4064b6aff5c7f9eb760330487013fe87_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4064b6aff5c7f9eb760330487013fe87_JaffaCakes118
Size

136KB
MD5

4064b6aff5c7f9eb760330487013fe87
SHA1

9f848df870ed1fa3e14ed516ac13d5b4a27501b7
SHA256

faba8c660cffe6ff5e665193d915aceb7f7ba601eb8edea492be6bd44b8aa6da
SHA512

efd6984ccb9a6c9cbc032d48a4b496113ef8722e5d007ac5b458d042b4f7583992fc6e19b57fd4945575f9110b0dc86537f7a80f60cacf3447a16714b825045d
SSDEEP

1536:lFSSVpNPEXMmik6SvkK3U8uK6mWWV7U15IMpiWB:lkSVvEX76k3hV7U15IMpv

Score

1^/10

Malware Config

Signatures

Files

4064b6aff5c7f9eb760330487013fe87_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f7f8b793df08107bb07d567006b14847

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/11/2013, 00:00

Not After

02/01/2017, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:d6:3c:dd:ac:7e:7f:64:03:27:7e:5b:e8:83:f2:58:fa:a2:c1:4d
Signer

Actual PE Digest

6b:d6:3c:dd:ac:7e:7f:64:03:27:7e:5b:e8:83:f2:58:fa:a2:c1:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\公司文档\2013年开发版本\二季度提高用户激活率\桌面冒泡\桌面冒泡程序2\KwLnkTipWnd（禁播-常规）\Release\KwLnkTipWnd.pdb

Imports

kernel32

WritePrivateProfileStringA
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
CreateProcessA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
OpenProcess
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
InterlockedDecrement
GetPrivateProfileStringA
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
GetProcAddress
CloseHandle
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
HeapSize
GetCurrentProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

GetWindow
ClientToScreen
OffsetRect
FindWindowExA
SendMessageA
LoadStringA
LoadAcceleratorsA
GetMessageA
GetWindowThreadProcessId
EndPaint
GetSystemMetrics
GetKeyState
PtInRect
ReleaseDC
UpdateLayeredWindow
GetDC
IsWindow
DefWindowProcA
PostQuitMessage
GetWindowRect
GetCursorPos
KillTimer
FindWindowA
BeginPaint
UpdateWindow
ShowWindow
SetTimer
MoveWindow
SetWindowLongA
GetWindowLongA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA

gdi32

DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

SHGetSpecialFolderPathA

gdiplus

GdiplusStartup
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRect

comctl32

_TrackMouseEvent

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7f8b793df08107bb07d567006b14847

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6b:d6:3c:dd:ac:7e:7f:64:03:27:7e:5b:e8:83:f2:58:fa:a2:c1:4dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

gdiplus

comctl32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 6KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6b:d6:3c:dd:ac:7e:7f:64:03:27:7e:5b:e8:83:f2:58:fa:a2:c1:4d
Signer

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 6KB - Virtual size: 6KB