35be1e86f39e98fd63985e4ec273f22c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

35be1e86f39e98fd63985e4ec273f22c_JaffaCakes118
Size

538KB
MD5

35be1e86f39e98fd63985e4ec273f22c
SHA1

cbb2fb8d2dc800972a3680435fb88f152344749c
SHA256

d0d0a1953bfe1c7b3b6f26e8fc3abef6a2c2443b2b4ac0a386d831c36ed297de
SHA512

71127c4b6c68503932699f27dd6e2ff7beb4d919a4639718d63b553230d0a542e154969b6124b94f50a43014448fdad1a72a17b20f4dfa3cade3465df60e9e86
SSDEEP

12288:DSgSOe69z0dIt5pZWfXgylxlfMhFGxQaFT34TpZs0eQZuooZtUMBvMP:GgSOBpjyXgMfMh8xQM74tZs0eQiUMBkP

Score

1^/10

Malware Config

Signatures

Files

35be1e86f39e98fd63985e4ec273f22c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4302f81a178427cbfe50084b25bbc206

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:74:4e:ce:6b:39:ec:11:59:47:55:54:34:71:d5:51
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22-12-2015 00:00

Not After

19-02-2017 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=OPS,O=Beijing Kingsoft Security software Co.\,Ltd,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:73:01:aa:37:31:c7:17:f9:25:a9:9d:48:ca:b2
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

18-01-2016 00:00

Not After

19-02-2017 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=OPS,O=Beijing Kingsoft Security software Co.\,Ltd,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:18:23:8e:b6:79:7b:4b:3d:85:8d:40:d0:fe:75:f9:5c:64:b9:ce:b9:2d:39:d2:84:ba:93:31:a4:1d:f6:ff
Signer

Actual PE Digest

05:18:23:8e:b6:79:7b:4b:3d:85:8d:40:d0:fe:75:f9:5c:64:b9:ce:b9:2d:39:d2:84:ba:93:31:a4:1d:f6:ff

Digest Algorithm

sha256

PE Digest Matches

true

50:5f:53:27:52:9d:2f:b8:16:e9:f7:e9:09:94:51:c9:1e:fb:c1:3b
Signer

Actual PE Digest

50:5f:53:27:52:9d:2f:b8:16:e9:f7:e9:09:94:51:c9:1e:fb:c1:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kisengine\product\win32\dbginfo\kinst_dll.pdb

Imports

kernel32

CreateDirectoryW
SetEndOfFile
GetFileAttributesW
WriteFile
GetTickCount
GetWindowsDirectoryW
GetModuleFileNameW
FindClose
GetModuleHandleW
GetProcAddress
GetSystemDirectoryW
GetVersionExW
OpenProcess
LoadLibraryW
LocalAlloc
LocalFree
GetCurrentProcess
GetLocalTime
GetSystemInfo
InterlockedCompareExchange
FileTimeToSystemTime
FileTimeToLocalFileTime
GetUserDefaultLangID
DeviceIoControl
CreateFileW
LoadLibraryA
FreeLibrary
InterlockedDecrement
ExpandEnvironmentStringsW
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
ProcessIdToSessionId
CreateProcessW
GetComputerNameA
GetDiskFreeSpaceExW
GetSystemTime
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
CreateThread
SetEvent
GetLogicalDriveStringsW
lstrcmpiW
QueryDosDeviceW
lstrcpyW
lstrcatW
GetPrivateProfileIntW
GetTempPathW
GetPrivateProfileStringW
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
ReadFile
SetFilePointer
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetLastError
MoveFileExW
DeleteFileW
WaitForSingleObject
MultiByteToWideChar
lstrlenA
Sleep
WideCharToMultiByte
lstrlenW
TerminateThread
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileA
DisableThreadLibraryCalls
ExpandEnvironmentStringsA
FormatMessageA
VirtualQuery
GetSystemDirectoryA
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapCreate
VirtualAlloc
InterlockedIncrement
InterlockedExchange
RaiseException
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
VirtualFree

user32

UnregisterClassA

advapi32

CreateProcessAsUserW
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
SetTokenInformation
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyW

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoCreateGuid

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

shlwapi

PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW
StrToIntW
PathAppendW
PathFindExtensionW
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

iphlpapi

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

Exports

Exports

ExecuteDetector
GetInterface
GetUpdateInterface
ReleaseInterface
ReleaseUpdateInterface

Sections

.text
Size: 348KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4302f81a178427cbfe50084b25bbc206

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

6e:74:4e:ce:6b:39:ec:11:59:47:55:54:34:71:d5:51Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

40:73:01:aa:37:31:c7:17:f9:25:a9:9d:48:ca:b2Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

05:18:23:8e:b6:79:7b:4b:3d:85:8d:40:d0:fe:75:f9:5c:64:b9:ce:b9:2d:39:d2:84:ba:93:31:a4:1d:f6:ffSigner

50:5f:53:27:52:9d:2f:b8:16:e9:f7:e9:09:94:51:c9:1e:fb:c1:3bSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wtsapi32

iphlpapi

psapi

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 345KB

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 56KB - Virtual size: 53KB

.reloc Size: 24KB - Virtual size: 22KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

6e:74:4e:ce:6b:39:ec:11:59:47:55:54:34:71:d5:51
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

40:73:01:aa:37:31:c7:17:f9:25:a9:9d:48:ca:b2
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

05:18:23:8e:b6:79:7b:4b:3d:85:8d:40:d0:fe:75:f9:5c:64:b9:ce:b9:2d:39:d2:84:ba:93:31:a4:1d:f6:ff
Signer

50:5f:53:27:52:9d:2f:b8:16:e9:f7:e9:09:94:51:c9:1e:fb:c1:3b
Signer

.text
Size: 348KB - Virtual size: 345KB

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 56KB - Virtual size: 53KB

.reloc
Size: 24KB - Virtual size: 22KB