18d24802f4463cca9286bb7fad7b15cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18d24802f4463cca9286bb7fad7b15cc_JaffaCakes118
Size

924KB
MD5

18d24802f4463cca9286bb7fad7b15cc
SHA1

7694ba19ac028cace2e89df82776889473adddd9
SHA256

d0e4745627a86b265219c6146170422c1c646cdc632d5198baffecf3c1408668
SHA512

11ec6ec7aa417dc3962804d6627b6acb35d7efea814e2319076619b1d8adfe84648994ea501fd3f53de52c0cc97af493bb96e3bf128a82eba41212dfd82d391a
SSDEEP

12288:7vUBl9ZcQHeC1MXa0RB6nifqMLV9FcM4pLJgHsbtO3ZK76/1UZ:7vUBzVHejgYy5pLJxbc3Z91UZ

Score

1^/10

Malware Config

Signatures

Files

18d24802f4463cca9286bb7fad7b15cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb3e7c088d97bf5a1632d94e02ac7521

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

04/11/2009, 00:00

Not After

03/11/2012, 23:59

Subject

CN=Keniu Network Technology (Beijing) Co.\, Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=可牛网络技术（北京）有限公司,L=朝阳区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

54:d9:2f:1a:8c:c2:dd:10:97:32:b8:ae:78:19:4f:5f:a6:f7:83:39
Signer

Actual PE Digest

54:d9:2f:1a:8c:c2:dd:10:97:32:b8:ae:78:19:4f:5f:a6:f7:83:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workspace\daily_build\b3a\trunk\src\OneShotOneKill\SysFixBox\ReleaseKN\SysFixBox.pdb

Imports

kernel32

GetLongPathNameW
GetFileTime
GetSystemInfo
FlushFileBuffers
SetEndOfFile
LocalAlloc
GetCurrentDirectoryW
GetEnvironmentVariableW
GetFileAttributesExW
Module32FirstW
DeviceIoControl
GetFullPathNameW
GetCurrentThread
GetEnvironmentVariableA
GetSystemTime
WritePrivateProfileStringW
SetFilePointerEx
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
GetProcAddress
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapCreate
RtlUnwind
GetStartupInfoW
GetFileSize
SetFilePointer
GetFileSizeEx
GetSystemDirectoryW
SearchPathW
ExpandEnvironmentStringsW
GetDriveTypeW
DeleteFileW
MoveFileW
OutputDebugStringW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
lstrcpyW
GetWindowsDirectoryW
FileTimeToSystemTime
GetLogicalDriveStringsW
Process32NextW
TerminateProcess
lstrcatW
LoadLibraryW
Sleep
RemoveDirectoryW
FindClose
FindNextFileW
ReadFile
lstrcmpW
GetPrivateProfileStringW
SetFileAttributesW
GetLocalTime
CreateDirectoryW
FindFirstFileW
GetFileAttributesW
TerminateThread
CreateThread
GetPrivateProfileIntW
WaitForSingleObject
ExitProcess
MoveFileExW
GetCommandLineW
GetVersion
GetModuleHandleW
EnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
GetVersionExW
FreeLibrary
lstrlenW
GetCurrentProcess
lstrcmpiW
LeaveCriticalSection
LoadLibraryExW
FlushInstructionCache
InterlockedDecrement
GetModuleFileNameW
GetTempPathW
InterlockedIncrement
LocalFree
CopyFileW
GetLastError
SetLastError
FreeResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LockResource
LoadResource
CloseHandle
FindResourceW
WriteFile
MultiByteToWideChar
FindResourceExW
RaiseException
VirtualQuery
VirtualProtect
GetModuleHandleA
ResumeThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
lstrlenA
GetSystemDefaultUILanguage
CreateFileW
SetErrorMode
IsValidLocale

