d6e2aa76f94124110be921420f3f6e56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6e2aa76f94124110be921420f3f6e56_JaffaCakes118
Size

2.9MB
MD5

d6e2aa76f94124110be921420f3f6e56
SHA1

9089ab2db2ca6e8d55d1bc51c8837637d4847f9b
SHA256

619be2bf98451d4bf1ae5473870a3687b893c7cda79cf19ceda67d9cdc16c67b
SHA512

084dd1889846905f85e708ffc935428c2d9381ecffc43b78f2eee5debc70d03f702db9bdc914d368fe20dde8402afec365ae7d76c5b925860acb52bde304fe08
SSDEEP

49152:h+vdkmV0nGZTTZVJ4CFTs+x3aVZUDcvPUEhnAktJ1+bSox3PTvg7uLXsoc:hUqnGJTZVRVsMqVZUDckEAktJ1+bSox6

Score

1^/10

Malware Config

Signatures

Files

d6e2aa76f94124110be921420f3f6e56_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8025bcec0ff553097a9f21a8658a8581

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:bc:65:35:2c:d1:db:b2:ed:61:49:2a:f8:cb:a5:36
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

24/07/2018, 00:00

Not After

22/10/2020, 23:59

Subject

CN=NetEase Youdao Information Technology (Beijing) Co.\,Ltd.,OU=Product Dept.,O=NetEase Youdao Information Technology (Beijing) Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\TeamCity\workspace\YDOcrProject\dict-pc\src\bin\Release\YoudaoDictInstaller.pdb

Imports

psapi

EnumProcessModules
GetProcessImageFileNameW
GetModuleFileNameExW

kernel32

WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
InterlockedCompareExchange
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
LCMapStringW
GetTimeFormatW
GetStringTypeW
GetACP
ExitProcess
GetStdHandle
VirtualAlloc
GetSystemInfo
HeapQueryInformation
SetStdHandle
GetFullPathNameA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineA
GetFileType
GetDriveTypeW
RtlUnwind
OutputDebugStringW
lstrcpynW
GetDateFormatW
InterlockedExchangeAdd
LockFileEx
FormatMessageA
GetTempPathA
GetDiskFreeSpaceA
CreateFileA
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetDiskFreeSpaceW
SearchPathW
GetProfileIntW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
FindResourceExW
lstrcpyW
GetWindowsDirectoryW
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExW
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadLocale
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindClose
FileTimeToLocalFileTime
GlobalFindAtomW
LoadLibraryA
GetSystemDirectoryW
EncodePointer
GetModuleHandleA
OutputDebugStringA
GlobalAddAtomW
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
GetPrivateProfileIntW
FreeResource
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetCurrentThread
SetLastError
FormatMessageW
VirtualQuery
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GetTickCount
IsWow64Process
GetSystemTime
FindFirstFileW
DeviceIoControl
MulDiv
GetCurrentProcess
CreateDirectoryW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
TerminateProcess
MultiByteToWideChar
GetVersionExW
WriteFile
CreateFileW
AreFileApisANSI
GetTempPathW
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileAttributesW
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
OpenFileMappingW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
FreeLibrary
LoadLibraryW
CopyFileW
MoveFileW
GetCurrentThreadId
RemoveDirectoryW
Sleep
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateMutexW
GetCommandLineW
LocalFree
LocalAlloc
DeleteFileW
GetModuleHandleW
GetProcAddress
CloseHandle
OpenProcess
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetFileAttributesA
DeleteFileA
GetConsoleCP

