30fa991a5f7369b5ec157f1bd42cc014_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30fa991a5f7369b5ec157f1bd42cc014_JaffaCakes118
Size

164KB
MD5

30fa991a5f7369b5ec157f1bd42cc014
SHA1

898379559f05b779800fafa9db23513f86d6b980
SHA256

2577253a4a92f90858feaddc7de81ac8175757e7761dc5346a7b26c7d873c6d0
SHA512

205bfec9bb60699839a2579a1c8b31a64205dcc43e92cd91e9d247157a0e6ef626bbf35c3e747e9b1e8b40ba99236a83fcfc5340ff35890febe648ad43401bbd
SSDEEP

3072:yfvx0LMBe5boqYXTLPJr6IKVSihbNppbw9xtyxCeDjQ:yfvWQo5boqYXTLNRKRjJx/D8

Score

1^/10

Malware Config

Signatures

Files

30fa991a5f7369b5ec157f1bd42cc014_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8916b9e2cf4b63dd81c82f6e0b9953bc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:d3:ce:02:eb:71:f7:99:ec:b5:f8:bb:79:66:28:a6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/07/2009, 00:00

Not After

14/07/2012, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sogoupy_R_4_2\Bin\SogouInput\SysDicMaker.pdb

Imports

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

CreateEventW
SetFilePointer
CreateFileW
CreateProcessW
ExitThread
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
CreateMutexW
OpenMutexW
ReleaseMutex
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
FindClose
FindFirstFileW
CreateDirectoryW
FileTimeToSystemTime
LocalAlloc
FlushFileBuffers
Sleep
ReadFile
InterlockedDecrement
GetProcAddress
GetModuleHandleA
ExitProcess
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FormatMessageW
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetConsoleCP
GetConsoleMode
RtlUnwind
GetStdHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSection
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
HeapSize
VirtualAlloc
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryA
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFree
LocalFree
WriteFile
DuplicateHandle
GetCurrentThreadId
SetLastError
GetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetCurrentProcess
CloseHandle
GetTempPathW
GetCommandLineW
DeleteCriticalSection
EnterCriticalSection
GetModuleFileNameW
GetModuleHandleW
LeaveCriticalSection
TlsGetValue

user32

GetSystemMetrics
MessageBoxW

advapi32

BuildExplicitAccessWithNameW
GetSidLengthRequired
SetEntriesInAclW
InitializeAcl
SetSecurityInfo
GetSecurityDescriptorSacl
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupAccountSidW
GetTokenInformation
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8916b9e2cf4b63dd81c82f6e0b9953bc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

72:d3:ce:02:eb:71:f7:99:ec:b5:f8:bb:79:66:28:a6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

imm32

version

kernel32

user32

advapi32

shell32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 1020B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

72:d3:ce:02:eb:71:f7:99:ec:b5:f8:bb:79:66:28:a6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 1020B