d4ec9710554b291c9977ee90e07c3b51_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4ec9710554b291c9977ee90e07c3b51_JaffaCakes118
Size

494KB
MD5

d4ec9710554b291c9977ee90e07c3b51
SHA1

df9067fe73578f3561efaa6cb55108b04321398c
SHA256

1dcbd9b5ef9fea182d7d70676627c7b24d8371aa82f77c6142eeb47a06de40b6
SHA512

0d315d157c40383bfcee1056d958248a477f75be6afba1dc35f296d9d5e086d7d0354d24c0f0aa278916ad5b8c7ce56ee6e17ea7543530a9f682f7014c32792c
SSDEEP

3072:ycafEiCOPqUReUyV4LaGyYkRy+bI+jZ3senlEYJUIniXwtXSCeiNoHBxmPXcpNI+:CfEiNqw8V9sCRbj180ijGMBEcpNI+

Score

1^/10

Malware Config

Signatures

Files

d4ec9710554b291c9977ee90e07c3b51_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5a756f0fbcff376aa58df151a3bcfd3a

Code Sign

5b:32:d2:7a:2e:b6:b4:cf:47:4f:83:97:38:12:9c:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2017, 00:00

Not After

10/10/2019, 23:59

Subject

CN=北京布丁跳跳科技有限公司,OU=IT,O=北京布丁跳跳科技有限公司,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:7b:68:fb:e4:74:c7:69:f8:4e:87:90:2a:7a:f2:85
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

10/10/2017, 00:00

Not After

10/10/2019, 23:59

Subject

CN=北京布丁跳跳科技有限公司,OU=IT,O=北京布丁跳跳科技有限公司,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

15:f0:dc:de:e4:e6:82:00:22:66:c2:de:c5:37:11:0c:6d:9b:10:72:a2:ae:0b:f2:58:6a:bb:34:95:9a:c6:42
Signer

Actual PE Digest

15:f0:dc:de:e4:e6:82:00:22:66:c2:de:c5:37:11:0c:6d:9b:10:72:a2:ae:0b:f2:58:6a:bb:34:95:9a:c6:42

Digest Algorithm

sha256

PE Digest Matches

true

d7:92:0d:34:58:fb:b0:2e:3d:c8:85:32:ba:36:71:f0:f7:c5:bf:d7
Signer

Actual PE Digest

d7:92:0d:34:58:fb:b0:2e:3d:c8:85:32:ba:36:71:f0:f7:c5:bf:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathAppendW
PathFileExistsW

imm32

ImmInstallIMEW
ImmGetIMEFileNameW
ImmSetHotKey

kernel32

GetCurrentProcess
GetModuleFileNameW
WritePrivateProfileStringW
CreateProcessW
GetPrivateProfileIntW
GetLocalTime
SetErrorMode
GetCurrentProcessId
GetCurrentThreadId
CreateDirectoryW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetVersionExW
GetEnvironmentVariableW
GetPrivateProfileStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
GetTickCount
GetExitCodeProcess
WaitForSingleObject
GlobalFree
GlobalAlloc
OpenProcess
WriteFile
GetSystemInfo
GetLastError
InterlockedDecrement
WideCharToMultiByte
Sleep
CreateFileA
CreateMutexW
FreeLibrary
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
InitializeCriticalSection
GetLocaleInfoW
LoadLibraryA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
GetSystemWow64DirectoryW
LoadLibraryW
LocalAlloc
lstrcmpiW
GetModuleHandleA
LocalFree
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemDirectoryW
CopyFileW
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetProcAddress
DeleteFileW
ReleaseMutex
MoveFileExW
CompareStringW
SetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetTimeZoneInformation
ExitProcess
HeapSize
GetStartupInfoW
GetVersionExA
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapFree
GetProcessHeap
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
MoveFileW
GetSystemTimeAsFileTime
HeapAlloc
InterlockedIncrement

user32

GetKeyboardLayoutList
UnregisterClassA
LoadKeyboardLayoutW
UnloadKeyboardLayout
MessageBoxW

advapi32

RegSetValueExW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
RegEnumValueW
RegDeleteValueW
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW

ole32

CLSIDFromString

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a756f0fbcff376aa58df151a3bcfd3a

Code Sign

5b:32:d2:7a:2e:b6:b4:cf:47:4f:83:97:38:12:9c:46Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

17:7b:68:fb:e4:74:c7:69:f8:4e:87:90:2a:7a:f2:85Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

15:f0:dc:de:e4:e6:82:00:22:66:c2:de:c5:37:11:0c:6d:9b:10:72:a2:ae:0b:f2:58:6a:bb:34:95:9a:c6:42Signer

d7:92:0d:34:58:fb:b0:2e:3d:c8:85:32:ba:36:71:f0:f7:c5:bf:d7Signer

Headers

File Characteristics

Imports

version

shlwapi

imm32

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 152KB - Virtual size: 149KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 288KB - Virtual size: 284KB

5b:32:d2:7a:2e:b6:b4:cf:47:4f:83:97:38:12:9c:46
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

17:7b:68:fb:e4:74:c7:69:f8:4e:87:90:2a:7a:f2:85
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

15:f0:dc:de:e4:e6:82:00:22:66:c2:de:c5:37:11:0c:6d:9b:10:72:a2:ae:0b:f2:58:6a:bb:34:95:9a:c6:42
Signer

d7:92:0d:34:58:fb:b0:2e:3d:c8:85:32:ba:36:71:f0:f7:c5:bf:d7
Signer

.text
Size: 152KB - Virtual size: 149KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 288KB - Virtual size: 284KB