48480dca13e87c9b8ec0683650005f37_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

48480dca13e87c9b8ec0683650005f37_JaffaCakes118
Size

24.1MB
MD5

48480dca13e87c9b8ec0683650005f37
SHA1

a3c158959fd6a1d0e6316cac1fb6b2689a9df7a9
SHA256

9941e18aac02eaebce094ea03ef96b439e4674cc49cc0bdb41ca281ab38c43c9
SHA512

9e8d40a7812721fc13f38ec4a323aae6459d05f07b17d803c3982f513db922bd8180fdbe422c563beca63fdfb0f2119e8c4766a47dd2c0fba63c0bac8f3dc149
SSDEEP

786432:S430TujM1Al2pRXgTyWqf3uo8Ou+GA8k7:S430YgfpOVK+o85+F7

Score

1^/10

Malware Config

Signatures

Files

48480dca13e87c9b8ec0683650005f37_JaffaCakes118
.rar
jinshancibanlixianbao_3987/PowerWord.800.12012.exe
.exe windows:5 windows x86 arch:x86

d7a407c22e9a6c29ee9444e2b109f4be

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:86:44:63:bb:bc:2e:4e:67:d4:27:71:e4:cb:d9:a5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21-04-2017 00:00

Not After

04-02-2020 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,OU=RD Department,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:e0:b5:be:99:0e:46:a6:96:3f:d9:a1:0d:d4:bb:ac
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19-04-2017 00:00

Not After

03-02-2020 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,OU=RD Department,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

54:00:74:75:71:2e:be:a8:00:3c:38:fc:7d:2d:fc:4d:e9:a5:c2:c7:40:5f:43:b6:c3:0a:38:8a:d9:c8:59:bd
Signer

Actual PE Digest

54:00:74:75:71:2e:be:a8:00:3c:38:fc:7d:2d:fc:4d:e9:a5:c2:c7:40:5f:43:b6:c3:0a:38:8a:d9:c8:59:bd

Digest Algorithm

sha256

PE Digest Matches

true

8d:7a:a2:f2:0c:c4:3b:2c:0a:78:0e:81:91:42:0c:cd:72:30:fc:4c
Signer

Actual PE Digest

8d:7a:a2:f2:0c:c4:3b:2c:0a:78:0e:81:91:42:0c:cd:72:30:fc:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\fun_pow_4_20190808\Build\Release\PowerWord\bin\KPacket.pdb

Imports

kernel32

VerSetConditionMask
SetCurrentDirectoryW
GetDiskFreeSpaceExW
InterlockedDecrement
CreateProcessW
GetVersionExW
GetModuleFileNameW
GetLongPathNameW
OpenProcess
QueryDosDeviceW
TerminateProcess
SystemTimeToFileTime
GetSystemTime
lstrcmpW
GetLocalTime
GetExitCodeProcess
GetPrivateProfileIntW
CreateThread
InitializeCriticalSectionAndSpinCount
MapViewOfFileEx
ExitProcess
SetThreadPriority
GetCurrentThread
SetPriorityClass
CreateMutexW
InterlockedIncrement
lstrcmpiW
LoadLibraryExW
OpenMutexW
ReleaseMutex
TerminateThread
GetUserDefaultLCID
TryEnterCriticalSection
AreFileApisANSI
CreateFileMappingA
DeleteFileA
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesExW
GetTempPathA
HeapValidate
HeapCompact
LockFile
LockFileEx
UnlockFile
UnlockFileEx
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
FlushViewOfFile
MoveFileW
RemoveDirectoryW
SetFileAttributesW
VerifyVersionInfoW
MultiByteToWideChar
WaitForMultipleObjects
GetStdHandle
CreateToolhelp32Snapshot
Process32FirstW
ReadFile
GetCurrentProcessId
LocalFree
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedCompareExchange
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetProcessHeap
GetFullPathNameA
SetStdHandle
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetConsoleCP
GetStringTypeW
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
InterlockedExchange
SetConsoleCtrlHandler
CreateFileA
GetFileAttributesA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
HeapReAlloc
Process32NextW
Sleep
GetPrivateProfileStringW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
SetLastError
WritePrivateProfileStringW
GetCurrentThreadId
lstrlenA
LoadLibraryW
FreeLibrary
GetCurrentProcess
FlushInstructionCache
RaiseException
GetModuleHandleW
GetProcAddress
GlobalMemoryStatus
GetSystemInfo
SetEndOfFile
SetFilePointer
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetFullPathNameW
WideCharToMultiByte
RtlUnwind
EncodePointer
DecodePointer
ExitThread
HeapFree
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FlushConsoleInputBuffer
GetVersionExA
LoadLibraryA
QueryPerformanceCounter
GetVersion
GetModuleHandleA
ExpandEnvironmentStringsA
GetFileType
PeekNamedPipe
SleepEx
FormatMessageA
CreateDirectoryW
GetTickCount
DeleteFileW
MoveFileExW
CopyFileW
GetSystemDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WriteFile
GetFileSize
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
FindNextFileW
GetFileAttributesW
FindFirstFileW
FindClose
CreateFileW
GetFileInformationByHandle
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
GetWindowsDirectoryW
VirtualAlloc

