9bb099e45aa8f4ec01ef1fb83163eedf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9bb099e45aa8f4ec01ef1fb83163eedf_JaffaCakes118
Size

2.5MB
MD5

9bb099e45aa8f4ec01ef1fb83163eedf
SHA1

26c86beb55eec20c409f8507ca8d0e6d786428ff
SHA256

cf593962776f9dd5a15e22d02ffa8fa02fc69663ef2302608cf68d343e5ef8b4
SHA512

8e5551e69e8367aedd7a79a5332beae3dc254d89cf1e8134b0ff6bd9efeb8dfd49c4c1f060d907d3f233bfb7a758f2a15e4d5acc46d1fad4f235bb6d1d24c2f7
SSDEEP

49152:8xXRkaTHQwTtVd3Qt+ml5dg4GnAIBWjZC0Yn4Ine06NckmcQ:8RR1TwY7ml1IBf406m

Score

1^/10

Malware Config

Signatures

Files

9bb099e45aa8f4ec01ef1fb83163eedf_JaffaCakes118
.dll windows:5 windows x86 arch:x86

607431d2742b3d35ea2e9184e8e641bf

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

25/03/2016, 23:59

Subject

CN=QIHU 360 SOFTWARE CO. LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Client Security Group,O=QIHU 360 SOFTWARE CO. LIMITED,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a5:5a:39:44:07:45:a9:c3:35:9b:1e:bd:43:18:13:a9:b2:30:0b:d4
Signer

Actual PE Digest

a5:5a:39:44:07:45:a9:c3:35:9b:1e:bd:43:18:13:a9:b2:30:0b:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\47419\out\Release\360rp.pdb

Imports

kernel32

CreateProcessA
VirtualQuery
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetFullPathNameW
LockFile
LockFileEx
UnlockFile
GetTempPathA
FormatMessageA
GetFileAttributesA
DeleteFileA
GetFullPathNameA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
QueryPerformanceCounter
SetNamedPipeHandleState
ReadFileEx
WaitForSingleObjectEx
ConnectNamedPipe
CreateNamedPipeA
GetOverlappedResult
DisconnectNamedPipe
LocalFree
FindResourceExW
MulDiv
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
GetStringTypeExW
GetThreadLocale
lstrcmpiW
DuplicateHandle
GetVolumeInformationW
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GlobalGetAtomNameW
GetAtomNameW
lstrcmpA
SetFileTime
GetFileTime
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
VirtualAllocEx
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentDirectoryW
VirtualProtectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
HeapAlloc
ExitThread
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapCreate
HeapDestroy
FatalAppExitA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleCtrlHandler
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
VirtualQueryEx
GetFileInformationByHandle
InterlockedExchangeAdd
OpenFileMappingW
GetTimeZoneInformation
GetACP
lstrcmpW
GetCommandLineW
QueryDosDeviceW
GetDiskFreeSpaceExW
DeleteAtom
FindAtomW
AddAtomW
GetProcessHeap
WritePrivateProfileSectionW
SetEnvironmentVariableW
RtlUnwind
WriteProcessMemory
ResumeThread
LoadLibraryA
CreateMutexA
CreateSemaphoreA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OutputDebugStringA
RemoveDirectoryW
GetExitCodeProcess
ReleaseSemaphore
CreateSemaphoreW
Thread32First
Thread32Next
Module32FirstW
Module32NextW
GetSystemTime
GetModuleHandleA
Toolhelp32ReadProcessMemory
GetThreadTimes
GetSystemInfo
GlobalMemoryStatus
LocalFileTimeToFileTime
OutputDebugStringW
GetCurrentThreadId
VirtualFree
SetEndOfFile
SetFilePointerEx
SuspendThread
lstrlenA
GetLogicalDrives
CreateEventA
SetCurrentDirectoryW
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryExW
CreateProcessW
OpenMutexW
GetShortPathNameW
SetProcessWorkingSetSize
ReleaseMutex
ResetEvent
FlushFileBuffers
SetFilePointer
SystemTimeToFileTime
TerminateProcess
GetLocalTime
OpenThread
GetThreadContext
ReadProcessMemory
CreateMutexW
MoveFileW
CreateThread
SetThreadPriority
Process32FirstW
GetProcessTimes
FileTimeToLocalFileTime
FileTimeToSystemTime
Process32NextW
GetExitCodeThread
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateDirectoryW
FindFirstFileW
SetFileAttributesW
FindNextFileW
FindClose
WaitForMultipleObjects
TerminateThread
GetTempPathW
SetLastError
ProcessIdToSessionId
GetFileSizeEx
GetCurrentProcessId
CreateToolhelp32Snapshot
GetPrivateProfileStringW
OpenProcess
GetPrivateProfileSectionW
GetDriveTypeW
WriteFile
GetCurrentThread
TlsAlloc
GetFileSize
ReadFile
WaitForSingleObject
SetEvent
CreateEventW
GetWindowsDirectoryW
GetFileAttributesExW
CompareFileTime
CopyFileW
GetLongPathNameW
GetSystemDirectoryW
MoveFileExW
TlsGetValue
TlsSetValue
GetCurrentProcess
TlsFree
DeleteFileW
GetTickCount
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
FreeLibrary
GetLogicalDriveStringsW
lstrlenW
GetFileAttributesW
AreFileApisANSI
WideCharToMultiByte
GetLastError
QueryDosDeviceA
Sleep
CreateFileW
MultiByteToWideChar
GetDriveTypeA
CreateFileA
DeviceIoControl
CloseHandle
LoadLibraryW
GetVersionExW
GetVersion
GetModuleHandleW
GetProcAddress
InterlockedCompareExchange
InterlockedExchange
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
LeaveCriticalSection
GlobalFlags
EnterCriticalSection

