21b606f8c1502bf7a667de817e82f707_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

21b606f8c1502bf7a667de817e82f707_JaffaCakes118
Size

324KB
MD5

21b606f8c1502bf7a667de817e82f707
SHA1

a0da8cc48ad426ea6eab410558b7dd596e17e33f
SHA256

c4f7145ad3967a05189d173ec99f9ad9274cc66d6c88bd8f1c73dbee7bfceaa2
SHA512

060fedf23ddfeb1aa12e945bdea6a73e6608ff6670c1ade2a293413eb4bba17af8a0e3e041494bf172e6fb1017ccd445b4a5671f9e31fe22a518548f302cd547
SSDEEP

6144:m4ZjEbT9MBLJjwjEcApwZGxg9VKpWmXEBIkTflNXcUcpj/ZeIDQ3BK+XaOCqYeYN:mKjEbT9MlJFcApwZGVOcKYinC

Score

1^/10

Malware Config

Signatures

Files

21b606f8c1502bf7a667de817e82f707_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8bc6c7388919a97b08afc961d8461137

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26-01-2010 00:00

Not After

25-01-2013 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a3:41:81:36:af:79:b3:a4:be:6f:39:14:5e:c3:f6:1f:65:c8:49:5f
Signer

Actual PE Digest

a3:41:81:36:af:79:b3:a4:be:6f:39:14:5e:c3:f6:1f:65:c8:49:5f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\jenkins\workspace\CEN_Cube_DailyBuild\qqpcmgr_proj\Basic\Output\BinFinal\QMAutoClean.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

htonl
htons
WSAStartup

common

??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??0CTXStringW@@QAE@PB_W@Z
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??BCTXStringW@@QBEPB_WXZ
??4CTXStringW@@QAEAAV0@PB_W@Z
?DelIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
??1CTXStringW@@QAE@XZ
?Format@CTXStringW@@QAAXPB_WZZ
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?NotifyIdle@TXTimer@@YAXXZ
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?SetBugReportUin@TXBugReport@@YAXKPB_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
?TXAssert@@YAXPB_W0H@Z
??0CTXStringW@@QAE@XZ
??H@YA?AVCTXStringW@@ABV0@0@Z

mfc80u

ord2708
ord266
ord3677
ord4535
ord762
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord577
ord3390
ord2311
ord293
ord265
ord1121
ord1049
ord1079
ord2984
ord2239
ord3800
ord566
ord757
ord909
ord1198
ord764

msvcr80

free
memset
_purecall
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
_except_handler3
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_wtoi64
_wtoi
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memcpy
swprintf_s
__argc
__wargv
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
malloc
memmove_s
strchr
sscanf
_snwprintf
wcschr
_wtol
wcsncpy
ldiv
_wcsicmp
_wcsupr
_beginthreadex
swscanf_s
realloc
putchar
putwchar
wcstol
_time64
_vsnwprintf_s
strncpy_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcsncpy_s
wcscpy_s
_wsplitpath_s
wcsrchr
setlocale
_memicmp
fflush
strrchr
fwrite
_vsnprintf
_snprintf_s

kernel32

GetThreadLocale
GetVersionExA
InterlockedExchangeAdd
GetACP
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
lstrcmpiW
OpenProcess
SwitchToThread
ReleaseMutex
GetSystemDefaultLangID
VirtualQuery
LoadLibraryA
OpenEventW
OpenFileMappingW
GetModuleHandleW
SetLastError
UnmapViewOfFile
MapViewOfFile
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetNumberFormatW
GetLocaleInfoW
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetLocaleInfoA
GetTimeFormatW
GetDateFormatW
GetCurrencyFormatW
GetTickCount
WaitNamedPipeW
CreateFileW
WriteFile
ReadFile
GetSystemInfo
GetOverlappedResult
WaitForMultipleObjects
ConnectNamedPipe
CreateNamedPipeW
SetNamedPipeHandleState
ResetEvent
OutputDebugStringW
TerminateThread
IsBadReadPtr
GetVersionExW
FormatMessageW
MultiByteToWideChar
ProcessIdToSessionId
GetCurrentProcessId
SetEvent
WaitForSingleObject
QueueUserAPC
CreateEventW
GetCommandLineW
GetModuleFileNameW
lstrcpynW
WideCharToMultiByte
lstrlenW
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
HeapFree
GetProcessHeap
HeapAlloc
FreeLibrary
LoadLibraryW
GetProcAddress
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetCurrentProcess
GetCurrentThread
DuplicateHandle
InterlockedCompareExchange
InterlockedExchange
Sleep
OpenMutexW
GetLastError
CreateMutexW
SleepEx
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
DeleteCriticalSection
RaiseException

user32

GetMessageW
WaitMessage
TranslateMessage
FindWindowA
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
SendMessageW
PostMessageW
DestroyWindow
CreateWindowExW
SetWindowLongW
DefWindowProcW
PostThreadMessageW
SendMessageTimeoutW

advapi32

SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW
StrFromTimeIntervalW
StrFormatKBSizeW
StrFormatByteSizeW

ole32

CoUninitialize
CoInitialize

atl80

ord32

msvcp80

??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?setf@ios_base@std@@QAEHH@Z
?unsetf@ios_base@std@@QAEXH@Z
?precision@ios_base@std@@QAEHH@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?eof@?$char_traits@_W@std@@SAGXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?get@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEGXZ
??Bios_base@std@@QBEPAXXZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?fail@ios_base@std@@QBE_NXZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z

psapi

GetModuleFileNameExW
GetModuleBaseNameW
EnumProcessModules
EnumProcesses

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8bc6c7388919a97b08afc961d8461137

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

a3:41:81:36:af:79:b3:a4:be:6f:39:14:5e:c3:f6:1f:65:c8:49:5fSigner

Headers

File Characteristics

PDB Paths

Imports

version

ws2_32

common

mfc80u

msvcr80

kernel32

user32

advapi32

shlwapi

ole32

atl80

msvcp80

psapi

Sections

.text Size: 168KB - Virtual size: 166KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 64KB - Virtual size: 81KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

a3:41:81:36:af:79:b3:a4:be:6f:39:14:5e:c3:f6:1f:65:c8:49:5f
Signer

.text
Size: 168KB - Virtual size: 166KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 64KB - Virtual size: 81KB