5dead9c77e6a350f443f367a8ffc8a57_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5dead9c77e6a350f443f367a8ffc8a57_JaffaCakes118
Size

910KB
MD5

5dead9c77e6a350f443f367a8ffc8a57
SHA1

e0aac7327c283f3bd77227c7560bc7ebe62b88b0
SHA256

a61f88ce7a97b6c24fd4ea28bf7a8e752d33d19499323541c4d435a856d77921
SHA512

10fa0f61f602b29fe0060b0071227c22d5ee02aa634bb76431edefb878a4eb8c4172344b991d54baf3b531bcfb9a2a029362df67e9b968217b6e0390293de0c5
SSDEEP

24576:K/m0WsPcMf0ySWsIBAr5/F6Zk/KE+jyv028MEVb0:K/t/Pc9yiqIOk/D+Gv028Mf

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ZTE_U880_V3升级工具/DownLoadDLL.dll
unpack001/ZTE_U880_V3升级工具/FatTracer.dll
unpack001/ZTE_U880_V3升级工具/升级工具V3.exe

Files

5dead9c77e6a350f443f367a8ffc8a57_JaffaCakes118
.rar
ZTE_U880_V3升级工具/DownLoadDLL.dll
.dll windows:4 windows x86 arch:x86

cb8c3ecf36af6483895ef5e50cfd3ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2379
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord324
ord4234
ord4710
ord4224
ord536
ord352
ord1168
ord1253
ord342
ord1182
ord2818
ord2915
ord535
ord5683
ord4129
ord1105
ord1200
ord2764
ord2086
ord537
ord858
ord924
ord641
ord540
ord800
ord5186
ord860
ord665
ord823
ord1979
ord825
ord5280

msvcrt

malloc
fread
fclose
free
_mbscmp
fopen
atoi
_mbsrchr
_purecall
__CxxFrameHandler
_adjust_fdiv
_initterm
fseek
difftime
time
ftell
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ

kernel32

GetLastError
CloseHandle
DeviceIoControl
CreateFileA
FormatMessageA
GetTickCount
SetLastError
LocalFree
SetThreadPriority
ResumeThread
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
TerminateThread
Sleep
GetExitCodeThread

user32

PeekMessageA
EnableWindow
wsprintfA
RegisterDeviceNotificationA
DispatchMessageA
TranslateMessage

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA

Exports

Exports

Create

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ZTE_U880_V3升级工具/Driver/ZTE_U880_Download_Driver_20120510.exe
.exe windows:1 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:d6:38:3a:8d:14:9c:1c:dc:e6:9a:72:8b:dd:24:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09-03-2012 00:00

Not After

25-04-2015 23:59

Subject

CN=ZTE CORPORATION,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ZTE CORPORATION,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:c8:02:73:e4:19:55:99:af:7d:e8:b4:96:00:50:24:3a:e8:8d:5e
Signer

Actual PE Digest

a7:c8:02:73:e4:19:55:99:af:7d:e8:b4:96:00:50:24:3a:e8:8d:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZTE_U880_V3升级工具/FatTracer.dll
.dll windows:4 windows x86 arch:x86

d288675855f8723565a9dd36835adbcb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2841
ord2107
ord5450
ord5440
ord6383
ord6394
ord540
ord5651
ord3616
ord1979
ord665
ord941
ord3127
ord5186
ord350
ord354
ord858
ord2818
ord4129
ord5683
ord535
ord1168
ord3663
ord342
ord1182
ord6385
ord5442
ord5773
ord2803
ord539
ord861
ord939
ord940
ord6648
ord352
ord668
ord1980
ord922
ord3181
ord3178
ord2781
ord2770
ord924
ord356
ord825
ord537
ord860
ord1200
ord823
ord1253
ord800

msvcrt

_initterm
malloc
_adjust_fdiv
_mbscmp
strncmp
strchr
memmove
_purecall
__CxxFrameHandler
free

kernel32

GetLastError
CreateDirectoryA
DeleteFileA
SetFileAttributesA
RemoveDirectoryA
CreateFileA

Exports

Exports

Create

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ZTE_U880_V3升级工具/files/amt/upamt.bin
ZTE_U880_V3升级工具/files/config.ini
ZTE_U880_V3升级工具/files/flasher_tavor_TIM_obmddr.bin
ZTE_U880_V3升级工具/files/hwtest_h_obmddr.bin
ZTE_U880_V3升级工具/升级工具V3.exe
.exe windows:4 windows x86 arch:x86

5d9e3c5164ed302afc1532d7a75816d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3721
ord795
ord1641
ord823
ord567
ord825
ord3626
ord3663
ord2414
ord4275
ord800
ord755
ord5875
ord470
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord5261
ord561
ord815
ord641
ord765
ord2514
ord2621
ord1134
ord540
ord537
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord4234
ord1576
ord3698
ord1146
ord1168
ord860
ord2370
ord2302
ord6334
ord2642
ord3092
ord6199
ord665
ord2645
ord5583
ord924
ord354
ord1200
ord2818
ord4224
ord2863
ord535
ord858
ord668
ord2770
ord356
ord941
ord5953
ord6880
ord2379
ord6663
ord3499
ord2515
ord355
ord3089
ord4476
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3619
ord3738
ord3402

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
sprintf
_mbscmp
exit
_mbsrchr
_setmbcp
__CxxFrameHandler

kernel32

GetSystemDirectoryA
GetCurrentDirectoryA
CloseHandle
GetLastError
CreateMutexA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
FreeLibrary
GetUserDefaultLangID
FindClose
FindFirstFileA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA
GetLocalTime

user32

GetSystemMenu
PostMessageA
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
AppendMenuA
GetWindowRect
InvalidateRect
LoadBitmapA
PostQuitMessage
LoadIconA
KillTimer
SendMessageA
EnableWindow
GetClientRect

gdi32

CreateFontA

shell32

ShellExecuteA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZTE_U880_V3升级工具/升级工具说明.txt
ZTE_U880_V3升级工具/旧驱动卸载.bat

Sharing

General

Malware Config

Signatures

Files

cb8c3ecf36af6483895ef5e50cfd3ac1

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

setupapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 258KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 6KB

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

48:d6:38:3a:8d:14:9c:1c:dc:e6:9a:72:8b:dd:24:f6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a7:c8:02:73:e4:19:55:99:af:7d:e8:b4:96:00:50:24:3a:e8:8d:5eSigner

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 37KB - Virtual size: 36KB

DATA Size: 1024B - Virtual size: 588B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 11KB - Virtual size: 11KB

d288675855f8723565a9dd36835adbcb

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 28KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 4KB - Virtual size: 1KB

5d9e3c5164ed302afc1532d7a75816d7

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 258KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

48:d6:38:3a:8d:14:9c:1c:dc:e6:9a:72:8b:dd:24:f6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a7:c8:02:73:e4:19:55:99:af:7d:e8:b4:96:00:50:24:3a:e8:8d:5e
Signer

CODE
Size: 37KB - Virtual size: 36KB

DATA
Size: 1024B - Virtual size: 588B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 28KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 32KB - Virtual size: 28KB