be08fa1840a62c14290b98d478dd1953_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be08fa1840a62c14290b98d478dd1953_JaffaCakes118
Size

1.7MB
MD5

be08fa1840a62c14290b98d478dd1953
SHA1

891c73ee2e90e57d240ea4df932b208a69b27f37
SHA256

f95eef9481c307b697c1233ac0d73baf49bbaa7d03f405a510d67d3ad1ad4140
SHA512

dd6840ba9fadefeb7b4a7506af13af6175c425fa79f56c4cfc6624defd67932bd3a3be3bcd2004ce449498e4c0f09fe67b7ed1b90dbf6c8341801275c9ca39a0
SSDEEP

24576:w5E6ngdEIwEESfcwKP2OzijTsW7lz5zu+y:0zGyS/KrijTsWR9A

Score

1^/10

Malware Config

Signatures

Files

be08fa1840a62c14290b98d478dd1953_JaffaCakes118
.exe windows:5 windows x86 arch:x86

06bf87b3ce1587a26e689f5c6e66a47f

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f8:55:96:08:da:a0:48:a7:9e:88:b1
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

03/01/2018, 14:22

Not After

03/01/2021, 11:58

Subject

SERIALNUMBER=91310114MA1GTQ5G50,CN=Shang Hai Zi Wei Wang Luo Ke Ji You Xian Gong Si,O=Shang Hai Zi Wei Wang Luo Ke Ji You Xian Gong Si,STREET=嘉定区真南路4268号2幢J1950室,L=SHANGHAI,ST=SHANGHAI,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13085348414e47484149,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:b8:c6:86:3d:52:89:b9:06:91:ee:69:88:0b:d5:68:46:ce:7a:34:44:23:27:03:34:a2:14:84:cb:ef:4b:2c
Signer

Actual PE Digest

44:b8:c6:86:3d:52:89:b9:06:91:ee:69:88:0b:d5:68:46:ce:7a:34:44:23:27:03:34:a2:14:84:cb:ef:4b:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\xwork_vs2015\CheckAndTools\bin\CADECheck.pdb

Imports

kernel32

DecodePointer
SetFilePointer
ReadFile
WaitForSingleObject
WideCharToMultiByte
CreateDirectoryW
GetTempPathW
WritePrivateProfileStringW
GetCurrentDirectoryW
GetLocalTime
GetPrivateProfileStringA
GetCurrentDirectoryA
FreeResource
SetCurrentDirectoryW
GetPrivateProfileStringW
FindNextFileW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
LockResource
CloseHandle
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
SetEndOfFile
GetFileAttributesExW
WriteConsoleW
IsDebuggerPresent
OutputDebugStringW
GlobalLock
GlobalUnlock
GetTickCount
lstrlenW
LoadLibraryW
GetACP
ExitProcess
LocalFree
FormatMessageW
VerSetConditionMask
GetCurrentProcessId
MulDiv
GetFileSize
CreateFileW
GetCurrentProcess
GetFileType
WriteFile
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
GlobalAlloc
lstrcpyW
InitializeCriticalSection
Sleep
SleepEx
WaitForMultipleObjects
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
SetLastError
FormatMessageA
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
VerifyVersionInfoA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
FindClose
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

IsZoomed
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
IsRectEmpty
PtInRect
GetParent
GetWindow
LoadImageW
SetCursor
InflateRect
OffsetRect
LoadCursorW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
CreateWindowExW
ShowWindow
EnableWindow
IsIconic
SetPropW
GetPropW
MonitorFromWindow
GetMonitorInfoW
SetWindowRgn
MessageBoxW
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsWindowEnabled
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
SendMessageW
DispatchMessageW
IsWindowVisible
SetWindowPos
TranslateMessage
GetMessageW
DestroyWindow
SetWindowLongW
GetWindowLongW
PostMessageW
IsWindow
CharNextW
GetClassInfoExW

advapi32

RegCreateKeyExW
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptImportKey

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CoTaskMemFree
CoTaskMemRealloc
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CLSIDFromString

oleaut32

VariantClear
VariantInit
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

PathRemoveFileSpecW
PathIsDirectoryW

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

ws2_32

__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
gethostname
gethostbyname
select
WSASetLastError
ioctlsocket
recv
send
bind
closesocket
connect
getpeername
recvfrom
sendto
listen
accept
freeaddrinfo
getsockname
getsockopt
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons

wldap32

ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord143
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord27

gdi32

CreateDIBSection
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
GetObjectW
PtInRegion
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
GetBitmapBits
SetBitmapBits
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateRectRgn
CreateRoundRectRgn
SetBkMode
SetWindowOrgEx
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
GetStockObject
GetDeviceCaps
DeleteObject
BitBlt
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor

shell32

DragQueryFileW

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipFillRectangleI
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipAlloc
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming

Sections

.text
Size: 799KB - Virtual size: 798KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 741KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06bf87b3ce1587a26e689f5c6e66a47f

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

23:f8:55:96:08:da:a0:48:a7:9e:88:b1Certificate

Extended Key Usages

Key Usages

44:b8:c6:86:3d:52:89:b9:06:91:ee:69:88:0b:d5:68:46:ce:7a:34:44:23:27:03:34:a2:14:84:cb:ef:4b:2cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

urlmon

wininet

ws2_32

wldap32

gdi32

shell32

imm32

comctl32

gdiplus

Sections

.text Size: 799KB - Virtual size: 798KB

.rdata Size: 190KB - Virtual size: 189KB

.data Size: 10KB - Virtual size: 16KB

.gfids Size: 512B - Virtual size: 472B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 741KB - Virtual size: 741KB

.reloc Size: 44KB - Virtual size: 44KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

23:f8:55:96:08:da:a0:48:a7:9e:88:b1
Certificate

44:b8:c6:86:3d:52:89:b9:06:91:ee:69:88:0b:d5:68:46:ce:7a:34:44:23:27:03:34:a2:14:84:cb:ef:4b:2c
Signer

.text
Size: 799KB - Virtual size: 798KB

.rdata
Size: 190KB - Virtual size: 189KB

.data
Size: 10KB - Virtual size: 16KB

.gfids
Size: 512B - Virtual size: 472B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 741KB - Virtual size: 741KB

.reloc
Size: 44KB - Virtual size: 44KB