5ba6c08ace3b89d359e3b86619a0c9fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ba6c08ace3b89d359e3b86619a0c9fe_JaffaCakes118
Size

177KB
MD5

5ba6c08ace3b89d359e3b86619a0c9fe
SHA1

719b584b05b5522bb6a6191ff1323cb3ccf5f5f3
SHA256

66b383420271644a9352e2d22ec9a3aab883d589f4ae23367a8de5ddda5623ab
SHA512

36e14f3adcb3658f6e64d2321086dd1c90e537eb86fd4533180eb38601e57900c5e6e992648639b2693227b0dcdfb659c95df95c9d405075780549bf77ac51ea
SSDEEP

3072:fuiS7rsvn76CFxYWdB5W2G6FHje+b4uwtUGlFMblPa8iX3Nq9Y/ijLR2P5O/:WJP6n79XYiOPAjew4uIU7blixX3NqO/O

Score

1^/10

Malware Config

Signatures

Files

5ba6c08ace3b89d359e3b86619a0c9fe_JaffaCakes118
.rar
155绿色软件站.url
.url
fqatools.exe
.exe windows:4 windows x86 arch:x86

0c891f8d5542446e1bc86ad142470958

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

04/11/2009, 00:00

Not After

03/11/2012, 23:59

Subject

CN=Keniu Network Technology (Beijing) Co.\, Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=可牛网络技术（北京）有限公司,L=朝阳区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

75:97:83:6f:55:3b:62:ec:17:25:80:56:dc:53:0b:fe:16:fe:ad:37
Signer

Actual PE Digest

75:97:83:6f:55:3b:62:ec:17:25:80:56:dc:53:0b:fe:16:fe:ad:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workspace\daily_build\b3a\trunk\src\OneShotOneKill\FQATools\ReleaseKN\fqatools.pdb

Imports

kernel32

lstrcmpW
GetCurrentDirectoryW
lstrcpyW
GetPrivateProfileStringW
FlushFileBuffers
ReadFile
CreateDirectoryW
GetSystemDirectoryW
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetEnvironmentVariableW
GetLongPathNameW
GetFileAttributesExW
Module32FirstW
LoadLibraryW
GetProcAddress
ExpandEnvironmentStringsW
SearchPathW
VirtualAlloc
VirtualFree
GetEnvironmentVariableA
MoveFileW
RemoveDirectoryW
FileTimeToSystemTime
GetSystemTime
WritePrivateProfileStringW
GetDriveTypeW
MoveFileExW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
FreeResource
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThread
TlsFree
TlsSetValue
CopyFileW
CloseHandle
WriteFile
WideCharToMultiByte
CreateFileW
LockResource
SetEndOfFile
SetFilePointer
GetTempPathW
GetFileSize
GetVersion
Sleep
TerminateProcess
DeleteFileW
SetFileAttributesW
Process32NextW
OpenProcess
Process32FirstW
InterlockedDecrement
CreateToolhelp32Snapshot
FindResourceExW
GetLocalTime
ExitProcess
TerminateThread
GetCommandLineW
WaitForSingleObject
GetCurrentThreadId
InitializeCriticalSection
InterlockedIncrement
SetLastError
SetErrorMode
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
lstrcmpiW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
EnterCriticalSection
FindResourceW
LoadResource
SizeofResource
GetModuleHandleW
RaiseException
lstrlenW
GetLastError
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
HeapCreate
FatalAppExitA
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
TlsAlloc
GetVersionExW
LeaveCriticalSection
MultiByteToWideChar
GetLocaleInfoW

user32

EndPaint
CallWindowProcW
GetDC
LoadImageW
DrawIcon
SetWindowPos
EndDialog
MapWindowPoints
DialogBoxParamW
DefWindowProcW
CharNextW
DestroyWindow
SetWindowLongW
DrawTextW
PostMessageW
GetActiveWindow
wsprintfW
UnregisterClassA
GetWindowTextW
BeginPaint
LoadBitmapW
InflateRect
LoadCursorW
SetCursor
GetSysColor
GetDlgCtrlID
ReleaseCapture
SendMessageW
SetWindowTextW
GetDlgItem
SetCapture
InvalidateRect
GetSystemMetrics
GetWindow
ReleaseDC
SystemParametersInfoW
GetWindowLongW
GetWindowRect
GetParent
GetClientRect
GetWindowTextLengthW

gdi32

CreateFontIndirectW
MoveToEx
GetStockObject
GetObjectW
SetTextColor
CreateBitmap
CreateDIBSection
StretchBlt
BitBlt
DeleteDC
ExtTextOutW
SetBkColor
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
DeleteObject
LineTo

advapi32

RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegGetKeySecurity
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegSetValueW
RegQueryValueW
RegOpenKeyExW
RegEnumKeyW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetFileInfoW
ord59
SHGetSettings
SHFileOperationW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
StringFromCLSID
CoCreateInstance

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
StrChrW
StrStrIW
PathFileExistsW
SHGetValueW
PathIsDirectoryW
PathIsDirectoryEmptyW

comctl32

_TrackMouseEvent
InitCommonControlsEx

wininet

InternetGetConnectedState

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

ws2_32

WSCDeinstallProvider

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c891f8d5542446e1bc86ad142470958

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84Certificate

Extended Key Usages

Key Usages

75:97:83:6f:55:3b:62:ec:17:25:80:56:dc:53:0b:fe:16:fe:ad:37Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

psapi

iphlpapi

ws2_32

version

Sections

.text Size: 300KB - Virtual size: 297KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 27KB

.rsrc Size: 44KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84
Certificate

75:97:83:6f:55:3b:62:ec:17:25:80:56:dc:53:0b:fe:16:fe:ad:37
Signer

.text
Size: 300KB - Virtual size: 297KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 27KB

.rsrc
Size: 44KB - Virtual size: 40KB