db3e43dbffa7835eebb63b16b307ce8a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db3e43dbffa7835eebb63b16b307ce8a_JaffaCakes118
Size

8.4MB
MD5

db3e43dbffa7835eebb63b16b307ce8a
SHA1

48a49169e3c890917d030989c43c8b96d5b191a3
SHA256

7c43dfa951c80b26c594400a1394dcffea2c7a167a87c3a274731c26b1b943b5
SHA512

5a278c58def534ed7f26085120618a6f62b5725ca03a3d8ff8b28d1f5e01fa685f318d222624160db03d9a690a5611e11d0b500356d2b473a0194a2ade20354f
SSDEEP

196608:DddVWy921JxLXksWIv7yXAAzlEeUOiBHVT+hadhSyiWI9u16smW:DXD9qJRpH2QAOqiV3SVWIQ1QW

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/kas-v2.7.5.exe	nsis_installer_2

Files

db3e43dbffa7835eebb63b16b307ce8a_JaffaCakes118
.zip
kas-v2.7.5.exe
.exe windows:4 windows x86 arch:x86

8457e0ef9219a79523fa94fded26bce8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

97:70:7c:2d:9b:92:8e:8e:b7:d4:fb:7e:12:de:02:f5:09:37:13:c8
Signer

Actual PE Digest

97:70:7c:2d:9b:92:8e:8e:b7:d4:fb:7e:12:de:02:f5:09:37:13:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\KASSetupExt\SetupExt\Release\SetupExt.pdb

Imports

kernel32

LockResource
SizeofResource
FindResourceA
GetModuleFileNameA
GetTempFileNameA
CreateProcessA
GetTempPathA
DeleteFileA
WaitForSingleObject
LoadLibraryA
lstrlenA
WideCharToMultiByte
lstrcpynA
lstrcpyA
CreateFileA
GetLastError
SetLastError
lstrcmpiA
GetProcAddress
GetStringTypeW
WriteFile
CloseHandle
GetVersionExA
MultiByteToWideChar
LoadResource
HeapFree
HeapAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetStdHandle
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
InitializeCriticalSection
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA

user32

CharNextA
CharLowerA
GetActiveWindow
DestroyWindow
UpdateWindow
CreateDialogParamA
MessageBoxA
ShowWindow

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
˵.txt
.url
.url

Sharing

General

Malware Config

Signatures

Files

8457e0ef9219a79523fa94fded26bce8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1bCertificate

Extended Key Usages

Key Usages

97:70:7c:2d:9b:92:8e:8e:b7:d4:fb:7e:12:de:02:f5:09:37:13:c8Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 8.4MB - Virtual size: 8.4MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

97:70:7c:2d:9b:92:8e:8e:b7:d4:fb:7e:12:de:02:f5:09:37:13:c8
Signer

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8.4MB - Virtual size: 8.4MB