:35:89:c1:cd:aa:8f:41:84:01:ec:ef:2d:f2:1b:54:40:fd:8f
Signer

Actual PE Digest

69:e3:10:16:07:15:b1:62:0f:ba:4b:d4:c8:b1:35:89:c1:cd:aa:8f:41:84:01:ec:ef:2d:f2:1b:54:40:fd:8f

Digest Algorithm

sha256

PE Digest Matches

true

c4:a8:25:97:fe:33:a6:46:08:9f:11:85:12:78:54:13:df:b8:98:64
Signer

Actual PE Digest

c4:a8:25:97:fe:33:a6:46:08:9f:11:85:12:78:54:13:df:b8:98:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\[Project]\[BaizhuLocalStorage]\Output\Release\BZDownload.pdb

Imports

imm32

ImmDisableIME

ws2_32

getsockname
getsockopt
ntohs
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
htonl
ntohl
inet_ntoa
bind
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
connect
htons
setsockopt
recv
socket
closesocket
gethostbyname
send
getpeername

winhttp

WinHttpReadData
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpCrackUrl
WinHttpSetTimeouts

kernel32

GetTickCount
FreeLibrary
LoadLibraryW
GetTempPathW
LoadLibraryA
DeleteFileW
GetSystemDefaultLangID
GetTimeZoneInformation
GetVersionExA
GetSystemTime
VirtualFree
VirtualAlloc
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
CreateFileW
FreeResource
FindResourceW
LoadResource
SizeofResource
InterlockedExchange
ResetEvent
GetExitCodeThread
ResumeThread
InterlockedIncrement
WideCharToMultiByte
Process32First
TerminateProcess
Process32FirstW
Process32Next
Process32NextW
CreateToolhelp32Snapshot
GetTempFileNameW
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
lstrcpynW
GetFileAttributesW
FileTimeToSystemTime
GetModuleFileNameW
FindClose
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
lstrcmpiW
lstrlenW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
lstrcatW
OutputDebugStringW
lstrcpyW
LocalAlloc
DeleteFileA
LocalLock
LocalUnlock
LocalSize
LocalFree
CreateThread
SetProcessWorkingSetSize
SetLastError
SleepEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoA
FormatMessageA
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
GetThreadContext
SetThreadContext
VirtualQuery
CreateProcessW
InterlockedCompareExchange
FlushInstructionCache
VirtualProtect
SuspendThread
LoadLibraryExW
GetACP
AreFileApisANSI
GetModuleHandleExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
GetCPInfo
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
GetLocalTime
RtlUnwind
GetCommandLineW
ExitThread
GetSystemInfo
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
IsDebuggerPresent
EncodePointer
GetStringTypeW
WaitForMultipleObjects
CreateEventW
WritePrivateProfileStringW
MultiByteToWideChar
GetSystemDirectoryA
lstrlenA
GetFullPathNameW
SetEnvironmentVariableA
WriteConsoleW
GetDriveTypeW
FindFirstFileExW
SetStdHandle
FlushFileBuffers
FreeEnvironmentStringsW
CreateProcessA
SetEvent
WaitForSingleObject
InterlockedDecrement
CreateDirectoryA
Sleep
ExitProcess
GetProcAddress
GetCurrentThread
GetModuleFileNameA
GetTempPathA
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
CreateFileMappingW
InitializeCriticalSection
GetModuleHandleW
GetComputerNameW
GetCurrentProcess
SetUnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
CreateMutexW
CreateFileA
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
GetLastError
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetConsoleMode
ReadConsoleW
IsValidCodePage
GetOEMCP
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
LocalReAlloc

user32

IsRectEmpty
OffsetRect
MapWindowPoints
ClientToScreen
GetActiveWindow
GetClassNameW
GetParent
SetClassLongW
GetClassLongW
ScreenToClient
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
GetWindowRect
RemovePropW
SetPropW
SetClipboardData
GetClipboardData
EqualRect
CharUpperBuffW
CharLowerBuffW
GetKeyState
GetSysColor
PtInRect
RedrawWindow
GetFocus
IsMenu
GetMenuStringW
DestroyMenu
GetSubMenu
UnregisterClassW
DispatchMessageW
SendMessageW
IsWindow
ShowWindow
TranslateMessage
SetForegroundWindow
GetMessageW
DefWindowProcW
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
SetWindowPos
UpdateLayeredWindow
IntersectRect
SetCursor
DrawTextW
GetPropW
FillRect
IsZoomed
SetWindowRgn
SystemParametersInfoW
OpenClipboard
EmptyClipboard
CloseClipboard
CreateWindowExW
PeekMessageW
RegisterClassExW
LoadCursorW
PostQuitMessage
CharNextA
MessageBoxW
PostMessageW
GetDesktopWindow
InvalidateRect
EnableWindow
SetWindowTextA
EnableMenuItem
GetWindowTextW
LoadIconW
GetSystemMenu
GetSystemMetrics
SetWindowLongW
ReleaseDC
GetWindowLongW
GetDC
BeginPaint
DestroyWindow
EndPaint
CallWindowProcW
KillTimer
SetTimer
GetMenuItemCount
TrackPopupMenu
EndMenu
GetIconInfo
DestroyCursor
LoadImageW
CopyRect
SetRectEmpty
wsprintfW
GetClientRect