user32

LoadBitmapW
GetWindowRect
GetParent
GetClientRect
PostMessageW
SystemParametersInfoW
GetWindow
GetSysColor
MapWindowPoints
SetWindowPos
LoadCursorW
GetWindowTextW
BeginPaint
DrawTextW
LoadImageW
CallWindowProcW
GetDC
SetWindowTextW
EndPaint
wsprintfW
SendMessageW
GetDlgItem
UnregisterClassA
GetSystemMetrics
EndDialog
SetCursor
InflateRect
GetDlgCtrlID
DialogBoxParamW
DestroyWindow
CharNextW
SetWindowLongW
GetActiveWindow
DefWindowProcW
MessageBoxW
DestroyIcon
GetIconInfo
IsCharAlphaNumericW
wsprintfA
CharLowerW
EnableWindow
ReleaseCapture
GetWindowLongW
SetCapture
InvalidateRect
ReleaseDC
DrawIcon
GetWindowTextLengthW

gdi32

SelectObject
GetDIBits
SetTextColor
CreateBitmap
LineTo
CreateDIBSection
MoveToEx
StretchBlt
BitBlt
DeleteDC
ExtTextOutW
SetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
CreateFontIndirectW
GetStockObject
GetObjectW
DeleteObject

advapi32

RegDeleteValueW
InitializeSid
InitializeAcl
RegGetKeySecurity
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
AllocateAndInitializeSid
RegSetValueW
RegQueryValueW
ChangeServiceConfigW
DeleteService
SetThreadToken
ImpersonateSelf
OpenThreadToken
RevertToSelf
CreateProcessAsUserW
ConvertStringSidToSidW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
CreateServiceW
RegEnumKeyW
RegOpenKeyW
RegEnumValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
LookupPrivilegeValueW
OpenProcessToken
StartServiceW
AdjustTokenPrivileges
RegSetValueExW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegCloseKey
IsValidSid
RegCreateKeyW
RegOpenKeyExW
GetLengthSid
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
GetAce
RegDeleteKeyW
CopySid
RegEnumKeyExW
GetAclInformation
AddAce
GetSidSubAuthority
GetSidLengthRequired

shell32

ExtractIconW
SHGetFileInfoW
SHFileOperationW
CommandLineToArgvW
ord59
SHGetSpecialFolderPathW
SHChangeNotify
SHGetSettings
SHGetFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoGetMalloc
StringFromCLSID
CLSIDFromString
StringFromGUID2
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsW
PathAppendW
PathIsDirectoryEmptyW
PathIsDirectoryW
PathQuoteSpacesW
StrCmpNW
StrCpyNW
StrCmpNIW
StrCmpIW
SHSetValueW
PathRemoveFileSpecW
StrChrW
StrStrW
SHGetValueW
StrChrA
StrStrIA
StrToIntW
StrRChrW
StrStrIW

comctl32

_TrackMouseEvent
InitCommonControlsEx

userenv

UnloadUserProfile

wininet

InternetCrackUrlW
InternetSetOptionW
InternetReadFile
InternetOpenUrlW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestW
InternetOpenW
InternetConnectW
InternetGetConnectedState
InternetCloseHandle

urlmon

URLDownloadToFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

ws2_32

WSCDeinstallProvider

iphlpapi

GetAdaptersInfo

mpr

WNetGetResourceInformationW

Sections

.text
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb3e7c088d97bf5a1632d94e02ac7521

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84Certificate

Extended Key Usages

Key Usages

54:d9:2f:1a:8c:c2:dd:10:97:32:b8:ae:78:19:4f:5f:a6:f7:83:39Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

userenv

wininet

urlmon

version

psapi

ws2_32

iphlpapi

mpr

Sections

.text Size: 628KB - Virtual size: 627KB

.rdata Size: 132KB - Virtual size: 128KB

.data Size: 104KB - Virtual size: 121KB

.rsrc Size: 52KB - Virtual size: 48KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84
Certificate

54:d9:2f:1a:8c:c2:dd:10:97:32:b8:ae:78:19:4f:5f:a6:f7:83:39
Signer

.text
Size: 628KB - Virtual size: 627KB

.rdata
Size: 132KB - Virtual size: 128KB

.data
Size: 104KB - Virtual size: 121KB

.rsrc
Size: 52KB - Virtual size: 48KB