407539d0ad149fdf6ebdc74d9f419051_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

407539d0ad149fdf6ebdc74d9f419051_JaffaCakes118
Size

891KB
MD5

407539d0ad149fdf6ebdc74d9f419051
SHA1

be49fafb7d586c3ee58c395fe45c4fe10f73a600
SHA256

bfe372e4d583b7a028f27380409003f2ae8428570c4bcb1f67c9b19df506c76d
SHA512

9937226abb6581ea8b078194445b4b321ece288c0e79781de8af5eadea0e9d5f8e24a556ac80c548da6eeee27f26477a5f02051b6ae8e7662a119877bec2a24e
SSDEEP

24576:hX1zz8+gddxn/pR++a1V28wxQea4ftM4x6:hXhKbxBMP2lCwftM4x6

Score

1^/10

Malware Config

Signatures

Files

407539d0ad149fdf6ebdc74d9f419051_JaffaCakes118
.zip
AiBooster_OnlineSetup.exe
.exe windows:5 windows x86 arch:x86

3f6156b7535eb3659958a617790bf323

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:ce:6e:67:4d:4b:d1:f2:98:b2:00:ba:6a:1d:a0:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16-07-2011 00:00

Not After

13-09-2012 23:59

Subject

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f5:71:ef:e3:7f:b3:0e:2a:52:a5:5e:7f:d4:31:76:cb:1c:30:d4:44
Signer

Actual PE Digest

f5:71:ef:e3:7f:b3:0e:2a:52:a5:5e:7f:d4:31:76:cb:1c:30:d4:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
CreateMutexW
Sleep
SuspendThread
ResumeThread
ResetEvent
FlushFileBuffers
InterlockedExchange
WaitForMultipleObjects
CreateThread
SetUnhandledExceptionFilter
GetTempPathW
CompareStringW
TerminateProcess
lstrcpyW
lstrlenW
SetEndOfFile
GetFileSizeEx
ReleaseMutex
VerLanguageNameW
lstrcpynA
GetCommandLineW
MoveFileW
GetTempFileNameW
ExpandEnvironmentStringsW
InterlockedExchangeAdd
lstrlenA
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetProcessPriorityBoost
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
GetStartupInfoW
GetSystemTimeAsFileTime
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
SetThreadPriority
GetProcessPriorityBoost
OpenThread
SetPriorityClass
GetPriorityClass
CreateProcessW
GetExitCodeProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetCurrentProcess
OpenProcess
SetLastError
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
GetSystemInfo
CreateDirectoryW
GetFileAttributesW
DeleteFileW
SetFilePointer
ReadFile
WriteFile
GetFileSize
CreateFileW
LocalFree
GlobalDeleteAtom
GlobalAddAtomW
GetModuleHandleW
TerminateThread
SetEvent
WaitForSingleObject
CreateEventW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
LockResource
LoadResource
SizeofResource
FindResourceW
FindClose
FindNextFileW
FindFirstFileW
CloseHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GlobalUnlock
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
GetLastError
GetTickCount
GetModuleFileNameW
GetModuleHandleA

user32

ChildWindowFromPoint
LoadCursorW
TrackMouseEvent
GetWindowRgn
SetRect
MessageBeep
PostMessageW
DestroyCursor
GetClassInfoExW
wsprintfA
LoadIconW
SetWindowTextW
DestroyIcon
PostQuitMessage
InflateRect
RegisterWindowMessageW
IsWindow
DefWindowProcW
SetTimer
IsWindowVisible
KillTimer
ShowWindow
DestroyMenu
WindowFromDC
EndPaint
GetIconInfo
DrawIconEx
LookupIconIdFromDirectoryEx
SetMenuItemInfoW
CopyImage
LoadImageW
SetFocus
GetFocus
IsZoomed
CallWindowProcW
CreateWindowExW
SetWindowLongW
SetCapture
GetCapture
GetWindowLongW
GetSystemMetrics
GetParent
SetWindowRgn
GetClientRect
GetPropW
SetPropW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
SetMenuInfo
GetMenuInfo
GetWindow
SetWindowPos
IsWindowEnabled
EnableWindow
GetKeyState
IsRectEmpty
GetWindowPlacement
RegisterHotKey
UnregisterHotKey
LoadMenuW
TrackPopupMenu
GetSubMenu
InsertMenuItemW
DeleteMenu
BeginPaint
GetMenuItemInfoW
GetWindowRect
ScreenToClient
GetDesktopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetForegroundWindow
AttachThreadInput
EnumWindows
CreateIconFromResourceEx
EnableMenuItem
DestroyWindow
SystemParametersInfoW
GetDC
ReleaseDC
OffsetRect
DrawTextW
IsIconic
ClientToScreen
SetCursor
SendMessageW
SetForegroundWindow
SetActiveWindow
UpdateWindow
GetWindowTextLengthW
GetWindowTextW
InvalidateRect
IntersectRect
GetCursorPos
PtInRect

