d666576f81e8b3f3d568213db22f5869_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d666576f81e8b3f3d568213db22f5869_JaffaCakes118
Size

647KB
MD5

d666576f81e8b3f3d568213db22f5869
SHA1

323c0b07e6ccdce780e0929f29b14ad7aafec270
SHA256

cc3675256902bf7776666137931b0218d54af01821f618cfa772e596098de1ed
SHA512

4f100ea7596945ab5b1a60720606004fe2af0f0a271997dcd2ea4e15e7b666e5757ea8bd05f862d22224cdefe8a2ea389521a77cfde8294fe3eb65e0e4661bc5
SSDEEP

12288:gDEVYba3Q3jP/LR/JLLJJwmn+WodRnwAosrikfqKo3u1IiYZOzvb:RVYba3WP/l/JOJTwzsmmvo3uuXZOzz

Score

1^/10

Malware Config

Signatures

Files

d666576f81e8b3f3d568213db22f5869_JaffaCakes118
.rar
sysfilefix.exe
.exe windows:4 windows x86 arch:x86

ff7419a9b4ac06f3d8daaae175f67e12

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/03/2010, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Duba,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:fd:95:34:14:df:33:3b:9c:ab:8a:d2:c8:83:f4:09:95:00:ac:9c
Signer

Actual PE Digest

73:fd:95:34:14:df:33:3b:9c:ab:8a:d2:c8:83:f4:09:95:00:ac:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\daily_build\svn2\oneshotonekill\trunk\src\OneShotOneKill\SysFileFix\ReleaseKS\sysfilefix.pdb

Imports

kernel32

GetLongPathNameW
FileTimeToSystemTime
GetFileTime
MoveFileW
CopyFileW
CreateDirectoryW
GetCurrentDirectoryW
GetPrivateProfileStringW
SetFilePointer
FlushFileBuffers
GetFileSize
GetEnvironmentVariableW
GetTempPathW
GetFileAttributesExW
SetEndOfFile
FreeResource
GetDriveTypeW
ExpandEnvironmentStringsW
SearchPathW
VirtualAlloc
VirtualFree
WritePrivateProfileStringW
GetEnvironmentVariableA
GetSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
FindNextFileW
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
GetSystemDefaultUILanguage
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
HeapCreate
FatalAppExitA
GetVersionExW
GetProcAddress
LoadLibraryW
GetLogicalDriveStringsW
lstrcpyW
GetWindowsDirectoryW
lstrcatW
RemoveDirectoryW
WriteFile
lstrcmpW
CreateFileW
GetFileAttributesW
ReadFile
LocalFree
FindResourceExW
LockResource
FindClose
FindFirstFileW
Process32NextW
DeleteFileW
OpenProcess
Module32NextW
SetFileAttributesW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetLocalTime
GetLastError
GetSystemDirectoryW
Sleep
ExitProcess
TerminateThread
MoveFileExW
GetCommandLineW
WaitForSingleObject
GetVersion
LeaveCriticalSection
MultiByteToWideChar
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSection
SetLastError
SetErrorMode
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
lstrcmpiW
FreeLibrary
CreateThread
CloseHandle
GetModuleFileNameW
LoadLibraryExW
EnterCriticalSection
FindResourceW
LoadResource
SizeofResource
GetModuleHandleW
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
TlsGetValue
WideCharToMultiByte
RaiseException
lstrlenW
GetTickCount

user32

GetWindowTextW
SetWindowLongW
DestroyWindow
CharNextW
DefWindowProcW
DialogBoxParamW
GetActiveWindow
GetDlgCtrlID
GetWindowLongW
SetCursor
PostMessageW
SetWindowPos
LoadCursorW
MapWindowPoints
GetClientRect
GetSysColor
GetParent
DrawTextW
GetWindowRect
CallWindowProcW
SystemParametersInfoW
LoadBitmapW
DrawIcon
MessageBoxW
GetWindow
EndDialog
BeginPaint
GetSystemMetrics
LoadImageW
GetDC
SendMessageW
GetIconInfo
IsCharAlphaNumericW
wsprintfA
DestroyIcon
CharLowerW
SetWindowTextW
ReleaseCapture
UnregisterClassA
SetCapture
InflateRect
InvalidateRect
ReleaseDC
wsprintfW
GetWindowTextLengthW
GetDlgItem
EndPaint

gdi32

SetBkColor
GetDIBits
CreateDIBSection
BitBlt
LineTo
DeleteDC
ExtTextOutW
MoveToEx
DeleteObject
SelectObject
CreateCompatibleDC
SetTextColor
SetBkMode
CreateFontIndirectW
GetStockObject
GetObjectW

advapi32

InitializeAcl
RegDeleteValueW
RegSetValueExW
RegGetKeySecurity
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
AllocateAndInitializeSid
RegSetValueW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
StartServiceW
CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
OpenProcessToken
IsValidSid
SetNamedSecurityInfoW
GetLengthSid
GetNamedSecurityInfoW
AdjustTokenPrivileges
GetAce
CopySid
GetSidSubAuthority
InitializeSid
GetAclInformation
GetSidLengthRequired
AddAce
LookupPrivilegeValueW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

CommandLineToArgvW
ExtractIconW
SHChangeNotify
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW
ord59
SHGetFolderPathW

ole32

CoGetMalloc
StringFromCLSID
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoUninitialize
CoTaskMemRealloc
CoCreateInstance
CoCreateGuid

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

PathRemoveFileSpecW
SHGetValueW
SHSetValueW
StrToIntW
StrStrIW
PathFileExistsW
PathIsDirectoryEmptyW
StrChrW
StrStrW
StrRChrW
PathIsDirectoryW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

TransparentBlt

wininet

InternetConnectW
HttpOpenRequestW
InternetSetOptionW
HttpSendRequestW
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetCrackUrlW
HttpAddRequestHeadersW
InternetCloseHandle
InternetGetConnectedState
InternetReadFile

urlmon

URLDownloadToFileW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

ws2_32

WSCDeinstallProvider

Sections

.text
Size: 360KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff7419a9b4ac06f3d8daaae175f67e12

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4Certificate

Extended Key Usages

Key Usages

73:fd:95:34:14:df:33:3b:9c:ab:8a:d2:c8:83:f4:09:95:00:ac:9cSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

urlmon

psapi

version

iphlpapi

ws2_32

Sections

.text Size: 360KB - Virtual size: 356KB

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 16KB - Virtual size: 33KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

11:b3:af:5d:b1:1e:c9:1d:1c:f0:b3:e1:b8:0c:85:e4
Certificate

73:fd:95:34:14:df:33:3b:9c:ab:8a:d2:c8:83:f4:09:95:00:ac:9c
Signer

.text
Size: 360KB - Virtual size: 356KB

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 16KB - Virtual size: 33KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB