d4fac7bdf32aa8d719682fb6df799eb3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d4fac7bdf32aa8d719682fb6df799eb3_JaffaCakes118
Size

1.9MB
MD5

d4fac7bdf32aa8d719682fb6df799eb3
SHA1

d8c0625f10055fb74b93bb951d904d72bb2ffff4
SHA256

b78a8a4d0fa9d4fc162555c44caae7808f0cb002a8d79dfa8759f821001e16ae
SHA512

797036df65957af170b4e3dfd2c94c8c4a3b4f8f9bed2aa7b1d17758332d2e9a172cdf49f6a3afafc91a0818c6316e727cebcafbcbb70e54e1972ddbde359e3c
SSDEEP

49152:ZKk/Og7vTa9X3x3O0d1gwun6PEJx37+Ok3VzTLppTlsZrx:05IKXB3JKwQ6s737C3pLp1OZ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FastTV/Kernel/scast/sopocx.ocx

Files

d4fac7bdf32aa8d719682fb6df799eb3_JaffaCakes118
.rar
FastTV/Kernel/scast/adv/SopAdver.exe
FastTV/Kernel/scast/config.xml
FastTV/Kernel/scast/skin/sopcore.xml
FastTV/Kernel/scast/sopocx.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

b957fcc44dcdd949ec9ac894db7c8654

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\sopdev\SopSolution\SopCast\sopocx.pdb

Imports

kernel32

GetCPInfo
GetTimeZoneInformation
QueryPerformanceCounter
GetCurrentProcessId
GetModuleFileNameA
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
HeapSize
SetStdHandle
SetConsoleCtrlHandler
IsBadReadPtr
IsBadCodePtr
GetOEMCP
CompareStringA
SetEnvironmentVariableA
SetEnvironmentVariableW
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
CreateFileA
GetCurrentDirectoryA
GetFullPathNameA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetDriveTypeA
TerminateProcess
VirtualQuery
FlushConsoleInputBuffer
GlobalMemoryStatus
FindFirstFileA
GetSystemInfo
VirtualAlloc
GetStringTypeExA
VirtualProtect
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
PostQueuedCompletionStatus
GetQueuedCompletionStatus
OpenProcess
CreateIoCompletionPort
ReleaseMutex
CreateMutexA
TerminateThread
InterlockedCompareExchange
FormatMessageA
HeapAlloc
HeapFree
CreateThread
lstrcpyA
GetProfileIntW
WritePrivateProfileStringW
FindResourceExW
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetTickCount
FileTimeToSystemTime
GlobalFlags
RaiseException
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
WaitForSingleObject
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
LoadLibraryW
GetLocaleInfoW
GetUserDefaultLCID
IsDBCSLeadByte
lstrcmpiW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
FreeLibrary
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
GetLastError
SetLastError
GlobalFree
CopyFileW
MulDiv
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrcpynW
LocalFree
CompareStringW
GetLongPathNameW
MultiByteToWideChar
lstrcatW
lstrlenW
WinExec
lstrcpyW
FindFirstFileW
FindClose
CreateDirectoryW
CreateFileW
CloseHandle
WideCharToMultiByte
MoveFileW
DeleteFileW
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetStringTypeW
InterlockedExchange

user32

CopyAcceleratorTableW
SetRect
IsRectEmpty
ReleaseDC
GetDC
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
IsChild
GetWindowTextLengthW
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
InvalidateRect
GetMessageTime
GetMessagePos
LoadIconW
PeekMessageW
wsprintfW
MessageBoxW
SendMessageW
PostMessageW
SetTimer
KillTimer
GetParent
GetDlgCtrlID
EnableWindow
GetWindowTextW
GetWindow
GetForegroundWindow
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetClassInfoW
RegisterClassW
UnregisterClassW
InvalidateRgn
SetCapture
ReleaseCapture
SetParent
DrawEdge
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
InflateRect
ValidateRect
DestroyMenu
CreateMenu
UnhookWindowsHookEx
RegisterClipboardFormatW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
GetProcessWindowStation
GetUserObjectInformationW
LoadStringA
PtInRect
TabbedTextOutW
DrawTextW
GrayStringW
DrawTextExW
SetCursor
LoadCursorW
SetRectEmpty
EnumChildWindows
LockWindowUpdate
PostQuitMessage
GetCursorPos
TranslateMessage
GetMessageW
GetNextDlgGroupItem
MessageBeep
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
ClientToScreen
FillRect
GetWindowDC
MessageBoxA
RedrawWindow
WindowFromPoint
GetDCEx
PostThreadMessageW
BeginPaint
GetTabbedTextExtentA
CharUpperW
CharNextW
GetDialogBaseUnits
MapWindowPoints
EndPaint
DestroyIcon

gdi32

MoveToEx
SetTextAlign
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
DeleteObject
CreatePatternBrush
GetStockObject
CreatePen
CreateSolidBrush
GetTextMetricsW
SetRectRgn
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetTextAlign
EnumFontFamiliesExW
Rectangle
UnrealizeObject
CreateCompatibleBitmap
CreateFontW
StretchBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetViewportOrgEx
CombineRgn
DeleteDC
DeleteMetaFile
CloseMetaFile
CreateMetaFileW
LPtoDP
GetRgnBox
PatBlt
CreateRectRgnIndirect
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateDCW
SetMapMode
SetROP2
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
CreateFontIndirectW
GetDeviceCaps
CopyMetaFileW

