f7552c44905a9b2fc3b7bd2cdbfe015a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f7552c44905a9b2fc3b7bd2cdbfe015a_JaffaCakes118
Size

3.4MB
MD5

f7552c44905a9b2fc3b7bd2cdbfe015a
SHA1

d2aafebc9e80d5c6bf2bbe1d114ec52eda0bd53d
SHA256

42754c90f1e5453d838b20b5d1062ed445dace857eb7b71c656d94076f6b696d
SHA512

7c479aa0070b7ef120221ddc3d6ddad7da885885cc71c4df3834250a731de62ff74c1959738e530ba1b0452f30568ff9b2b5e67c6001d50951fba62cf7a689af
SSDEEP

98304:CTVCbuz8PHINEt09bqSh8eIiyb0Ul390dnlG8Bk8dZuUn8:iVCSUHIA09bqK8eDyB9o1C3

Score

1^/10

Malware Config

Signatures

Files

f7552c44905a9b2fc3b7bd2cdbfe015a_JaffaCakes118
.rar
360se_3.5.exe
.exe windows:4 windows x86 arch:x86

27e0d25647437d61fa0f74da3272b7db

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
CreateEventW
CreateThread
lstrcmpiA
lstrcmpA
CreateFileW
InterlockedDecrement
OutputDebugStringW
DebugBreak
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetStartupInfoW
GetModuleHandleW
LoadLibraryA
RaiseException
InterlockedExchange
SearchPathW
GetFileSize
TlsAlloc
TlsFree
ReadFile
SetFileTime
CreateMutexW
SetEndOfFile
CreateWaitableTimerW
SetWaitableTimer
ResetEvent
CancelWaitableTimer
GetDiskFreeSpaceExW
IsBadWritePtr
TlsSetValue
ExpandEnvironmentStringsW
WriteFile
FreeResource
FindResourceW
SizeofResource
LoadResource
LockResource
MoveFileW
MultiByteToWideChar
WaitForMultipleObjects
LocalAlloc
LocalFree
GetSystemTimeAsFileTime
GetProcessTimes
GetSystemInfo
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
SetErrorMode
LoadLibraryExW
GetFileTime
FileTimeToLocalFileTime
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetWindowsDirectoryW
GetShortPathNameW
VirtualQuery
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InterlockedIncrement
GetPrivateProfileIntW
MoveFileExW
GetTickCount
GetTempPathW
GetFileAttributesW
SetFileAttributesW
GetPrivateProfileStringW
GetLocalTime
WritePrivateProfileStringW
CreateDirectoryW
DeleteFileW
GetModuleFileNameW
IsBadReadPtr
CopyFileW
GetLastError
WaitForSingleObject
FreeLibrary
DeviceIoControl
GetCurrentProcess
lstrcpynW
lstrlenW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
Sleep
CreateProcessW
CloseHandle
OpenProcess
ExitProcess
TerminateProcess
SetProcessWorkingSetSize
GetVersionExW
GetTempFileNameW
GetSystemTime
SystemTimeToFileTime
SetFilePointer

user32

GetFocus
PostMessageW
WaitForInputIdle
SetForegroundWindow
ShowWindow
DefWindowProcW
MessageBoxW
BringWindowToTop
IsIconic
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
wvsprintfW
CharNextW
PostQuitMessage
SendMessageW
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
MapVirtualKeyW
GetKeyNameTextW
SendMessageTimeoutW
GetWindowThreadProcessId
SubtractRect
FindWindowExW
SetRect
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
CopyRect
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetDC
SetWindowLongW
GetWindowLongW
CallWindowProcW
CreateWindowExW
IsDialogMessageW
CharLowerW
ReleaseDC
GetWindowDC
LoadImageW
GetWindowTextLengthW
ClientToScreen
PtInRect
GetDlgCtrlID
ReleaseCapture
SetCapture
GetCapture
IsWindowEnabled
FillRect
DrawEdge
GetSystemMetrics
InflateRect
DrawFocusRect
OffsetRect
CreateDialogParamW
UpdateWindow
SetCursor
GetSysColor
EndPaint
BeginPaint
DrawTextW
SetFocus
SetWindowPos
KillTimer
SetTimer
GetSystemMenu
EnableMenuItem
RedrawWindow
LoadStringW
GetWindow
SystemParametersInfoW
InvalidateRect
GetWindowTextW
SetWindowTextW
GetWindowRect
GetDesktopWindow
MapWindowPoints
GetParent
GetClientRect
GetMenu
AdjustWindowRectEx
IsWindow
GetDlgItem
FindWindowW

gdi32

GetBitmapBits
CreateDIBPatternBrushPt
CreateFontW
CreateCompatibleDC
DeleteDC
GetCurrentObject
CreateSolidBrush
SelectObject
SetTextColor
DeleteObject
CreateFontIndirectW
GetObjectW
SetBkMode
GetStockObject
CreateDIBSection
GetDeviceCaps

advapi32

LookupPrivilegeValueW
CopySid
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyW
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetLengthSid
GetTokenInformation

shell32

SHFreeNameMappings
SHFileOperationW
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoInitialize
CoUninitialize
OleInitialize
CreateStreamOnHGlobal
OleUninitialize

oleaut32

SysAllocStringLen
SysAllocString
VariantClear
SysFreeString

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_SetImageCount
InitCommonControlsEx
ImageList_Add
ImageList_Create
ImageList_Remove
ImageList_Duplicate

msimg32

AlphaBlend

wininet

HttpQueryInfoW
FtpGetFileSize
HttpOpenRequestW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
CommitUrlCacheEntryW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
HttpEndRequestW
InternetReadFile
InternetReadFileExA
HttpSendRequestExW
InternetConnectW
InternetSetOptionA
InternetSetStatusCallbackW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo
GetModuleBaseNameW

shlwapi

SHGetValueW
SHSetValueW
PathAppendW
PathFileExistsW
StrCatW
SHDeleteValueW
StrToIntExW
SHGetValueA
PathRemoveFileSpecW
SHDeleteKeyW
PathIsDirectoryEmptyW
StrStrIW
PathFindExtensionW
PathMatchSpecW
PathCombineW
PathIsRootW
PathIsURLW
PathIsDirectoryW
PathGetDriveNumberW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle

urlmon

ObtainUserAgentString

msvcrt

_wtoi
strlen
memcpy
swprintf
wcstok
wcschr
rewind
fgets
_strnicmp
fseek
fprintf
_ftol
wcscat
_wcsnicmp
memset
_wcsicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
sprintf
strcat
ftell
fread
_ismbslead
towupper
towlower
abs
wcsrchr
_wfopen
fwrite
fclose
_purecall
strncat
_strlwr
_except_handler3
_vsnprintf
__CxxFrameHandler
malloc
strncpy
_vsnwprintf
iswdigit
free
memmove
realloc
_snwprintf
??2@YAPAXI@Z
wcsncpy
wcslen
wcscmp
wcsstr
tolower
isspace
iswspace
strcpy
_snprintf
wcspbrk
memcmp
_wtoi64
wcsncat
time
_ui64tow
_wtol
_beginthreadex
wcscpy
swscanf
isprint

netapi32

Netbios

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

27e0d25647437d61fa0f74da3272b7db

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

wininet

psapi

shlwapi

version

wintrust

urlmon

msvcrt

netapi32

comdlg32

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 28KB - Virtual size: 40KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 28KB - Virtual size: 40KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB