de216b7029387dae795f9f19a1467d99_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de216b7029387dae795f9f19a1467d99_JaffaCakes118
Size

1.2MB
MD5

de216b7029387dae795f9f19a1467d99
SHA1

84efb66b3b1ba5642214c1b39b82a8835458850b
SHA256

8d3e646bd4880f1be9f6f7814e0ae4014a0fcdb1da904cdcd3227ab57c1b939b
SHA512

7087f9a987ecc230de87556d93b58a49ee7ab01bf6f15c746f722a00a30a72412720716e5bc22462befd883eeb5040fa6916c2a35f79e7438d235349f21eb57a
SSDEEP

24576:dJcp8OjMh1MyVZzEIHz052AVUapmkFDAMWHwVWDJY2oGTeVS0PD0:KdbpFDHP0xTeVI

Score

1^/10

Malware Config

Signatures

Files

de216b7029387dae795f9f19a1467d99_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b72595148ee6498f00069fe6e5e45152

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30-09-2015 00:00

Not After

28-09-2018 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:47:c5:78:4a:e6:57:4b:75:62:30:f0:8d:08:6e:88:03:0d:a2:f7
Signer

Actual PE Digest

55:47:c5:78:4a:e6:57:4b:75:62:30:f0:8d:08:6e:88:03:0d:a2:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_0_NewKernel\Bin\SogouPdb\SogouInput\SogouComMgr.pdb

Imports

wininet

HttpQueryInfoW
InternetSetOptionW
InternetOpenUrlW
InternetReadFile
InternetOpenW
InternetCloseHandle

kernel32

SetFilePointer
SetEndOfFile
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GlobalAlloc
SetFileAttributesW
GetFileSize
GetLastError
CreateFileW
ReadFile
WriteFile
GetProcessHeap
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
DeleteFileW
MoveFileW
GetTempPathW
UnmapViewOfFile
GetTempFileNameW
FindClose
GetLocaleInfoA
CloseHandle
DeleteCriticalSection
GetStringTypeW
GetStringTypeA
GetModuleHandleA
SetStdHandle
HeapFree
CreateSemaphoreW
EnterCriticalSection
ReleaseSemaphore
LCMapStringW
SetEnvironmentVariableA
LeaveCriticalSection
LCMapStringA
GetStartupInfoA
SetHandleCount
TerminateThread
InitializeCriticalSection
WaitForSingleObject
FindNextFileW
GetModuleFileNameW
Sleep
GetTickCount
FindFirstFileW
HeapAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
GetCurrentProcess
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
InterlockedIncrement
InterlockedCompareExchange
FormatMessageW
ExitThread
SetLastError
CreateEventW
DuplicateHandle
LocalFree
CreateThread
InitializeCriticalSectionAndSpinCount
OpenEventW
FreeLibrary
CreateProcessW
MoveFileExW
CreateDirectoryW
CopyFileW
GetExitCodeProcess
GetFileAttributesW
GetProcessId
GetLogicalDriveStringsW
OpenProcess
RemoveDirectoryW
QueryDosDeviceW
InterlockedExchange
CreateMutexW
OpenMutexW
ReleaseMutex
LocalAlloc
FlushFileBuffers
QueryPerformanceCounter
SetEvent
TlsGetValue
InterlockedDecrement
TlsSetValue
TlsAlloc
TlsFree
VirtualQuery
GetConsoleCP
TerminateProcess
lstrlenW
GetLocalTime
lstrcatW
IsDebuggerPresent
lstrcpyW
GlobalLock
GlobalUnlock
GlobalHandle
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
WaitNamedPipeW
SetNamedPipeHandleState
HeapReAlloc
UnhandledExceptionFilter
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetStartupInfoW
ResumeThread
GetFileType
RtlUnwind
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
SetUnhandledExceptionFilter

user32

SetWindowPos
GetCursorPos
EnableWindow
LoadCursorW
RegisterClassExW
GetSystemMetrics
SetRectEmpty
GetDesktopWindow
IsIconic
wvsprintfW
CallWindowProcW
GetPropW
IsWindowVisible
SystemParametersInfoW
ReleaseDC
GetDC
SetPropW
BeginPaint
IsWindowEnabled
TrackMouseEvent
PostQuitMessage
SetCapture
NotifyWinEvent
SetTimer
SetCursor
ClientToScreen
EndPaint
PtInRect
DrawTextW
UpdateLayeredWindow
GetWindowTextW
GetFocus
GetMonitorInfoW
IntersectRect
SubtractRect
KillTimer
MonitorFromPoint
CreateWindowExW
DefWindowProcW
GetWindowRect
GetClientRect
MoveWindow
RegisterWindowMessageW
DestroyWindow
PostMessageW
GetMessageW
SetForegroundWindow
FindWindowW
TranslateMessage
LoadIconW
ShowWindow
MessageBoxW
SendMessageW
DispatchMessageW
ScreenToClient
SetWindowLongW
GetWindowLongW
GetKeyState
ReleaseCapture

advapi32

RegDeleteKeyW
RegCreateKeyExW
LookupAccountSidW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyW
RegSetValueExW
OpenProcessToken
GetTokenInformation

ole32

CoInitialize
OleSetContainedObject
OleCreate
CoUninitialize

oleaut32

VariantClear
SysAllocString
VariantInit

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetProcessMemoryInfo

msimg32

AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

gdi32

SelectObject
GetFontData
DeleteDC
SetTextCharacterExtra
CreateCompatibleDC
DeleteObject
SetBkMode
CreateDIBSection
SetTextColor
BitBlt
GetObjectW
CreateFontIndirectW

shell32

SHFileOperationW
ShellExecuteExW
SHChangeNotify
ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 777KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b72595148ee6498f00069fe6e5e45152

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ceCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

55:47:c5:78:4a:e6:57:4b:75:62:30:f0:8d:08:6e:88:03:0d:a2:f7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

ole32

oleaut32

imm32

version

psapi

msimg32

oleacc

gdi32

shell32

Sections

.text Size: 777KB - Virtual size: 776KB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 24KB - Virtual size: 84KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 56KB - Virtual size: 55KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

55:47:c5:78:4a:e6:57:4b:75:62:30:f0:8d:08:6e:88:03:0d:a2:f7
Signer

.text
Size: 777KB - Virtual size: 776KB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 24KB - Virtual size: 84KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 56KB - Virtual size: 55KB