c7c0f0a54c314d23d6b59e4b92d0840c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c7c0f0a54c314d23d6b59e4b92d0840c_JaffaCakes118
Size

649KB
MD5

c7c0f0a54c314d23d6b59e4b92d0840c
SHA1

0a30d550cd56b70d3e7309b090439f496161e598
SHA256

13dd54a41553455d501b5b60b64e9cd850139239cff008cdab5d48cd5f9d7cb3
SHA512

dfcff6fdba063a2635bdf27074ac84cdd555ebec95afe7be0f58765e7f9a0c03cf708b6afe02637e56f82479703cb3844bebbc0e7aea82e7ca90858bf78e4ace
SSDEEP

12288:9+MhVLY4kXtT3I2tfHI1IFYWFSaMLx4cSfGhlcxFt5nXEjJQe:s1ZY2tvI8YMcSfGo37XEVH

Score

1^/10

Malware Config

Signatures

Files

c7c0f0a54c314d23d6b59e4b92d0840c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

69a215e1e33e46cddd55958e5a630f6a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:8d:71:3e:d8:ae:09:7e:d3:af:e1:f6:2d:2d:d9:19
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2019 00:00

Not After

07-09-2022 12:00

Subject

CN=Alibaba (China) Network Technology Co.\,Ltd.,OU=Alibabasecurity,O=Alibaba (China) Network Technology Co.\,Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:f9:7b:35:32:19:39:db:96:04:98:c8:aa:df:31:7a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2019 00:00

Not After

07-09-2022 12:00

Subject

CN=Alibaba (China) Network Technology Co.\,Ltd.,OU=Alibabasecurity,O=Alibaba (China) Network Technology Co.\,Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:92:c9:95:96:61:47:3b:56:9a:25:03:4b:5c:ab:eb:91:aa:7f:9a:ba:be:4a:56:4d:ba:48:86:fe:76:3d:61
Signer

Actual PE Digest

71:92:c9:95:96:61:47:3b:56:9a:25:03:4b:5c:ab:eb:91:aa:7f:9a:ba:be:4a:56:4d:ba:48:86:fe:76:3d:61

Digest Algorithm

sha256

PE Digest Matches

true

be:b1:39:16:57:1d:a4:58:89:73:a8:a3:6a:72:18:f1:a2:e8:1d:47
Signer

Actual PE Digest

be:b1:39:16:57:1d:a4:58:89:73:a8:a3:6a:72:18:f1:a2:e8:1d:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\work\ACCS_WINDOWS\Release\libaccs.pdb

Imports

tbb

?deallocate_via_handler_v3@internal@tbb@@YAXPAX@Z
?internal_acquire_writer@spin_rw_mutex_v3@tbb@@AAE_NXZ
?internal_acquire_reader@spin_rw_mutex_v3@tbb@@AAEXXZ
?internal_upgrade@spin_rw_mutex_v3@tbb@@AAE_NXZ
?internal_try_acquire_writer@spin_rw_mutex_v3@tbb@@AAE_NXZ
?internal_try_acquire_reader@spin_rw_mutex_v3@tbb@@AAE_NXZ
?throw_exception_v4@internal@tbb@@YAXW4exception_id@12@@Z
?allocate_via_handler_v3@internal@tbb@@YAPAXI@Z
?NFS_Allocate@internal@tbb@@YAPAXIIPAX@Z
?NFS_Free@internal@tbb@@YAXPAX@Z

pthreadvc2

pthread_cond_signal
pthread_mutex_lock
pthread_cond_timedwait
pthread_mutex_destroy
pthread_cond_wait
pthread_mutex_init
pthread_cond_init
pthread_mutex_unlock
pthread_cond_broadcast
pthread_join
pthread_create
pthread_self
pthread_exit
pthread_cond_destroy

wtnet

NAL_start_Tnet
easy_proxy_SetAddress
NAL_session_Create
NAL_set_slightssl_get_publicKey_cb
NAL_session_Close
easy_proxy_Destroy
easy_proxy_Create
easy_proxy_SetUserName
NAL_session_Ping
NAL_session_SendFrame
NAL_init_Tnet
easy_proxy_SetAuthType
NAL_session_BindProxy
easy_proxy_SetProxyType
easy_proxy_SetPassword
easy_proxy_SetProxyServer
NAL_session_SubmitRequest
NAL_resolve_host

