dff1b20a85785b018f284f198982e7a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dff1b20a85785b018f284f198982e7a8_JaffaCakes118
Size

945KB
MD5

dff1b20a85785b018f284f198982e7a8
SHA1

2a33ee027a4254e3c7155f0aa48103d99a54d44d
SHA256

d22df4225bac0813095c043bd888843e422000ba4ba4303c123498cecf44abb5
SHA512

86302b117ebe10c828dc5e30c72fa3ee5fad9843dd7989194dd95eb1290202c09bf29811f1ebd0c6ee8a3ee98c74da6af68780345f3f71b297336f6e3d2d7c2c
SSDEEP

24576:rU2LSQbtHwQXbuUDAbyk2QaKd5FfkW8j3VDuZ/8dYn:57buUDAs7UDkW8ZMai

Score

1^/10

Malware Config

Signatures

Files

dff1b20a85785b018f284f198982e7a8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9ba981592f89d0b1f098c86c4c56ebec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/09/2017, 00:00

Not After

27/09/2019, 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,OU=Desktop Business Division,O=Beijing Sogou Technology Development Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:d0:f1:e6:8c:80:7f:25:71:c0:1b:a6:4c:9a:f0:7b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/08/2018, 00:00

Not After

29/08/2021, 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,OU=Desktop,O=Beijing Sogou Technology Development Co.\, Ltd.,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:36:2b:5c:97:bf:ae:50:5c:1c:e0:5b:82:ed:e4:38:25:df:f8:bb:e5:dd:3b:87:62:ff:75:16:77:93:d9:9d
Signer

Actual PE Digest

4d:36:2b:5c:97:bf:ae:50:5c:1c:e0:5b:82:ed:e4:38:25:df:f8:bb:e5:dd:3b:87:62:ff:75:16:77:93:d9:9d

Digest Algorithm

sha256

PE Digest Matches

false

33:06:1e:4e:2f:45:9e:f3:66:31:87:65:6a:76:cd:bb:8f:65:98:19
Signer

Actual PE Digest

33:06:1e:4e:2f:45:9e:f3:66:31:87:65:6a:76:cd:bb:8f:65:98:19

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\se\branches\8.5_climber\bin\Release\UninsSE.pdb

Imports

shell32

SHGetPathFromIDListW
ord155
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
SHGetFolderLocation
CommandLineToArgvW

gdiplus

GdipSetSmoothingMode
GdipCreateSolidFill
GdipDeleteBrush
GdipFillRectangleI
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdiplusStartup
GdipSetInterpolationMode
GdipCloneImage
GdipDisposeImage
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateImageAttributes
GdipCreateHBITMAPFromBitmap
GdipDrawImageRectRectI
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawPath
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipFillPath
GdipDeletePath
GdipCreatePath
GdipClosePathFigure
GdipAddPathArcI
GdipResetWorldTransform
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetTextRenderingHint
GdipDrawString
GdipSetWorldTransform
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipFillEllipseI
GdipCloneBrush
GdipAlloc
GdipFree

kernel32

ChangeTimerQueueTimer
GetThreadPriority
SwitchToThread
GetEnvironmentVariableW
InterlockedCompareExchange
GetThreadContext
SetThreadContext
VirtualQuery
SetFilePointer
IsWow64Process
SetThreadPriority
FileTimeToLocalFileTime
FileTimeToDosDateTime
GlobalMemoryStatusEx
LocalAlloc
DeviceIoControl
lstrlenA
GetCommandLineW
SetLastError
LeaveCriticalSection
EnterCriticalSection
SignalObjectAndWait
GetProcessAffinityMask
UnregisterWait
RegisterWaitForSingleObject
GetProcessTimes
CreateTimerQueueTimer
GetCurrentThreadId
CreateEventW
GetFileSizeEx
FindFirstFileW
SetEvent
OpenEventW
GetProcessHeap
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
GetTempPathW
SetThreadAffinityMask
GetNumaHighestNodeNumber
CreateTimerQueue
WriteConsoleW
ReadConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DeleteCriticalSection
GetModuleFileNameW
Sleep
GetCurrentProcessId
LoadLibraryA
lstrcatA
CopyFileA
CreateFileA
GetSystemDirectoryA
lstrcpyA
DeleteTimerQueueTimer
UnregisterWaitEx
QueryDepthSList
ReleaseSemaphore
VirtualProtect
GetModuleHandleA
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetVersionExW
GetCurrentProcess
OpenProcess
GetProcAddress
GetModuleHandleW
CloseHandle
GetTickCount
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
InterlockedIncrement
ReadProcessMemory
LoadLibraryW
FreeLibrary
CreateFileW
FindClose
GetSystemDirectoryW
FindNextFileW
GetShortPathNameW
DeleteFileW
GetTempFileNameW
MoveFileW
MoveFileExW
RemoveDirectoryW
GetFileSize
ReadFile
WriteFile
ExpandEnvironmentStringsW
SearchPathW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
MulDiv
InitializeCriticalSection
InterlockedExchange
GlobalAlloc
GlobalFree
FindResourceW
SizeofResource
LockResource
LoadResource
DebugBreak
UnmapViewOfFile
QueryPerformanceFrequency
OutputDebugStringW
GlobalLock
GlobalSize
GlobalUnlock
CreateProcessW
WaitForMultipleObjects
WaitForSingleObject
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LocalFree
GetProcessId
TerminateProcess
CopyFileW
OpenFileMappingW
FindFirstFileExW
SetFilePointerEx
SetEndOfFile
SetFileAttributesW
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateMutexA
CreateMutexW
GetLocalTime
SetUnhandledExceptionFilter
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
TryEnterCriticalSection
IsValidCodePage
GetStringTypeW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
ResetEvent
GetStartupInfoW
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetACP
GetFileType
GetTimeZoneInformation
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetThreadTimes

