25bbd8600c9ec2622d2742a7ea5578a9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

25bbd8600c9ec2622d2742a7ea5578a9_JaffaCakes118
Size

329KB
MD5

25bbd8600c9ec2622d2742a7ea5578a9
SHA1

57d4f0e1680fb87b15b01d9ae0361846601053fa
SHA256

c54da35d22f28fd3160ef6be5b2f92ffbb75d62acb8f664f347f0d15784a970e
SHA512

dd89e798c52b118a26024f60b79d96964fa8453a2a1228b19be7b7aafd5f428ecb1923622d50d8b8dc75dae9c086490739377e796a21a6828bf002aea49b3fa9
SSDEEP

6144:8BLwh5emI8CBDNO6dPtRSdCRnXf9ae90wlo5ncE:esh5eGC39RSdCRnP9ae90KK

Score

1^/10

Malware Config

Signatures

Files

25bbd8600c9ec2622d2742a7ea5578a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e722455646c5c4b21e6a6ac9472b65c5

Code Sign

5d:43:94:29:cf:6e:86:00:1d:50:aa:b3:13:8d:0e:50
Certificate

Issuer

CN=bbs.xiaoqi7.com

Not Before

12-04-2012 18:25

Not After

12-04-2032 18:25

Subject

CN=bbs.xiaoqi7.com

Extended Key Usages

ExtKeyUsageCodeSigning

84:17:ed:8d:79:af:22:0b:71:f3:cc:51:ae:c4:95:f6:65:93:45:0b
Signer

Actual PE Digest

84:17:ed:8d:79:af:22:0b:71:f3:cc:51:ae:c4:95:f6:65:93:45:0b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
WaitForMultipleObjects
TerminateProcess
OpenProcess
Process32Next
CreateToolhelp32Snapshot
GetCurrentThreadId
OutputDebugStringA
GlobalMemoryStatusEx
GetSystemInfo
GetComputerNameA
GetModuleFileNameA
OpenEventA
SetErrorMode
GetModuleHandleA
GetSystemDirectoryA
WinExec
lstrlenA
InitializeCriticalSection
CreateFileA
DeviceIoControl
WriteFile
GetVersion
GetCurrentProcess
ExitProcess
CreateProcessA
MoveFileA
ReadFile
GetFileSize
LocalAlloc
LocalReAlloc
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrcpyA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
MultiByteToWideChar
GetWindowsDirectoryA
lstrcatA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
GetTickCount
CancelIo
InterlockedExchange
ResetEvent
GetLastError
VirtualAlloc
VirtualFree
DeleteCriticalSection
CloseHandle
GetProcAddress
FreeLibrary
SetEvent
WaitForSingleObject
LoadLibraryA
Process32First

user32

GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
SetWindowPos
ShowWindow
UpdateWindow
CreateDialogParamA
EndDialog
wsprintfA
CharNextA
GetLastInputInfo
ExitWindowsEx
FindWindowA
ClipCursor
SetCursorPos
GetWindowTextA
MessageBoxA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
LoadCursorA
BlockInput
keybd_event
MapVirtualKeyA
SetCapture
SendMessageA
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorPos
DestroyCursor
GetCursorInfo
GetWindowThreadProcessId
IsWindowVisible
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
OpenDesktopA
PostMessageA
IsWindow
CloseWindow
DispatchMessageA
GetMessageA
TranslateMessage
WindowFromPoint
GetUserObjectInformationA

advapi32

LsaClose
RegQueryValueExA
RegOpenKeyExA
IsValidSid
LookupAccountNameA
LsaRetrievePrivateData
LsaOpenPolicy
LsaFreeMemory
CloseEventLog
ClearEventLogA
OpenEventLogA
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
EnumServicesStatusA
QueryServiceConfigA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
LookupAccountSidA
GetTokenInformation
RegOpenKeyA
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

memcmp
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_strcmpi
_strnicmp
_strnset
_strrev
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
calloc
fopen
atol
_beginthreadex
printf
system
wcscpy
_errno
strncmp
atoi
strrchr
_except_handler3
free
malloc
strchr
strncpy
sprintf
strcpy
rand
??0exception@@QAE@ABQBD@Z
strcmp
strcat
strstr
strlen
_ftol
ceil
memmove
_CxxThrowException
__CxxFrameHandler
puts
memcpy
??3@YAXPAX@Z
putchar
memset
??2@YAPAXI@Z

ws2_32

inet_addr
connect
sendto
WSASocketA
htonl
inet_ntoa
getsockname
bind
recvfrom
__WSAFDIsSet
closesocket
select
recv
WSAStartup
WSACleanup
WSAIoctl
socket
gethostbyname
htons
setsockopt
send

netapi32

NetUserAdd
NetLocalGroupAddMembers

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.data
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e722455646c5c4b21e6a6ac9472b65c5

Code Sign

5d:43:94:29:cf:6e:86:00:1d:50:aa:b3:13:8d:0e:50Certificate

Extended Key Usages

84:17:ed:8d:79:af:22:0b:71:f3:cc:51:ae:c4:95:f6:65:93:45:0bSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

ws2_32

netapi32

wtsapi32

Sections

.data Size: 120KB - Virtual size: 118KB

.rsrc Size: 164KB - Virtual size: 164KB

5d:43:94:29:cf:6e:86:00:1d:50:aa:b3:13:8d:0e:50
Certificate

84:17:ed:8d:79:af:22:0b:71:f3:cc:51:ae:c4:95:f6:65:93:45:0b
Signer

.data
Size: 120KB - Virtual size: 118KB

.rsrc
Size: 164KB - Virtual size: 164KB