01c479e46c15350f590c04069d1bbb6c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01c479e46c15350f590c04069d1bbb6c_JaffaCakes118
Size

2.2MB
MD5

01c479e46c15350f590c04069d1bbb6c
SHA1

8240e2e9a42325f813cfc4723458c61512dc4793
SHA256

e8f73c96ce82141c502411d084e89df265e842af91fc21ef8c305d0052f76d53
SHA512

46f6933b0768bd5a586de07c6674ea7afe48bf6fecf0cff753c1cda26325fbc719096222ead716c4a6bafca56b4875e7979546326e59a5352c0500ba80ad6677
SSDEEP

49152:eaUJRMMMGT5LxpvXwnpFkugakrvi/N41zSOelTZ1x4+:eaWVjEn3gAvx4+

Score

1^/10

Malware Config

Signatures

Files

01c479e46c15350f590c04069d1bbb6c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fbcdc1e929e32f8a583d50aa212c3f2b

Code Sign

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3d
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

06/04/2016, 03:19

Not After

06/01/2018, 03:19

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

06/04/2016, 03:28

Not After

06/01/2018, 03:28

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b4:9c:ff:62:f5:46:86:69:a9:ab:2c:9f:d0:43:c8:75:a4:d5:bc:e3:a6:ac:3b:31:8e:ed:bc:a8:60:63:ee:f4
Signer

Actual PE Digest

b4:9c:ff:62:f5:46:86:69:a9:ab:2c:9f:d0:43:c8:75:a4:d5:bc:e3:a6:ac:3b:31:8e:ed:bc:a8:60:63:ee:f4

Digest Algorithm

sha256

PE Digest Matches

true

8c:1a:5d:21:a7:c4:73:16:d8:da:a0:3a:15:c6:08:18:2d:db:59:76
Signer

Actual PE Digest

8c:1a:5d:21:a7:c4:73:16:d8:da:a0:3a:15:c6:08:18:2d:db:59:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesExA
GetFullPathNameA
GetLastError
GetLongPathNameA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempPathA
GetThreadContext
GetThreadPriority
GetTickCount
GetWindowsDirectoryA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__dllonexit
__mb_cur_max
__setusermatherr
_amsg_exit
_beginthreadex
_endthreadex
_errno
_exit
_findclose
_findnext
_ftime64
_fullpath
_get_osfhandle
_initterm
_iob
_lock
_mbsrchr
_mkdir
_mktemp
_onexit
_setjmp3
_snwprintf
_stati64
_vsnprintf
time
localtime
gmtime
calloc
exit
fclose
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
ftell
fwprintf
fwrite
getc
getenv
isalpha
islower
isspace
isupper
isxdigit
localeconv
log10
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putchar
puts
qsort
raise
rand
realloc
rename
rewind
setlocale
sinh
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncat
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
_strdup
_stricmp
_strnicmp
_unlock
abort
atan2
atoi
atol
time
tolower
ungetc
vfprintf
wcscpy
wcslen
bsearch
_findfirst
longjmp
_hypot
_write
_unlink
_strdup
_rmdir
_read
_open
_fdopen
_close
_chmod
_access

user32

MessageBoxW

avcodec-56

av_fft_calc
av_fft_end
av_fft_init
av_fft_permute
av_free_packet
av_init_packet
av_rdft_calc
av_rdft_end
av_rdft_init
avcodec_alloc_context3
avcodec_close
avcodec_dct_alloc
avcodec_dct_get_class
avcodec_dct_init
avcodec_decode_audio4
avcodec_decode_subtitle2
avcodec_decode_video2
avcodec_descriptor_get
avcodec_encode_video
avcodec_encode_video2
avcodec_find_decoder
avcodec_find_encoder
avcodec_flush_buffers
avcodec_get_name
avcodec_open2
avpriv_do_elbg
avpriv_init_elbg
avsubtitle_free

avformat-56

av_find_best_stream
av_find_input_format
av_read_frame
av_register_all
av_seek_frame
avformat_close_input
avformat_find_stream_info
avformat_match_stream_specifier
avformat_open_input