user32

GetMonitorInfoW
GetDesktopWindow
IsWindowVisible
GetKeyState
SystemParametersInfoW
ClientToScreen
ScreenToClient
IntersectRect
KillTimer
EqualRect
SetTimer
IsRectEmpty
SetCursor
GetCursorPos
GetSysColor
IsWindow
GetFocus
GetForegroundWindow
SetFocus
TrackMouseEvent
InvalidateRect
RedrawWindow
SetRectEmpty
BeginPaint
EndPaint
PeekMessageW
GetWindowRect
UpdateLayeredWindow
PtInRect
UnionRect
SetRect
GetSystemMetrics
DrawEdge
TrackPopupMenuEx
InsertMenuW
CreatePopupMenu
DestroyMenu
WindowFromPoint
CreateCaret
HideCaret
SetCaretPos
GetCaretBlinkTime
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfW
MonitorFromWindow
MapWindowPoints
GetParent
GetWindow
ShowWindow
LoadStringW
GetWindowThreadProcessId
AllowSetForegroundWindow
PostThreadMessageW
CreateWindowExW
InflateRect
wsprintfA
IsCharAlphaNumericW
EnumChildWindows
EnumWindows
GetWindowTextW
IsWindowEnabled
DefWindowProcW
MessageBoxW
SetWindowLongW
GetWindowLongW
CallWindowProcW
RegisterWindowMessageW
GetClassNameW
ReleaseDC
GetDC
DrawFocusRect
DrawTextW
FillRect
LoadCursorW
GetClassInfoExW
RegisterClassExW
DispatchMessageW
TranslateMessage
GetMessageW
UnregisterClassW
FindWindowW
OffsetRect
SetWindowTextW
SendMessageW
SetPropW
LoadIconW
GetClientRect
CopyRect
DestroyWindow
PostMessageW
PostQuitMessage
SetCapture
GetCapture
SetWindowPos
ReleaseCapture

gdi32

GetDIBits
CreateDIBSection
BitBlt
CreateCompatibleDC
GetDeviceCaps
GetBkMode
CreateRectRgnIndirect
CreateCompatibleBitmap
GetTextMetricsW
GetTextColor
GetCurrentObject
SetViewportOrgEx
GetViewportOrgEx
GetTextExtentPoint32W
GetTextExtentExPointW
ExtSelectClipRgn
GetStockObject
CreateFontW
CreateFontIndirectW
GetClipRgn
SelectClipRgn
SetBkMode
LineTo
MoveToEx
CreatePen
CreateSolidBrush
DeleteDC
SelectObject
DeleteObject
SaveDC
GetObjectW
SetTextColor
SetBkColor
ExtTextOutW
GdiFlush
StretchBlt
CreateRectRgn
RestoreDC

oleaut32

SysFreeString
SysAllocString
VariantClear
VarBstrCmp
VariantInit

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

imm32

ImmSetCompositionWindow
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmSetCompositionFontW

shlwapi

PathFileExistsW
PathIsRootW
PathIsSameRootW
StrCmpIW
SHGetValueW
ord176
SHGetValueA
SHSetValueA

wininet

InternetCloseHandle
HttpEndRequestW
HttpOpenRequestA
InternetConnectA
InternetOpenW
InternetWriteFile
HttpSendRequestA
HttpAddRequestHeadersA
HttpSendRequestExW
InternetOpenA

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
EnumProcessModules

advapi32

GetUserNameW
CryptGetKeyParam
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegEnumKeyW
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize

crypt32

CryptQueryObject
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CryptMsgGetParam

ws2_32

WSAStartup

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 658KB - Virtual size: 657KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 33KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ba981592f89d0b1f098c86c4c56ebec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

38:d0:f1:e6:8c:80:7f:25:71:c0:1b:a6:4c:9a:f0:7bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

4d:36:2b:5c:97:bf:ae:50:5c:1c:e0:5b:82:ed:e4:38:25:df:f8:bb:e5:dd:3b:87:62:ff:75:16:77:93:d9:9dSigner

33:06:1e:4e:2f:45:9e:f3:66:31:87:65:6a:76:cd:bb:8f:65:98:19Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

gdiplus

kernel32

user32

gdi32

oleaut32

version

imm32

shlwapi

wininet

psapi

advapi32

ole32

crypt32

ws2_32

dbghelp

Sections

.text Size: 658KB - Virtual size: 657KB

.rdata Size: 170KB - Virtual size: 169KB

.data Size: 33KB - Virtual size: 53KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 65KB - Virtual size: 68KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

38:d0:f1:e6:8c:80:7f:25:71:c0:1b:a6:4c:9a:f0:7b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

4d:36:2b:5c:97:bf:ae:50:5c:1c:e0:5b:82:ed:e4:38:25:df:f8:bb:e5:dd:3b:87:62:ff:75:16:77:93:d9:9d
Signer

33:06:1e:4e:2f:45:9e:f3:66:31:87:65:6a:76:cd:bb:8f:65:98:19
Signer

.text
Size: 658KB - Virtual size: 657KB

.rdata
Size: 170KB - Virtual size: 169KB

.data
Size: 33KB - Virtual size: 53KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 65KB - Virtual size: 68KB