b1c3d8e4d0f4b7d77922f1fae1cb7f63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1c3d8e4d0f4b7d77922f1fae1cb7f63_JaffaCakes118
Size

98KB
MD5

b1c3d8e4d0f4b7d77922f1fae1cb7f63
SHA1

2a792b9f290458dab323446b79f9fe17cd438fb9
SHA256

e4a836d51c1e54ab1618e8f8f6f9cd0f7b626b291dbae2d43719b9c028909d8f
SHA512

376dbcd596cae0b15d5f3aa2dccb65ca254e526cd54be8d38dd5a54a9dbb767c386a86dd746bcc0c5d1976d9a660cbf3459809d82ec8c0d1424dfc1704985644
SSDEEP

1536:oEBm7VPXwT/jEXIKPTjGMTLeWKYLHedmQNRvd5EmJ9MIYq:oDpAnX+jrT7+dmQNNd5Ei9MIYq

Score

1^/10

Malware Config

Signatures

Files

b1c3d8e4d0f4b7d77922f1fae1cb7f63_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8332794095a4d6dffa7de2c67a72f029

Code Sign

65:c8:08:10
Certificate

Issuer

CN=TaiCA Secure CA,OU=SSL Certification Service Provider,O=TAIWAN-CA.COM Inc.,C=TW

Not Before

02/07/2010, 06:34

Not After

17/07/2011, 15:59

Subject

CN=www.esupplychain.com.tw,OU=TRADE-VAN,O=TRADE-VAN,L=Taipei,ST=Taipei,C=TW

07:27:4e:79
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

07/10/2009, 16:59

Not After

30/09/2016, 16:58

Subject

CN=TaiCA Secure CA,OU=SSL Certification Service Provider,O=TAIWAN-CA.COM Inc.,C=TW

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:f9:f8:b3:26:cd:57:6f:7e:dd:fc:6e:19:b2:09:2e:53:2d:30:ad
Signer

Actual PE Digest

bd:f9:f8:b3:26:cd:57:6f:7e:dd:fc:6e:19:b2:09:2e:53:2d:30:ad

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadPriority
GetLastError
SetLastError
GetProcAddress
VirtualProtectEx
VirtualAllocEx
LoadLibraryA
Process32Next
GetSystemInfo
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
GetVersionExA
WinExec
CloseHandle
WriteProcessMemory
ResumeThread
lstrcatA
TerminateThread
DeleteFileA
CreateThread
WaitForSingleObject
GetSystemDirectoryA
TerminateProcess
CreateProcessA
ReadProcessMemory
Sleep
WriteFile
GetCurrentThread
Process32First
GetCurrentProcess
FreeLibrary
MoveFileExA
lstrlenA
SetThreadContext
SetPriorityClass
CreateFileA
GetThreadContext
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
SetStdHandle
lstrcpyA
GetSystemDefaultLangID
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetFileType
SetHandleCount
LCMapStringW
WideCharToMultiByte
GetWindowsDirectoryA
GetFileAttributesA
FlushFileBuffers
ExitProcess
QueryPerformanceCounter
GetModuleHandleW
GetTickCount
IsDebuggerPresent
GetCurrentProcessId
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
RtlUnwind
MultiByteToWideChar
ReadFile
LCMapStringA

user32

keybd_event
RegisterClassExA
CreateWindowExA
DefWindowProcA
ShowWindow
GetSystemMetrics
wsprintfA
MessageBoxA
PostQuitMessage
UpdateWindow

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

ws2_32

gethostbyname
inet_addr
WSAStartup
send
socket
recv
htons
connect
closesocket

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle
InternetOpenA
HttpQueryInfoA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA

shlwapi

PathRemoveFileSpecA

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8332794095a4d6dffa7de2c67a72f029

Code Sign

65:c8:08:10Certificate

07:27:4e:79Certificate

Key Usages

bd:f9:f8:b3:26:cd:57:6f:7e:dd:fc:6e:19:b2:09:2e:53:2d:30:adSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

wininet

shlwapi

setupapi

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

65:c8:08:10
Certificate

07:27:4e:79
Certificate

bd:f9:f8:b3:26:cd:57:6f:7e:dd:fc:6e:19:b2:09:2e:53:2d:30:ad
Signer

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB