2de5e3bd77f2dfe97a648a7035892fdb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2de5e3bd77f2dfe97a648a7035892fdb_JaffaCakes118
Size

13.4MB
MD5

2de5e3bd77f2dfe97a648a7035892fdb
SHA1

80b7d52e3f6171f316ef79d9b42f4113a92fe097
SHA256

8f71be9cd2056da8afe9eb6e26e1cac56d86270c33051b50f18c13f30a76b88b
SHA512

b532b76bf04390fbdde7a97ce7b8f9d840bf49b5a6ca97424377ef2957c3b5899e8d508ab9dd7217e173f36dc551eefbe38a3f047f7240df8ab1c9c15b4d3503
SSDEEP

393216:/Bh4y8dzjEQleJtwbeNGU8rqHwKsP7jvaLsc+s:/BhIZeJuCQU8rqHwTXva

Score

1^/10

Malware Config

Signatures

Files

2de5e3bd77f2dfe97a648a7035892fdb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1aa210c5b5325f577d7be624b426aec4

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:18:c2:d6:d0:32:f9:3b:f7:ef:3f:8c:bd:9e:38:dd:12:d2:dc:7d
Signer

Actual PE Digest

0d:18:c2:d6:d0:32:f9:3b:f7:ef:3f:8c:bd:9e:38:dd:12:d2:dc:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\build\360DeskTop_NetProtect_beta\src\360Setup\Release\Setup.pdb

Imports

kernel32

FindClose
GetPrivateProfileIntW
GetFullPathNameW
FindFirstFileW
FormatMessageW
CopyFileW
GetVolumeInformationW
OpenProcess
CompareFileTime
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableW
GetSystemInfo
GetLongPathNameW
InitializeCriticalSection
DeleteCriticalSection
CreateMutexW
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
QueryDosDeviceW
GetLogicalDriveStringsW
GetSystemDirectoryW
CreateProcessW
FindAtomW
GlobalAddAtomW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
GetTempPathA
CreateThread
DeviceIoControl
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetStdHandle
SetEndOfFile
SetFileTime
MultiByteToWideChar
GetModuleHandleW
GetLastError
LocalAlloc
LocalFree
GetTempFileNameW
GetFileAttributesW
GlobalFindAtomW
GetVersionExW
CreateDirectoryW
WritePrivateProfileStringW
lstrcmpiA
lstrcatW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
GetCurrentDirectoryA
FlushFileBuffers
FindNextFileW
IsValidLocale
GetCurrentThreadId
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetModuleHandleA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
ExitProcess
ExitThread
RtlUnwind
lstrcpyW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
CreateFileW
WriteFile
GetDriveTypeW
Sleep
GetLocalTime
GetModuleFileNameW
GetShortPathNameW
MoveFileW
MoveFileExW
DeleteFileW
GetProcAddress
FreeLibrary
SetFileAttributesW
RemoveDirectoryW
GetTempPathW
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
LoadLibraryW
lstrlenW
InterlockedDecrement
WaitForSingleObject
CloseHandle
GetFileAttributesExW
UnmapViewOfFile
SetFilePointer
MapViewOfFile
CreateFileMappingW
UnlockFile
ReadFile
GetFileSize
LockFile
ResetEvent
SetEvent
CreateEventW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
TlsFree
DeleteAtom
TlsAlloc
ReleaseMutex
ReadProcessMemory
ExpandEnvironmentStringsW
GetFileTime
GetExitCodeProcess
TerminateProcess
FindResourceExW
GetDiskFreeSpaceExW
LockResource
HeapReAlloc
HeapSize
SetStdHandle
SetLastError
InterlockedExchange
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
MulDiv
RaiseException
GetPrivateProfileStringW
GetThreadLocale
EnumSystemLocalesA
SetThreadLocale
LocalFileTimeToFileTime
SetFilePointerEx
GetSystemTime
lstrcmpA
WideCharToMultiByte
TlsGetValue
TlsSetValue
AddAtomW
OpenThread
GetAtomNameW
HeapDestroy

