d436101acb62c33499005103b6a8f3b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d436101acb62c33499005103b6a8f3b7_JaffaCakes118
Size

7.9MB
MD5

d436101acb62c33499005103b6a8f3b7
SHA1

abca5cfe689b989ce587276f9a6522b21a1d0754
SHA256

07522ed67f2a6a06c5eaf63e508295009507e32cab5d5d2c82b4ce57185f774e
SHA512

92d58ef9365961ece17da1fd9252e1108145dcec486ac035a7f66e656d2e3e73e31ba95dd54afa5e8a0d055418f6dfef5118a5ba135a230f0db2434b2cbace8f
SSDEEP

196608:VWDfAU1+Kvpeyayl3AvD9W5wbwsJASdHAZfldOKYGx:VW0Cvw9yl3iD9W5w0s1gL0RW

Score

1^/10

Malware Config

Signatures

Files

d436101acb62c33499005103b6a8f3b7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f07b8a61b0e52612acf8c0b0fe1b32db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:01:b8:88:3e:20:09:69:22:78:db:32:48:78:d4:96
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/05/2017, 00:00

Not After

08/05/2020, 23:59

Subject

CN=Nanjing Tongxiang Network Technology Co.\,Ltd.,OU=Operations Center,O=Nanjing Tongxiang Network Technology Co.\,Ltd.,L=Nanjing,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:68:fa:ae:65:5e:7b:b8:3b:b6:2f:e3:d2:d1:bd:13:12:dd:ee:01
Signer

Actual PE Digest

81:68:fa:ae:65:5e:7b:b8:3b:b6:2f:e3:d2:d1:bd:13:12:dd:ee:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\wifigxdev\source\PC_Client\PC_Client\trunk\build_temp\Win32\link\release_static\txWifigxSetup\txWifigxSetup.pdb

Imports

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

kernel32

WriteFile
ReadFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TerminateThread
SuspendThread
ResumeThread
MulDiv
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
InterlockedIncrement
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
SetEndOfFile
LocalFree
GetProcessHeap
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
SetFilePointer
LCMapStringW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
RtlUnwind
ExitProcess
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
CreateThread
GetCurrentThreadId
ExitThread
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
GetFileSize
lstrlenW
CreateFileW
SetFileTime
GetFullPathNameW
Sleep
InterlockedDecrement
GetVersion
GetNativeSystemInfo
FreeResource
OpenEventW
CreateEventW
ResetEvent
SetEvent
SetFileAttributesW
DeleteFileW
GetFileAttributesW
CreateDirectoryW
LoadLibraryW
OutputDebugStringA
SetCurrentDirectoryW
FindClose
FindFirstFileW
LockResource
GetLastError
SizeofResource
LoadResource
FindResourceW
GetTickCount
WaitForSingleObject
CreateProcessW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetProcAddress
TerminateProcess
OpenProcess
GetModuleHandleW
OutputDebugStringW

user32

FillRect
DrawTextW
DrawIconEx
CopyImage
CharPrevW
RedrawWindow
ClientToScreen
GetSysColor
OffsetRect
GetAsyncKeyState
SetCursor
CharNextW
DrawFocusRect
IntersectRect
IsRectEmpty
GetWindowTextLengthW
SetForegroundWindow
GetWindowTextW
SystemParametersInfoW
ChildWindowFromPointEx
CreateAcceleratorTableW
InvalidateRgn
DestroyAcceleratorTable
EnableWindow
SetWindowPos
PostMessageW
PostQuitMessage
MoveWindow
DefWindowProcW
CreateWindowExW
ShowWindow
GetWindowRgn
SetWindowLongW
GetWindowLongW
RegisterClassExW
GetClientRect
MapWindowPoints
SetWindowTextW
CharNextA
LoadStringW
LoadBitmapW
LoadImageW
GetClassInfoExW
SetPropW
RegisterClassW
GetSystemMetrics
DestroyIcon
GetPropW
CallWindowProcW
EndPaint
TranslateAcceleratorW
UpdateLayeredWindow
SetWindowRgn
SetTimer
HideCaret
ScreenToClient
GetMessageW
IsIconic
IsChild
SetCapture
KillTimer
IsZoomed
GetKeyState
GetFocus
IsWindowEnabled
SetFocus
ShowCaret
BeginPaint
PtInRect
GetUpdateRect
GetDC
TranslateMessage
InvalidateRect
ReleaseDC
MonitorFromWindow
GetCursorPos
CreateCaret
IsWindow
ReleaseCapture
IsWindowVisible
SetCaretPos
SendMessageW
GetMonitorInfoW
GetWindow
DispatchMessageW
DestroyWindow
GetWindowRect
GetParent
LoadCursorW

gdi32

SelectObject
PtInRegion
CreateCompatibleDC
CreateRectRgn
SetBkColor
StretchBlt
GetTextExtentPoint32W
SetBitmapBits
DeleteDC
CreateCompatibleBitmap
PathToRegion
EndPath
FillRgn
GetRgnBox
DeleteObject
BeginPath
GetStockObject
CreatePen
CreateRoundRectRgn
GetObjectW
GetTextMetricsW
Rectangle
CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
EnumFontsW
SetStretchBltMode
AngleArc
GetCharABCWidthsW
ExtTextOutW
SelectClipRgn
CreateDIBSection
GetBitmapBits
SetBkMode
BitBlt
MoveToEx
CreateEllipticRgn
SetTextColor
GetDeviceCaps
CreateSolidBrush
TextOutW
ExtSelectClipRgn
RoundRect
LineTo
GetClipBox

advapi32

RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleDuplicateData
ReleaseStgMedium
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoInitializeSecurity
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
SysFreeString
OleLoadPicture
VariantClear
SysAllocString

Sections

.text
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f07b8a61b0e52612acf8c0b0fe1b32db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

42:01:b8:88:3e:20:09:69:22:78:db:32:48:78:d4:96Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

81:68:fa:ae:65:5e:7b:b8:3b:b6:2f:e3:d2:d1:bd:13:12:dd:ee:01Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

comctl32

riched20

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 536KB - Virtual size: 536KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 11KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 7.2MB - Virtual size: 7.2MB

.reloc Size: 60KB - Virtual size: 60KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

42:01:b8:88:3e:20:09:69:22:78:db:32:48:78:d4:96
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

81:68:fa:ae:65:5e:7b:b8:3b:b6:2f:e3:d2:d1:bd:13:12:dd:ee:01
Signer

.text
Size: 536KB - Virtual size: 536KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 11KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 7.2MB - Virtual size: 7.2MB

.reloc
Size: 60KB - Virtual size: 60KB