bfb581f1ccc123c83080a928dbf61140_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bfb581f1ccc123c83080a928dbf61140_JaffaCakes118
Size

21.3MB
MD5

bfb581f1ccc123c83080a928dbf61140
SHA1

5af9678735c1c03eb3b7a573b2d856e3af4d6f94
SHA256

6df112810af97f019cf30528d993184407034276731497c188a8b0089c51a7bc
SHA512

74a9524d3d108607514e9be9c5eb2d95ee52e7ab8ae67d518d9865475f895a112968db9e47669444f5ce5f335339efa97ace3cb820362b8cf855d85052afcfe2
SSDEEP

393216:4kndHYa6Kb2jvaf4/UzqGj3RuXfE5KviCwVDozTJqTZMcBQKpq8bw:Lnyyb5Jue3R6E5rCcoPJtcBTtw

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/百度竞价助手/百度竞价助手3.0.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/百度竞价助手/百度竞价助手3.0.exe

Files

bfb581f1ccc123c83080a928dbf61140_JaffaCakes118
.rar
jre-6u12-windows-i586-p-s.exe
.exe windows:4 windows x86 arch:x86

36553304d9f48d6dfcc9e9784f0a1bed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/06/2006, 00:00

Not After

15/07/2009, 23:59

Subject

CN=Sun Microsystems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Sun Microsystems,O=Sun Microsystems\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameA
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
GetProcAddress
LoadLibraryA
GetShortPathNameA
GetWindowsDirectoryA
GetEnvironmentVariableA
ReadFile
DeleteFileA
WaitForSingleObject
GetCurrentProcess
GetSystemInfo
SetFilePointer
GetTempPathA
LocalFree
GetTickCount
GetCurrentProcessId
GetSystemDirectoryA
GetUserDefaultLangID
LockResource
MoveFileA
ExitProcess
LocalAlloc
FormatMessageA
CreateDirectoryA
CompareStringW
CompareStringA
SetStdHandle
FlushFileBuffers
LCMapStringW
GetExitCodeProcess
CreateFileA
WriteFile
CloseHandle
lstrcmpA
lstrlenA
lstrcpyA
lstrcpynA
lstrcatA
lstrcmpiA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
InterlockedExchange
GetLocaleInfoA
GetACP
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetTimeZoneInformation
GetCPInfo
GetOEMCP
HeapSize
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
HeapFree
RtlUnwind
TerminateProcess
HeapAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
GetSystemTimeAsFileTime
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
SetEnvironmentVariableA

user32

GetDesktopWindow
CharNextA
LoadStringA
MessageBoxA
wsprintfA

advapi32

RegEnumKeyA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

version

VerQueryValueA
GetFileVersionInfoA

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetErrorDlg
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15.6MB - Virtual size: 15.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
�ٶȾ��/note.txt
百度竞价助手/bidderconf.xml
.xml
百度竞价助手/使用说明.txt
百度竞价助手/使用说明.url
.url
百度竞价助手/帮助文档/分组设定排名.doc
.doc windows office2003
百度竞价助手/帮助文档/切换手工自动出价模式.doc
.doc windows office2003
百度竞价助手/帮助文档/如何快速设置目标排名.doc
.doc windows office2003
百度竞价助手/帮助文档/如何调价.doc
.doc windows office2003
百度竞价助手/帮助文档/按照质量度选择不同的调价策略.doc
.doc windows office2003
百度竞价助手/百度竞价助手3.0.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_Z10testStringP7JNIEnv_P8_jobjectP8_jstring@12
_Z15jnm_exitWindowsP7JNIEnv_P8_jobjectl@12
_Z16jnm_getdriveinfoP7JNIEnv_P8_jobjectS2_@12
_Z16jnm_shellexecuteP7JNIEnv_P8_jobjectP8_jstringS4_S4_S4_l@28
_Z21jnm_getExecutableNameP7JNIEnv_P8_jobject@8
_Z21jnm_getExecutablePathP7JNIEnv_P8_jobject@8
_Z22jnm_deleteFileOnRebootP7JNIEnv_P8_jobjectP8_jstring@12

Sections

.text
Size: 128KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.0MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

36553304d9f48d6dfcc9e9784f0a1bed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ffCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

wininet

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 15.6MB - Virtual size: 15.6MB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 404KB

.data Size: 1KB - Virtual size: 8KB

.bss Size: - Virtual size: 18KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 7.0MB - Virtual size: 7.6MB

.reloc Size: - Virtual size: 12KB

.aspack Size: 7KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ff
Certificate

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 15.6MB - Virtual size: 15.6MB

.text
Size: 128KB - Virtual size: 404KB

.data
Size: 1KB - Virtual size: 8KB

.bss
Size: - Virtual size: 18KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 7.0MB - Virtual size: 7.6MB

.reloc
Size: - Virtual size: 12KB

.aspack
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB