f054f59d3249fbfef214250c671e7095_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f054f59d3249fbfef214250c671e7095_JaffaCakes118
Size

409KB
MD5

f054f59d3249fbfef214250c671e7095
SHA1

b41c4294ce66d5778638779b119b2f2657ea45be
SHA256

c0b96fe5b203e8716cfca37f2be219be1136245f39a791a8c8a786d82528ffe0
SHA512

b892ee3f410ce167c4b781043f2d88718b7b523da43c1253b083e7c494c967967294fcd108eaedc4fb1fa33cbcd36355dde7b74b7a46e435d440538898a06205
SSDEEP

6144:8IOyuK3a1M4TRPpfY3if1i2q1pbJO60mrfaQ4ooR:JOyuKeM4T0if3EbQ0n5A

Score

1^/10

Malware Config

Signatures

Files

f054f59d3249fbfef214250c671e7095_JaffaCakes118
.exe windows:5 windows x86 arch:x86

84505aaf104e9b3d0f548a2f2ad1a39d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

22:92:48:99:cd:fc:a0:ab:28:cf:2f:91:c8:f2:24:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16-06-2015 00:00

Not After

25-07-2018 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f8:95:c6:59:74:c5:d1:5f:d6:18:ea:78:8e:59:9d:bc:68:18:6d:93
Signer

Actual PE Digest

f8:95:c6:59:74:c5:d1:5f:d6:18:ea:78:8e:59:9d:bc:68:18:6d:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Code\xl7_vip\src\CloudPlay\map\ProductRelease\MiniWebBrowser.pdb

Imports

kernel32

GetStartupInfoW
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
TerminateProcess
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetTempPathW
lstrcatW
GetFileAttributesW
CreateDirectoryW
IsBadCodePtr
VirtualQuery
lstrlenW
Sleep
lstrcpynW
CreateFileMappingW
MapViewOfFileEx
LocalFree
UnmapViewOfFile
CloseHandle
GetModuleHandleW
InitializeCriticalSection
InterlockedDecrement
lstrcpyW
InterlockedIncrement
DeleteCriticalSection
GetModuleFileNameW
CreateMutexW
GetLastError
FindResourceW
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryW
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetLastError
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetNativeSystemInfo
WritePrivateProfileStringW
GetPrivateProfileStringW
LoadLibraryA

user32

IsWindow
LoadImageW
GetSystemMetrics
BringWindowToTop
FindWindowExW
PostQuitMessage
FindWindowW
LoadCursorA
GetClassInfoExA
RegisterClassExA
CharNextW
UnregisterClassW
IntersectRect
PostMessageW
GetDlgItem
IsDialogMessageW
SetWindowContextHelpId
IsChild
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
MapDialogRect
GetFocus
GetClassInfoExW
EndPaint
BeginPaint
RegisterClassExW
DrawEdge
DrawFocusRect
GetMenu
AdjustWindowRectEx
CallWindowProcW
InflateRect
SetWindowRgn
SetWindowLongW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
UnregisterClassA
MessageBoxW
SetCapture
EnableWindow
IsWindowEnabled
KillTimer
SetTimer
RedrawWindow
InvalidateRect
UpdateWindow
ScreenToClient
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
MoveWindow
SetWindowTextW
CreateWindowExW
DefWindowProcW
PtInRect
ReleaseCapture
GetCapture
SystemParametersInfoW
DestroyWindow
GetParent
SendMessageW
LoadBitmapW
SetForegroundWindow
ShowWindow
LoadMenuW
GetSubMenu
GetCursorPos
TrackPopupMenu
GetDlgCtrlID
LoadCursorW
SetCursor

gdi32

GetStockObject
DeleteObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBkMode
GetObjectW
SetTextColor
ExtTextOutW
SetViewportOrgEx
CreateRoundRectRgn
SetBkColor
CreateFontIndirectW

advapi32

MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
DragQueryFileW
CommandLineToArgvW
Shell_NotifyIconW
SHAppBarMessage

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
ReleaseStgMedium

oleaut32

SysAllocString
SysFreeString
VarBstrCmp
VariantInit
VariantClear
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysAllocStringLen

atl90

ord31
ord64
ord60
ord42
ord37
ord43
ord44
ord48
ord40
ord30
ord49
ord56
ord68
ord61
ord23

shlwapi

StrCmpNIW
PathRemoveFileSpecW
StrCmpW
PathFindFileNameW
PathFileExistsW

comctl32

ImageList_Destroy
ImageList_SetBkColor
ImageList_Create
ImageList_ReplaceIcon
ImageList_Draw
_TrackMouseEvent
ImageList_GetIconSize
InitCommonControlsEx
ImageList_LoadImageW

msvcp90

?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@II@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?length@?$char_traits@_W@std@@SAIPB_W@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?eof@?$char_traits@_W@std@@SAGXZ
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z

msvcr90

??1exception@std@@UAE@XZ
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__CxxFrameHandler3
_wfopen
memset
tolower
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
__dllonexit
_unlock
fread
ferror
fclose
memcpy
wcschr
wcsrchr
_mbsnextc
_wcsnicmp
_strnicmp
_wcsicmp
_stricmp
malloc
sprintf_s
wcsncpy_s
free
wcsncpy
_purecall
swprintf_s
memmove_s
??_V@YAXPAX@Z
_recalloc
_itow
memcpy_s
memcmp
wcscpy
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_adjust_fdiv
??3@YAXPAX@Z

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84505aaf104e9b3d0f548a2f2ad1a39d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

22:92:48:99:cd:fc:a0:ab:28:cf:2f:91:c8:f2:24:8bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f8:95:c6:59:74:c5:d1:5f:d6:18:ea:78:8e:59:9d:bc:68:18:6d:93Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl90

shlwapi

comctl32

msvcp90

msvcr90

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 3KB - Virtual size: 11KB

.rsrc Size: 202KB - Virtual size: 201KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

22:92:48:99:cd:fc:a0:ab:28:cf:2f:91:c8:f2:24:8b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f8:95:c6:59:74:c5:d1:5f:d6:18:ea:78:8e:59:9d:bc:68:18:6d:93
Signer

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 11KB

.rsrc
Size: 202KB - Virtual size: 201KB