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegisterEventSourceA
IsTextUnicode
DeregisterEventSource
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyW
RegCreateKeyW
RegOpenKeyW
RegSetValueW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueW
RegCloseKey
ReportEventA

shell32

ExtractIconW
ShellExecuteW

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
CreateDataCache
CoRegisterClassObject
CoRevokeClassObject
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateDataAdviseHolder
OleSaveToStream
CreateOleAdviseHolder
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
OleUninitialize
StgOpenStorageOnILockBytes
OleInitialize
CreateStreamOnHGlobal
ReadClassStm
ReleaseStgMedium
CoTaskMemAlloc
ReadFmtUserTypeStg
CoCreateInstance
CoTaskMemFree
CoGetClassObject
OleIsCurrentClipboard
OleFlushClipboard
OleLoadFromStream
CoRegisterMessageFilter
StringFromCLSID
CoFreeUnusedLibraries
OleDuplicateData

oleaut32

LoadTypeLi
OleCreatePropertyFrame
SafeArrayDestroy
SystemTimeToVariantTime
SysStringByteLen
SysStringLen
VariantChangeType
VariantClear
SysFreeString
LoadRegTypeLi
SysAllocStringLen
SysAllocString
VariantInit
VariantCopy
OleCreateFontIndirect
OleLoadPicture
OleCreatePictureIndirect
RegisterTypeLi

ws2_32

WSARecv
getservbyname
WSAStringToAddressA
WSASocketW
WSARecvFrom
WSASendTo
__WSAFDIsSet
shutdown
ioctlsocket
WSASend
setsockopt
listen
ntohl
ntohs
WSAStartup
WSACleanup
gethostbyname
closesocket
htonl
htons
inet_addr
accept
socket
select
bind
recv
send
WSAAsyncSelect
recvfrom
sendto
connect
WSASetLastError
getpeername
getsockname
WSAGetLastError

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FastTV/Kernel/scast/sopvod.exe
.exe windows:4 windows x86 arch:x86

9fd81548dc7e4ed8bb13478d429cd562

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:62:6d:ce:85:20:a4:b7:bc:af:e5:6c:97:e0:8c:51
Certificate

Issuer

CN=WoTrust Code Signing Authority,O=Wotone Communications\, Inc.,C=US

Not Before

08/01/2007, 00:00

Not After

08/01/2008, 23:59

Subject

CN=www.sopcast.com,OU=www.sopcast.com,O=www.sopcast.com,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/08/2006, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoTrust Code Signing Authority,O=Wotone Communications\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASendTo
WSARecvFrom
WSASetLastError
sendto
setsockopt
__WSAFDIsSet
shutdown
getsockname
getpeername
WSAGetLastError
accept
listen
bind
ioctlsocket
htonl
ntohl
ntohs
WSAStartup
WSACleanup
inet_addr
gethostbyname
socket
htons
connect
closesocket
send
select
recv

kernel32

InitializeCriticalSection
GetStringTypeW
GetStringTypeA
HeapSize
GetCPInfo
GetOEMCP
GetACP
SetUnhandledExceptionFilter
GetEnvironmentStringsW
MultiByteToWideChar
Sleep
GetDiskFreeSpaceExA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateThread
TerminateThread
GetTickCount
WideCharToMultiByte
GetCurrentThreadId
GetLastError
GetVersion
GetFileType
GetStdHandle
GetCurrentProcessId
GlobalMemoryStatus
QueryPerformanceCounter
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
SetLastError
GetLocaleInfoA
GetDiskFreeSpaceA
GetSystemInfo
InterlockedDecrement
CreateEventA
InterlockedIncrement
InterlockedExchange
PulseEvent
DeleteFileA
MoveFileExA
MoveFileA
SetEndOfFile
SetFilePointer
DuplicateHandle
GetCurrentProcess
GetFileAttributesA
GetFileInformationByHandle
GetTempPathA
GetSystemTime
ReadFile
WriteFile
FlushFileBuffers
FindClose
FindNextFileA
FindFirstFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualQuery
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
CreateFileA
VirtualProtect
SetStdHandle
GetStartupInfoA
SetHandleCount
FlushConsoleInputBuffer
HeapReAlloc
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleA
TerminateProcess
RtlUnwind
RaiseException
DebugBreak
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetCommandLineA
GetCurrentDirectoryA
GetFullPathNameA
SetConsoleCtrlHandler
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetModuleFileNameA
GetProcessHeap
LCMapStringA
LCMapStringW

user32

GetProcessWindowStation
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FastTV/ReadMe.txt
FastTV/default.htm
.html

Sharing

General

Malware Config

Signatures

Files

b957fcc44dcdd949ec9ac894db7c8654

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

psapi

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 284KB - Virtual size: 283KB

.data Size: 80KB - Virtual size: 104KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 112KB - Virtual size: 109KB

9fd81548dc7e4ed8bb13478d429cd562

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

aa:62:6d:ce:85:20:a4:b7:bc:af:e5:6c:97:e0:8c:51Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 208KB - Virtual size: 205KB

.data Size: 64KB - Virtual size: 77KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 284KB - Virtual size: 283KB

.data
Size: 80KB - Virtual size: 104KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 112KB - Virtual size: 109KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

aa:62:6d:ce:85:20:a4:b7:bc:af:e5:6c:97:e0:8c:51
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88
Certificate

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 208KB - Virtual size: 205KB

.data
Size: 64KB - Virtual size: 77KB