417a48a71f8b57758c1841657cc26d3f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

417a48a71f8b57758c1841657cc26d3f_JaffaCakes118
Size

220KB
MD5

417a48a71f8b57758c1841657cc26d3f
SHA1

793e8ac0aaf7ce7d97496350432185306e7c65f1
SHA256

6842ada96f7d11938aa70a3124fc14d7c9f6cacaf9fa52b2dbd26a9b7d5fb899
SHA512

586f07e8288400eb237ae76318172593dc3f8ff43bb62b5fe2da84f763cb5911d5296384e0d2dca71e410376b5b9eef259008f2324891e09d451adea1a4d5d4e
SSDEEP

3072:U3soaZuv0JuFvqwTOi3Vqz+TG4uaz5YnOlMq6X8Cw5MjASmy4D/n8NB/O5HBP:U8l78FnHMhWMq6X8hMgRD/n025x

Score

1^/10

Malware Config

Signatures

Files

417a48a71f8b57758c1841657cc26d3f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8891f363273358e92835f685674533cd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:d0:08:39:0d:fc:9c:e1:f5:7a:1c:ba:05:4d:be:67:a8:c1:58:89
Signer

Actual PE Digest

25:d0:08:39:0d:fc:9c:e1:f5:7a:1c:ba:05:4d:be:67:a8:c1:58:89

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\qihoo\360se5\trunk\bin\statistic.pdb

Imports

kernel32

InterlockedDecrement
GetModuleFileNameW
lstrcmpA
lstrcmpiA
GetProcAddress
InterlockedIncrement
GetModuleHandleA
ExitProcess
TerminateProcess
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
DeleteFileW
GetModuleHandleW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
SetStdHandle
HeapSize
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapReAlloc
VirtualAlloc
EnterCriticalSection
TlsFree
WriteFile
TlsAlloc
ReadFile
SetFileTime
SetFilePointer
CreateFileW
GetDiskFreeSpaceExW
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerW
WideCharToMultiByte
lstrlenW
GetTempFileNameW
GetTempPathW
GetLastError
ResetEvent
CancelWaitableTimer
WaitForMultipleObjects
GetTickCount
MultiByteToWideChar
lstrlenA
TlsSetValue
IsBadWritePtr
IsBadReadPtr
GetCurrentProcess
Sleep
WaitForSingleObject
SetEvent
CreateEventW
DeviceIoControl
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapDestroy
HeapCreate
LCMapStringW
LCMapStringA
SetLastError
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
RaiseException
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
GetCurrentThreadId
ExitThread
CloseHandle
FlushFileBuffers

advapi32

RegQueryInfoKeyW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString

shlwapi

SHSetValueW
PathAppendW
PathRemoveFileSpecW
SHDeleteKeyW
SHGetValueA
StrStrIW
PathGetDriveNumberW
SHGetValueW

wininet

FtpCommandW
InternetWriteFile
HttpEndRequestW
FtpOpenFileW
InternetReadFileExA
InternetGetLastResponseInfoW
InternetSetStatusCallbackW
InternetCloseHandle
InternetOpenW
FtpGetFileSize
InternetSetOptionW
InternetConnectW
InternetQueryOptionW
InternetCrackUrlW
InternetReadFile
HttpQueryInfoW
HttpSendRequestExW
HttpOpenRequestW
InternetSetOptionA

urlmon

ObtainUserAgentString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

Netbios

Exports

Exports

AddValue
SetValue
UpdateAll

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8891f363273358e92835f685674533cd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

25:d0:08:39:0d:fc:9c:e1:f5:7a:1c:ba:05:4d:be:67:a8:c1:58:89Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

wininet

urlmon

version

netapi32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

25:d0:08:39:0d:fc:9c:e1:f5:7a:1c:ba:05:4d:be:67:a8:c1:58:89
Signer

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB