c8a24bf1c749294f4669c6d091d313c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8a24bf1c749294f4669c6d091d313c1_JaffaCakes118
Size

1.5MB
MD5

c8a24bf1c749294f4669c6d091d313c1
SHA1

2375226c8421304b4e8b2eef4b364878ead92d1b
SHA256

6284b5d12f64954b11414f86cca5bd366351a6d75e72fe3c1a6ca09fb30df8b0
SHA512

537277de2f599f729c0a5728c70e0f83db8701335de6395ab44b071d9f2f5b2f610f59efa6f786ed8bab9656ca5baaa3622a72b75751d609a9767cc6ef24bbe4
SSDEEP

24576:U4U+7Zu++n5+IxL9zlbZ9We/arzXQ/Mjg/f8zvZQRLVWM/a4KmIsg:D7c/xhFZTYA/1Ov6RLVWM/aXmIsg

Score

1^/10

Malware Config

Signatures

Files

c8a24bf1c749294f4669c6d091d313c1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

791c5bd6712ee55518380ed970699721

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:8f:d1:48:0a:d2:92:72:fb:1f:57:61:4e:67:02:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/08/2017, 00:00

Not After

01/10/2019, 23:59

Subject

CN=上海广乐网络科技有限公司,OU=技术,O=上海广乐网络科技有限公司,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:cb:7f:a7:1d:10:18:43:27:bd:00:97:c4:b3:0a:c0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/08/2017, 00:00

Not After

01/10/2019, 23:59

Subject

CN=上海广乐网络科技有限公司,OU=技术,O=上海广乐网络科技有限公司,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:91:3c:f8:02:3f:ac:b4:f6:b7:f7:ac:ea:a9:c5:54:38:b5:a5:c1:c1:e2:e4:47:07:84:79:26:c2:6a:6c:1a
Signer

Actual PE Digest

14:91:3c:f8:02:3f:ac:b4:f6:b7:f7:ac:ea:a9:c5:54:38:b5:a5:c1:c1:e2:e4:47:07:84:79:26:c2:6a:6c:1a

Digest Algorithm

sha256

PE Digest Matches

true

d8:dd:d7:a5:8f:80:0f:22:e5:bc:24:49:cb:ce:8b:4f:dd:f4:4e:d2
Signer

Actual PE Digest

d8:dd:d7:a5:8f:80:0f:22:e5:bc:24:49:cb:ce:8b:4f:dd:f4:4e:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
CopyFileW
CreateProcessW
WaitForSingleObject
WriteProcessMemory
CreateRemoteThread
GetModuleHandleW
ExitProcess
GetProcessTimes
GetCurrentProcess
ReadFile
CreateEventW
SetEvent
WriteFile
CreateNamedPipeW
WaitForMultipleObjects
GetOverlappedResult
FlushFileBuffers
WaitNamedPipeW
SetNamedPipeHandleState
TransactNamedPipe
DisconnectNamedPipe
ConnectNamedPipe
IsBadReadPtr
InterlockedDecrement
GetCommandLineW
InterlockedIncrement
GetCurrentProcessId
CreateDirectoryW
GlobalAlloc
FormatMessageW
LocalFree
GetFileSize
GlobalLock
GlobalUnlock
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSection
ResumeThread
GetModuleHandleA
FindFirstFileW
GetFileAttributesW
GetStdHandle
FreeResource
SetEnvironmentVariableA
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetACP
ExitThread
FreeLibraryAndExitThread
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
OpenMutexW
FileTimeToSystemTime
GetCurrentThread
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetFileAttributesExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
WaitForSingleObjectEx
SetStdHandle
ReadConsoleW
SetEndOfFile
GetSystemDirectoryA
TerminateThread
GetVersionExA
GetSystemInfo
DeviceIoControl
lstrcpyA
SetThreadAffinityMask
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
Sleep
LoadLibraryA
ExpandEnvironmentStringsA
GetLocalTime
TerminateProcess
GetTickCount
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
FindResourceW
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
CreateThread
DeleteFileW
GetFileSizeEx
CreateFileW
GetFullPathNameW
GetDriveTypeW
PeekNamedPipe
FormatMessageA
SleepEx
VerifyVersionInfoA
SetErrorMode
DosDateTimeToFileTime
SystemTimeToFileTime
DuplicateHandle
SetFileTime
SetFilePointer
VerSetConditionMask
MulDiv
GetCurrentDirectoryW
LoadLibraryW
SystemTimeToTzSpecificLocalTime
CreateMutexW
DeleteCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenW
lstrcpyW
lstrcmpiW
CloseHandle
OpenProcess
LoadLibraryExW
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
WriteConsoleW

