7ab662a68b32182af0a4159acc48ac6d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7ab662a68b32182af0a4159acc48ac6d_JaffaCakes118
Size

168KB
MD5

7ab662a68b32182af0a4159acc48ac6d
SHA1

62cba49d8e7bdf11178e884e53e4c86c852de39b
SHA256

43e7a4dc22adb6d58b38a0418f07a14830eb193b7d4f5ddc4f1d44c5c9fc39ee
SHA512

c5c1005f61db2fd64f3b59559d8566dda295bde30f3f04e9731badb43e541aefe267c85fd6e415f28cf16fa7c2edf8b3318e21b29fb19dd6aa38af4bbb3d237d
SSDEEP

3072:8y3CA710eFZAX129hDpGr6yspe7UBMmIcsG/PNYBdZ2X8O8FbhVNno3gFuGDO/F:nZOiWr6ys/6mxsUPih60MHGa/F

Score

1^/10

Malware Config

Signatures

Files

7ab662a68b32182af0a4159acc48ac6d_JaffaCakes118
.rar
lnkkiller/lnkkiller.exe
.exe windows:4 windows x86 arch:x86

79114ef46fc67584b96ad6027eb5bd67

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

04/11/2009, 00:00

Not After

03/11/2012, 23:59

Subject

CN=Keniu Network Technology (Beijing) Co.\, Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=可牛网络技术（北京）有限公司,L=朝阳区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:b0:91:68:c7:bb:05:0b:84:af:d9:74:9a:af:5a:b0:00:32:3d:21
Signer

Actual PE Digest

b2:b0:91:68:c7:bb:05:0b:84:af:d9:74:9a:af:5a:b0:00:32:3d:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workspace\daily_build\b3a\trunk\src\OneShotOneKill\Stub\ReleaseKN\lnkkiller.pdb

Imports

kernel32

GetLogicalDriveStringsW
GetDriveTypeW
RemoveDirectoryW
GetWindowsDirectoryW
lstrcpyW
MoveFileW
GetSystemDefaultUILanguage
GetCurrentDirectoryW
CreateFileW
SetFilePointer
WriteFile
FlushFileBuffers
GetFileSize
ReadFile
CopyFileW
CreateDirectoryW
GetSystemDirectoryW
GetEnvironmentVariableW
GetLongPathNameW
GetFileAttributesExW
Module32FirstW
LoadLibraryW
GetProcAddress
SetEndOfFile
FreeResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
FindNextFileW
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
MoveFileExW
lstrcmpW
Process32NextW
CloseHandle
GetVersionExW
GetPrivateProfileStringW
GetVersion
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
Sleep
TerminateProcess
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetLocalTime
DeleteFileW
SetFileAttributesW
InterlockedDecrement
FindResourceExW
lstrcpynW
TerminateThread
LockResource
WaitForSingleObject
lstrlenA
GetFileAttributesW
lstrcatW
GetCurrentThreadId
InitializeCriticalSection
InterlockedIncrement
SetLastError
SetErrorMode
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
lstrcmpiW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
EnterCriticalSection
FindResourceW
LoadResource
SizeofResource
GetModuleHandleW
RaiseException
lstrlenW
GetLastError
GetModuleHandleA
HeapCreate
FatalAppExitA
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetTempPathW
FindClose
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter

user32

InflateRect
BeginPaint
LoadBitmapW
GetWindowLongW
EndDialog
DialogBoxParamW
CharNextW
DestroyWindow
SetWindowLongW
GetActiveWindow
DefWindowProcW
wsprintfA
DestroyIcon
GetIconInfo
IsCharAlphaNumericW
wsprintfW
LoadCursorW
DrawIcon
SetCursor
CallWindowProcW
GetSysColor
DrawTextW
GetDlgCtrlID
SendMessageW
GetSystemMetrics
ReleaseCapture
GetDlgItem
SetCapture
SetWindowTextW
InvalidateRect
GetWindow
SystemParametersInfoW
ReleaseDC
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
GetWindowTextLengthW
SetWindowPos
MessageBoxW
PostMessageW
GetDC
EndPaint
LoadImageW
GetWindowTextW
UnregisterClassA

gdi32

LineTo
MoveToEx
SetBkMode
CreateFontIndirectW
GetStockObject
GetObjectW
SetTextColor
CreateBitmap
CreateDIBSection
StretchBlt
BitBlt
DeleteDC
ExtTextOutW
SetBkColor
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetDIBits

advapi32

GetSidSubAuthority
RegDeleteValueW
RegSetValueExW
RegOpenKeyW
RegEnumValueW
OpenProcessToken
IsValidSid
GetLengthSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
AdjustTokenPrivileges
GetAce
RegQueryValueExW
CopySid
RegOpenKeyExW
GetAclInformation
InitializeSid
AddAce
GetSidLengthRequired
InitializeAcl
LookupPrivilegeValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetFolderPathW
ord59
SHGetSettings
ExtractIconW
SHGetFileInfoW
SHFileOperationW
CommandLineToArgvW
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

StrStrIW
StrRChrW
StrChrA
StrChrW
PathRemoveFileSpecW
SHGetValueW
SHSetValueW
StrStrIA

comctl32

_TrackMouseEvent
InitCommonControlsEx

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lnkkiller/支持本站.reg

Sharing

General

Malware Config

Signatures

Files

79114ef46fc67584b96ad6027eb5bd67

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84Certificate

Extended Key Usages

Key Usages

b2:b0:91:68:c7:bb:05:0b:84:af:d9:74:9a:af:5a:b0:00:32:3d:21Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

urlmon

psapi

iphlpapi

Sections

.text Size: 280KB - Virtual size: 279KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 8KB - Virtual size: 28KB

.rsrc Size: 40KB - Virtual size: 39KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84
Certificate

b2:b0:91:68:c7:bb:05:0b:84:af:d9:74:9a:af:5a:b0:00:32:3d:21
Signer

.text
Size: 280KB - Virtual size: 279KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 8KB - Virtual size: 28KB

.rsrc
Size: 40KB - Virtual size: 39KB