313e23fd2c1cad85216dbde40a6269d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

313e23fd2c1cad85216dbde40a6269d7_JaffaCakes118
Size

1.4MB
MD5

313e23fd2c1cad85216dbde40a6269d7
SHA1

fb351788d6ab160a271994ebedc6daf21f2a9d16
SHA256

15960eee559f58ebd55a1341288dfae8b5e6a2410894726418e4f63a70619007
SHA512

9c2a82ce6df07f42fa2ac9424074e777a4b2dc69cce919990afc4bb72ef5f6a58909c7353b7e60115b295ac4f8162f4955207e4b619f375fac9a52cc3f332f8a
SSDEEP

24576:i3TTnRpZHvKlcNhSaqXeKjmSOeD+OADbFXlGuOL1l8QrJ+vDkBjMRGJ/qofG:KTTn3ZPIcN0gKqqiOAtYMQr4rkb1qr

Score

1^/10

Malware Config

Signatures

Files

313e23fd2c1cad85216dbde40a6269d7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8c17184d64a7426a933989c6596faa2f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:5b:e6:2b:1e:01:5c:d8:11:17:78:20:a5:bc:89:ff:f6:9a:9b:b7
Signer

Actual PE Digest

da:5b:e6:2b:1e:01:5c:d8:11:17:78:20:a5:bc:89:ff:f6:9a:9b:b7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\29384\out\Release\360Installer.pdb

Imports

kernel32

GetVolumePathNamesForVolumeNameW
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
MulDiv
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTickCount
MoveFileExW
GetCommandLineW
FindNextFileW
FindClose
GetFullPathNameW
FindFirstFileW
RemoveDirectoryW
GetLocalTime
GetLongPathNameW
CreateMutexW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetExitCodeThread
SetEvent
CreateEventW
WaitForSingleObject
GetLogicalDrives
WriteFile
FreeResource
InterlockedCompareExchange
CreateFileA
GetFileSize
DeleteFileW
GetDriveTypeW
GetDiskFreeSpaceExW
GetFileSizeEx
lstrcmpiA
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
GetTimeZoneInformation
LCMapStringW
LCMapStringA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
LockResource
OpenProcess
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetConsoleCtrlHandler
GetModuleHandleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetModuleFileNameA
GetStdHandle
HeapSize
GetCurrentThread
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FatalAppExitA
HeapDestroy
HeapCreate
HeapReAlloc
GetStartupInfoW
ExitProcess
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
LocalFree
FormatMessageW
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetLogicalDriveStringsW
GetConsoleCP
GetTempFileNameW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
ReadFile
SetFilePointer
GetCurrentProcessId
CreateFileW
DeviceIoControl
CloseHandle
Sleep
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
GetTempPathW
OutputDebugStringW
DebugBreak
lstrlenA
SetLastError
lstrcmpiW
InterlockedIncrement
GetLastError
GetCurrentThreadId
SetEnvironmentVariableW
GetVersionExW
GetModuleHandleW
GetSystemDirectoryW
GetProcAddress
LoadLibraryW
lstrlenW
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetConsoleMode

user32

GetDesktopWindow
GetDlgCtrlID
FindWindowW
SetWindowLongW
UnregisterClassA
LoadStringW
GetClassInfoExW
RegisterClassExW
GetWindowTextLengthW
GetFocus
IsRectEmpty
GetWindowThreadProcessId
SendMessageTimeoutW
LoadCursorW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowDC
InflateRect
EnableWindow
PeekMessageW
CharNextW
DestroyWindow
CreateDialogParamW
SetWindowPos
SetForegroundWindow
IsWindowVisible
ShowWindow
IsIconic
IsWindow
MessageBoxW
FindWindowExW
AdjustWindowRectEx
ClientToScreen
UpdateLayeredWindow
IsWindowEnabled
GetWindowTextW
DialogBoxParamW
EndDialog
UpdateWindow
SetRect
GetSysColor
SetCursor
GetActiveWindow
OffsetRect
SetScrollInfo
ShowScrollBar
GetScrollRange
GetScrollPos
ReleaseCapture
SetCapture
GetScrollInfo
SystemParametersInfoW
SetScrollRange
DrawTextW
FillRect
UnionRect
IntersectRect
CallWindowProcW
SetScrollPos
CharLowerW
GetSystemMetrics
LoadImageW
GetClassNameW
PostQuitMessage
LoadIconW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
IsDialogMessageW
KillTimer
SetTimer
RedrawWindow
InvalidateRect
ScreenToClient
BringWindowToTop
SetWindowTextW
CopyRect
PtInRect
PostMessageW
EndPaint
BeginPaint
SetWindowRgn
CreateWindowExW
ReleaseDC
GetDC
LoadBitmapW
GetCursorPos
GetDlgItem
SetFocus
GetClientRect
GetWindowRect
MoveWindow
GetWindowLongW
SendMessageW
CharUpperW

gdi32

SaveDC
GetDeviceCaps
GetTextMetricsW
CreateRectRgn
CreatePolygonRgn
CombineRgn
CreateCompatibleDC
SetBkMode
CreatePatternBrush
DeleteDC
BitBlt
RestoreDC
GetObjectW
CreateFontIndirectW
DeleteObject
SetTextColor
GetStockObject
CreateSolidBrush
SetBkColor
StretchBlt
GetTextExtentPointA
GetTextMetricsA
CreateFontW
OffsetViewportOrgEx
SelectObject
GetClipBox
SetViewportOrgEx
EnumFontFamiliesW
CreateDIBSection
CreateCompatibleBitmap

advapi32

RegSetValueExW
RegEnumKeyExA
RegQueryValueExW
RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegOpenKeyExA

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
Shell_NotifyIconW
SHAppBarMessage
ord165
SHFileOperationW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CLSIDFromProgID
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantChangeType
SetErrorInfo
VariantInit
OleLoadPicture
VarUI4FromStr
SysAllocString
SysFreeString
CreateErrorInfo
VariantClear
GetErrorInfo

shlwapi

PathAppendW
wnsprintfW
PathCombineW
SHGetValueW
StrStrW
StrCmpIW
PathRemoveFileSpecW
PathIsRelativeW
PathFindFileNameW
PathIsPrefixW
StrCmpW
SHGetValueA
PathFileExistsW
StrToIntExW
SHSetValueA

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetGenericFontFamilySansSerif
GdipDrawImageRectI
GdipDrawImageRect

iphlpapi

GetIpAddrTable
GetAdaptersInfo

wininet

InternetConnectW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetGetConnectedState
InternetOpenW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

setupapi

SetupIterateCabinetW

netapi32

Netbios

Sections

.text
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 765KB - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c17184d64a7426a933989c6596faa2f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

da:5b:e6:2b:1e:01:5c:d8:11:17:78:20:a5:bc:89:ff:f6:9a:9b:b7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

version

psapi

gdiplus

iphlpapi

wininet

urlmon

setupapi

netapi32

Sections

.text Size: 501KB - Virtual size: 500KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 26KB - Virtual size: 39KB

.rsrc Size: 765KB - Virtual size: 764KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

da:5b:e6:2b:1e:01:5c:d8:11:17:78:20:a5:bc:89:ff:f6:9a:9b:b7
Signer

.text
Size: 501KB - Virtual size: 500KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 26KB - Virtual size: 39KB

.rsrc
Size: 765KB - Virtual size: 764KB