120c4ace217479ad54a3f550ce506fbe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

120c4ace217479ad54a3f550ce506fbe_JaffaCakes118
Size

2.5MB
MD5

120c4ace217479ad54a3f550ce506fbe
SHA1

4244aa50531f18deff9f4ee0183c78aa04bd3d87
SHA256

3f3a02198fc9d9bb1ae457b3491a67d67011820e323b7e3f898936693bddd601
SHA512

9b3f8226f6d416e7b0170c026f64f4ea740779819a326f23d0e36b8050e3acfdf020d7d7d38fcafd9ea9b970783b1f80c1d3f3f496a6ba88bcf3ba9153aa22e2
SSDEEP

49152:nEpjE1jT4BeV5T7ruSwIbFLOAkGy3zdnErPSCTomFDS+BHEuSlVnPgMQ5jyX:M8cK3FLOAkGkzdnEVomFHKnPKjQ

Score

1^/10

Malware Config

Signatures

Files

120c4ace217479ad54a3f550ce506fbe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ac693d91e573d7ccd65371716bf8323f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/10/2017, 00:00

Not After

12/11/2019, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/10/2017, 00:00

Not After

12/11/2019, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a5:8e:17:2a:95:4b:6f:49:b2:84:9e:0e:b9:99:13:b3:fa:98:a4:cd:93:c6:5b:de:51:58:e6:91:22:ec:8f:e9
Signer

Actual PE Digest

a5:8e:17:2a:95:4b:6f:49:b2:84:9e:0e:b9:99:13:b3:fa:98:a4:cd:93:c6:5b:de:51:58:e6:91:22:ec:8f:e9

Digest Algorithm

sha256

PE Digest Matches

true

1f:ea:f6:36:61:71:86:be:ea:1e:10:8a:82:d7:53:c0:48:e3:13:2e
Signer

Actual PE Digest

1f:ea:f6:36:61:71:86:be:ea:1e:10:8a:82:d7:53:c0:48:e3:13:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\svn\PCProject\ShuRuFa\程序\Branch\Develop\Build\wanneng\Screenshot.pdb

Imports

kernel32

TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetPrivateProfileIntW
CreateProcessW
CloseHandle
WritePrivateProfileStringW
LoadLibraryW
GetProcAddress
GetModuleFileNameW
CreateDirectoryW
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
ReadConsoleW
WriteConsoleW
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetStdHandle
VirtualQuery
VirtualAlloc
HeapQueryInformation
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
FindFirstFileExW
RtlUnwind
InterlockedDecrement
InterlockedIncrement
DosDateTimeToFileTime
GetFileType
ExitProcess
OutputDebugStringW
GetCurrentProcess
FreeLibrary
SetErrorMode
SetUnhandledExceptionFilter
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
GetVersionExW
GetLastError
GlobalAlloc
GlobalFree
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
FormatMessageW
LocalFree
GetFileAttributesW
GetFileSize
WriteFile
ReadFile
GetSystemInfo
GlobalLock
GlobalUnlock
GetModuleHandleW
LocalAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateMutexW
ReleaseMutex
FindResourceW
LoadResource
LockResource
SizeofResource
MulDiv
Sleep
GetProfileIntW
HeapFree
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
GetACP
OutputDebugStringA
SetLastError
GetModuleHandleA
InitializeCriticalSection
EncodePointer
GetSystemDirectoryW
FreeResource
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
GetCurrentThread
lstrcmpA
GetPrivateProfileStringW
SetEvent
CreateEventW
GlobalFlags
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
SystemTimeToFileTime
GetThreadLocale
GetCurrentDirectoryW
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetFileTime
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
GetLocalTime

