276e9a0ba1c29b6aabee7104e4495307_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

276e9a0ba1c29b6aabee7104e4495307_JaffaCakes118
Size

946KB
MD5

276e9a0ba1c29b6aabee7104e4495307
SHA1

7e705d01fbbb7d2a39b537889c9b28bb236335e2
SHA256

df5835511aff6a8490a2232afc2a1d965673062561874142d3ceeb99888b07ca
SHA512

c2a76f13279edea9d2b2200b0b4369a696c87fa3e3955ea8ee3241597fbde583c8c46da2e270a98c87329c5cd48e3e59af04dc0ae86d41a6cdbfcb37845ca017
SSDEEP

12288:+VAUEAQFBg8L8zYibJnx3kw6qhV0x5JrvNv/e4yOikFFuDwH5CP6ZefopMVRGy3P:VSqUSuDwH5CPbopSRXssJJc0/a7

Score

1^/10

Malware Config

Signatures

Files

276e9a0ba1c29b6aabee7104e4495307_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a92d309b273ebabc03b6668d5fcc8ea3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:80:3d:8f:a3:22:fe:f9:79:9d:8a:57:7c:8a:c5:92:f6:25:cb:69
Signer

Actual PE Digest

8d:80:3d:8f:a3:22:fe:f9:79:9d:8a:57:7c:8a:c5:92:f6:25:cb:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\code_svn\360SoftMgr\trunk\SoftManagerLite\SourceEx\Plugins\New_Screener\Release\Screener.pdb

Imports

comdlg32

GetSaveFileNameW
GetOpenFileNameW

kernel32

FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetDriveTypeW
MoveFileExW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
ReadFile
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
Sleep
SetErrorMode
GetThreadLocale
SetThreadLocale
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
CreateRemoteThread
lstrcpyW
GetProcessId
Module32FirstW
Module32NextW
SetFileTime
GetFileTime
GetCurrentProcessId
RaiseException
SizeofResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
GetFileType
SetHandleCount
GetTimeZoneInformation
FatalAppExitA
HeapCreate
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
GetFileAttributesW
GetStartupInfoA
GetCommandLineA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
FormatMessageW
OutputDebugStringW
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
LockResource
LoadResource
FindResourceW
FindResourceExW
GetVersionExW
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
WriteProcessMemory
CloseHandle
VirtualAllocEx
OpenProcess
ReadProcessMemory
CreateDirectoryA
lstrcatA
CreateDirectoryW
lstrcatW
FlushInstructionCache
GetCurrentProcess
FreeResource
GlobalFree
GlobalUnlock
GetFileSizeEx
SetFilePointer
MapViewOfFile
CreateFileMappingW
SetEndOfFile
UnmapViewOfFile
FlushViewOfFile
DeviceIoControl
CreateProcessW
WritePrivateProfileStringW
GetTempFileNameW
GetVolumeInformationW
GetLongPathNameW
DeleteFileW
WideCharToMultiByte
lstrlenA
lstrcmpW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
GetProcAddress
FreeLibrary
LoadLibraryW
CreateMutexW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
LocalFree
CreateFileW
WriteFile
LocalAlloc
MulDiv
WaitForSingleObject
CreateEventW
SetEvent
GetProfileIntW
GetTempPathW
lstrcpynW
GetTickCount
GetPrivateProfileIntW
GetLocalTime
GetPrivateProfileStringW
lstrlenW
SetLastError
GetCurrentThreadId
TerminateProcess
GlobalAlloc
GlobalLock
VirtualFreeEx

