4a3faae3981efc9d3e78913efb033a8b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a3faae3981efc9d3e78913efb033a8b_JaffaCakes118
Size

1.3MB
MD5

4a3faae3981efc9d3e78913efb033a8b
SHA1

2d9ed55c428795ffe2153d74ba2e1736c3cb89d1
SHA256

5143919cd8401878ae3926dadaefd718f5747a2ea9c9259ce339d96a19363eeb
SHA512

91191bea9735b27133f06dd1c1e0d605fce29173c06dde8ed29a683accf7cfe1ca0fd51e4e56759570cdb5f6fec575a2313d58c7d46b007f71db26934e8e5237
SSDEEP

24576:TAM59/cmPOXoeFZYJS6cYE0eMZWAGJrXN3GlHdZkqC7ZFwDjm0eQiUMBCGZ:TAM59/cmGXo2+JS6cYERMZDNHkrXEmyQ

Score

1^/10

Malware Config

Signatures

Files

4a3faae3981efc9d3e78913efb033a8b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9077629cc949686653d02e16744711fa

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:5a:1b:98:ac:63:a3:f1:c4:23:af:d6:64:ee:79:75
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/02/2019, 00:00

Not After

25/02/2020, 12:00

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:84:05:72:c4:65:86:ee:4a:38:c9:c7:3b:da:00:09:49:04:bd:8c
Signer

Actual PE Digest

c8:84:05:72:c4:65:86:ee:4a:38:c9:c7:3b:da:00:09:49:04:bd:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kisengine\product\win32\dbginfo\kinstuiofficial.pdb

Imports

kernel32

InterlockedCompareExchange
GetTempFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathW
CopyFileW
FlushFileBuffers
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetUserDefaultLangID
FileTimeToLocalFileTime
GetComputerNameA
GetDiskFreeSpaceExW
GetStdHandle
WaitForMultipleObjects
VirtualFree
VirtualAlloc
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
lstrcpyW
lstrcatW
SetFileAttributesW
DeviceIoControl
CreateFileA
LoadLibraryA
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
ExpandEnvironmentStringsW
CreateProcessW
GetSystemTime
SetUnhandledExceptionFilter
OutputDebugStringW
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetCurrentDirectoryA
GetFullPathNameA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
SetHandleCount
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
HeapCreate
FindFirstFileA
GetDriveTypeA
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
GetModuleHandleA
VirtualProtect
GetFileType
SetStdHandle
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
ExitThread
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetLocalTime
ProcessIdToSessionId
LocalFree
LocalAlloc
OpenProcess
GetSystemDirectoryW
RemoveDirectoryW
FindClose
GetTickCount
GetFileAttributesW
SetEndOfFile
WriteFile
CreateDirectoryW
SetFilePointer
GetCurrentThread
SetThreadPriority
MapViewOfFileEx
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
GlobalAlloc
GlobalLock
lstrcmpiW
GetWindowsDirectoryW
GlobalUnlock
GlobalFree
GetVersionExW
LoadLibraryExW
CreateThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
MoveFileExW
GetLastError
GetCurrentThreadId
DeleteFileW
FreeLibrary
GetProcAddress
LoadLibraryW
GetFileSize
Sleep
WideCharToMultiByte
RaiseException
InterlockedExchange
lstrlenW
GetPrivateProfileIntW
GetModuleFileNameW
TerminateThread
GetPrivateProfileStringW
LeaveCriticalSection
ReadFile
EnterCriticalSection
SetLastError
WaitForSingleObject
CreateFileW
FindResourceExW
FlushInstructionCache
GetCurrentProcess
InitializeCriticalSection
LoadResource
FreeResource
lstrlenA
LockResource
GetModuleHandleW
SizeofResource
CloseHandle
MultiByteToWideChar
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FindResourceW
WriteConsoleW

user32

CharLowerW
ScreenToClient
GetWindowTextW
SetTimer
ClientToScreen
CharUpperW
BringWindowToTop
RegisterClassExW
SendMessageW
SetActiveWindow
SetForegroundWindow
AttachThreadInput
CopyRect
SetWindowPos
BeginPaint
PostMessageW
SetRectEmpty
SetWindowTextW
KillTimer
ShowWindow
RegisterWindowMessageW
GetCursorPos
IsWindow
GetWindowLongW
GetMessageW
SetWindowLongW
TranslateMessage
FindWindowW
GetClassInfoExW
UpdateWindow
DispatchMessageW
GetWindowRect
GetDC
ReleaseDC
InvalidateRect
SetRect
GetDlgItem
GetActiveWindow
GetDesktopWindow
IsWindowEnabled
EnableWindow
GetFocus
MapWindowPoints
IsChild
GetClientRect
CreateWindowExW
GetWindow
GetParent
IsDialogMessageW
LoadCursorW
GetWindowThreadProcessId
MoveWindow
GetForegroundWindow
DestroyWindow
SystemParametersInfoW
DrawTextW
DrawIconEx
LoadImageW
MonitorFromWindow
GetMonitorInfoW
LoadBitmapW
DrawFrameControl
CallWindowProcW
CharNextW
SetCapture
EqualRect
LoadIconW
GetKeyState
IsWindowVisible
ReleaseCapture
WindowFromPoint
DestroyIcon
GetScrollPos
PtInRect
InflateRect
OffsetRect
PostThreadMessageW
SetCursor
SetFocus
UpdateLayeredWindow
GetDlgCtrlID
GetNextDlgTabItem
FindWindowExW
UnregisterClassA
DefWindowProcW
EndPaint
IntersectRect
GetWindowTextLengthW
SetWindowRgn
PeekMessageW