user32

PtInRect
ReleaseDC
DrawTextW
GetSystemMetrics
GetDC
GetDesktopWindow
GetShellWindow
GetWindowRect
GetParent
WindowFromPoint
GetWindowThreadProcessId
GetMonitorInfoW
MonitorFromWindow
SetTimer
SetWindowLongW
IsWindowVisible
ShowWindow
CallWindowProcW
GetLastInputInfo
IsWindow
IsIconic
IsZoomed
DestroyWindow
PostQuitMessage
SetWindowPos
KillTimer
GetCursorPos
DefWindowProcW
LoadCursorW
RegisterClassExW
CreateWindowExW
UpdateWindow
ClientToScreen
SetForegroundWindow
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
FindWindowExW
wsprintfW
AnimateWindow
TranslateMessage
PeekMessageW
DispatchMessageW
SetWinEventHook
EnumWindows
LoadImageW
DestroyMenu
PostMessageW
TrackPopupMenu
SetMenuDefaultItem
GetSubMenu
LoadMenuW
SetCursor
SendMessageW
InflateRect
UnionRect
OffsetRect
GetMessageW
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
IsRectEmpty
GetWindowLongW
GetWindow
RegisterClassW
GetClassInfoExW
EnableWindow
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
UpdateLayeredWindow
MoveWindow
GetWindowRgn
RegisterWindowMessageW
SetWindowRgn
MessageBoxW
CharPrevW
FillRect
SetRect
HideCaret
ShowCaret
GetCaretPos

shell32

DragQueryFileW
ShellExecuteW
Shell_NotifyIconW
ord165
SHGetSpecialFolderPathW

ole32

StringFromCLSID
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
CoCreateInstance
OleLockRunning
CoTaskMemFree
OleDuplicateData

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

shlwapi

PathFileExistsA
StrIsIntlEqualA
StrStrIA
PathFindFileNameW
StrCpyW
PathRemoveFileSpecW
PathAppendA
PathFindFileNameA
StrStrW
StrCmpIW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

closesocket
bind
send
recv
WSASetLastError
select
connect
WSAGetLastError
ntohl
htonl
WSACleanup
WSAStartup
getpeername
getsockname
getsockopt
htons
gethostname
gethostbyname
ntohs
setsockopt
socket
__WSAFDIsSet
ioctlsocket
WSAIoctl
getaddrinfo
listen
accept
sendto
recvfrom
freeaddrinfo

gdi32

SelectObject
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateDIBitmap
CreateFontIndirectW
DeleteObject
SetBkColor
GetObjectW
SetTextColor
DeleteDC
GetStockObject
CreateCompatibleDC
SetBitmapBits
GetBitmapBits
GdiFlush
TextOutW
MoveToEx
CreatePen
RestoreDC
SaveDC
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
SetWindowOrgEx
CreateRectRgn
PtInRegion
CreateRoundRectRgn
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkMode
StretchBlt
SetStretchBltMode
GetObjectA
CreateDIBSection

advapi32

EnumServicesStatusW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
ConvertSidToStringSidA
LookupAccountNameW
OpenSCManagerW
RegOpenCurrentUser
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptAcquireContextW

wininet

InternetReadFile
InternetSetOptionW
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA
HttpQueryInfoA

imagehlp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo

wldap32

ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDrawImageRectI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

791c5bd6712ee55518380ed970699721

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07:8f:d1:48:0a:d2:92:72:fb:1f:57:61:4e:67:02:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

34:cb:7f:a7:1d:10:18:43:27:bd:00:97:c4:b3:0a:c0Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

14:91:3c:f8:02:3f:ac:b4:f6:b7:f7:ac:ea:a9:c5:54:38:b5:a5:c1:c1:e2:e4:47:07:84:79:26:c2:6a:6c:1aSigner

d8:dd:d7:a5:8f:80:0f:22:e5:bc:24:49:cb:ce:8b:4f:dd:f4:4e:d2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

shlwapi

version

ws2_32

gdi32

advapi32

wininet

imagehlp

iphlpapi

wldap32

imm32

comctl32

gdiplus

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 248KB - Virtual size: 248KB

.data Size: 90KB - Virtual size: 115KB

.gfids Size: 1KB - Virtual size: 1KB

.rsrc Size: 78KB - Virtual size: 77KB

.reloc Size: 62KB - Virtual size: 61KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07:8f:d1:48:0a:d2:92:72:fb:1f:57:61:4e:67:02:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

34:cb:7f:a7:1d:10:18:43:27:bd:00:97:c4:b3:0a:c0
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

14:91:3c:f8:02:3f:ac:b4:f6:b7:f7:ac:ea:a9:c5:54:38:b5:a5:c1:c1:e2:e4:47:07:84:79:26:c2:6a:6c:1a
Signer

d8:dd:d7:a5:8f:80:0f:22:e5:bc:24:49:cb:ce:8b:4f:dd:f4:4e:d2
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 248KB - Virtual size: 248KB

.data
Size: 90KB - Virtual size: 115KB

.gfids
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 78KB - Virtual size: 77KB

.reloc
Size: 62KB - Virtual size: 61KB