user32

DestroyCursor
TrackMouseEvent
GetMessagePos
PrintWindow
wsprintfW
IntersectRect
EnumChildWindows
OffsetRect
UpdateWindow
UnregisterClassA
InvalidateRect
ShowWindow
GetParent
SetWindowLongW
LoadMenuW
LoadAcceleratorsW
CharNextW
GetDesktopWindow
SetLayeredWindowAttributes
MsgWaitForMultipleObjects
TranslateMessage
SystemParametersInfoW
GetWindowLongW
BeginPaint
EndPaint
SetCursor
SetFocus
DestroyWindow
GetSysColorBrush
SetRect
GetClientRect
SetWindowPos
GetDC
ReleaseDC
FillRect
InflateRect
SetClassLongW
CopyRect
DrawTextW
PtInRect
FindWindowExW
FindWindowW
GetSystemMetrics
IsRectEmpty
IsWindowVisible
GetWindowRect
GetWindow
CreatePopupMenu
AppendMenuW
EqualRect
DestroyMenu
GetMonitorInfoW
MonitorFromPoint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetCapture
OpenClipboard
IsWindow
GetClassInfoExW
LoadCursorW
CloseClipboard
SetClipboardData
EmptyClipboard
TrackPopupMenu
DefWindowProcW
CallWindowProcW
GetCursorPos
DrawIconEx
WindowFromPoint
GetWindowThreadProcessId
ClientToScreen
SetRectEmpty
GetCapture
RegisterClassExW
CreateWindowExW
TranslateAcceleratorW
MapWindowPoints
GetMenuItemCount
RemoveMenu
GetMenuItemInfoW
LoadStringW
PostQuitMessage
LoadStringA
TrackPopupMenuEx
SendMessageW
GetDlgItem
GetDCEx
GetMessageW
DispatchMessageW
ScreenToClient
SetMenuItemBitmaps
LoadImageW
SetForegroundWindow
ReleaseCapture
PostMessageW
CreateDialogParamW
PeekMessageW
MessageBeep

gdi32

GetTextColor
GetClipBox
SetStretchBltMode
TextOutW
GetTextExtentPoint32W
CreateFontIndirectW
SetPixel
GetDIBits
CreateDIBSection
GetDeviceCaps
SetROP2
UnrealizeObject
PatBlt
CreateBitmap
CreatePatternBrush
GetPixel
StretchBlt
SaveDC
SetMapMode
SetViewportOrgEx
SetWindowOrgEx
RestoreDC
SetBitmapBits
GetBitmapBits
GetObjectW
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBkMode
SetTextColor
GetStockObject
CreateSolidBrush
CreatePen
SelectObject
Rectangle
EnumFontFamiliesExW
CreateFontW
DeleteObject
DeleteDC
MoveToEx
Polygon
LineTo

advapi32

AllocateAndInitializeSid
RegDeleteValueW
RegCloseKey
RegQueryValueExA
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
GetFileSecurityW
OpenProcessToken
DuplicateToken
MapGenericMask
AccessCheck
DuplicateTokenEx
FreeSid
CheckTokenMembership
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW

shell32

SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathW
ord165
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

SysStringLen
OleLoadPicture
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysAllocStringLen
VarUI4FromStr
GetErrorInfo
SetErrorInfo
SysAllocString
CreateErrorInfo
VariantCopy
VariantClear
VariantInit
SysFreeString
VarBstrCmp

shlwapi

SHSetValueW
PathRemoveBackslashW
ord176
StrFormatByteSizeW
PathIsDirectoryW
PathCombineW
PathFindFileNameW
PathRemoveFileSpecW
PathIsRootW
PathFileExistsW
SHGetValueW
StrCmpIW
PathAddBackslashW
StrCpyNW
PathAppendW

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw
InitCommonControlsEx
ImageList_Create

msimg32

AlphaBlend

gdiplus

GdipCloneBrush
GdipFree
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImage
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipDrawPath
GdipDrawLineI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipAddPathEllipseI
GdipAddPathLineI
GdipSetPenBrushFill
GdipSetPenCustomEndCap
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreateSolidFill
GdipDeleteGraphics
GdipSetCustomLineCapWidthScale
GdipSetCustomLineCapStrokeCaps
GdipDeleteCustomLineCap
GdipCreateCustomLineCap
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptStringToBinaryW
CryptBinaryToStringW
CertGetNameStringW
CryptBinaryToStringA
CryptStringToBinaryA

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash

imagehlp

ImageNtHeader

psapi

GetModuleFileNameExW

Sections

.text
Size: 704KB - Virtual size: 703KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a92d309b273ebabc03b6668d5fcc8ea3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8d:80:3d:8f:a3:22:fe:f9:79:9d:8a:57:7c:8a:c5:92:f6:25:cb:69Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comdlg32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

crypt32

wintrust

imagehlp

psapi

Sections

.text Size: 704KB - Virtual size: 703KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 87KB - Virtual size: 101KB

.rsrc Size: 45KB - Virtual size: 45KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8d:80:3d:8f:a3:22:fe:f9:79:9d:8a:57:7c:8a:c5:92:f6:25:cb:69
Signer

.text
Size: 704KB - Virtual size: 703KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 87KB - Virtual size: 101KB

.rsrc
Size: 45KB - Virtual size: 45KB