05e903a2f788ca08eb560abc9f7f4554_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05e903a2f788ca08eb560abc9f7f4554_JaffaCakes118
Size

601KB
MD5

05e903a2f788ca08eb560abc9f7f4554
SHA1

135056782a45c732361258a6f388c7caec026475
SHA256

1f3589968df51d6308c477ec9fe2649b5f27668ebdc029aeb38d16a4c370937f
SHA512

4cc4fca6538340ae0508d8debd6650e1a118422bdecf43fb1ee1ea05fb29c60df12260010ea2e53fe8e51665cc4ef9e66ed819fabc3a6cc76eb76605a387aa90
SSDEEP

12288:8o3TtR8/r6EwIBVWOt5B8JI8EDLGYYFJC:z8z9BHt52IPDLGYYFM

Score

1^/10

Malware Config

Signatures

Files

05e903a2f788ca08eb560abc9f7f4554_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

caa1e5e9cd853deace74b99381f39ddd

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:ca:c0:20:4e:26:af:c8:93:f8:a3:db:73:e0:1c:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2011, 00:00

Not After

16/07/2013, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

34:0f:bc:96:55:d5:54:d4:3f:46:01:06:50:38:21:43:f4:33:a4:d5
Signer

Actual PE Digest

34:0f:bc:96:55:d5:54:d4:3f:46:01:06:50:38:21:43:f4:33:a4:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\workDir\QvodPlayer5\chenkai\bin130104\npQvodInsert.pdb

Imports

qvodstatistic

SendStat

kernel32

HeapReAlloc
CloseHandle
CreateThread
Sleep
lstrcmpiA
ResetEvent
LocalAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
LocalFree
GetLogicalDriveStringsW
SetEvent
CreateMutexW
GetProcAddress
GlobalFree
lstrcpynW
DebugBreak
CreateProcessW
CreateEventW
ReleaseMutex
RemoveDirectoryW
GetTempFileNameW
VirtualQuery
SizeofResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
LCMapStringW
WaitForSingleObject
InterlockedDecrement
ExitProcess
ReadFile
GetConsoleMode
GetConsoleCP
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
HeapCreate
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
GetSystemInfo
GetModuleHandleA
VirtualProtect
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
HeapFree
HeapAlloc
GetProcessHeap
GetThreadLocale
SetThreadLocale
GetModuleHandleW
SetLastError
GetCurrentThreadId
GlobalAlloc
LockResource
LoadResource
FindResourceW
FindResourceExW
GetFileAttributesW
GetModuleFileNameW
CreateDirectoryW
GetEnvironmentVariableW
GetVersionExW
CreateFileW
GetLastError
GlobalLock
GlobalUnlock
MulDiv
GetCurrentProcess
FlushInstructionCache
InterlockedIncrement
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetTickCount
SetThreadExecutionState
LoadLibraryExW
FindFirstFileW
FindNextFileW
FindClose
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcpyW
lstrlenA
GetTempPathW
GetLocalTime
DeleteFileW
MoveFileW
lstrlenW
MultiByteToWideChar
LCMapStringA
lstrcmpW
GetModuleFileNameA

user32

RemoveMenu
GetMenuItemCount
ShowCursor
SetFocus
SetWindowLongW
GetWindowLongW
SetWindowPos
GetWindowRect
GetClientRect
GetDC
ReleaseDC
SetTimer
KillTimer
AppendMenuW
CallWindowProcW
DefWindowProcW
LoadStringW
wsprintfW
PostMessageW
UnregisterClassA
LoadMenuW
GetSubMenu
GetMenuState
TrackPopupMenu
MessageBoxW
DdeInitializeW
DdeCreateStringHandleW
DdeConnect
DdeClientTransaction
DdeFreeDataHandle
DdeDisconnect
DdeFreeStringHandle
CreateAcceleratorTableW
IsWindow
GetDoubleClickTime
FillRect
EnumDisplayMonitors
GetCursorPos
TrackMouseEvent
CharNextW
DestroyWindow
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
BeginPaint
PtInRect
UnionRect
ShowWindow
GetClassInfoExW
LoadCursorW
IsChild
GetFocus
GetParent
InvalidateRect
GetKeyState
RegisterClassExW
CreateWindowExW
DestroyCursor
SetCursor
GetDesktopWindow
ReleaseCapture
SendMessageW
SetCapture
CharLowerA
EnumDisplaySettingsW
FindWindowExW
GetClassNameW
FindWindowW
SetWindowTextW
IsWindowVisible
SetParent
GetWindow
GetWindowTextW
GetWindowTextLengthW
InsertMenuW
CheckMenuItem
ScreenToClient
CheckMenuRadioItem
EnableMenuItem
ModifyMenuW
RegisterWindowMessageW
GetSysColor
MoveWindow
ClientToScreen
InvalidateRgn
RedrawWindow
GetDlgItem
DestroyAcceleratorTable
InsertMenuItemW
DeleteMenu
DdeUninitialize

gdi32

CreateRectRgn
CombineRgn
LPtoDP
SetMapMode
SetViewportOrgEx
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CreateEllipticRgn
DeleteMetaFile
GetDeviceCaps
CreateRectRgnIndirect
CreateSolidBrush
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetStockObject
CreatePolygonRgn
TextOutW
SetTextAlign
CreateFontIndirectW
Rectangle
SelectClipRgn
GetClipRgn
CloseMetaFile
GetObjectW
CreateCompatibleBitmap

advapi32

RegCreateKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoInitialize
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoUninitialize
StringFromGUID2
ReadClassStm
OleSaveToStream
WriteClassStm
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CreateOleAdviseHolder
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysStringLen
OleCreatePropertyFrame
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen
OleCreateFontIndirect
VarUI4FromStr
SysFreeString
SysAllocString
VariantCopy
VariantClear
VariantInit

shlwapi

PathFileExistsW

ws2_32

WSASend
WSAResetEvent
WSARecv
WSAEventSelect
WSAGetOverlappedResult
WSACreateEvent
WSAStartup
closesocket
WSASocketW
WSASetLastError
WSAConnect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSASetEvent
freeaddrinfo
getaddrinfo
WSACleanup

gdiplus

GdipSetImageAttributesColorMatrix
GdipBitmapGetPixel
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeletePen
GdipCreatePen1
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateFromHWND
GdipCloneBrush
GdipDrawImageRectRectI
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDeleteBrush
GdipAlloc
GdipFree
GdipTranslateWorldTransform
GdipDrawRectangleI
GdipMeasureString
GdipCloneBitmapAreaI
GdipDrawImageRectI
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup
GdipCreateBitmapFromGdiDib
GdipSaveImageToFile
GdipCloneImage
GdipDrawString
GdipDeleteFont

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CryptDecodeObject
CertGetNameStringW
CryptQueryObject

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

WinVerifyTrust

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caa1e5e9cd853deace74b99381f39ddd

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

2c:ca:c0:20:4e:26:af:c8:93:f8:a3:db:73:e0:1c:70Certificate

Extended Key Usages

Key Usages

34:0f:bc:96:55:d5:54:d4:3f:46:01:06:50:38:21:43:f4:33:a4:d5Signer

Headers

File Characteristics

PDB Paths

Imports

qvodstatistic

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

gdiplus

crypt32

version

wintrust

Exports

Exports

Sections

.text Size: 411KB - Virtual size: 411KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 21KB - Virtual size: 30KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 31KB - Virtual size: 31KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

2c:ca:c0:20:4e:26:af:c8:93:f8:a3:db:73:e0:1c:70
Certificate

34:0f:bc:96:55:d5:54:d4:3f:46:01:06:50:38:21:43:f4:33:a4:d5
Signer

.text
Size: 411KB - Virtual size: 411KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 21KB - Virtual size: 30KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 31KB - Virtual size: 31KB