avutil-54

av_adler32_update
av_asprintf
av_audio_fifo_alloc
av_audio_fifo_free
av_audio_fifo_read
av_audio_fifo_realloc
av_audio_fifo_size
av_audio_fifo_space
av_audio_fifo_write
av_bprint_channel_layout
av_bprint_chars
av_bprint_clear
av_bprint_finalize
av_bprint_init
av_bprint_strftime
av_bprintf
av_buffer_create
av_buffer_ref
av_buffer_unref
av_calloc
av_channel_layout_extract_channel
av_cpu_count
av_d2q
av_default_item_name
av_dict_copy
av_dict_free
av_dict_get
av_dict_set
av_dict_set_int
av_display_rotation_get
av_div_q
av_dynarray2_add
av_escape
av_expr_eval
av_expr_free
av_expr_parse
av_expr_parse_and_eval
av_fast_malloc
av_fifo_alloc
av_fifo_alloc_array
av_fifo_freep
av_fifo_generic_read
av_fifo_generic_write
av_fifo_realloc2
av_fifo_size
av_fifo_space
av_file_map
av_file_unmap
av_find_best_pix_fmt_of_2
av_frame_alloc
av_frame_clone
av_frame_copy
av_frame_copy_props
av_frame_free
av_frame_get_best_effort_timestamp
av_frame_get_buffer
av_frame_get_channel_layout
av_frame_get_channels
av_frame_get_color_range
av_frame_get_colorspace
av_frame_get_metadata
av_frame_get_pkt_pos
av_frame_get_plane_buffer
av_frame_get_qp_table
av_frame_get_side_data
av_frame_is_writable
av_frame_make_writable
av_frame_move_ref
av_frame_ref
av_frame_remove_side_data
av_frame_set_channel_layout
av_frame_set_channels
av_frame_set_colorspace
av_frame_set_pkt_pos
av_frame_set_sample_rate
av_frame_unref
av_free
av_freep
av_gcd
av_get_bits_per_pixel
av_get_bytes_per_sample
av_get_channel_layout
av_get_channel_layout_channel_index
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_channel_name
av_get_cpu_flags
av_get_default_channel_layout
av_get_int
av_get_media_type_string
av_get_packed_sample_fmt
av_get_padded_bits_per_pixel
av_get_picture_type_char
av_get_pix_fmt
av_get_pix_fmt_name
av_get_planar_sample_fmt
av_get_random_seed
av_get_sample_fmt
av_get_sample_fmt_name
av_get_token
av_gettime
av_gettime_relative
av_image_alloc
av_image_check_size
av_image_copy
av_image_copy_plane
av_image_fill_linesizes
av_image_fill_max_pixsteps
av_image_get_linesize
av_int_list_length_for_size
av_isdigit
av_isgraph
av_isspace
av_lfg_init
av_log
av_log_get_level
av_malloc
av_mallocz
av_memdup
av_mul_q
av_opt_eval_flags
av_opt_find
av_opt_free
av_opt_get_key_value
av_opt_next
av_opt_set
av_opt_set_bin
av_opt_set_defaults
av_opt_set_dict
av_opt_set_int
av_opt_set_sample_fmt
av_parse_color
av_parse_ratio
av_parse_time
av_parse_video_size
av_pix_fmt_count_planes
av_pix_fmt_desc_get
av_pix_fmt_desc_get_id
av_pix_fmt_desc_next
av_pixelutils_get_sad_fn
av_read_image_line
av_realloc
av_realloc_array
av_realloc_f
av_reduce
av_rescale
av_rescale_q
av_rescale_q_rnd
av_rescale_rnd
av_sample_fmt_is_planar
av_samples_alloc_array_and_samples
av_samples_copy
av_samples_set_silence
av_set_options_string
av_stereo3d_create_side_data
av_strcasecmp
av_strdup
av_strerror
av_strlcatf
av_strlcpy
av_strtod
av_strtok
av_timecode_init_from_string
av_timecode_make_string
av_tree_destroy
av_tree_enumerate
av_tree_find
av_tree_insert
av_tree_node_alloc
av_vlog
av_write_image_line
avpriv_cga_font
avpriv_float_dsp_alloc
avpriv_frame_get_metadatap
avpriv_set_systematic_pal2
avpriv_vga16_font

postproc-53

pp_free_context
pp_free_mode
pp_get_context
pp_get_mode_by_name_and_quality
pp_postprocess

swresample-1

swr_alloc
swr_alloc_set_opts
swr_convert
swr_free
swr_get_class
swr_get_delay
swr_init
swr_next_pts
swr_set_channel_mapping
swr_set_matrix

swscale-3

sws_alloc_context
sws_freeContext
sws_freeVec
sws_getCachedContext
sws_getCoefficients
sws_getColorspaceDetails
sws_getContext
sws_getGaussianVec
sws_get_class
sws_init_context
sws_isSupportedEndiannessConversion
sws_isSupportedInput
sws_isSupportedOutput
sws_scale
sws_scaleVec
sws_setColorspaceDetails