gdi32

CreatePolygonRgn
FillRgn
CreateCompatibleBitmap
StretchBlt
GetClipBox
SetStretchBltMode
CreateDIBSection
DeleteDC
CreateCompatibleDC
EnumFontFamiliesW
CreateFontIndirectW
CreateSolidBrush
CreateRoundRectRgn
DeleteObject
GetCurrentObject
GetObjectW
SelectObject
SetTextColor
SetBkColor
SetBkMode
CreateRectRgn
ExtSelectClipRgn
BitBlt
RoundRect
Rectangle
MoveToEx
LineTo
OffsetRgn
CombineRgn
SetRectRgn
CreatePen
GetClipRgn
ExtTextOutW
GetStockObject

advapi32

RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegFlushKey
RegCreateKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

ExtractIconExW
DragFinish
DragQueryFileW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
IIDFromString

oleaut32

SysFreeString
SysAllocString
VariantClear
SysReAllocString

comctl32

InitCommonControlsEx

gdiplus

GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDisposeImage
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHICON
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateHICONFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAlloc
GdipFree
GdipCreateBitmapFromStream

msimg32

TransparentBlt
AlphaBlend
GradientFill

shlwapi

SHRegGetUSValueW
SHRegSetUSValueW

uxtheme

EnableTheming
IsThemeActive

powrprof

GetActivePwrScheme
SetActivePwrScheme

ntdll

NtQuerySystemInformation
RtlNtStatusToDosError
NtOpenProcess
NtDuplicateObject
NtQueryInformationProcess
NtClose
NtResumeProcess
RtlGetVersion
RtlUnwind
RtlAdjustPrivilege

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

ws2_32

select
__WSAFDIsSet
WSAStartup
socket
htons
ioctlsocket
connect
closesocket
getsockopt
recv
WSACleanup
inet_ntoa
send
gethostbyname

wininet

HttpSendRequestW
HttpAddRequestHeadersW
InternetSetOptionW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

Exports

Exports

??0CLimitEngine@@QAE@XZ
??1CLimitEngine@@QAE@XZ
?BlIsCpuLimited@CLimitEngine@@QAEHK@Z
?BlLimitCpu@CLimitEngine@@QAEJPAU_ENGINE_CONFIG@@@Z
?BlUnlimtAllCpu@CLimitEngine@@QAEXXZ
?BlUnlimtCpu@CLimitEngine@@QAEJKK@Z
?BplGetCpuIndex@CLimitEngine@@IAEKK@Z
?BplLimitCpuWorker@CLimitEngine@@KGIPAX@Z

Sections

.text
Size: 610KB - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 542KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ź˵.txt
_صϷ_ֻϷشȫ_pspϷ_ؿ첥.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

3f6156b7535eb3659958a617790bf323

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

75:ce:6e:67:4d:4b:d1:f2:98:b2:00:ba:6a:1d:a0:79Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f5:71:ef:e3:7f:b3:0e:2a:52:a5:5e:7f:d4:31:76:cb:1c:30:d4:44Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

msimg32

shlwapi

uxtheme

powrprof

ntdll

version

iphlpapi

ws2_32

wininet

Exports

Exports

Sections

.text Size: 610KB - Virtual size: 609KB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 26KB - Virtual size: 326KB

.rsrc Size: 542KB - Virtual size: 541KB

.reloc Size: 97KB - Virtual size: 96KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

75:ce:6e:67:4d:4b:d1:f2:98:b2:00:ba:6a:1d:a0:79
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f5:71:ef:e3:7f:b3:0e:2a:52:a5:5e:7f:d4:31:76:cb:1c:30:d4:44
Signer

.text
Size: 610KB - Virtual size: 609KB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 26KB - Virtual size: 326KB

.rsrc
Size: 542KB - Virtual size: 541KB

.reloc
Size: 97KB - Virtual size: 96KB