952e97d85dd8106234b9c4a500aacb56_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

952e97d85dd8106234b9c4a500aacb56_JaffaCakes118
Size

305KB
MD5

952e97d85dd8106234b9c4a500aacb56
SHA1

cff7fc9563ab463e09a14edc68b4bb6e64216142
SHA256

19aaf667a719c95c6a92b031a4badfe9f34bfdc8b9e7ef5d60748ed0624fe25b
SHA512

e0d8591d2ccc620efcafb0699536ab18c6f0c12595566c08cc5febd02078a9f6e80a0b8d2f272e63d520acbfe69e073c5284bc0fbf6202f709148c89bc085d1b
SSDEEP

6144:/ju536TPS1m9SjhFwWWs4P0eZl7Wa63lgCroUzD0Vves2uQj4oobUt:/653+b8nwLs4ZZlCl3lgCroU30VgobUt

Score

1^/10

Malware Config

Signatures

Files

952e97d85dd8106234b9c4a500aacb56_JaffaCakes118
.rar
155绿色软件站.url
.url
SysFixBox.exe
.exe windows:4 windows x86 arch:x86

d4d02d94de9aef773590b50e0a213d37

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

04-11-2009 00:00

Not After

03-11-2012 23:59

Subject

CN=Keniu Network Technology (Beijing) Co.\, Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=可牛网络技术（北京）有限公司,L=朝阳区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

42:29:df:9c:66:80:b8:11:c9:77:58:ce:79:da:a3:e1:3d:03:be:3c
Signer

Actual PE Digest

42:29:df:9c:66:80:b8:11:c9:77:58:ce:79:da:a3:e1:3d:03:be:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workspace\daily_build\b3a\trunk\src\OneShotOneKill\SysFixBox\ReleaseKN\SysFixBox.pdb

Imports

kernel32

FileTimeToSystemTime
GetSystemInfo
FlushFileBuffers
SetEndOfFile
LocalAlloc
GetCurrentDirectoryW
GetEnvironmentVariableW
GetFileAttributesExW
Module32FirstW
DeviceIoControl
GetFullPathNameW
GetCurrentThread
GetEnvironmentVariableA
GetSystemTime
WritePrivateProfileStringW
SetFilePointerEx
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStringTypeW
Process32FirstW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetDateFormatA
GetTimeFormatA
GetCPInfo
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapCreate
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetSystemDefaultUILanguage
GetFileSize
SetFilePointer
GetFileSizeEx
SearchPathW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetDriveTypeW
OpenProcess
MoveFileW
OutputDebugStringW
lstrcpyW
GetWindowsDirectoryW
lstrlenA
FindClose
FindNextFileW
GetFileTime
GetLogicalDriveStringsW
Process32NextW
TerminateProcess
CreateToolhelp32Snapshot
RemoveDirectoryW
DeleteFileW
lstrcatW
LockResource
ReadFile
lstrcmpW
CreateFileW
CloseHandle
GetPrivateProfileStringW
GetProcAddress
GetVersion
LoadLibraryW
CreateDirectoryW
CreateThread
GetLocalTime
FindResourceExW
TerminateThread
MoveFileExW
GetTempPathW
SetFileAttributesW
FreeLibrary
GetVersionExW
GetPrivateProfileIntW
WaitForSingleObject
ExitProcess
LocalFree
GetCommandLineW
WideCharToMultiByte
GetFileAttributesW
CopyFileW
WriteFile
FreeResource
FindResourceW
LoadResource
EnterCriticalSection
SizeofResource
GetModuleHandleW
GetLastError
lstrlenW
InterlockedDecrement
GetCurrentThreadId
LeaveCriticalSection
MultiByteToWideChar
InterlockedIncrement
InitializeCriticalSection
SetLastError
SetErrorMode
FlushInstructionCache
GetCurrentProcess
RaiseException
DeleteCriticalSection
lstrcmpiW
GetStartupInfoW
VirtualQuery
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleA
ResumeThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
FindFirstFileW
GetLongPathNameW
GetModuleFileNameW
LoadLibraryExW
GetStringTypeA

