1148698c1bc45044548f9fa1d075e442_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1148698c1bc45044548f9fa1d075e442_JaffaCakes118
Size

920KB
MD5

1148698c1bc45044548f9fa1d075e442
SHA1

88d361b61e575ef075b2f7d0e55b8d51eb830ab7
SHA256

1510f4b11a9957ee350d9d626a9f5ff63064c34faff00c9e7fbed7d50e980151
SHA512

03b81f5a12d5e482708376eda040c24fcef7e398e23e1de9a4aa2075e550faeb08581a6d37c9a2d6c8203190b92d8552b9d235e093e723c980b0f433bd936d58
SSDEEP

24576:xlv9yeVohsW6LjOFH2cewoStbqkOhLECsbV+swsRtrMJA3dzhB:LXVsPFHpehGgLdsbV1whm3dz

Score

1^/10

Malware Config

Signatures

Files

1148698c1bc45044548f9fa1d075e442_JaffaCakes118
.exe windows:4 windows x86 arch:x86

49587ecd3d2d3fb012410f00b38e75b7

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

24/07/2009, 00:00

Not After

24/07/2011, 23:59

Subject

CN=广东雨林木风计算机科技有限公司,OU=WoSign Class 3 Code Signing,O=广东雨林木风计算机科技有限公司,L=东莞市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

02:e6:67:03:1f:7c:1b:6f:27:97:1f:c5:3c:a5:16:06:63:68:00:89
Signer

Actual PE Digest

02:e6:67:03:1f:7c:1b:6f:27:97:1f:c5:3c:a5:16:06:63:68:00:89

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntW
GetPrivateProfileStringA
OutputDebugStringA
LocalFree
FormatMessageW
CompareStringW
GetSystemTime
MulDiv
FreeLibrary
GetLocalTime
GetTickCount
DeviceIoControl
CreateFileA
FreeResource
ResetEvent
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenEventW
CreateMutexW
IsBadReadPtr
ExpandEnvironmentStringsW
TerminateThread
SystemTimeToFileTime
SetLastError
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetCurrentProcessId
IsBadWritePtr
ExitProcess
GetModuleFileNameA
Process32FirstW
Process32NextW
GetSystemDefaultLCID
GlobalHandle
TlsFree
TlsAlloc
HeapDestroy
lstrcpynA
WinExec
InterlockedExchange
LocalAlloc
GetStartupInfoW
GetLastError
HeapAlloc
GetFileSize
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
FindClose
GetWindowsDirectoryW
GetProcessHeap
HeapFree
GetTempPathW
DeleteFileW
CreateDirectoryW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
DeleteCriticalSection
InitializeCriticalSection
lstrcpynW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetPrivateProfileStringW
SetEvent
CreateEventW
ResumeThread
SetThreadPriority
WaitForSingleObject
CopyFileW
CloseHandle
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameW
lstrcpyW
WritePrivateProfileStringW
Sleep
VirtualProtect
VirtualQuery
lstrcmpiA
WriteProcessMemory
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetProcAddress
LoadLibraryExW
LoadLibraryExA
lstrcmpW
LoadLibraryW
LoadLibraryA
GetModuleHandleA
OutputDebugStringW
DebugBreak
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
GetModuleHandleW
lstrcmpiW
TlsSetValue
TlsGetValue
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
ReadFile
RaiseException

