07c6a142a77dbfa8f29abf9408b5f9a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07c6a142a77dbfa8f29abf9408b5f9a3_JaffaCakes118
Size

2.5MB
MD5

07c6a142a77dbfa8f29abf9408b5f9a3
SHA1

0cdd89f92c870fc510aaac79b39bb68c07690fd5
SHA256

a71034f02da2384da9126cca500e798d9b48f595d6fe257329bfdd38bb0c216a
SHA512

c59c789819d6993ec9042809ace50658e4d06ba6b200da70dbe4ddd3b59abc2a877739fcf82990c58d7a7c71ea55dfe21c7102f0f562653d803d414a361e4d47
SSDEEP

49152:dlCMhc0W+UxoDnkrzhKtrC+oUOnY87YCAL5jTzAmiJvbEbw:dpDnkrzgFI7YV5qp

Score

1^/10

Malware Config

Signatures

Files

07c6a142a77dbfa8f29abf9408b5f9a3_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1cd9c2f49f465c34fa8647179f8a5a5e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/12/2015, 00:00

Not After

06/02/2018, 23:59

Subject

CN=BeiJing Baidu Netcom Science Technology Co.\, Ltd,OU=\ Engineering Excellence,O=BeiJing Baidu Netcom Science Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:57:49:9b:44:51:29:16:b5:ad:87:d9:0b:1d:1f:a6:35:b3:71:a6
Signer

Actual PE Digest

40:57:49:9b:44:51:29:16:b5:ad:87:d9:0b:1d:1f:a6:35:b3:71:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\clientci\workspace\ime_compile_trunk\Basic\Outputs\Release\UIPFull.pdb

Imports

kernel32

OpenFileMappingW
GlobalSize
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
CreateThread
FreeLibraryAndExitThread
WaitNamedPipeW
ReadFileEx
WriteFileEx
DisconnectNamedPipe
CancelIo
ResetEvent
CreateEventW
OpenThread
SetEvent
FreeEnvironmentStringsW
GetTempPathW
TerminateProcess
OpenProcess
GetEnvironmentStringsW
CreateProcessW
SetErrorMode
CreateSemaphoreW
SystemTimeToFileTime
WaitForSingleObject
lstrlenW
GetPrivateProfileSectionW
GlobalFree
GlobalUnlock
GlobalAlloc
GetPrivateProfileStringW
GlobalLock
LocalFree
CloseHandle
LocalAlloc
GetLocalTime
CreateFileW
ReadFile
GetFileAttributesW
WriteFile
OutputDebugStringW
GetFileSize
ExpandEnvironmentStringsW
GetVersionExW
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryW
GetTickCount
lstrcpynW
VirtualQuery
VirtualProtect
GetSystemInfo
ReleaseSemaphore
InterlockedCompareExchange
GetModuleHandleW
WritePrivateProfileStringW
GetPrivateProfileIntW
DecodePointer
RaiseException
FindResourceExW
OpenMutexW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
CreateMutexW
QueryPerformanceCounter
IsWow64Process
GetTempFileNameW
GetTempPathA
GetTempFileNameA
FlushInstructionCache
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
GetStringTypeW
EncodePointer
GetSystemTimeAsFileTime
GetCommandLineA
GetFileAttributesExW
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
AreFileApisANSI
IsValidCodePage
GetACP
GetOEMCP
GetTimeZoneInformation
GetStdHandle
GetFileType
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEndOfFile
ReadConsoleW
SetEnvironmentVariableA
OpenEventW
WaitForMultipleObjects
QueryPerformanceFrequency
GetShortPathNameW
MulDiv
FreeResource
LocalUnlock
LocalLock
GlobalReAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryExW
FreeLibrary
LoadLibraryW
Sleep
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetModuleFileNameW
GetLastError
GetModuleHandleExW
GetProcAddress
InterlockedExchange
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExitThread
GetCurrentThreadId

user32

LoadCursorW
SetCursor
GetWindowTextW
EndPaint
BeginPaint
GetDC
ReleaseDC
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
GetForegroundWindow
GetActiveWindow
KillTimer
GetUserObjectInformationW
GetThreadDesktop
GetAsyncKeyState
SetTimer
GetKeyboardLayout
GetWindowRect
GetCursorPos
RegisterWindowMessageW
UnregisterClassW
GetClassInfoExW
RegisterClassExW
DestroyWindow
GetDlgItem
GetWindowTextLengthW
SetDlgItemTextW
LoadIconW
SendMessageW
SetWindowTextW
GetClientRect
MoveWindow
LoadBitmapW
SetWindowPos
IntersectRect
RegisterClipboardFormatW
GetMessageW
PostThreadMessageW
IsWindow
DefWindowProcW
PostMessageW
wsprintfW
SetClipboardData
EqualRect
MapWindowPoints
WindowFromPoint
GetClassNameW
CallWindowProcW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
GetSysColorBrush
EndDialog
DialogBoxParamW
MessageBoxW
OpenClipboard
CreateWindowExW
DrawTextW
IsRectEmpty
SetRect
PtInRect
ScreenToClient
SetWindowLongW
EmptyClipboard
GetWindowLongW
GetKeyState
LoadImageW
SendInput
CloseClipboard
AllowSetForegroundWindow
OffsetRect
GetKeyboardState
IsZoomed
SetWindowRgn
SetWindowPlacement
GetSystemMenu
GetMenuState
DrawIconEx
GetFocus
SetFocus
GetDesktopWindow
WaitForInputIdle
GetSysColor
SetCursorPos
SubtractRect
UpdateWindow
ShowWindow
FindWindowW
MonitorFromRect
InflateRect
UnregisterHotKey
IsWindowVisible
MapVirtualKeyW
DrawFrameControl
DrawEdge
FillRect
MonitorFromPoint
SetRectEmpty
SystemParametersInfoW
SetCapture
ReleaseCapture
GetCapture
ClientToScreen
UpdateLayeredWindow
TrackMouseEvent
ScrollWindow
CopyRect
GetWindow
GetParent
GetScrollInfo
SetScrollInfo
InvalidateRect
EnableMenuItem
GetMenuItemCount
GetMenuItemRect
MenuItemFromPoint
DestroyMenu
UnhookWindowsHookEx
TrackPopupMenuEx
SetWindowsHookExW
AppendMenuW
InsertMenuW
InsertMenuItemW
CreatePopupMenu
CallNextHookEx
DeleteMenu
SetMenuInfo
GetMenuInfo
SetMenuItemInfoW
GetMenuItemInfoW
IsMenu
IsIconic
CloseDesktop
UnionRect
OpenDesktopW
FindWindowExW
GetWindowThreadProcessId
SendMessageTimeoutW
PostQuitMessage
GetClassInfoW
RegisterClassW
MsgWaitForMultipleObjectsEx

gdi32

GetTextExtentExPointW
GetClipBox
GetDIBits
SetDIBColorTable
SetViewportOrgEx
CreatePenIndirect
SetStretchBltMode
CreateSolidBrush
MoveToEx
EnumFontFamiliesW
GetTextMetricsW
CreateDIBSection
GetDeviceCaps
GetFontLanguageInfo
GetCurrentObject
SetBkColor
ExtTextOutW
GetOutlineTextMetricsW
GetTextCharacterExtra
GetCharWidth32W
DeleteObject
GetKerningPairsW
ExtCreateRegion
GetTextExtentPoint32W
GetTextExtentPointI
CreateFontW
GetCharABCWidthsW
GetTextFaceW
EnumFontFamiliesExW
GetGlyphOutlineW
GetFontData
PatBlt
CreateBitmap
SetRectRgn
CreateRectRgnIndirect
GetObjectA
CombineRgn
SelectClipRgn
GetClipRgn
CreateRectRgn
ExtSelectClipRgn
OffsetRgn
Rectangle
RectVisible
LineTo
CreatePen
ExcludeClipRect
GetGlyphIndicesW
GetTextColor
BitBlt
CreateFontIndirectW
TextOutW
SetTextColor
CreatePatternBrush
OffsetWindowOrgEx
CreateCompatibleBitmap
SetBkMode
SelectObject
GetObjectW
GetStockObject
RestoreDC
StretchBlt
DeleteDC
IntersectClipRect
SaveDC
CreateCompatibleDC
CreateDCW

advapi32

RegQueryValueExW
OpenProcessToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
GetUserNameW
IsTextUnicode
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
FreeSid
GetSecurityDescriptorSacl
RegCreateKeyExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyW
CryptAcquireContextW
CryptDeriveKey
CryptReleaseContext
CryptEncrypt
CryptCreateHash
CryptDestroyKey
CryptDecrypt
CryptDestroyHash
CryptHashData
GetTokenInformation
ConvertStringSidToSidW

