b6109885e718982d3de82c4e86f66c24_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6109885e718982d3de82c4e86f66c24_JaffaCakes118
Size

15.2MB
MD5

b6109885e718982d3de82c4e86f66c24
SHA1

6c64e5d0ab3805078c99760e3bb73003d09b563b
SHA256

d489bdead3ecef69ac259eaf5efaedb0f77100ad1be4968f1a84e83d54de8a15
SHA512

fd09a901bbab97d1b0dd8bda38475d6479d929924e7a498c535b878c3ff3b8fede94d3619d5c07412da2a2a1e89331b8bacb02b389b246fc234d4f0f119eb560
SSDEEP

393216:eWhOTJVZCZmbLUSME5l5Gfj7cEnUSiSZg2xRfF:b0jwk3l3yJUSRLRfF

Score

1^/10

Malware Config

Signatures

Files

b6109885e718982d3de82c4e86f66c24_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32b38dc2b66ad9a4c0c1c5e4e4990a8e

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:de:c7:62:99:a1:43:64:9d:2c:81:b5:53:46:4d:ed:b2:f9:ff:c9
Signer

Actual PE Digest

7b:de:c7:62:99:a1:43:64:9d:2c:81:b5:53:46:4d:ed:b2:f9:ff:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

q:\360SD\branches\VS2008\Build\x86\Setup.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

ReleaseMutex
CreateMutexA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
lstrcatW
FreeLibrary
LoadLibraryW
DeleteFileW
MoveFileExW
MoveFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateThread
InitializeCriticalSection
DeleteCriticalSection
LockResource
FindResourceExW
GetModuleFileNameW
SetLastError
LoadLibraryExW
GetLocalTime
GetCurrentProcessId
TerminateThread
ReadFile
GetStdHandle
SetFileTime
SetFileAttributesW
RemoveDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetShortPathNameW
GetFullPathNameW
GetCurrentDirectoryW
SearchPathW
GetTempFileNameW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
GetFileInformationByHandle
SetEndOfFile
CompareFileTime
FileTimeToSystemTime
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
DebugBreak
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineW
CreateDirectoryW
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
ExitProcess
Sleep
HeapCreate
FatalAppExitA
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
FreeResource
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
IsValidLocale
InterlockedIncrement
GetLocaleInfoW
CreateFileA
SetStdHandle
FlushFileBuffers
GetLastError
CreateFileW
WriteFile
WideCharToMultiByte
CreateProcessW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
WaitForSingleObject
lstrcmpiW
GetTickCount
GetDiskFreeSpaceExW
InterlockedDecrement
FlushInstructionCache
GetExitCodeProcess
GetTempPathW
MultiByteToWideChar
GetFileAttributesW
ExpandEnvironmentStringsW
GetModuleHandleA
GetProcAddress
FindResourceW
LoadResource
SizeofResource
GetModuleHandleW
GetCurrentThreadId
lstrlenA
lstrcpyW
lstrlenW
CompareStringW
GetCurrentProcess
CloseHandle
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetEnvironmentStringsW
OutputDebugStringW
InterlockedExchange
EnumSystemLocalesA

user32

BeginPaint
EndPaint
UnregisterClassA
CharUpperW
CharToOemW
GetSysColor
GetFocus
ReleaseCapture
ClientToScreen
GetCapture
SetCursor
FillRect
CallWindowProcW
GetDlgCtrlID
SetFocus
PtInRect
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
CreateDialogParamW
SetRectEmpty
DestroyCursor
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
wsprintfW
LoadImageW
CreateCursor
OffsetRect
CharNextW
GetCursorPos
ExitWindowsEx
GetClassNameW
PostQuitMessage
DrawTextW
LoadStringW
GetWindow
SystemParametersInfoW
MapWindowPoints
IsWindow
SetWindowRgn
AdjustWindowRectEx
IsDialogMessageW
MessageBoxW
GetDlgItem
GetParent
ChildWindowFromPoint
SetDlgItemTextW
GetDlgItemTextW
EnableWindow
KillTimer
SetTimer
ShowWindow
ReleaseDC
GetWindowDC
GetDC
ScreenToClient
GetWindowRect
SetWindowPos
GetMenu
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
PostMessageW
GetWindowLongW
CreateWindowExW
SetWindowLongW
wvsprintfW
DestroyWindow
SendMessageW
GetClientRect
DrawFocusRect

gdi32

DeleteDC
BitBlt
DeleteObject
GetObjectW
CreateFontIndirectW
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateRoundRectRgn
SetTextColor
SetBkMode
CreateDIBSection
SetStretchBltMode

advapi32

GetTokenInformation
AllocateAndInitializeSid
EqualSid
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteKeyW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
FreeSid
IsValidSid

shell32

SHCreateDirectoryExW
SHChangeNotify
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHFileOperationW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoInitialize

oleaut32

SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
VarUI4FromStr
SysFreeString

shlwapi

PathFileExistsW
StrStrIW
StrCmpIW
PathIsDirectoryW

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_GetIconSize
_TrackMouseEvent

setupapi

SetupIterateCabinetW

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW

msimg32

AlphaBlend

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14.7MB - Virtual size: 14.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32b38dc2b66ad9a4c0c1c5e4e4990a8e

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:de:c7:62:99:a1:43:64:9d:2c:81:b5:53:46:4d:ed:b2:f9:ff:c9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

setupapi

wininet

msimg32

Sections

.text Size: 461KB - Virtual size: 461KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 14.7MB - Virtual size: 14.7MB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:de:c7:62:99:a1:43:64:9d:2c:81:b5:53:46:4d:ed:b2:f9:ff:c9
Signer

.text
Size: 461KB - Virtual size: 461KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 14.7MB - Virtual size: 14.7MB