user32

GetDC
SetWindowPos
PostMessageW
MapWindowPoints
EndPaint
GetWindowTextW
SetWindowLongW
DestroyWindow
CharNextW
LoadImageW
InflateRect
BeginPaint
GetWindowTextLengthW
GetClientRect
GetParent
MessageBoxW
GetWindowRect
SystemParametersInfoW
ReleaseDC
GetWindow
InvalidateRect
UnregisterClassA
EnableWindow
LoadBitmapW
EndDialog
DrawIcon
GetWindowLongW
LoadCursorW
GetSysColor
SetCursor
GetActiveWindow
DialogBoxParamW
DefWindowProcW
DestroyIcon
GetIconInfo
IsCharAlphaNumericW
wsprintfA
CharLowerW
GetDlgCtrlID
SendMessageW
CallWindowProcW
ReleaseCapture
DrawTextW
GetSystemMetrics
SetCapture
GetDlgItem
wsprintfW
SetWindowTextW

gdi32

BitBlt
GetDIBits
MoveToEx
CreateFontIndirectW
GetStockObject
GetObjectW
SetBkMode
SetTextColor
CreateBitmap
CreateDIBSection
StretchBlt
DeleteDC
ExtTextOutW
SetBkColor
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
LineTo
DeleteObject

advapi32

LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyExW
InitializeSecurityDescriptor
AddAccessAllowedAce
AllocateAndInitializeSid
RegSetValueW
RegQueryValueW
RegGetKeySecurity
RegSetKeySecurity
SetSecurityDescriptorDacl
DeleteService
ChangeServiceConfigW
SetThreadToken
ImpersonateSelf
OpenThreadToken
RevertToSelf
CreateProcessAsUserW
ConvertStringSidToSidW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
CreateServiceW
RegEnumKeyW
RegOpenKeyW
RegEnumValueW
GetSidSubAuthority
GetAclInformation
InitializeSid
AddAce
GetSidLengthRequired
InitializeAcl
RegQueryValueExW
StartServiceW
OpenProcessToken
IsValidSid
SetNamedSecurityInfoW
GetLengthSid
CloseServiceHandle
GetNamedSecurityInfoW
OpenServiceW
OpenSCManagerW
RegCreateKeyW
AdjustTokenPrivileges
GetAce
CopySid
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegDeleteValueW

shell32

ExtractIconW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHFileOperationW
CommandLineToArgvW
ord59
SHChangeNotify
SHGetSettings
SHGetFolderPathW
ShellExecuteW

ole32

CoTaskMemRealloc
StringFromCLSID
CoGetMalloc
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

StrRChrW
SHGetValueW
StrStrW
StrChrW
PathRemoveFileSpecW
SHSetValueW
StrCmpIW
StrCmpNIW
StrCpyNW
StrCmpNW
PathQuoteSpacesW
PathIsDirectoryW
PathIsDirectoryEmptyW
StrStrIW
StrStrIA
StrChrA
StrToIntW
PathAppendW
PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

wininet

InternetSetOptionW
InternetConnectW
HttpOpenRequestW
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCrackUrlW
HttpAddRequestHeadersW
InternetGetConnectedState
HttpQueryInfoW
InternetCloseHandle
HttpSendRequestW

userenv

UnloadUserProfile

urlmon

URLDownloadToFileW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

ws2_32

WSCDeinstallProvider

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

mpr

WNetGetResourceInformationW

Sections

.text
Size: 604KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4d02d94de9aef773590b50e0a213d37

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84Certificate

Extended Key Usages

Key Usages

42:29:df:9c:66:80:b8:11:c9:77:58:ce:79:da:a3:e1:3d:03:be:3cSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

userenv

urlmon

psapi

ws2_32

version

iphlpapi

mpr

Sections

.text Size: 604KB - Virtual size: 601KB

.rdata Size: 124KB - Virtual size: 120KB

.data Size: 104KB - Virtual size: 122KB

.rsrc Size: 52KB - Virtual size: 48KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

52:3b:3d:05:0e:d9:00:64:b3:74:36:7a:fb:d5:71:84
Certificate

42:29:df:9c:66:80:b8:11:c9:77:58:ce:79:da:a3:e1:3d:03:be:3c
Signer

.text
Size: 604KB - Virtual size: 601KB

.rdata
Size: 124KB - Virtual size: 120KB

.data
Size: 104KB - Virtual size: 122KB

.rsrc
Size: 52KB - Virtual size: 48KB