1ac1cb98fd3f9aa9ac59645fe73e3299_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1ac1cb98fd3f9aa9ac59645fe73e3299_JaffaCakes118
Size

307KB
MD5

1ac1cb98fd3f9aa9ac59645fe73e3299
SHA1

5b086a70135c4915c71ec36d849a0771850fbe64
SHA256

e861e18e15435123736da2769bf5023f82b9a3682de86fd249f127d7286c35c6
SHA512

8a951662c01ec3de8fd7b678277d3b2025b8f06614bb1d762280abb2c59b2161d77181ea936e390773807a43edbedb962fd77de94124048e389eb9c939194452
SSDEEP

3072:V3DZj/qUc1nc9FyfxYP5KWiH2b5QoXkpwpGGyi+ibyDA2bmHt0o9hTjopJaVpuIX:JdDqUNcYxKWjbRX2wpGGmDb/rr0

Score

1^/10

Malware Config

Signatures

Files

1ac1cb98fd3f9aa9ac59645fe73e3299_JaffaCakes118
.exe windows:4 windows x86 arch:x86

576aed2a5cf58f39310e0b81ad962134

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:0a:59:57:92:bb:92:23:5c:8b:4c:b7:22:dc:3c:f3:d6:e6:66:d9
Signer

Actual PE Digest

fc:0a:59:57:92:bb:92:23:5c:8b:4c:b7:22:dc:3c:f3:d6:e6:66:d9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\kingsoft_duba\build\build_src\kxengine\kws_stable\src\kswebshieldsvc\release\kswebshield.pdb

Imports

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
CreateFileW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoW
SetThreadPriority
ResumeThread
CreateProcessW
CreateMutexW
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
GetLocalTime
GetLastError
CreateThread
DeleteCriticalSection
FreeLibrary
Sleep
GetProcAddress
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
SetEvent
GetModuleFileNameW
GetCurrentThread
GetCurrentProcess
lstrcatW
CloseHandle
CreateEventW
LoadLibraryW
WaitForSingleObject
SetConsoleCtrlHandler
SetProcessWorkingSetSize
DuplicateHandle
SetEndOfFile
GetVersionExW
GetLocaleInfoA
LoadLibraryA
InterlockedExchange
GetThreadLocale
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
GetTimeZoneInformation
FlushFileBuffers
ReadFile
HeapReAlloc
VirtualAlloc
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapFree
HeapAlloc
CreateDirectoryA
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetFullPathNameA
GetCurrentDirectoryA
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree

user32

PostQuitMessage
RegisterClassExW
CreateWindowExW
ShowWindow
FindWindowW
DefWindowProcW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetMessageW

advapi32

CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CreateServiceW
OpenServiceW
RegCloseKey
RegDeleteValueW
RegCreateKeyW
CloseServiceHandle
ChangeServiceConfig2W
DeleteService
RegOpenKeyExW
QueryServiceStatus
StartServiceCtrlDispatcherW
LockServiceDatabase
OpenSCManagerW
UnlockServiceDatabase
StartServiceW
ChangeServiceConfigW
RegSetValueExW
SetServiceStatus
RegisterServiceCtrlHandlerW

shell32

SHGetFolderPathW

ole32

CoCreateInstance

shlwapi

PathAppendW
PathRemoveFileSpecW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

576aed2a5cf58f39310e0b81ad962134

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1bCertificate

Extended Key Usages

Key Usages

fc:0a:59:57:92:bb:92:23:5c:8b:4c:b7:22:dc:3c:f3:d6:e6:66:d9Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

wtsapi32

Sections

.text Size: 148KB - Virtual size: 144KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 119KB - Virtual size: 119KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

fc:0a:59:57:92:bb:92:23:5c:8b:4c:b7:22:dc:3c:f3:d6:e6:66:d9
Signer

.text
Size: 148KB - Virtual size: 144KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 119KB - Virtual size: 119KB