c8a5a603bbb33303ba1e03dd5d025bbc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8a5a603bbb33303ba1e03dd5d025bbc_JaffaCakes118
Size

1.1MB
MD5

c8a5a603bbb33303ba1e03dd5d025bbc
SHA1

2e276004c3bec5a215d0437a093827e917a36dfc
SHA256

2045c5ef54a0d90d8953014eceed5908cc506b5c8235b09820a14cb84af61236
SHA512

338b013d5ca3d13147a3416965e63496136fe770cddfdf20f8cb50c0a2e6f6823d046d4813277c779b740a6d44e1f59d49931dc8f92d40f44e41b78b4980b122
SSDEEP

24576:c8iu62ZVGGrZoY/YQVkAXbR5lFpqBDDbghq3:I2dnkGbR5lF26U

Score

1^/10

Malware Config

Signatures

Files

c8a5a603bbb33303ba1e03dd5d025bbc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

57b083f3faed066261022446f8f2e10b

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13/07/2016, 09:16

Not After

21/07/2019, 08:09

Subject

CN=深圳市为爱普信息技术有限公司,OU=IT Dept.,O=深圳市为爱普信息技术有限公司,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:37:54:61:ff:fe:66:28:3e:a9:3a:c4:c6:89:6c:a5:f3:3c:53:0f
Signer

Actual PE Digest

64:37:54:61:ff:fe:66:28:3e:a9:3a:c4:c6:89:6c:a5:f3:3c:53:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\iospc\i4tools70\updater\bin_i4\updater.pdb

Imports

kernel32

GetTempFileNameW
GetTempPathW
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
CreateProcessW
MoveFileExW
GetTickCount
SetEvent
WaitForSingleObject
LeaveCriticalSection
ResetEvent
EnterCriticalSection
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
RemoveDirectoryW
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileW
OutputDebugStringA
WideCharToMultiByte
SetEnvironmentVariableW
GetEnvironmentVariableW
MultiByteToWideChar
CreateDirectoryW
GetLastError
FindClose
FindNextFileW
FindFirstFileW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameW
DeleteFileW
Sleep
GetCommandLineW
FreeResource
GetProcessHeap
SetEndOfFile
CreateFileA
WriteConsoleW
FlushFileBuffers
SetStdHandle
LockResource
LoadResource
SizeofResource
FindResourceW
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapDestroy
HeapCreate
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadLibraryW
GetModuleHandleW
GetACP
ExitProcess
SetFilePointer
GetFileType
DuplicateHandle
GetCurrentProcess
SystemTimeToFileTime
DosDateTimeToFileTime
SetFileTime
GetFileAttributesW
MulDiv
InterlockedIncrement
InterlockedDecrement
GetLocalTime
InterlockedExchange
EncodePointer
DecodePointer
InterlockedCompareExchange
LocalFree
ExitThread
GetCurrentThreadId
CreateThread
HeapFree
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
HeapReAlloc
RaiseException
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetLocaleInfoW
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThread

user32

DispatchMessageW
TranslateMessage
SetFocus
EnableWindow
GetWindow
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetParent
GetWindowRect
LoadImageW
CallWindowProcW
GetWindowLongW
GetPropW
SetPropW
AdjustWindowRectEx
GetMenu
RegisterClassW
LoadCursorW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetKeyState
InvalidateRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
PtInRect
DestroyWindow
GetFocus
MapWindowPoints
UpdateLayeredWindow
IsRectEmpty
IsWindow
BeginPaint
GetUpdateRect
GetCursorPos
SetWindowLongW
InflateRect
UnionRect
SetCursor
IsIconic
IsZoomed
SetWindowRgn
PostMessageW
IntersectRect
CharNextW
DrawTextW
FillRect
MessageBoxW
SetRect
CreateCaret
SetCaretPos
ClientToScreen
GetSysColor
GetCaretPos
HideCaret
ShowCaret
MoveWindow
DrawIconEx
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
PostQuitMessage
ScreenToClient
GetClientRect
RegisterDeviceNotificationW
wsprintfW
SendMessageW
GetSystemMetrics
PeekMessageW
GetMessageW
PostThreadMessageW
GetDC
ReleaseDC
DefWindowProcW
FindWindowW
ShowWindow
OffsetRect
EndPaint
CharPrevW

gdi32

DeleteObject
CreateFontIndirectW
GetObjectW
GetStockObject
CreatePen
DeleteDC
SetWindowOrgEx
Rectangle
RestoreDC
SelectObject
SaveDC
GetTextMetricsW
TextOutW
GetCharABCWidthsW
CreateCompatibleBitmap
CreateCompatibleDC
CreateRoundRectRgn
GetObjectA
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CombineRgn
GetDeviceCaps
BitBlt
RoundRect
GetTextExtentPoint32W
StretchBlt
CreateDIBSection
SetBkMode
SetBkColor
SetTextColor
SetStretchBltMode
ExtTextOutW
CreateSolidBrush
LineTo
MoveToEx
CreatePenIndirect
GdiFlush

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shell32

ShellExecuteW
SHGetPathFromIDListW
CommandLineToArgvW
SHBrowseForFolderW
SHGetFileInfoW

ole32

CoInitialize
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoUninitialize

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipAlloc
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipDeleteFont
GdiplusStartup
GdipCreateLineBrushI
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFromHDC
GdipFree
GdipSetTextRenderingHint
GdipDrawString
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdiplusShutdown
GdipDeleteBrush

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

shlwapi

PathFileExistsW
PathCombineW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW

wininet

HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

msimg32

AlphaBlend

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysAllocString

Sections

.text
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57b083f3faed066261022446f8f2e10b

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5Certificate

Extended Key Usages

Key Usages

64:37:54:61:ff:fe:66:28:3e:a9:3a:c4:c6:89:6c:a5:f3:3c:53:0fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

comctl32

gdiplus

imm32

shlwapi

wininet

psapi

msimg32

oleaut32

Sections

.text Size: 656KB - Virtual size: 656KB

.rdata Size: 125KB - Virtual size: 124KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 237KB - Virtual size: 236KB

.reloc Size: 38KB - Virtual size: 38KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

64:37:54:61:ff:fe:66:28:3e:a9:3a:c4:c6:89:6c:a5:f3:3c:53:0f
Signer

.text
Size: 656KB - Virtual size: 656KB

.rdata
Size: 125KB - Virtual size: 124KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 237KB - Virtual size: 236KB

.reloc
Size: 38KB - Virtual size: 38KB