user32

GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetForegroundWindow
PostMessageW
FindWindowW
GetSystemMetrics
WindowFromPoint
SetActiveWindow
BeginDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClientRect
SetMenuItemBitmaps
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
SetWindowTextW
MoveWindow
ScrollWindowEx
DestroyIcon
InflateRect
GetMenuItemInfoW
DestroyMenu
PostQuitMessage
SetRectEmpty
InvalidateRect
SetCursor
ShowOwnedPopups
DeleteMenu
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
GetMenuBarInfo
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
GetDialogBaseUnits
GetKeyNameTextW
MapVirtualKeyW
IsRectEmpty
SystemParametersInfoW
SetWindowPos
SwitchToThisWindow
SetForegroundWindow
BringWindowToTop
GetWindowRect
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
WaitForInputIdle
ShowWindow
CharLowerBuffW
EnumThreadWindows
KillTimer
SetTimer
LoadStringW
GetDesktopWindow
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
CreateWindowExW
RemoveMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
CharUpperW
MsgWaitForMultipleObjects
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
EndDeferWindowPos

gdi32

GetTextMetricsW
GetBkColor
CreateCompatibleBitmap
StretchDIBits
CreateFontW
GetCharWidthW
GetTextExtentPoint32W
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectW
GetDCOrgEx
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
GetDeviceCaps
CopyMetaFileW
CreateDCW
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SelectObject
SetViewportExtEx
GetBitmapBits
GetObjectA
CreateDCA
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
SetTextCharacterExtra
SetTextAlign
SetTextJustification
ScaleViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

InitializeSecurityDescriptor
ReportEventA
DeregisterEventSource
RegEnumKeyExW
RegQueryValueExA
RegDeleteValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegCreateKeyW
RegOpenKeyW
RegSetValueW
ConvertSidToStringSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
SetEntriesInAclW
OpenThreadToken
ControlService
QueryServiceStatusEx
SetTokenInformation
CreateProcessAsUserW
LookupAccountSidW
RegisterEventSourceA
SetSecurityDescriptorDacl
GetTokenInformation
AllocateAndInitializeSid
FreeSid
IsValidSid
EqualSid
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
CreateServiceW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
ChangeServiceConfigW
StartServiceW
RegOpenKeyExW
RegSetValueExW
OpenSCManagerW
RegCloseKey
RegQueryValueExW
QueryServiceStatus
CloseServiceHandle
OpenServiceW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
SHChangeNotify
ShellExecuteExW
CommandLineToArgvW
ord680
ord165
SHGetFileInfoW
ExtractIconW
DragFinish
DragQueryFileW
ShellExecuteW

shlwapi

PathFindExtensionW
PathRemoveBackslashW
StrCmpNIW
StrStrIW
SHSetValueW
StrCmpIW
PathRemoveFileSpecW
PathAddBackslashW
PathFindFileNameW
SHGetValueW
PathAppendW
StrStrW
StrCmpNW
SHDeleteKeyW
wnsprintfW
SHDeleteValueW
StrCmpW
PathCombineW
SHGetValueA
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW
PathCommonPrefixW
PathFileExistsW

ole32

ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CoTreatAsClass
OleDuplicateData
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
IIDFromString
CoInitialize
CoUninitialize
CoInitializeSecurity
CoCreateInstance
OleInitialize
OleUninitialize
CoDisconnectObject
StringFromGUID2
CLSIDFromString
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
VariantClear
SysAllocStringLen
SysStringByteLen
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayGetLBound
VarBstrCat
VariantInit
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
GetErrorInfo
SetErrorInfo
CreateErrorInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

mciSendCommandW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
CM_Request_Device_EjectW
CM_Get_Parent
SetupDiDestroyDeviceInfoList

iphlpapi

GetIpAddrTable

ws2_32

WSAStartup
inet_ntoa
WSACleanup
gethostbyname
gethostname

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

Exports

Exports

?StartListen2@Communicator@@YAPAXPBD@Z
?StartListen3@Communicator@@YAPAXPBDI@Z
?StartListen@Communicator@@YAHPBD@Z
?StopListen2@Communicator@@YAXPAX@Z
?StopListen@Communicator@@YAHXZ
CreateHipsClient

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

607431d2742b3d35ea2e9184e8e641bf

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a5:5a:39:44:07:45:a9:c3:35:9b:1e:bd:43:18:13:a9:b2:30:0b:d4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

version

winmm

setupapi

iphlpapi

ws2_32

wintrust

crypt32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 312KB - Virtual size: 312KB

.data Size: 62KB - Virtual size: 93KB

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 97KB - Virtual size: 97KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

5d:8b:3c:db:a4:ab:c4:78:e5:1c:42:33:7f:2f:f6:55
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a5:5a:39:44:07:45:a9:c3:35:9b:1e:bd:43:18:13:a9:b2:30:0b:d4
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 312KB - Virtual size: 312KB

.data
Size: 62KB - Virtual size: 93KB

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 97KB - Virtual size: 97KB