zlibwapi

ord21
ord20
ord6
ord4
ord7
ord19

kernel32

SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetConsoleCP
WriteFile
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
ExitThread
ReadFile
GetModuleHandleExW
ExitProcess
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
InterlockedDecrement
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
LoadLibraryW
DecodePointer
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
SwitchToThread
GetLocalTime
OutputDebugStringA
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcessHeap
SizeofResource
LockResource
FindResourceExW
LoadResource
FindResourceW
FreeLibrary
VirtualAlloc
GetVersionExW
LoadLibraryExW
SetStdHandle
CreateFileW
WriteConsoleW
QueryPerformanceCounter
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
SetEvent
CreateTimerQueue
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
QueryPerformanceFrequency
CloseHandle
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LocalFree
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegQueryValueExW
RegCloseKey

ole32

CoUninitialize
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoCreateGuid
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecW
PathAppendW

wininet

InternetGetConnectedState
InternetCheckConnectionW
InternetAttemptConnect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

Exports

Exports

?RegisterCustomLog@@YAXPAVICustomLog@@@Z
?SetALogLevel@@YAXH@Z
?bindApp@ACCSClient@@QAEXPAVBindCallback@@@Z
?bindService@ACCSClient@@QAEXPBD@Z
?bindUser@ACCSClient@@QAEXPBD@Z
?getBaseSignUrl@ACCSClient@@SAPBDPBD@Z
?getClient@ACCSClient@@SAPAV1@XZ
?getDeviceId@ACCSClient@@SAPBDXZ
?init@ACCSClient@@SAXPAUAccsClientConfig@@@Z
?init@ACCSClient@@SAXPAUAccsConfig@@@Z
?print@@YAXHPBD0H0ZZ
?registerConnectCb@ACCSClient@@QAEXPAVConnectCallback@@@Z
?registerPushCb@ACCSClient@@QAEXPBDPAVMessageReceiveCallback@@@Z
?registerPushCb@ACCSClient@@QAEXPBDPAVPushCallback@@@Z
?registerUTStatistics@ACCSClient@@SAXPAVIAccsStatistics@@@Z
?sendRequest@ACCSClient@@QAEXPAVARequest@@@Z
?unbindService@ACCSClient@@QAEXPBD@Z
?unbindUser@ACCSClient@@QAEXXZ
?uninit@ACCSClient@@SAXXZ

Sections

.text
Size: 445KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69a215e1e33e46cddd55958e5a630f6a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

01:8d:71:3e:d8:ae:09:7e:d3:af:e1:f6:2d:2d:d9:19Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:f9:7b:35:32:19:39:db:96:04:98:c8:aa:df:31:7aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

71:92:c9:95:96:61:47:3b:56:9a:25:03:4b:5c:ab:eb:91:aa:7f:9a:ba:be:4a:56:4d:ba:48:86:fe:76:3d:61Signer

be:b1:39:16:57:1d:a4:58:89:73:a8:a3:6a:72:18:f1:a2:e8:1d:47Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

tbb

pthreadvc2

wtnet

zlibwapi

kernel32

advapi32

ole32

oleaut32

shlwapi

wininet

version

sensapi

Exports

Exports

Sections

.text Size: 445KB - Virtual size: 445KB

.rdata Size: 154KB - Virtual size: 153KB

.data Size: 10KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 21KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

01:8d:71:3e:d8:ae:09:7e:d3:af:e1:f6:2d:2d:d9:19
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:f9:7b:35:32:19:39:db:96:04:98:c8:aa:df:31:7a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

71:92:c9:95:96:61:47:3b:56:9a:25:03:4b:5c:ab:eb:91:aa:7f:9a:ba:be:4a:56:4d:ba:48:86:fe:76:3d:61
Signer

be:b1:39:16:57:1d:a4:58:89:73:a8:a3:6a:72:18:f1:a2:e8:1d:47
Signer

.text
Size: 445KB - Virtual size: 445KB

.rdata
Size: 154KB - Virtual size: 153KB

.data
Size: 10KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 21KB