eec1d60ca2b37407a8ed730771a5e013_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eec1d60ca2b37407a8ed730771a5e013_JaffaCakes118
Size

7.9MB
MD5

eec1d60ca2b37407a8ed730771a5e013
SHA1

133043ac231cfb68d5a40955d9d2faa7c638d397
SHA256

529f1c413dc0b7758e71fb16a427fc181c5007696d2a743e7d3797eaea11e1b7
SHA512

3e8d98ed3e0f505f631e354b57f7673994368afa5ddc766ae458bee959851aa3d906e99cd89c1fffc88683abbafb470f5005c309c76925f37e8b1320305e5483
SSDEEP

196608:0Weyf3U1+Hvpeyayl3AvD9W5wxGDc4SdH4BtR:0WeUfvw9yl3iD9W5wEc3YV

Score

1^/10

Malware Config

Signatures

Files

eec1d60ca2b37407a8ed730771a5e013_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f07b8a61b0e52612acf8c0b0fe1b32db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:01:b8:88:3e:20:09:69:22:78:db:32:48:78:d4:96
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/05/2017, 00:00

Not After

08/05/2020, 23:59

Subject

CN=Nanjing Tongxiang Network Technology Co.\,Ltd.,OU=Operations Center,O=Nanjing Tongxiang Network Technology Co.\,Ltd.,L=Nanjing,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:89:f8:ee:cc:04:27:1b:29:2e:3e:ad:86:f9:fe:3e:c0:d0:04:db
Signer

Actual PE Digest

5a:89:f8:ee:cc:04:27:1b:29:2e:3e:ad:86:f9:fe:3e:c0:d0:04:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\wifigxdev\source\PC_Client\PC_Client\trunk\build_temp\Win32\link\release_static\txWifigxSetup\txWifigxSetup.pdb

Imports

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

kernel32

WriteFile
ReadFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TerminateThread
SuspendThread
ResumeThread
MulDiv
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
InterlockedIncrement
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
SetEndOfFile
LocalFree
GetProcessHeap
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
SetFilePointer
LCMapStringW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
RtlUnwind
ExitProcess
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
CreateThread
GetCurrentThreadId
ExitThread
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
GetFileSize
lstrlenW
CreateFileW
SetFileTime
GetFullPathNameW
Sleep
InterlockedDecrement
GetVersion
GetNativeSystemInfo
FreeResource
OpenEventW
CreateEventW
ResetEvent
SetEvent
SetFileAttributesW
DeleteFileW
GetFileAttributesW
CreateDirectoryW
LoadLibraryW
OutputDebugStringA
SetCurrentDirectoryW
FindClose
FindFirstFileW
LockResource
GetLastError
SizeofResource
LoadResource
FindResourceW
GetTickCount
WaitForSingleObject
CreateProcessW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetProcAddress
TerminateProcess
OpenProcess
GetModuleHandleW
OutputDebugStringW

user32

FillRect
DrawTextW
DrawIconEx
CopyImage
CharPrevW
RedrawWindow
ClientToScreen
GetSysColor
OffsetRect
GetAsyncKeyState
SetCursor
CharNextW
DrawFocusRect
IntersectRect
IsRectEmpty
GetWindowTextLengthW
SetForegroundWindow
GetWindowTextW
SystemParametersInfoW
ChildWindowFromPointEx
CreateAcceleratorTableW
InvalidateRgn
DestroyAcceleratorTable
EnableWindow
SetWindowPos
PostMessageW
PostQuitMessage
MoveWindow
DefWindowProcW
CreateWindowExW
ShowWindow
GetWindowRgn
SetWindowLongW
GetWindowLongW
RegisterClassExW
GetClientRect
MapWindowPoints
SetWindowTextW
CharNextA
LoadStringW
LoadBitmapW
LoadImageW
GetClassInfoExW
SetPropW
RegisterClassW
GetSystemMetrics
DestroyIcon
GetPropW
CallWindowProcW
EndPaint
TranslateAcceleratorW
UpdateLayeredWindow
SetWindowRgn
SetTimer
HideCaret
ScreenToClient
GetMessageW
IsIconic
IsChild
SetCapture
KillTimer
IsZoomed
GetKeyState
GetFocus
IsWindowEnabled
SetFocus
ShowCaret
BeginPaint
PtInRect
GetUpdateRect
GetDC
TranslateMessage
InvalidateRect
ReleaseDC
MonitorFromWindow
GetCursorPos
CreateCaret
IsWindow
ReleaseCapture
IsWindowVisible
SetCaretPos
SendMessageW
GetMonitorInfoW
GetWindow
DispatchMessageW
DestroyWindow
GetWindowRect
GetParent
LoadCursorW

gdi32

SelectObject
PtInRegion
CreateCompatibleDC
CreateRectRgn
SetBkColor
StretchBlt
GetTextExtentPoint32W
SetBitmapBits
DeleteDC
CreateCompatibleBitmap
PathToRegion
EndPath
FillRgn
GetRgnBox
DeleteObject
BeginPath
GetStockObject
CreatePen
CreateRoundRectRgn
GetObjectW
GetTextMetricsW
Rectangle
CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
EnumFontsW
SetStretchBltMode
AngleArc
GetCharABCWidthsW
ExtTextOutW
SelectClipRgn
CreateDIBSection
GetBitmapBits
SetBkMode
BitBlt
MoveToEx
CreateEllipticRgn
SetTextColor
GetDeviceCaps
CreateSolidBrush
TextOutW
ExtSelectClipRgn
RoundRect
LineTo
GetClipBox

advapi32

RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleDuplicateData
ReleaseStgMedium
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoInitializeSecurity
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
SysFreeString
OleLoadPicture
VariantClear
SysAllocString

Sections

.text
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f07b8a61b0e52612acf8c0b0fe1b32db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

42:01:b8:88:3e:20:09:69:22:78:db:32:48:78:d4:96Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5a:89:f8:ee:cc:04:27:1b:29:2e:3e:ad:86:f9:fe:3e:c0:d0:04:dbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

comctl32

riched20

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 536KB - Virtual size: 536KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 11KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 7.2MB - Virtual size: 7.2MB

.reloc Size: 60KB - Virtual size: 60KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

42:01:b8:88:3e:20:09:69:22:78:db:32:48:78:d4:96
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5a:89:f8:ee:cc:04:27:1b:29:2e:3e:ad:86:f9:fe:3e:c0:d0:04:db
Signer

.text
Size: 536KB - Virtual size: 536KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 11KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 7.2MB - Virtual size: 7.2MB

.reloc
Size: 60KB - Virtual size: 60KB