Exports

Exports

av_abuffersink_params_alloc
av_buffersink_get_buffer_ref
av_buffersink_get_frame
av_buffersink_get_frame_flags
av_buffersink_get_frame_rate
av_buffersink_get_samples
av_buffersink_params_alloc
av_buffersink_poll_frame
av_buffersink_read
av_buffersink_read_samples
av_buffersink_set_frame_size
av_buffersrc_add_frame
av_buffersrc_add_frame_flags
av_buffersrc_add_ref
av_buffersrc_buffer
av_buffersrc_get_nb_failed_requests
av_buffersrc_write_frame
av_filter_ffversion
av_filter_next
avfilter_add_matrix
avfilter_all_channel_layouts
avfilter_config_links
avfilter_configuration
avfilter_copy_buf_props
avfilter_copy_buffer_ref_props
avfilter_copy_frame_props
avfilter_free
avfilter_get_audio_buffer_ref_from_arrays
avfilter_get_audio_buffer_ref_from_arrays_channels
avfilter_get_audio_buffer_ref_from_frame
avfilter_get_buffer_ref_from_frame
avfilter_get_by_name
avfilter_get_class
avfilter_get_matrix
avfilter_get_video_buffer_ref_from_arrays
avfilter_get_video_buffer_ref_from_frame
avfilter_graph_add_filter
avfilter_graph_alloc
avfilter_graph_alloc_filter
avfilter_graph_config
avfilter_graph_create_filter
avfilter_graph_dump
avfilter_graph_free
avfilter_graph_get_filter
avfilter_graph_parse
avfilter_graph_parse2
avfilter_graph_parse_ptr
avfilter_graph_queue_command
avfilter_graph_request_oldest
avfilter_graph_send_command
avfilter_graph_set_auto_convert
avfilter_init_dict
avfilter_init_filter
avfilter_init_str
avfilter_inout_alloc
avfilter_inout_free
avfilter_insert_filter
avfilter_license
avfilter_link
avfilter_link_free
avfilter_link_get_channels
avfilter_link_set_closed
avfilter_make_format64_list
avfilter_mul_matrix
avfilter_next
avfilter_open
avfilter_pad_count
avfilter_pad_get_name
avfilter_pad_get_type
avfilter_process_command
avfilter_ref_buffer
avfilter_ref_get_channels
avfilter_register
avfilter_register_all
avfilter_sub_matrix
avfilter_transform
avfilter_uninit
avfilter_unref_buffer
avfilter_unref_bufferp
avfilter_version

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbcdc1e929e32f8a583d50aa212c3f2b

Code Sign

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3dCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

b4:9c:ff:62:f5:46:86:69:a9:ab:2c:9f:d0:43:c8:75:a4:d5:bc:e3:a6:ac:3b:31:8e:ed:bc:a8:60:63:ee:f4Signer

8c:1a:5d:21:a7:c4:73:16:d8:da:a0:3a:15:c6:08:18:2d:db:59:76Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

avcodec-56

avformat-56

avutil-54

postproc-53

swresample-1

swscale-3

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 12KB - Virtual size: 12KB

.rdata Size: 519KB - Virtual size: 519KB

.rodata Size: 512B - Virtual size: 416B

.bss Size: - Virtual size: 12KB

.edata Size: 3KB - Virtual size: 2KB

.idata Size: 13KB - Virtual size: 12KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 54KB - Virtual size: 54KB

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3d
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

b4:9c:ff:62:f5:46:86:69:a9:ab:2c:9f:d0:43:c8:75:a4:d5:bc:e3:a6:ac:3b:31:8e:ed:bc:a8:60:63:ee:f4
Signer

8c:1a:5d:21:a7:c4:73:16:d8:da:a0:3a:15:c6:08:18:2d:db:59:76
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 12KB - Virtual size: 12KB

.rdata
Size: 519KB - Virtual size: 519KB

.rodata
Size: 512B - Virtual size: 416B

.bss
Size: - Virtual size: 12KB

.edata
Size: 3KB - Virtual size: 2KB

.idata
Size: 13KB - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 54KB - Virtual size: 54KB