gdi32

GetCurrentObject
SetBkColor
CreateFontIndirectW
SetStretchBltMode
CreatePen
RectInRegion
BitBlt
RestoreDC
CreateCompatibleBitmap
CreateBitmap
StretchBlt
TextOutW
SetTextColor
CreateRectRgnIndirect
SelectClipRgn
GetDeviceCaps
DeleteObject
ExtTextOutW
Rectangle
GetClipRgn
DeleteDC
RoundRect
LineTo
SaveDC
GetTextColor
GetStockObject
GetObjectW
MoveToEx
CreateCompatibleDC
CreateRectRgn
CreateDIBSection
SetBkMode
CombineRgn
GetTextExtentPoint32W
CreateRoundRectRgn
GetTextMetricsW
GetViewportOrgEx
ExtSelectClipRgn
OffsetRgn
CreateFontW
SelectObject
SetViewportOrgEx

advapi32

RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyExW
OpenProcessToken
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegQueryInfoKeyW

shell32

Shell_NotifyIconW
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr
SysStringLen
VariantInit
VariantCopy
VariantClear

shlwapi

PathAppendW
PathFindExtensionW
PathAddBackslashW
StrToIntA
PathFileExistsW
PathFindFileNameW
StrToIntW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipAddPathStringI
GdipDrawRectangleI
GdipGetFamily
GdipDrawLine
GdipSetPixelOffsetMode
GdipDrawPath
GdipSetCompositingQuality
GdipGetFontSize
GdipSetPenDashStyle
GdipSetPenMode
GdipFillPath
GdipFillRectangle
GdipSetPenStartCap
GdipDrawImageI
GdipAddPathArcI
GdipSetPenEndCap
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipDrawString
GdipSetInterpolationMode
GdipCloneBrush
GdipDeleteFontFamily
GdipFree
GdipDeletePath
GdipSetImageAttributesColorMatrix
GdipGetImageHeight
GdipCreatePath
GdipLoadImageFromFile
GdipCreateBitmapFromScan0
GdipDeleteBrush
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipCloneImage
GdipDeleteStringFormat
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipGraphicsClear
GdipNewPrivateFontCollection
GdipSetStringFormatAlign
GdipFillRectangleI
GdipDisposeImage
GdipDrawImageRectI
GdipDeletePrivateFontCollection
GdipCreateFont
GdipMeasureString
GdipCloneBitmapArea
GdipPrivateAddFontFile
GdipCreateFontFromLogfontW
GdipDeletePen
GdipGetFontCollectionFamilyCount
GdipCreateLineBrushI
GdiplusStartup
GdipCreatePen1
GdipAlloc
GdipDrawImageRectRectI
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipSetStringFormatFlags
GdipCreateBitmapFromStream
GdipGetFontCollectionFamilyList
GdipSetStringFormatTrimming
GdipCloneFontFamily
GdipImageRotateFlip
GdiplusShutdown
GdipCreateSolidFill
GdipAddPathPieI
GdipCreateHBITMAPFromBitmap
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRectRect
GdipAddPathRectangleI
GdipTranslateWorldTransform
GdipCreateImageAttributes
GdipSetClipPath
GdipRotateWorldTransform
GdipDisposeImageAttributes
GdipDeleteFont
GdipDrawLinesI
GdipGetImageWidth
GdipDrawImagePointsRectI
GdipResetWorldTransform
GdipClosePathFigure
GdipCreateStringFormat

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

rasapi32

RasEnumConnectionsW

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
GetAdaptersInfo

Sections

.text
Size: 704KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 400KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9077629cc949686653d02e16744711fa

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

07:5a:1b:98:ac:63:a3:f1:c4:23:af:d6:64:ee:79:75Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

c8:84:05:72:c4:65:86:ee:4a:38:c9:c7:3b:da:00:09:49:04:bd:8cSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

wtsapi32

psapi

rasapi32

iphlpapi

Sections

.text Size: 704KB - Virtual size: 700KB

.rdata Size: 148KB - Virtual size: 146KB

.data Size: 24KB - Virtual size: 45KB

.rsrc Size: 400KB - Virtual size: 396KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

07:5a:1b:98:ac:63:a3:f1:c4:23:af:d6:64:ee:79:75
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

c8:84:05:72:c4:65:86:ee:4a:38:c9:c7:3b:da:00:09:49:04:bd:8c
Signer

.text
Size: 704KB - Virtual size: 700KB

.rdata
Size: 148KB - Virtual size: 146KB

.data
Size: 24KB - Virtual size: 45KB

.rsrc
Size: 400KB - Virtual size: 396KB