user32

SetFocus
ShowWindow
IsWindow
LoadStringW
GetWindowTextW
UnhookWindowsHookEx
DefWindowProcW
SetTimer
DrawIconEx
BeginPaint
GetClipboardData
EndPaint
InvalidateRect
SendMessageW
GetParent
DestroyMenu
TrackPopupMenu
GetCursorPos
IsWindowVisible
GetKeyState
KillTimer
GetSubMenu
LoadMenuW
GetMonitorInfoW
LoadIconW
MonitorFromPoint
CallWindowProcW
DestroyWindow
SetMenuItemInfoW
EndDialog
SetWindowPos
GetMenuItemInfoW
SetMenuDefaultItem
LoadStringA
DialogBoxIndirectParamW
MessageBoxA
DrawFrameControl
DrawEdge
GetDlgItem
GetSysColorBrush
CheckMenuItem
OpenClipboard
EmptyClipboard
SetLayeredWindowAttributes
GetDesktopWindow
CopyRect
GetWindowTextLengthW
SetWindowTextW
ClientToScreen
wvsprintfW
CharNextW
CharLowerW
DestroyIcon
SetForegroundWindow
BringWindowToTop
GetWindowThreadProcessId
RedrawWindow
SendMessageTimeoutW
GetWindowDC
UpdateLayeredWindow
FillRect
SetWindowsHookExW
PostThreadMessageW
CallNextHookEx
CharUpperW
GetClassNameW
PostMessageW
RegisterWindowMessageW
GetWindowLongW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetClipboardData
CloseClipboard
GetMessageExtraInfo
SetDlgItemTextW
GetFocus
MessageBoxW
GetDlgItemTextW
MoveWindow
LoadImageW
ScreenToClient
DialogBoxParamW
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
SetWindowLongW
GetMessagePos
CreateWindowExW
GetPropW
SetPropW
RemovePropW
IsMenu
GetMenuItemID
InsertMenuW
SetMenuInfo
TrackPopupMenuEx
GetMenuStringW
RegisterClipboardFormatW
CreateDialogParamW
RemoveMenu
PeekMessageW
GetSystemMenu
UnregisterHotKey
RegisterHotKey
CopyIcon
GetClassLongW
SetClassLongW
MonitorFromWindow
SetWindowRgn
GetSystemMetrics
LockWindowUpdate
DeleteMenu
DrawStateW
mouse_event
CreatePopupMenu
AppendMenuW
GetMenuItemCount
ModifyMenuW
IsIconic
SetScrollInfo
FrameRect
InflateRect
IsWindowEnabled
DrawFocusRect
DrawTextW
GetDlgCtrlID
MessageBeep
GetCapture
UpdateWindow
IsDlgButtonChecked
EqualRect
FindWindowW
EnableWindow
InvalidateRgn
CreateAcceleratorTableW
GetSysColor
SetRect
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
FindWindowExW
EnumChildWindows
GetForegroundWindow
WindowFromPoint
IsChild
EnableMenuItem
GetActiveWindow
PostQuitMessage
ReleaseDC
SetCursor
ReleaseCapture
SetCapture
GetDC
PtInRect
OffsetRect
SetRectEmpty
IsRectEmpty

gdi32

PatBlt
CreateBitmap
SetBrushOrgEx
EnumFontsW
SelectPalette
RealizePalette
SetStretchBltMode
StretchBlt
CreateDCW
CreateRoundRectRgn
CombineRgn
GetTextExtentPoint32W
CreatePen
MoveToEx
LineTo
CreateFontIndirectW
SetBkColor
ExtTextOutW
GetObjectW
CreateSolidBrush
GetDeviceCaps
CreateDIBSection
BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetTextColor
SetBkMode
GetStockObject
CreatePatternBrush
CreateFontW
DPtoLP
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenProcessToken
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
GetLengthSid
CopySid
GetUserNameW
RegCloseKey
RegGetKeySecurity
RegOpenKeyExW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyW
RegQueryValueExW
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
AllocateAndInitializeSid
GetSidIdentifierAuthority

shell32

SHGetPathFromIDListW
SHFileOperationW
Shell_NotifyIconW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteExW
SHGetFileInfoW
DragQueryFileW
SHCreateDirectoryExW
SHGetFolderLocation
SHBrowseForFolderW
ord155
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleLockRunning
CoUninitialize
CoInitialize
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoMarshalInterThreadInterfaceInStream
DoDragDrop
CoGetObject
OleInitialize
OleUninitialize
StringFromGUID2
CoGetMalloc
ReleaseStgMedium
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemFree
CoCreateInstance
OleRun

oleaut32

SafeArrayCreateVector
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantInit
VariantCopy
LoadRegTypeLi
OleCreateFontIndirect
DispCallFunc
SetErrorInfo
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringLen
SysAllocString
SysStringLen
VariantClear
SysFreeString
GetErrorInfo
CreateErrorInfo

comctl32

ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_ReplaceIcon
CreateStatusWindowW
ImageList_Destroy
ImageList_GetImageCount
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_AddMasked

urlmon

UrlMkSetSessionOption
CoInternetGetSession

shlwapi

PathRemoveArgsW
PathUnquoteSpacesW
PathIsDirectoryW
PathRemoveFileSpecW
StrRetToStrW
SHDeleteKeyW
SHSetValueW
SHDeleteValueW
PathFindFileNameW
PathFileExistsW
PathFindFileNameA
SHGetValueW
PathMatchSpecW
PathFindExtensionW

gdiplus

GdipSetSmoothingMode
GdipDrawLinesI
GdipSetSolidFillColor
GdipImageGetFrameDimensionsCount
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipLoadImageFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreatePen1
GdipSetPageUnit
GdipDrawLineI
GdipDeletePen
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipCreateSolidFill
GdipCloneBrush
GdipCreateStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetPenStartCap
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipDrawString
GdipDeleteBrush
GdipDeleteStringFormat
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipAlloc
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDeleteFontFamily
GdipMeasureString
GdipFree
GdipGetDC
GdipReleaseDC
GdipCreateBitmapFromHICON
GdipDisposeImage
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipDeleteFont
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC2
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDeleteGraphics
GdipSetPenMode
GdipGetImageEncoders
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGraphicsClear
GdiplusShutdown
GdipImageRotateFlip
GdiplusStartup
GdipSetStringFormatLineAlign

netapi32

Netbios

msvcrt

wcscmp
wcsstr
memcpy
??2@YAPAXI@Z
free
realloc
memmove
memset
wcspbrk
wcslen
iswdigit
_wtoi
wcschr
wcsncmp
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
swprintf
_itow
_CxxThrowException
memcmp
wcsncpy
_purecall
wcscat
_wcsicmp
_snwprintf
_ftol
_vsnprintf
strlen
_strtime
strcat
_strdate
_wcsrev
malloc
fopen
fclose
fwrite
ftell
fseek
_wtol
abs
fputs
_snprintf
wcsrchr
wcsncat
iswspace
sprintf
strncpy
strcpy
qsort
fgets
wcscpy
wcstol
fread
_wfopen
_strlwr
strncat
sqrt
isspace
isalnum
time
_wcsicoll
_beginthread
_wcsupr
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__CxxFrameHandler

imagehlp

ImageDirectoryEntryToData

setupapi

SetupIterateCabinetW

dsound

ord1

winmm

waveOutWrite

rpcrt4

UuidCreateSequential

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49587ecd3d2d3fb012410f00b38e75b7

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81Certificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

02:e6:67:03:1f:7c:1b:6f:27:97:1f:c5:3c:a5:16:06:63:68:00:89Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

urlmon

shlwapi

gdiplus

netapi32

msvcrt

imagehlp

setupapi

dsound

winmm

rpcrt4

version

psapi

Sections

.text Size: 668KB - Virtual size: 667KB

.rdata Size: 112KB - Virtual size: 109KB

.data Size: 64KB - Virtual size: 68KB

.rsrc Size: 68KB - Virtual size: 67KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

02:e6:67:03:1f:7c:1b:6f:27:97:1f:c5:3c:a5:16:06:63:68:00:89
Signer

.text
Size: 668KB - Virtual size: 667KB

.rdata
Size: 112KB - Virtual size: 109KB

.data
Size: 64KB - Virtual size: 68KB

.rsrc
Size: 68KB - Virtual size: 67KB