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteA
ord165

ole32

StringFromIID
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
CoTaskMemFree

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

oleacc

ObjectFromLresult

shlwapi

PathQuoteSpacesW
StrCmpIW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
StrStrW
StrStrIW
PathRelativePathToW
GetMenuPosFromID

gdiplus

GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipDrawPath
GdipAddPathArcI
GdipAddPathLineI
GdipCreatePath
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap
GdipGraphicsClear
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipDrawImageRectRect
GdipDeletePath
GdipFree
GdipGetImageHeight
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipBitmapUnlockBits
GdipDrawImageI
GdipAlloc
GdipDisposeImage
GdipGetPropertyItemSize
GdipGetImagePaletteSize
GdipImageGetFrameDimensionsCount
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdipImageGetFrameCount
GdiplusStartup
GdipCreateFromHDC
GdipSetInterpolationMode
GdipSetStringFormatLineAlign
GdipLoadImageFromStreamICM
GdipDrawImagePointRectI
GdipDrawLineI
GdipDrawRectangleI
GdipDeletePen
GdipCreatePen1
GdipSetSmoothingMode
GdipSetStringFormatAlign
GdipFillRectangleI
GdipTranslateWorldTransform
GdipCreateTextureIA
GdipDrawString
GdipSetSolidFillColor
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawImageRectRectI
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCreateBitmapFromFile
GdiplusShutdown

imm32

ImmGetHotKey
ImmDisableIME

imecommon

imeIsProcessInAppContainer

winmm

timeGetTime

msimg32

AlphaBlend

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

imefreetype

FT_Done_Glyph
FT_Done_Face
FT_Load_Char
FTC_Manager_New
FT_Init_FreeType
FT_Select_Charmap
FT_Angle_Diff
FTC_ImageCache_Lookup
FT_Open_Face
FTC_Manager_LookupSize
FT_Get_Glyph
FT_Glyph_To_Bitmap
FT_Atan2
FT_Done_FreeType
FT_MulDiv
FT_Vector_From_Polar
FT_Outline_Embolden
FT_Outline_Get_Orientation
FT_Get_Kerning
FT_Get_Sfnt_Table
FTC_ImageCache_New
FTC_CMapCache_Lookup
FTC_Manager_LookupFace
FT_Outline_Transform
FT_Library_SetLcdFilter
FT_Cos
FT_Get_Charmap_Index
FT_Set_Pixel_Sizes
FTC_Manager_Done
FT_Load_Sfnt_Table
FT_RoundFix
FTC_CMapCache_New
FT_Glyph_Copy
FT_Face_GetVariantSelectors
FT_OpenType_Free
FT_OpenType_Validate
FT_DivFix

imepng

png_get_IHDR
png_read_png
png_read_image
png_destroy_read_struct
png_free
png_get_image_height
png_get_next_frame_fcTL
png_get_num_frames
png_get_image_width
png_get_valid
png_set_longjmp_fn
png_read_end
png_set_read_fn
png_get_error_ptr
png_set_error_fn
png_create_info_struct
png_create_read_struct
png_sig_cmp
png_read_info
png_malloc
png_read_frame_head

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cd9c2f49f465c34fa8647179f8a5a5e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

40:57:49:9b:44:51:29:16:b5:ad:87:d9:0b:1d:1f:a6:35:b3:71:a6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

oleacc

shlwapi

gdiplus

imm32

imecommon

winmm

msimg32

version

psapi

imefreetype

imepng

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 450KB - Virtual size: 450KB

.data Size: 125KB - Virtual size: 142KB

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 107KB - Virtual size: 107KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

40:57:49:9b:44:51:29:16:b5:ad:87:d9:0b:1d:1f:a6:35:b3:71:a6
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 450KB - Virtual size: 450KB

.data
Size: 125KB - Virtual size: 142KB

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 107KB - Virtual size: 107KB