user32

CallWindowProcW
EndDialog
wvsprintfW
SendMessageTimeoutW
FindWindowW
PostMessageW
LoadStringW
CharUpperW
CharNextW
GetWindowLongW
SetWindowTextW
MoveWindow
GetClientRect
SendMessageW
IsWindow
EnableWindow
GetDlgItem
IsWindowEnabled
ShowWindow
SetDlgItemTextW
EnumWindows
GetClassNameW
GetWindowThreadProcessId
SetCursor
PtInRect
wsprintfW
WaitForInputIdle
DialogBoxParamW
MessageBoxW
OffsetRect
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
BringWindowToTop
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetSystemMetrics
LoadImageW
IsIconic
PostQuitMessage
InflateRect
IsDialogMessageW
GetSystemMenu
EnableMenuItem
GetActiveWindow
CharLowerW
EndPaint
BeginPaint
ScreenToClient
DefWindowProcW
CopyRect
KillTimer
SetTimer
CreateDialogParamW
GetWindowTextLengthW
MessageBeep
SetFocus
RedrawWindow
InvalidateRect
DestroyWindow
CreateWindowExW
FindWindowExW
GetWindowTextW
ReleaseDC
GetDC
SetWindowLongW
GetParent
ExitWindowsEx
UnregisterClassA
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetWindowPos
IsWindowVisible

gdi32

CreateCompatibleBitmap
BitBlt
DeleteObject
DeleteDC
SetViewportOrgEx
SelectObject
CreateCompatibleDC

advapi32

LookupAccountSidW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
GetUserNameW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetExplicitEntriesFromAclW
EqualSid
GetTrusteeNameW
DeleteAce
RegOpenKeyExA
LookupAccountNameW
RegOpenKeyW
RegEnumKeyExW
RegCloseKey
RegEnumKeyExA
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExA

shell32

SHChangeNotify
SHGetMalloc
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
SHBrowseForFolderW
ord165
ShellExecuteExW
ord680
SHCreateDirectoryExW

ole32

CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
OleRun
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysFreeString
SystemTimeToVariantTime
VarUdateFromDate
VariantTimeToSystemTime
VariantInit
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysAllocString
VarUI4FromStr

shlwapi

PathFileExistsA
PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
PathFileExistsW
SHGetValueW
SHDeleteKeyW
PathCombineW
PathFindFileNameW
SHDeleteValueW
PathIsRelativeW
SHGetValueA
PathRemoveExtensionW
PathMatchSpecW
StrRetToStrW
PathIsNetworkPathW
PathIsURLW
PathIsDirectoryW
StrCmpIW
PathFindExtensionW
SHSetValueA
PathAppendA
PathRemoveBackslashW
wnsprintfW
PathIsPrefixW
SHSetValueW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW
CertCloseStore
CryptMsgUpdate
CryptMsgOpenToDecode
CertOpenStore
CertGetCertificateContextProperty
CryptMsgClose

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

netapi32

Netbios

setupapi

SetupIterateCabinetW

Sections

.text
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1aa210c5b5325f577d7be624b426aec4

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0d:18:c2:d6:d0:32:f9:3b:f7:ef:3f:8c:bd:9e:38:dd:12:d2:dc:7dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

version

psapi

wintrust

crypt32

urlmon

iphlpapi

wininet

netapi32

setupapi

Sections

.text Size: 625KB - Virtual size: 625KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 31KB - Virtual size: 42KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 45KB - Virtual size: 44KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0d:18:c2:d6:d0:32:f9:3b:f7:ef:3f:8c:bd:9e:38:dd:12:d2:dc:7d
Signer

.text
Size: 625KB - Virtual size: 625KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 31KB - Virtual size: 42KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 45KB - Virtual size: 44KB