user32

SetWindowLongW
CreateWindowExW
DestroyWindow
GetWindowLongW
MoveWindow
SetWindowPos
GetWindowRect
GetClientRect
InvalidateRect
IsChild
IsWindow
MapWindowPoints
MonitorFromWindow
GetParent
CharLowerW
LoadCursorW
CopyRect
SetRect
InflateRect
GetDlgItem
MessageBoxW
ShowWindow
IsDialogMessageW
GetFocus
UnregisterClassA
MessageBoxA
GetProcessWindowStation
GetWindow
wsprintfW
GetUserObjectInformationW
ReleaseDC
GetDC
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassExW
LoadBitmapW
LoadImageW
SetActiveWindow
CharUpperW
FindWindowExW
SendMessageW
GetClassInfoExW
GetWindowThreadProcessId
SystemParametersInfoW
AttachThreadInput
GetMonitorInfoW
DefWindowProcW
RemoveMenu
GetSystemMetrics
ReleaseCapture
GetNextDlgTabItem
SetFocus
SetCapture
GetKeyState
WindowFromPoint
GetScrollPos
SetCursor
DrawIconEx
LoadIconW
DrawFrameControl
EqualRect
DestroyIcon
DrawTextW
GetDlgCtrlID
PtInRect
UpdateLayeredWindow
PostThreadMessageW
SetRectEmpty
KillTimer
SetTimer
GetWindowDC
GetSystemMenu
CallWindowProcW
EndPaint
BeginPaint
IsWindowVisible
GetForegroundWindow
CharNextW
GetWindowTextW
SetWindowTextW
OffsetRect
FindWindowW
GetActiveWindow
GetDesktopWindow
IsWindowEnabled
EnableWindow
SetForegroundWindow

gdi32

GetTextExtentPoint32W
TextOutW
LineTo
MoveToEx
GetClipRgn
RoundRect
RectInRegion
CombineRgn
CreateRectRgnIndirect
SetBkMode
CreateFontW
CreateFontIndirectW
GetStockObject
SetStretchBltMode
CreateCompatibleBitmap
CreateBitmap
StretchBlt
SetTextColor
GetObjectW
CreateCompatibleDC
CreateDIBSection
BitBlt
DeleteDC
DeleteObject
CreateRectRgn
CreatePen
SetBkColor
ExtTextOutW
Rectangle
SelectClipRgn
SelectObject
RestoreDC
SaveDC

shell32

ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHChangeNotify
SHGetFolderPathW
ord680

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantCopy
VariantClear
VarUI4FromStr
SysFreeString
SysAllocString

advapi32

GetTokenInformation
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
ReportEventA
DeregisterEventSource
RegisterEventSourceA

psapi

EnumProcessModules
GetModuleFileNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CertGetNameStringW
CryptMsgClose
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertCloseStore
CertFreeCertificateContext

shlwapi

PathRemoveBackslashW
PathRemoveFileSpecW
StrToIntW
PathFindFileNameW
StrRStrIW
PathAppendW
StrToIntA
PathAddBackslashW
PathFileExistsW
StrStrIW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateBitmapFromFileICM
GdipDeleteBrush
GdipCreatePath
GdipDeletePath
GdipSetPathGradientCenterColor
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterPointI
GdipTranslatePathGradientTransform
GdipCreateLineBrushI
GdipAddPathEllipseI
GdipCreatePathGradientFromPath
GdipFillRectangleI
GdipCloneBrush
GdipAlloc
GdipDeleteGraphics
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipFree
GdipCreateFromHDC
GdipDrawImageRectI
GdipCreateBitmapFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdiplusStartup
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageRectRectI

secur32

GetUserNameExW

wldap32

ord14
ord145
ord216
ord208
ord26
ord133
ord127
ord142
ord79
ord147
ord167
ord301
ord27
ord41
ord46
ord118

ws2_32

ntohs
getsockname
setsockopt
WSAIoctl
bind
recv
select
WSAGetLastError
shutdown
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
send
__WSAFDIsSet
WSACleanup
WSAStartup
WSASetLastError

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jinshancibanlixianbao_3987/使用说明.txt
jinshancibanlixianbao_3987/简易下载站.url
.url
jinshancibanlixianbao_3987/软件专题下载.url
.url

Sharing

General

Malware Config

Signatures

Files

d7a407c22e9a6c29ee9444e2b109f4be

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

60:86:44:63:bb:bc:2e:4e:67:d4:27:71:e4:cb:d9:a5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

44:e0:b5:be:99:0e:46:a6:96:3f:d9:a1:0d:d4:bb:acCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

54:00:74:75:71:2e:be:a8:00:3c:38:fc:7d:2d:fc:4d:e9:a5:c2:c7:40:5f:43:b6:c3:0a:38:8a:d9:c8:59:bdSigner

8d:7a:a2:f2:0c:c4:3b:2c:0a:78:0e:81:91:42:0c:cd:72:30:fc:4cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

psapi

version

crypt32

shlwapi

comctl32

gdiplus

secur32

wldap32

ws2_32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 419KB - Virtual size: 419KB

.data Size: 68KB - Virtual size: 98KB

.rsrc Size: 253KB - Virtual size: 253KB

.reloc Size: 97KB - Virtual size: 97KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:86:44:63:bb:bc:2e:4e:67:d4:27:71:e4:cb:d9:a5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

44:e0:b5:be:99:0e:46:a6:96:3f:d9:a1:0d:d4:bb:ac
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

54:00:74:75:71:2e:be:a8:00:3c:38:fc:7d:2d:fc:4d:e9:a5:c2:c7:40:5f:43:b6:c3:0a:38:8a:d9:c8:59:bd
Signer

8d:7a:a2:f2:0c:c4:3b:2c:0a:78:0e:81:91:42:0c:cd:72:30:fc:4c
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 419KB - Virtual size: 419KB

.data
Size: 68KB - Virtual size: 98KB

.rsrc
Size: 253KB - Virtual size: 253KB

.reloc
Size: 97KB - Virtual size: 97KB