0b48d6bc271ca60d99c43e695598ea52_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0b48d6bc271ca60d99c43e695598ea52_JaffaCakes118
Size

546KB
MD5

0b48d6bc271ca60d99c43e695598ea52
SHA1

e88a00e873d994a65ff5919ed8fa2354c1cce25d
SHA256

05f3db6e129f2e61ac784274b58564aa56fc3f72f6adba2308e6c90786ae7b99
SHA512

4fd9bcd1bd540c6f085b9820fdbd0197efa81752ca09340074653a99af7d9f1a61f4edbae9b31553aab691caf4779c40465b250ba39ae8b9c9ba719e878bad25
SSDEEP

12288:UOdQFkkJSACy/B6xxAgPRizfgATGxRfseOKMW7:xok8Co4AgPY7TGxRkeOd

Score

1^/10

Malware Config

Signatures

Files

0b48d6bc271ca60d99c43e695598ea52_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b4f6d16d8b0357abd57589877b647e29

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:1d:4d:4b:19:a3:c7:f2:13:4f:4f:f7:87:12:02:8f:85:f1:14:7d
Signer

Actual PE Digest

a0:1d:4d:4b:19:a3:c7:f2:13:4f:4f:f7:87:12:02:8f:85:f1:14:7d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\building\ludashi_projects\360HardwareMaster\ComputerZMonitorWTL\ComputerZMonitorWTL\Release\ComputerMonZ.pdb

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
LockResource
CreateMutexW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetLongPathNameW
MulDiv
TerminateThread
WaitForSingleObject
CreateEventW
ResetEvent
SetEvent
GetPrivateProfileIntW
GetVersionExW
MapViewOfFile
CreateFileMappingW
GetSystemInfo
UnmapViewOfFile
DeleteFileW
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
FlushFileBuffers
WriteFile
ReadFile
GetNamedPipeInfo
GetNamedPipeHandleStateW
SetNamedPipeHandleState
Sleep
lstrlenW
WritePrivateProfileStringW
LoadLibraryW
InterlockedCompareExchange
HeapFree
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
SetLastError
lstrcmpiA
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcess
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InterlockedExchange
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
ExitProcess
GetCurrentThread
HeapSize
FatalAppExitA
HeapDestroy
HeapCreate
HeapReAlloc
CreateThread
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
CreateFileW
DeviceIoControl
OpenProcess
lstrlenA
OutputDebugStringW
DebugBreak
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
InitializeCriticalSection
WriteConsoleW
GetLastError
FlushInstructionCache
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
RaiseException
DeleteCriticalSection
GetCurrentThreadId
GetStartupInfoW
GetProcessHeap
HeapAlloc
LoadLibraryA
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
FormatMessageW
GetLocalTime
LocalFree
CreateProcessW
CloseHandle
GetDateFormatA
GetSystemTime
TlsGetValue
GetModuleFileNameW

user32

SendMessageW
LoadCursorW
RegisterClassExW
CharNextW
wvsprintfW
LoadStringW
IsWindow
FindWindowExW
FindWindowW
SetWindowPos
GetWindowLongW
CallWindowProcW
GetWindowRect
WindowFromPoint
GetWindowThreadProcessId
GetDesktopWindow
GetForegroundWindow
GetAncestor
WaitForInputIdle
DefWindowProcW
DispatchMessageW
EnumDisplaySettingsW
GetMonitorInfoW
MonitorFromPoint
GetWindowInfo
GetWindow
GetShellWindow
SystemParametersInfoW
UpdateLayeredWindow
ReleaseCapture
PostQuitMessage
PostMessageW
GetCursorPos
LoadMenuW
DeleteMenu
TrackPopupMenu
CheckMenuItem
GetSubMenu
CheckMenuRadioItem
DestroyMenu
ClientToScreen
ScreenToClient
SetTimer
KillTimer
SetCapture
BeginPaint
EndPaint
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
ShowWindow
SetWindowLongW
UnregisterClassA
CreateWindowExW
SendMessageTimeoutW
IsIconic
SetForegroundWindow
GetDC
ReleaseDC
IsRectEmpty
SetRect
PtInRect
SetCursor
OffsetRect
SetRectEmpty
GetClassInfoExW

gdi32

CreateFontIndirectW
GetTextExtentPoint32W
SetViewportOrgEx
SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
CreateFontW
EnumFontFamiliesW
DeleteDC
SetBkColor
ExtTextOutW
BitBlt
GetDeviceCaps

advapi32

RegCreateKeyExW
RegEnumKeyExA
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExA

shell32

ShellExecuteExW
SHAppBarMessage

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoSetProxyBlanket
CoInitializeSecurity
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantClear
VarUI4FromStr
VariantInit

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathCombineW
PathIsRelativeW
StrCmpIW
PathFindFileNameW
StrToIntExW
StrCmpW
SHGetValueA
SHSetValueA

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipMeasureString
GdipDrawString

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4f6d16d8b0357abd57589877b647e29

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a0:1d:4d:4b:19:a3:c7:f2:13:4f:4f:f7:87:12:02:8f:85:f1:14:7dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

wintrust

crypt32

psapi

iphlpapi

wininet

urlmon

version

netapi32

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 70KB - Virtual size: 69KB

.reloc Size: 54KB - Virtual size: 55KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a0:1d:4d:4b:19:a3:c7:f2:13:4f:4f:f7:87:12:02:8f:85:f1:14:7d
Signer

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 70KB - Virtual size: 69KB

.reloc
Size: 54KB - Virtual size: 55KB