a40de28d515a0ff178cbdd0b449ec462_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a40de28d515a0ff178cbdd0b449ec462_JaffaCakes118
Size

1.6MB
MD5

a40de28d515a0ff178cbdd0b449ec462
SHA1

4e1b7e78ff4171160bee0c765ae2f94b28ba25bd
SHA256

1b83145aa3ec557254d3a1b48fe800d4818845ce4057c8e5b713b50eb24e18d1
SHA512

1f6c9d26527216e7f62d2994e0888c0a9e8ae3ae2bb986ac5c75a5b831cd724c074a96faae4961e77c6640262e03e846bd274764e117692910808b0a0e34be48
SSDEEP

49152:lpjR8r8r8GJUakG2QPUD2L7XEy6khz9yiUMBmA:nF8r8rrJUakG/PUSnEOhz9yiUMBmA

Score

1^/10

Malware Config

Signatures

Files

a40de28d515a0ff178cbdd0b449ec462_JaffaCakes118
.exe windows:4 windows x86 arch:x86

83cfcd8439a1cb185c23ac380f5bba41

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/02/2020, 00:00

Not After

20/03/2023, 12:00

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/02/2020, 00:00

Not After

20/03/2023, 12:00

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

aa:2f:c5:a2:de:d3:48:88:db:d5:fd:5a:c6:47:b2:3a:a9:16:23:ee:de:c0:b5:12:85:11:f5:a9:8f:33:8b:9f
Signer

Actual PE Digest

aa:2f:c5:a2:de:d3:48:88:db:d5:fd:5a:c6:47:b2:3a:a9:16:23:ee:de:c0:b5:12:85:11:f5:a9:8f:33:8b:9f

Digest Algorithm

sha256

PE Digest Matches

true

eb:8b:a4:aa:3c:41:18:9f:a4:74:f6:cf:74:c2:e5:7f:30:a8:60:df
Signer

Actual PE Digest

eb:8b:a4:aa:3c:41:18:9f:a4:74:f6:cf:74:c2:e5:7f:30:a8:60:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kisengine\product\win32\dbginfo\kinstuiofficial.pdb

Imports

kernel32

ProcessIdToSessionId
GetSystemInfo
InterlockedCompareExchange
MoveFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathW
CopyFileW
GetTempFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
FlushFileBuffers
FileTimeToSystemTime
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
GetUserDefaultLangID
GetComputerNameA
GetStdHandle
WaitForMultipleObjects
VirtualFree
VirtualAlloc
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
SetEvent
lstrcpyW
lstrcatW
SetFileAttributesW
DeviceIoControl
CreateFileA
LoadLibraryA
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
ExpandEnvironmentStringsW
CreateProcessW
GetSystemTime
SetUnhandledExceptionFilter
FormatMessageA
ExpandEnvironmentStringsA
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
GetModuleHandleA
VirtualProtect
GetFileType
SetStdHandle
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
LocalAlloc
OpenProcess
GetSystemDirectoryW
RemoveDirectoryW
FindClose
GetTickCount
SetEndOfFile
WriteFile
CreateDirectoryW
GetFileAttributesW
SetFilePointer
GetCurrentThread
SetThreadPriority
InterlockedDecrement
InterlockedIncrement
MapViewOfFileEx
lstrcmpiW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LoadLibraryExW
DeleteCriticalSection
MapViewOfFile
CreateFileMappingW
CreateThread
UnmapViewOfFile
WaitForSingleObject
Sleep
TerminateThread
GetDiskFreeSpaceExW
GetDriveTypeW
MoveFileExW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FindResourceW
FlushInstructionCache
CreateFileW
FreeLibrary
GetFileSize
LoadLibraryW
WideCharToMultiByte
ReadFile
lstrlenW
GetModuleFileNameW
GetLastError
InterlockedExchange
OutputDebugStringW
GetLocalTime
RaiseException
GetPrivateProfileStringW
CloseHandle
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
SetLastError
FreeResource
InitializeCriticalSection
lstrlenA
GetModuleHandleW
FindResourceExW
MultiByteToWideChar
GetProcAddress
LoadResource
GetVersionExW
GetPrivateProfileIntW
LockResource
GetWindowsDirectoryW
GetCurrentThreadId
SizeofResource
SleepEx
FindFirstFileA

user32

LoadBitmapW
CharNextW
FindWindowExW
UpdateWindow
AttachThreadInput
CharUpperW
CharLowerW
EndPaint
GetDlgItem
SetActiveWindow
IsRectEmpty
EqualRect
CallWindowProcW
SetWindowTextW
UnregisterClassA
BringWindowToTop
DestroyWindow
SetCursor
GetParent
GetForegroundWindow
PostThreadMessageW
GetWindowTextW
GetNextDlgTabItem
RegisterClassExW
ClientToScreen
GetWindow
DrawIconEx
PeekMessageW
GetWindowRect
SystemParametersInfoW
SetWindowPos
MonitorFromWindow
OffsetRect
GetWindowLongW
TranslateMessage
GetMonitorInfoW
IntersectRect
GetClientRect
UpdateLayeredWindow
SetWindowLongW
DispatchMessageW
MapWindowPoints
FindWindowW
DrawFrameControl
RegisterWindowMessageW
GetKeyState
WindowFromPoint
GetClassInfoExW
GetScrollPos
CopyRect
SetCapture
DestroyIcon
ReleaseCapture
SetRect
GetCursorPos
ScreenToClient
IsWindow
DefWindowProcW
IsWindowVisible
LoadImageW
PtInRect
SetForegroundWindow
LoadIconW
InvalidateRect
MoveWindow
InflateRect
CreateWindowExW
GetActiveWindow
GetDC
DrawTextW
GetDesktopWindow
ReleaseDC
GetDlgCtrlID
IsWindowEnabled
EnableWindow
GetFocus
SetRectEmpty
PostMessageW
IsChild
SendMessageW
GetWindowThreadProcessId
SetFocus
BeginPaint
LoadCursorW
GetMessageW
ShowWindow
IsDialogMessageW
SetTimer
GetWindowTextLengthW
SetWindowRgn
KillTimer