user32

SetWindowTextW
CheckDlgButton
MoveWindow
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
GetMenuDefaultItem
TrackMouseEvent
FindWindowW
SendMessageW
GetWindowThreadProcessId
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
SystemParametersInfoW
InflateRect
CopyRect
GetSysColor
GetMenuItemInfoW
DestroyMenu
UnhookWindowsHookEx
SetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
GetLastActivePopup
IsWindowEnabled
SetCursor
ShowOwnedPopups
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
GetKeyNameTextW
CharUpperW
GetSysColorBrush
LoadCursorW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
CopyImage
DeleteMenu
RealChildWindowFromPoint
InvalidateRect
CharNextW
OffsetRect
CopyAcceleratorTableW
InvalidateRgn
SetRect
IntersectRect
SetMenuItemBitmaps
EnableMenuItem
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
DestroyIcon
SendDlgItemMessageA
SetRectEmpty
GetAsyncKeyState
LoadMenuW
BringWindowToTop
LoadAcceleratorsW
MessageBoxW
PostThreadMessageW
MonitorFromWindow
LoadImageW
GetSystemMenu
AppendMenuW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
EnableWindow
GetParent
SetParent
TranslateAcceleratorW
UnregisterClassW
IsWindow
IsWindowVisible
GetDC
ReleaseDC
DrawTextW
GetWindow
GetForegroundWindow
ShowWindow
GetWindowLongW
SetWindowPos
SetForegroundWindow
MonitorFromPoint
GetMonitorInfoW
PostMessageW
GetWindowRect
ClientToScreen
ScreenToClient
GetCursorPos
GetDesktopWindow
MapVirtualKeyW
KillTimer
SetTimer
RegisterWindowMessageW
OpenClipboard
CloseClipboard
IsClipboardFormatAvailable
SetClipboardData
EmptyClipboard
GetClassNameW
GetWindowTextW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
PostQuitMessage
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetActiveWindow
CreatePopupMenu
InsertMenuItemW
UnionRect
DrawFocusRect
GetKeyState
ValidateRect
SetWindowsHookExW
CallNextHookEx
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
GetFocus
CheckMenuItem
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
SetCursorPos
CopyIcon
FrameRect
LockWindowUpdate
UpdateLayeredWindow
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
CharUpperBuffW
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
DestroyWindow

gdi32

SaveDC
SelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
GetBkColor
GetTextColor
GetRgnBox
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
RestoreDC
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
SetTextColor
SetBkColor
ExtTextOutW
CreateBitmap
GetDeviceCaps
CopyMetaFileW
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
RectVisible
PtVisible
SelectObject
LineTo
IntersectClipRect
GetStockObject
GetPixel
GetObjectType
SetDIBColorTable
GetViewportExtEx
GetWindowExtEx
GetTextExtentPoint32W
GetObjectW
DeleteObject
CreateFontIndirectW
GetTextMetricsW
ExtSelectClipRgn

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

CryptAcquireContextW
CryptDecrypt
CryptDestroyKey
CryptReleaseContext
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptEncrypt
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
CryptImportKey

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW
SHAppBarMessage
SHGetFileInfoW
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathFileExistsW

uxtheme

DrawThemeBackground
IsAppThemed
DrawThemeText
GetThemeSysColor
GetThemePartSize
GetCurrentThemeName
GetThemeColor
CloseThemeData
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
CoRevokeClassObject
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
StringFromGUID2
CoCreateGuid
RegisterDragDrop
OleIsCurrentClipboard

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString
VariantClear
OleCreateFontIndirect
VariantCopy
VarBstrFromDate
VariantTimeToSystemTime

oledlg

OleUIBusyW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

wininet

InternetCrackUrlW
InternetCloseHandle
HttpAddRequestHeadersW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpSendRequestW
HttpQueryInfoW
InternetSetOptionW
InternetReadFile
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetGetCookieW
InternetCanonicalizeUrlW

gdiplus

GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdiplusStartup
GdipFree
GdiplusShutdown
GdipAlloc
GdipDisposeImage

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

rpcrt4

RpcStringFreeW
UuidToStringW

crypt32

CryptDecodeObject
CertCloseStore
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgClose
CryptQueryObject
CryptMsgGetParam

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8025bcec0ff553097a9f21a8658a8581

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2b:bc:65:35:2c:d1:db:b2:ed:61:49:2a:f8:cb:a5:36Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

version

iphlpapi

oleacc

wininet

gdiplus

imm32

winmm

rpcrt4

crypt32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 413KB - Virtual size: 413KB

.data Size: 27KB - Virtual size: 54KB

.gfids Size: 106KB - Virtual size: 106KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 169KB - Virtual size: 169KB

.reloc Size: 144KB - Virtual size: 143KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2b:bc:65:35:2c:d1:db:b2:ed:61:49:2a:f8:cb:a5:36
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 413KB - Virtual size: 413KB

.data
Size: 27KB - Virtual size: 54KB

.gfids
Size: 106KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 169KB - Virtual size: 169KB

.reloc
Size: 144KB - Virtual size: 143KB