30be3f68e17d51767bb8cbc68888d8ef_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

30be3f68e17d51767bb8cbc68888d8ef_JaffaCakes118
Size

841KB
MD5

30be3f68e17d51767bb8cbc68888d8ef
SHA1

ad55604dc1bd747349754f0c0b711653d0c12290
SHA256

db99646a54d5e0e5be34cfa3bcee8c70b8d262893bc3fbaeeec91bb3368dfc99
SHA512

1db7bb028afe2505099c97b151dc99066f4b091527e391b63069d3c31837ebe8947cdb1d23a0e8e95fa82ab2347b4912fb21e2fcf5610d4a69c9cfe83b0492a9
SSDEEP

12288:4Br5sd3tEvsWraQ4etQPdl1X6iUrCNvTOWUz5LnEo3PZOImTr8gKc2ZYOEGIb34R:4dTsDXYKaPZOvTr8pFcGUhgJ

Score

1^/10

Malware Config

Signatures

Files

30be3f68e17d51767bb8cbc68888d8ef_JaffaCakes118
.exe windows:5 windows x86 arch:x86

238eb483d7cc60724a7692ae6b45fbef

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2016, 00:00

Not After

22/06/2017, 23:59

Subject

CN=兴平欧阳,OU=Individual Developer,O=No Organization Affiliation,L=重庆,ST=重庆,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:2a:f3:03:57:ad:3e:5b:6f:5e:f9:a5:a5:9d:84:e0:8e:26:84:0d
Signer

Actual PE Digest

9c:2a:f3:03:57:ad:3e:5b:6f:5e:f9:a5:a5:9d:84:e0:8e:26:84:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\mini_tool_local\ReleaseGlobal\toolmini.pdb

Imports

kernel32

GetFileSize
GetTickCount
WriteFile
DeleteFileW
WideCharToMultiByte
MultiByteToWideChar
SetEnvironmentVariableW
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
GetModuleHandleW
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrcatA
LoadLibraryA
GlobalFree
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
WaitForMultipleObjects
CancelIo
GetOverlappedResult
WaitForSingleObject
SetEvent
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
OpenProcess
GetCurrentProcessId
GetVersionExW
GetNativeSystemInfo
GetUserDefaultUILanguage
GetCommandLineW
LocalFree
Sleep
GetTempPathW
CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
GetExitCodeProcess
GetModuleFileNameW
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
InterlockedExchange
FindResourceExW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileSectionW
CreateMutexW
ExpandEnvironmentStringsW
DeviceIoControl
GetProcessHeap
OutputDebugStringW
ResetEvent
TryEnterCriticalSection
AreFileApisANSI
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
FreeLibrary
CloseHandle
ReadFile
CreateFileW
GetProcAddress
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
LoadLibraryW
Process32NextW
Process32FirstW
SetFilePointer
CreateToolhelp32Snapshot
GetOEMCP
GetACP
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapAlloc
GetStartupInfoW
HeapFree
CreateThread
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InitializeCriticalSection
InterlockedCompareExchange

user32

TranslateMessage
SendMessageW
CreateDialogParamW
GetWindowRect
GetSystemMetrics
SetWindowPos
GetMessageW
IsDialogMessageW
DispatchMessageW
PostThreadMessageW
PostMessageW
ShowWindow
SetWindowTextW
GetDlgItem

advapi32

RegEnumKeyExW
RegCloseKey
RegEnumValueW
RegOpenKeyExW

shell32

CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoInitialize
CoCreateGuid

shlwapi

PathRemoveExtensionW
StrStrIW
PathFindFileNameW
PathIsURLW
PathAppendW
PathCombineW
PathGetArgsW
PathIsDirectoryW
PathRemoveFileSpecW
PathStripPathW
PathIsRootW
PathFileExistsW

psapi

GetProcessImageFileNameW

ws2_32

__WSAFDIsSet
inet_ntoa
socket
htons
recvfrom
sendto
WSAStartup
WSAGetLastError
select

comctl32

ord17

iphlpapi

GetAdaptersAddresses

oleaut32

VariantClear

Sections

.text
Size: 494KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

238eb483d7cc60724a7692ae6b45fbef

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

9c:2a:f3:03:57:ad:3e:5b:6f:5e:f9:a5:a5:9d:84:e0:8e:26:84:0dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

psapi

ws2_32

comctl32

iphlpapi

oleaut32

Sections

.text Size: 494KB - Virtual size: 494KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 239KB - Virtual size: 239KB

.reloc Size: 27KB - Virtual size: 27KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

5f:22:64:75:3c:ce:e6:83:88:5f:90:a0:4e:c9:12:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

9c:2a:f3:03:57:ad:3e:5b:6f:5e:f9:a5:a5:9d:84:e0:8e:26:84:0d
Signer

.text
Size: 494KB - Virtual size: 494KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 239KB - Virtual size: 239KB

.reloc
Size: 27KB - Virtual size: 27KB