0d230f4f5540e0fca114d30c8cc1b2d3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d230f4f5540e0fca114d30c8cc1b2d3_JaffaCakes118
Size

913KB
MD5

0d230f4f5540e0fca114d30c8cc1b2d3
SHA1

cca2ffff793987df7dd50491593dc966903847a3
SHA256

b4b6cb0f84acef92f1e34eff099394e6d9a6553955eaaa4742c78d9fbb915f46
SHA512

5ea4a80f46dab485c49dca4b4c857e1fe7fd99224ada22f1d46a91ff5ec98f88fd45ebaaefcb5e03a2e21482c8f09e103904aea4e210c9c7b21550bd9380a0ae
SSDEEP

24576:yR7gqmxTKYKWo709fKh1XkjDReFNKRYDKX5:yyqmvo7rUsNKqS5

Score

1^/10

Malware Config

Signatures

Files

0d230f4f5540e0fca114d30c8cc1b2d3_JaffaCakes118
.dll windows:10 windows x86 arch:x86

7e26444ce35838ead3d440b775f8b9e6

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:d5:41:f5:3b:97:df:bc:a8:85:e7:0f:26:f0:4e:ae:f9:e3:94:c4
Signer

Actual PE Digest

ad:d5:41:f5:3b:97:df:bc:a8:85:e7:0f:26:f0:4e:ae:f9:e3:94:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dcomp.pdb

Imports

win32u

NtDCompositionEnableDDASupport
NtDCompositionEnableMMCSS
NtDCompositionProcessChannelBatchBuffer
NtDCompositionSynchronize
NtDCompositionCurrentBatchId
NtDCompositionGetDeletedResources
NtDCompositionCreateAndBindSharedSection
NtDCompositionSetDebugCounter
NtDCompositionSetChannelCommitCompletionEvent
NtDCompositionTelemetryAnimationScenarioUnreference
NtDCompositionTelemetryAnimationScenarioReference
NtDCompositionTelemetryAnimationScenarioBegin
NtDCompositionTelemetrySetApplicationId
NtDCompositionTelemetryTouchInteractionEnd
NtDCompositionTelemetryTouchInteractionUpdate
NtDCompositionTelemetryTouchInteractionBegin
NtDCompositionWaitForChannel
NtDCompositionCommitChannel
NtTokenManagerCreateCompositionTokenHandle
NtDCompositionAddCrossDeviceVisualChild
NtDCompositionRemoveCrossDeviceVisualChild
NtDCompositionSetChannelCallbackId
NtDCompositionCreateChannel
NtDCompositionDestroyChannel
NtDCompositionReleaseAllResources
NtDCompositionGetFrameStatistics
NtCreateCompositionSurfaceHandle
NtVisualCaptureBits

msvcrt

memset
qsort
_wtof
_purecall
_finite
_vsnwprintf
memmove
memcpy_s
memmove_s
_wcsicmp_l
_wtoi
_wcsicmp
??1type_info@@UAE@XZ
_except_handler4_common
_onexit
_CIsin
__dllonexit
_CIsqrt
_unlock
_ftol2
_ftol2_sse
_lock
ceil
memcpy
memcmp
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
wcschr
??0exception@@QAE@ABQBD@Z
towlower
wcscpy_s
_vsnwprintf_s
free
_initterm
_amsg_exit
_XcptFilter
malloc
wcsnlen
wcsncpy_s

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
CreateMutexExW
CreateSemaphoreExW
AcquireSRWLockShared
InitializeCriticalSection
LeaveCriticalSection
CreateEventW
EnterCriticalSection
OpenSemaphoreW
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
ReleaseSRWLockShared
DeleteCriticalSection
SetEvent
Sleep
ReleaseSemaphore
ReleaseMutex
CreateEventExW
WaitForSingleObject
InitializeCriticalSectionEx

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWrite
EventUnregister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-2-1

GetTickCount64
GetNativeSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-com-l1-1-1

CoCreateFreeThreadedMarshaler
RoGetAgileReference
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-processthreads-l1-1-2

OpenProcess
TerminateProcess
SetThreadToken
GetCurrentThread
GetCurrentProcess
OpenProcessToken
OpenThreadToken
TerminateThread
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-1

SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-memory-l1-1-2

VirtualAlloc
VirtualFree
MapViewOfFile
CreateFileMappingW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureStackBackTrace

api-ms-win-core-errorhandling-l1-1-3

RaiseFailFastException
TerminateProcessOnMemoryExhaustion

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-debug-l1-1-1

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsDeleteString
WindowsDuplicateString
WindowsSubstringWithSpecifiedLength
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty

api-ms-win-core-winrt-error-l1-1-1

RoOriginateErrorW
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoTransformError
RoOriginateError
GetRestrictedErrorInfo
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-core-processenvironment-l1-2-0

GetEnvironmentVariableW

ntdll

RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlGetElementGenericTable
RtlNumberGenericTableElements
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
DbgPrompt
NtQuerySystemInformation
DbgPrintEx
RtlFreeHeap
RtlAllocateHeap
RtlCreateHeap
NtUnmapViewOfSection
RtlDestroyHeap
RtlGetLastNtStatus
RtlInitUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQueryInformationToken

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateDCompositionHwndTarget
DestroyDCompositionHwndTarget

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-appmodel-runtime-l1-1-1

GetCurrentPackageInfo

Exports

Exports

DCompositionAttachMouseDragToHwnd
DCompositionAttachMouseWheelToHwnd
DCompositionCreateDevice
DCompositionCreateDevice2
DCompositionCreateDevice3
DCompositionCreateSurfaceHandle
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DwmEnableMMCSS
DwmFlush
DwmpEnableDDASupport

Sections

.text
Size: 824KB - Virtual size: 823KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e26444ce35838ead3d440b775f8b9e6

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

ad:d5:41:f5:3b:97:df:bc:a8:85:e7:0f:26:f0:4e:ae:f9:e3:94:c4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

win32u

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-heap-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-errorhandling-l1-1-3

api-ms-win-core-registry-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-processenvironment-l1-2-0

ntdll

api-ms-win-rtcore-ntuser-private-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-apiquery-l1-1-0

api-ms-win-appmodel-runtime-l1-1-1

Exports

Exports

Sections

.text Size: 824KB - Virtual size: 823KB

.data Size: 7KB - Virtual size: 16KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 100B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 43KB - Virtual size: 43KB

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

ad:d5:41:f5:3b:97:df:bc:a8:85:e7:0f:26:f0:4e:ae:f9:e3:94:c4
Signer

.text
Size: 824KB - Virtual size: 823KB

.data
Size: 7KB - Virtual size: 16KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 100B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 43KB - Virtual size: 43KB