be2a21af0c2973067526ce50db08ac0d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be2a21af0c2973067526ce50db08ac0d_JaffaCakes118
Size

459KB
MD5

be2a21af0c2973067526ce50db08ac0d
SHA1

66ea1bdf20623e25374ca9d7ca760e82979019f1
SHA256

a13a1d0319c16c4f80087cdf127f18f601899bea47bb4aa7f1afbae3a9c96deb
SHA512

93cd1c267b9be3fbeecba9668431b5a9be231b0dc3f62759c5662824d2e129dd42132d0077ba1ee418904de1008f5102f20560f8ae02051caea8d156223c59ff
SSDEEP

6144:h7GBejIQDWlGpmGeHgmgIMfc13b0BJxrBgnaN3+hSa2+hSa5t:hC0bWGpmzHgXk13+BJN3+hS5+hSQt

Score

1^/10

Malware Config

Signatures

Files

be2a21af0c2973067526ce50db08ac0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e569bafa333eda612a695dfb2e62ae5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:ab:cc:86:8e:97:ff:04:67:32:7f:5a:d4:de:79:53:92:28:52:e4
Signer

Actual PE Digest

eb:ab:cc:86:8e:97:ff:04:67:32:7f:5a:d4:de:79:53:92:28:52:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\code\qtalk_client_proj\QQTalk\Setup\msi\QTalkUninst.pdb

Imports

msimg32

TransparentBlt

shell32

ShellExecuteW
SHGetPathFromIDListW
SHFileOperationW
SHGetSpecialFolderLocation
SHChangeNotify
Shell_NotifyIconW
CommandLineToArgvW

advapi32

RegOpenKeyExW
ControlService
DeleteService
GetTokenInformation
QueryServiceStatus
OpenSCManagerW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
CloseServiceHandle
OpenServiceW
OpenProcessToken

shlwapi

PathFileExistsW
PathStripToRootW
PathAppendW
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW

psapi

GetModuleFileNameExW

kernel32

LoadLibraryA
InterlockedExchange
GetCurrentProcessId
GetCommandLineA
GetEnvironmentStringsW
LocalAlloc
FreeEnvironmentStringsW
GetEnvironmentStrings
VirtualAlloc
VirtualFree
GetDriveTypeW
FindResourceW
LoadResource
CreateDirectoryW
WriteFile
SizeofResource
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
LockResource
CloseHandle
DeleteFileW
FreeResource
VerifyVersionInfoW
EnterCriticalSection
SetCurrentDirectoryW
DeleteCriticalSection
VerSetConditionMask
FindResourceExW
GetCurrentThreadId
InitializeCriticalSection
GetLastError
LeaveCriticalSection
GetCurrentDirectoryW
OutputDebugStringW
QueryPerformanceCounter
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
LocalFree
FormatMessageW
FindFirstFileW
FindNextFileW
FindClose
SetStdHandle
CreateThread
GetVersionExW
GetSystemDirectoryW
GetCommandLineW
GlobalFree
Sleep
GetModuleFileNameW
CopyFileW
WideCharToMultiByte
OpenProcess
Process32NextW
TerminateProcess
lstrcmpiW
GetCurrentProcess
CreateToolhelp32Snapshot
GetLocalTime
GetModuleHandleW
Process32FirstW
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
CreateMutexW
GetTickCount
LoadLibraryW
FreeLibrary
FreeEnvironmentStringsA
WriteConsoleA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
RtlUnwind
GetConsoleMode
GetConsoleCP
HeapSize
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapReAlloc
HeapCreate
HeapDestroy
GetStartupInfoW
GetProcessHeap
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
SetEndOfFile
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetFileAttributesW
GetLocaleInfoW

user32

CallNextHookEx
MapVirtualKeyW
GetKeyState
wsprintfW
DrawTextW
GetWindowLongW
GetWindowTextW
GetClientRect
GetDlgCtrlID
LoadBitmapW
SetWindowsHookExW
SetWindowTextW
GetDlgItem
SetTimer
PostMessageW
FindWindowW
EndDialog
SendMessageW
GetWindowRect
KillTimer
UpdateWindow
ShowWindow
SetWindowLongW
DrawIconEx
GetWindow
FindWindowExW
SetWindowRgn
InvalidateRect
LoadImageW
TrackMouseEvent
GetParent
ReleaseDC
DestroyIcon
GetClassNameW
ReleaseCapture
GetDC
OffsetRect
DialogBoxParamW
SetWindowPos
EnableWindow
UnregisterClassA

gdi32

SelectObject
GetTextExtentExPointW
SetTextColor
SetBkMode
CreateCompatibleDC
DeleteObject
CreateFontW
BitBlt
DeleteDC
GetObjectW
GetStockObject
CreateCompatibleBitmap
SetBkColor
CreateRoundRectRgn

ole32

CoTaskMemFree
CreateStreamOnHGlobal

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e569bafa333eda612a695dfb2e62ae5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

eb:ab:cc:86:8e:97:ff:04:67:32:7f:5a:d4:de:79:53:92:28:52:e4Signer

Headers

File Characteristics

PDB Paths

Imports

msimg32

shell32

advapi32

shlwapi

psapi

kernel32

user32

gdi32

ole32

Sections

.text Size: 236KB - Virtual size: 232KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 156KB - Virtual size: 153KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

eb:ab:cc:86:8e:97:ff:04:67:32:7f:5a:d4:de:79:53:92:28:52:e4
Signer

.text
Size: 236KB - Virtual size: 232KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 156KB - Virtual size: 153KB