gdi32

GetCurrentObject
GetStockObject
GetViewportOrgEx
SetBkColor
SetTextColor
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetClipBox
CreatePatternBrush
PatBlt
CombineRgn
GetBkColor
GetBkMode
GetTextColor
SetRectRgn
CreateRoundRectRgn
ExtCreateRegion
GetRegionData
EnumFontsW
SetViewportOrgEx
SelectClipRgn
CreateRectRgn
BitBlt
CreateDIBSection
StretchBlt
SetDIBColorTable
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetDIBColorTable
GetObjectW
TextOutW
CreateSolidBrush
DeleteDC
CreateBitmap
TextOutA

advapi32

CryptGetHashParam
RegOpenKeyExA
RegCloseKey
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
RegQueryValueExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

shell32

ShellExecuteW
SHGetPathFromIDListW
Shell_NotifyIconW
SHBrowseForFolderW
ord165
ShellExecuteA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoUninitialize

oleaut32

LoadTypeLi
VariantInit
VariantClear
SysAllocString
VariantChangeType
DispGetIDsOfNames
GetErrorInfo
SysFreeString

shlwapi

StrStrIW
PathAppendW
PathFileExistsA
PathFileExistsW
StrStrIA
PathAppendA

gdiplus

GdiplusStartup
GdipDeleteBrush
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipDisposeImage
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImageHeight
GdipFree
GdiplusShutdown
GdipCreateSolidFill
GdipDrawRectangle
GdipDrawLinesI
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipFillPieI
GdipSetSmoothingMode
GdipGetImagePixelFormat
GdipFillRectangle
GdipLoadImageFromStream
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromHBITMAP
GdipDrawImageRectI
GdipGetImageWidth
GdipImageGetFrameDimensionsCount

msimg32

GradientFill
TransparentBlt
AlphaBlend

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupIterateCabinetW

d3d9

Direct3DCreate9

dbghelp

MiniDumpWriteDump

rasapi32

RasEnumConnectionsW

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA

comctl32

_TrackMouseEvent
ord17

crypt32

CertFreeCertificateContext

wldap32

ord301
ord200
ord30
ord79
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143
ord35

Sections

.text
Size: 878KB - Virtual size: 877KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dtd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dtc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4887e4b2efc080c49dc209f980e5682

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

79:36:c4:6e:12:0b:5d:58:48:dc:27:cb:84:46:bc:b3Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

1e:a8:bb:d3:3f:93:57:0c:db:3d:7c:96:cd:47:7e:5dCertificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

69:e3:10:16:07:15:b1:62:0f:ba:4b:d4:c8:b1:35:89:c1:cd:aa:8f:41:84:01:ec:ef:2d:f2:1b:54:40:fd:8fSigner

c4:a8:25:97:fe:33:a6:46:08:9f:11:85:12:78:54:13:df:b8:98:64Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

ws2_32

winhttp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

msimg32

setupapi

d3d9

dbghelp

rasapi32

version

comctl32

crypt32

wldap32

Sections

.text Size: 878KB - Virtual size: 877KB

.rdata Size: 168KB - Virtual size: 168KB

.data Size: 24KB - Virtual size: 39KB

.dtd Size: 512B - Virtual size: 12B

.dtc Size: 4KB - Virtual size: 4KB

.rsrc Size: 71KB - Virtual size: 70KB

.reloc Size: 48KB - Virtual size: 47KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

79:36:c4:6e:12:0b:5d:58:48:dc:27:cb:84:46:bc:b3
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

1e:a8:bb:d3:3f:93:57:0c:db:3d:7c:96:cd:47:7e:5d
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

69:e3:10:16:07:15:b1:62:0f:ba:4b:d4:c8:b1:35:89:c1:cd:aa:8f:41:84:01:ec:ef:2d:f2:1b:54:40:fd:8f
Signer

c4:a8:25:97:fe:33:a6:46:08:9f:11:85:12:78:54:13:df:b8:98:64
Signer

.text
Size: 878KB - Virtual size: 877KB

.rdata
Size: 168KB - Virtual size: 168KB

.data
Size: 24KB - Virtual size: 39KB

.dtd
Size: 512B - Virtual size: 12B

.dtc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 71KB - Virtual size: 70KB

.reloc
Size: 48KB - Virtual size: 47KB