gdi32

LineTo
CombineRgn
DeleteDC
BitBlt
Rectangle
RectInRegion
CreateCompatibleBitmap
GetViewportOrgEx
DeleteObject
CreateBitmap
SetViewportOrgEx
StretchBlt
SelectObject
SetTextColor
SaveDC
CreateCompatibleDC
MoveToEx
ExtSelectClipRgn
CreateDIBSection
GetStockObject
OffsetRgn
CreatePen
GetObjectW
SetBkColor
RestoreDC
SetBkMode
ExtTextOutW
GetTextColor
SelectClipRgn
TextOutW
CreateRoundRectRgn
CreateRectRgnIndirect
GetDeviceCaps
GetClipRgn
CreateFontIndirectW
RoundRect
GetCurrentObject
SetStretchBltMode
GetTextMetricsW
CreateFontW
CreateRectRgn
GetTextExtentPoint32W

advapi32

RegSetValueExW
RegOpenKeyW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegDeleteValueW

shell32

SHGetFolderPathW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW
ShellExecuteW

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
VarUI4FromStr
SysStringLen
VariantInit
VariantCopy
VariantClear
SysAllocString

shlwapi

PathAppendW
PathFindExtensionW
PathFindFileNameW
StrToIntW
StrToIntA
PathAddBackslashW
PathRemoveFileSpecW
PathFileExistsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipLoadImageFromStream
GdipGetImagePixelFormat
GdipCloneBitmapArea
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipGetFontCollectionFamilyList
GdipCreateLineBrushI
GdipCloneFontFamily
GdipDrawImagePointsRectI
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipTranslateWorldTransform
GdipDrawLine
GdiplusShutdown
GdipDeleteFontFamily
GdipFillRectangleI
GdipDrawRectangleI
GdipSetStringFormatTrimming
GdipFree
GdipLoadImageFromFile
GdipRotateWorldTransform
GdipGetImageGraphicsContext
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipDrawLinesI
GdipDisposeImage
GdipDeleteFont
GdipSetPenMode
GdipSetPixelOffsetMode
GdipGetImageHeight
GdipGetFamily
GdipSetPenStartCap
GdipGetImageWidth
GdipSetPenEndCap
GdipCreateSolidFill
GdipSetInterpolationMode
GdipDrawString
GdipDeletePen
GdipDeleteGraphics
GdipAddPathStringI
GdipDrawImageRectI
GdipCreatePen1
GdipCreateFromHDC
GdipGetFontSize
GdipFillPath
GdipAddPathPieI
GdipCloneBrush
GdipCreateStringFormat
GdipGraphicsClear
GdipSetTextRenderingHint
GdipDeleteStringFormat
GdipDrawImageI
GdipAddPathRectangleI
GdipDeleteBrush
GdipSetStringFormatAlign
GdipCreateImageAttributes
GdipCreateFont
GdipNewPrivateFontCollection
GdipDisposeImageAttributes
GdipDrawPath
GdipMeasureString
GdipDeletePrivateFontCollection
GdipSetCompositingQuality
GdipSetClipPath
GdipClosePathFigure
GdipCreateFontFromLogfontW
GdipDrawImageRectRectI
GdipAddPathArcI
GdipPrivateAddFontFile
GdipSetImageAttributesColorMatrix
GdipSetPenDashStyle
GdipSetStringFormatLineAlign
GdipDeletePath
GdipGetFontCollectionFamilyCount
GdipFillRectangle
GdipSetStringFormatFlags
GdipCreatePath
GdipAlloc
GdipResetWorldTransform

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

rasapi32

RasEnumConnectionsW

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
GetAdaptersInfo

Sections

.text
Size: 732KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83cfcd8439a1cb185c23ac380f5bba41

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

aa:2f:c5:a2:de:d3:48:88:db:d5:fd:5a:c6:47:b2:3a:a9:16:23:ee:de:c0:b5:12:85:11:f5:a9:8f:33:8b:9fSigner

eb:8b:a4:aa:3c:41:18:9f:a4:74:f6:cf:74:c2:e5:7f:30:a8:60:dfSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

wtsapi32

psapi

rasapi32

iphlpapi

Sections

.text Size: 732KB - Virtual size: 728KB

.rdata Size: 156KB - Virtual size: 152KB

.data Size: 28KB - Virtual size: 46KB

.rsrc Size: 548KB - Virtual size: 547KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

aa:2f:c5:a2:de:d3:48:88:db:d5:fd:5a:c6:47:b2:3a:a9:16:23:ee:de:c0:b5:12:85:11:f5:a9:8f:33:8b:9f
Signer

eb:8b:a4:aa:3c:41:18:9f:a4:74:f6:cf:74:c2:e5:7f:30:a8:60:df
Signer

.text
Size: 732KB - Virtual size: 728KB

.rdata
Size: 156KB - Virtual size: 152KB

.data
Size: 28KB - Virtual size: 46KB

.rsrc
Size: 548KB - Virtual size: 547KB