0b53eeafa1ce639403c2152db5f75641_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b53eeafa1ce639403c2152db5f75641_JaffaCakes118
Size

236KB
MD5

0b53eeafa1ce639403c2152db5f75641
SHA1

056689edcc612f2e147b3dde5b58a9bd60d462a9
SHA256

1bf174838e031c6b8e2154eb8f94f4efea58019a8ab8cc957f31470509907443
SHA512

7e3ce92165b50770fc46468d592867ea0b6c9a380300ba164fc5fe35517813cf8ab86d741ce692619cefe6a6390886847f2090168ecbb401dde833c931b4301b
SSDEEP

6144:R0DkRNNtb/f2c3SPc1eoaO7tIRH3339rhOEmO4wt1:WDa71p3SPcf38ntrUHO/1

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/shandianzhushou_66868com/闪电助手@60_218548.exe	nsis_installer_2

Files

0b53eeafa1ce639403c2152db5f75641_JaffaCakes118
.rar
shandianzhushou_66868com/2345网址导航.url
.url
shandianzhushou_66868com/U盘启动盘制作工具 - U盘装系统，一键制作U盘.url
.url
shandianzhushou_66868com/软件下载-软件下载第一门户.url
.url
shandianzhushou_66868com/闪电助手@60_218548.exe
.exe windows:5 windows x86 arch:x86

dda4d20403a1489dc188f625cc6b815c

Code Sign

62:b0:0a:f7:b4:2a:23:9d:1c:14:09:00:7f:ae:ff:b5
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

04/11/2015, 09:27

Not After

04/11/2016, 09:27

Subject

CN=Shanghai Yishen Network Technology Co.\, Ltd.,O=Shanghai Yishen Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
SetWindowPos
IsWindowEnabled
SetClassLongA
GetSystemMenu
EnableMenuItem
EndDialog
GetSystemMetrics
CreatePopupMenu
AppendMenuA
GetWindowRect
SetDlgItemTextA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadBitmapA
IsWindowVisible
CallWindowProcA
GetMessagePos
ScreenToClient
CheckDlgButton
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
TrackPopupMenu
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint

kernel32

RemoveDirectoryA
GetSystemDirectoryA
LoadLibraryA
lstrcatA
lstrlenA
GetTempFileNameA
CreateFileA
CreateProcessA
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceA
lstrcpynA
SetErrorMode
GetVersion
GetCommandLineA
GetTempPathA
GetWindowsDirectoryA
ExitProcess
CopyFileA
GetCurrentProcess
GetModuleFileNameA
GetFileSize
GetTickCount
Sleep
SetFileAttributesA
CreateDirectoryA
GetLastError
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CompareFileTime
SetFileTime
CloseHandle
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleHandleA
GlobalFree
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
SetFileSecurityA

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

ntdll

_allshl
_aulldiv
_allmul
_alldiv
_allrem
_allshr

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dda4d20403a1489dc188f625cc6b815c

Code Sign

62:b0:0a:f7:b4:2a:23:9d:1c:14:09:00:7f:ae:ff:b5Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

01Certificate

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

shell32

advapi32

comctl32

gdi32

ole32

ntdll

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 107KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 26KB - Virtual size: 26KB

62:b0:0a:f7:b4:2a:23:9d:1c:14:09:00:7f:ae:ff:b5
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 107KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 26KB - Virtual size: 26KB