user32

GetLastActivePopup
GetTopWindow
GetClassLongW
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetScrollPos
RedrawWindow
ValidateRect
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
WinHelpW
GetMessageTime
GetMessagePos
PeekMessageW
RegisterWindowMessageW
IntersectRect
UnhookWindowsHookEx
GetSysColor
GetParent
GetWindowThreadProcessId
GetForegroundWindow
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
SendDlgItemMessageA
UnregisterClassW
GetSysColorBrush
GetClientRect
GetWindow
EnumWindows
EnumChildWindows
IsIconic
EnableWindow
mouse_event
GetAsyncKeyState
ClientToScreen
IsRectEmpty
GetMenuCheckMarkDimensions
SetWindowsHookExW
CallNextHookEx
LoadIconW
GetCursor
OffsetRect
FillRect
MonitorFromWindow
IsWindowEnabled
PostQuitMessage
SetWindowContextHelpId
ReleaseCapture
EqualRect
MapDialogRect
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
CheckMenuItem
EnableMenuItem
CallWindowProcW
SetMenuItemBitmaps
SetForegroundWindow
SetMenuItemInfoW
LoadBitmapW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
CreateAcceleratorTableW
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
GetDoubleClickTime
CharPrevW
IsZoomed
GetUpdateRect
UpdateLayeredWindow
GetClassNameW
GetWindowRect
GetDesktopWindow
GetSystemMetrics
PostMessageW
GetWindowTextW
FindWindowExW
GetFocus
FindWindowW
IsWindow
IsWindowVisible
GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
CreateWindowExW
ShowWindow
SetWindowPos
DestroyWindow
MoveWindow
GetDC
TranslateMessage
SetWindowTextW
IsDialogMessageW
RealChildWindowFromPoint
DestroyMenu
SetTimer
KillTimer
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
CharUpperW
SetWindowRgn
PostThreadMessageW
ReleaseDC
GetMonitorInfoW
EnumDisplayMonitors
SystemParametersInfoW
PtInRect
CopyRect
SetRectEmpty
InflateRect
GetCursorPos
ScreenToClient
SetCursor
SetRect
InvalidateRect
GetCapture
SetCapture
UpdateWindow
GetMessageW
DispatchMessageW
SendMessageW
RegisterClipboardFormatW
SetActiveWindow

gdi32

CreatePenIndirect
GetObjectA
CreateRoundRectRgn
RoundRect
GetCharABCWidthsW
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW
GetRgnBox
GetTextColor
GetBkColor
GetMapMode
CreateRectRgnIndirect
CreateFontIndirectW
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
SetStretchBltMode
SetMapMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
Escape
Polygon
GetTextExtentPoint32W
FillRgn
CreatePolygonRgn
Ellipse
GetStockObject
GetObjectW
CreateDCW
CreateBrushIndirect
SetDIBits
GetDIBits
SetROP2
GetPixel
TextOutW
SetTextColor
SetBkMode
LineTo
MoveToEx
StretchBlt
BitBlt
DeleteDC
CreateFontW
CreateSolidBrush
CreatePen
PatBlt
UnrealizeObject
Rectangle
CreatePatternBrush
CreateBitmap
GetDeviceCaps
CreateDIBSection

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegEnumKeyW
RegEnumValueW
RegQueryValueW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathFileExistsW
PathStripToRootW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
OleLockRunning
CoCreateGuid
CLSIDFromProgID
CoInitializeEx
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CLSIDFromString

oleaut32

OleCreateFontIndirect
VariantCopy
SysFreeString
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen

oledlg

OleUIBusyW

gdiplus

GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipCreatePen1
GdipDeletePen
GdipSetSmoothingMode
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipDrawPath
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneBrush
GdiplusStartup
GdipDrawImageRectI
GdipDrawCurveI
GdipReleaseDC
GdipDrawEllipseI
GdipCreatePath
GdipDeletePath
GdipAddPathRectangleI
GdipWindingModeOutline
GdiplusShutdown
GdipBitmapUnlockBits

oleacc

CreateStdAccessibleObject
LresultFromObject

msimg32

AlphaBlend

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 653KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac693d91e573d7ccd65371716bf8323f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

a5:8e:17:2a:95:4b:6f:49:b2:84:9e:0e:b9:99:13:b3:fa:98:a4:cd:93:c6:5b:de:51:58:e6:91:22:ec:8f:e9Signer

1f:ea:f6:36:61:71:86:be:ea:1e:10:8a:82:d7:53:c0:48:e3:13:2eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

msimg32

imm32

Sections

.text Size: 653KB - Virtual size: 653KB

.rdata Size: 178KB - Virtual size: 178KB

.data Size: 13KB - Virtual size: 43KB

.gfids Size: 7KB - Virtual size: 6KB

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 42KB - Virtual size: 41KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

a5:8e:17:2a:95:4b:6f:49:b2:84:9e:0e:b9:99:13:b3:fa:98:a4:cd:93:c6:5b:de:51:58:e6:91:22:ec:8f:e9
Signer

1f:ea:f6:36:61:71:86:be:ea:1e:10:8a:82:d7:53:c0:48:e3:13:2e
Signer

.text
Size: 653KB - Virtual size: 653KB

.rdata
Size: 178KB - Virtual size: 178KB

.data
Size: 13KB - Virtual size: 43KB

.gfids
Size: 7KB - Virtual size: 6KB

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 42KB - Virtual size: 41KB