f6bc077de74bebff0ccd95857897fe79_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6bc077de74bebff0ccd95857897fe79_JaffaCakes118
Size

938KB
MD5

f6bc077de74bebff0ccd95857897fe79
SHA1

2f92a4204d8b83fc9ccd5ea05d023a4f321aad7d
SHA256

817f94095e210e3c84bec35c179e9fbc9555e9071286c10f3ac418d941c7e28b
SHA512

717bf9d0898457f51c4a7ab5b8b3cf8ebd23ae0a5438dc1c6d39d839e228a777c7907f70d5a663895396bd908cfaa100d75782ca33f59ced715d2fa51dbf672f
SSDEEP

12288:PL2LTwzv/m7Fw1HndY28CshfwFVqnFgfUgpc7/RX0etajD30SKdXPa:PLEwzv/m7Fke24CUZbRX09D30SKNa

Score

1^/10

Malware Config

Signatures

Files

f6bc077de74bebff0ccd95857897fe79_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a0da261305ad549b06fccf7f44044c95

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:72:a2:b9:e5:e2:83:c0:5f:53:52:53:2e:09:b5:7e:1e:7e:1d:9e
Signer

Actual PE Digest

b1:72:a2:b9:e5:e2:83:c0:5f:53:52:53:2e:09:b5:7e:1e:7e:1d:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kis_2012_sp2.1_1334_fb\product\win32\dbginfo\kswebshield.pdb

Imports

psapi

GetModuleFileNameExA
GetModuleInformation
GetModuleFileNameExW

kernel32

GetModuleHandleW
WideCharToMultiByte
FindResourceW
GetProcAddress
SizeofResource
IsBadWritePtr
GetVersionExW
IsBadReadPtr
VirtualProtect
CreateThread
ResumeThread
GetSystemInfo
VirtualQueryEx
VirtualAllocEx
VirtualFreeEx
DisableThreadLibraryCalls
GetModuleHandleA
LocalAlloc
LocalFree
lstrcatW
LoadLibraryW
FreeLibrary
SetEvent
WaitForSingleObject
CreateEventW
InterlockedIncrement
ResetEvent
InterlockedDecrement
LoadLibraryA
InterlockedCompareExchange
FindFirstFileW
FindClose
VirtualAlloc
lstrlenA
OpenMutexW
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
GetFileSize
SetFilePointer
HeapFree
GetSystemDirectoryW
GetWindowsDirectoryW
TerminateThread
TerminateProcess
GetLongPathNameA
DuplicateHandle
GetTempPathA
GetPrivateProfileStringA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiA
HeapCreate
HeapDestroy
GetPrivateProfileIntW
HeapAlloc
CreateProcessA
LoadLibraryExA
LoadLibraryExW
CopyFileExA
CopyFileExW
CopyFileA
CopyFileW
WinExec
VirtualFree
CreateProcessW
SearchPathW
GetLongPathNameW
GetExitCodeThread
GetPrivateProfileStringW
GetWindowsDirectoryA
GetFullPathNameA
CreateFileA
CreateFileMappingW
VirtualQuery
GetTickCount
SetLastError
lstrcpyA
lstrcpynW
DeleteFileW
GetThreadLocale
OutputDebugStringA
CreateDirectoryA
GetTempFileNameW
GetTempPathW
GetPrivateProfileSectionNamesW
GetShortPathNameW
GetCurrentProcessId
TlsFree
TlsSetValue
InterlockedExchange
GetFileSizeEx
GetFileInformationByHandle
TlsGetValue
GetCurrentThreadId
GetCurrentDirectoryW
FindNextFileW
GetDriveTypeW
TlsAlloc
DebugBreak
WaitForMultipleObjects
GetProcessHeap
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
ExitThread
GetVersionExA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetStdHandle
HeapSize
RaiseException
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadFile
WriteFile
Sleep
CloseHandle
CreateFileW
GetLastError
WaitNamedPipeW
GetFileAttributesA
MultiByteToWideChar
GetModuleFileNameA
GetCurrentProcess
FindResourceExW
lstrlenW
LoadResource
LockResource
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemDirectoryA
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind

user32

PostMessageW
LoadBitmapW
IsWindow
SetWindowLongW
ShowWindow
LoadCursorW
RegisterClassExW
SetFocus
GetClientRect
ValidateRect
DefWindowProcW
CallWindowProcW
CreateWindowExW
SetLayeredWindowAttributes
IsZoomed
GetWindowRect
SetWindowPos
InvalidateRect
GetParent
GetWindowLongW
GetWindowThreadProcessId
GetWindowTextLengthW
EnumWindows
RegisterWindowMessageW
EnumChildWindows
IsWindowVisible
SendMessageTimeoutW
GetDlgItemTextW
GetClassNameW
CharLowerBuffW
wsprintfW
wsprintfA
UnregisterClassA
CharLowerW
CharNextW

gdi32

DeleteDC
StretchBlt
BitBlt
CreateCompatibleDC
Rectangle
SelectObject
GetObjectW
CreatePen
CreateSolidBrush
DeleteObject

advapi32

RegQueryValueA
RegOpenKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyExW

shell32

DragQueryFileW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
CoInitialize
CoUninitialize
CoInitializeEx
CoGetInterfaceAndReleaseStream

oleaut32

SysStringLen
VariantInit
SafeArrayAccessData
SysAllocString
VariantClear
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
SafeArrayUnaccessData

shlwapi

StrStrIA
PathRemoveFileSpecA
PathAppendA
PathFileExistsA
StrCmpNIA
StrCmpIW
PathIsDirectoryA
PathIsRootA
PathIsURLW
PathIsURLA
StrDupW
PathIsFileSpecW
PathFindExtensionW
StrCmpNIW
PathIsUNCW
PathFindFileNameA
PathIsDirectoryW
StrStrA
PathFindFileNameW
PathAppendW
PathQuoteSpacesW
PathFileExistsW
PathRemoveFileSpecW
PathRemoveArgsW
StrStrIW
PathUnquoteSpacesW

wininet

InternetCrackUrlA
InternetCrackUrlW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSASetLastError
WSAGetLastError

oleacc

ObjectFromLresult

Exports

Exports

GetUWL
IsMatched
MatchingUWUrl
MatchingUrl
ProcessUWUrl
UrlProcess

Sections

.text
Size: 740KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0da261305ad549b06fccf7f44044c95

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1bCertificate

Extended Key Usages

Key Usages

b1:72:a2:b9:e5:e2:83:c0:5f:53:52:53:2e:09:b5:7e:1e:7e:1d:9eSigner

Headers

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

version

ws2_32

oleacc

Exports

Exports

Sections

.text Size: 740KB - Virtual size: 739KB

.rdata Size: 125KB - Virtual size: 124KB

.data Size: 16KB - Virtual size: 39KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 47KB - Virtual size: 47KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

b1:72:a2:b9:e5:e2:83:c0:5f:53:52:53:2e:09:b5:7e:1e:7e:1d:9e
Signer

.text
Size: 740KB - Virtual size: 739KB

.rdata
Size: 125KB - Virtual size: 124KB

.data
Size: 16KB - Virtual size: 39KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 47KB - Virtual size: 47KB