0444f10a33eff487c904c896a5ea594e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0444f10a33eff487c904c896a5ea594e_JaffaCakes118
Size

2.3MB
MD5

0444f10a33eff487c904c896a5ea594e
SHA1

063e3139a34b7a9a4ebab2311100f42911f1d1c7
SHA256

62bd707161549d132be142cee5e4c70f21976551ef6113796901595b141efbb2
SHA512

e4d45ebad8b4e6d5f25b35c35ce6926db8e214dc4d9b5ae281753439436cf6effa0ce6b69e1288f0138210bb1665e3c6c7eb7f228351f0e2879d2734f1ad6913
SSDEEP

49152:Db6zuW83/d6gT+RBbzXxv0FksG84HIo94J/Ni0auEPBzVxu:DlIRBBvo74sNAkEPBzVxu

Score

1^/10

Malware Config

Signatures

Files

0444f10a33eff487c904c896a5ea594e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

836323abb4e35607cea55d6c9ea51f95

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/02/2009, 00:00

Not After

15/02/2010, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tencent,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

83:c8:9f:72:90:97:8d:1b:87:38:b5:fa:3e:07:c9:6f:a6:61:b5:34
Signer

Actual PE Digest

83:c8:9f:72:90:97:8d:1b:87:38:b5:fa:3e:07:c9:6f:a6:61:b5:34

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\_Launcher\China\china_release\DNFchina.pdb

Imports

ws2_32

WSAResetEvent
recvfrom
WSACleanup
bind
WSAStartup
sendto
select
ioctlsocket
gethostbyname
htons
inet_ntoa
socket
setsockopt
connect
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recv
send
WSAGetLastError
WSACloseEvent
closesocket
inet_addr
gethostname
ntohs
htonl

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetQueryDataAvailable
InternetOpenA
InternetOpenUrlA

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

kernel32

MultiByteToWideChar
WideCharToMultiByte
ReleaseSemaphore
GetDiskFreeSpaceExA
CreateSemaphoreA
GetProcAddress
lstrlenA
OutputDebugStringA
FindClose
FindNextFileA
FindFirstFileA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
SetHandleCount
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GlobalAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
HeapReAlloc
GetStartupInfoA
GetProcessHeap
GetCommandLineA
MoveFileA
HeapAlloc
ExitThread
RemoveDirectoryA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapFree
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
SetFilePointer
SetLastError
SetThreadPriority
ResumeThread
WaitForMultipleObjects
GetFullPathNameA
CreateProcessA
GlobalFree
SetCurrentDirectoryA
CreateFileA
WriteFile
GetTickCount
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
GetModuleFileNameA
IsDBCSLeadByte
WaitForSingleObject
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
RaiseException
CreateMutexA
GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
LoadResource
LockResource
SizeofResource
CreateThread
TerminateThread
WritePrivateProfileStringA
GetPrivateProfileStringA
GetVersionExA
CreateDirectoryA
Sleep
FindResourceA
FreeResource
GetModuleHandleA
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
GetFileSize
ReadFile
GetCurrentThreadId
GetWindowsDirectoryA
GetFileAttributesA
SetFileAttributesA
CopyFileA
GetCurrentDirectoryA
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeLibrary
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
LocalAlloc
GetCPInfo

user32

SetDlgItemTextA
GetDlgItemTextA
TranslateMessage
DispatchMessageA
PeekMessageA
PostQuitMessage
SetWindowLongA
GetWindowLongA
GetMessageA
DestroyWindow
EndPaint
BeginPaint
UpdateWindow
ShowWindow
SetWindowTextA
MessageBoxA
EndDialog
SystemParametersInfoA
SetCapture
ReleaseCapture
DialogBoxParamA
SetPropA
RemovePropA
FillRect
TrackMouseEvent
GetPropA
LoadBitmapA
GetDesktopWindow
ClientToScreen
GetWindowRect
GetWindowTextA
CallWindowProcA
GetParent
SetWindowPos
GetClassInfoExA
SetWindowRgn
IsWindow
TranslateAcceleratorA
SetTimer
LoadIconA
RegisterClassExA
SetCursor
GetSystemMetrics
GetDlgItem
MoveWindow
LoadCursorA
CreateWindowExA
DefWindowProcA
CheckRadioButton
SetRect
SendMessageA
PostMessageA
DrawTextA
InvalidateRect
GetClientRect
GetDC
ReleaseDC
CreateDialogParamA

gdi32

CreateICA
ExtCreateRegion
GetDIBits
CreateDIBSection
CreateSolidBrush
CreateRectRgn
GetStockObject
CreateCompatibleBitmap
CreateFontA
SetBkMode
SetTextColor
DeleteObject
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
DeleteDC

advapi32

RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc

ole32

CoFreeLibrary
CoLoadLibrary
CoCreateInstance
CoUninitialize
OleCreate
OleSetContainedObject
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
SafeArrayUnaccessData
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData

shlwapi

PathIsDirectoryA

msimg32

TransparentBlt

bugtrap

BT_SetLogFlags
BT_GetLogFileName
BT_AddLogFile
BT_ClearLog
BT_SetLogSizeInBytes
BT_SetAppName
BT_SetFlags
BT_SetActivityType
BT_CallCppFilter
BT_InstallSehFilter
BT_SetLogSizeInEntries
BT_AppLogEntry
BT_CloseLogFile
BT_OpenLogFile
BT_SetSupportServer

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 629KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

836323abb4e35607cea55d6c9ea51f95

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20Certificate

Extended Key Usages

Key Usages

83:c8:9f:72:90:97:8d:1b:87:38:b5:fa:3e:07:c9:6f:a6:61:b5:34Signer

Headers

File Characteristics

PDB Paths

Imports

ws2_32

wininet

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

bugtrap

version

Sections

.text Size: 629KB - Virtual size: 629KB

.rdata Size: 143KB - Virtual size: 142KB

.data Size: 19KB - Virtual size: 30KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

83:c8:9f:72:90:97:8d:1b:87:38:b5:fa:3e:07:c9:6f:a6:61:b5:34
Signer

.text
Size: 629KB - Virtual size: 629KB

.rdata
Size: 143KB - Virtual size: 142KB

.data
Size: 19KB - Virtual size: 30KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB