3098c7f5f625b24d749a474e37e5e257_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3098c7f5f625b24d749a474e37e5e257_JaffaCakes118
Size

678KB
MD5

3098c7f5f625b24d749a474e37e5e257
SHA1

1b6769071ae8aec910df6a7436c05672d486500d
SHA256

98cc35a15cb5430a0fdae55015e3aad2e56ca68a7655538620fb207cb9d4f975
SHA512

aa4125d028972169f4f960e2f1bd1b624fac1a49a584ca6c3211170cbbfc0e6a376cf02d2da3d1a6f4428aa5248ddbe2a97188781514e57a171b8799c827004b
SSDEEP

12288:Wn3HX6Kap5O6QdpSDM0/gMuYuaOIttWBLrA91yJ08ztP:WldpS9OlaOIttWBLrAPyu8xP

Score

1^/10

Malware Config

Signatures

Files

3098c7f5f625b24d749a474e37e5e257_JaffaCakes118
.dll windows:5 windows x86 arch:x86

faaab299bd5146eb764a1d8242b97d63

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:b9:95:9f:53:58:52:5f:84:65:6b:20:1d:67:cc:af
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:71:d1:04:66:a1:ab:42:a4:56:ae:a6:b2:09:05:52:3b:7e:af:4c:6e:4d:41:ac:84:34:a3:cb:06:df:e9:05
Signer

Actual PE Digest

08:71:d1:04:66:a1:ab:42:a4:56:ae:a6:b2:09:05:52:3b:7e:af:4c:6e:4d:41:ac:84:34:a3:cb:06:df:e9:05

Digest Algorithm

sha256

PE Digest Matches

true

71:43:ac:d1:0f:cb:c1:05:47:ae:89:4f:c1:cc:7c:cb:c3:c2:ca:be
Signer

Actual PE Digest

71:43:ac:d1:0f:cb:c1:05:47:ae:89:4f:c1:cc:7c:cb:c3:c2:ca:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\ProjectBuild\Branches\3.5\RhinoProtect\Publish\OutPut\Bin\Win32\release\pdb\SdInstallNotify.pdb

Imports

kernel32

ResetEvent
GetLastError
Sleep
FreeLibrary
LoadLibraryW
GetProcAddress
WaitForMultipleObjects
OpenProcess
CloseHandle
WaitForSingleObject
GetTickCount
InterlockedExchangeAdd
SetFilePointer
WriteFile
GetModuleFileNameW
CreateFileW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetEnvironmentVariableW
lstrlenW
SetEvent
ResumeThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindResourceW
LoadResource
GetModuleHandleW
GetVersionExW
LockResource
GetSystemInfo
lstrcmpiW
WideCharToMultiByte
GetACP
MultiByteToWideChar
CreateMutexW
ReleaseMutex
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
LoadLibraryExW
GetCurrentProcess
ExpandEnvironmentStringsW
FindClose
FindNextFileW
HeapAlloc
HeapFree
GetProcessHeap
LocalFree
GetFullPathNameW
CreateDirectoryW
SetFileTime
GetSystemDirectoryW
GetFileAttributesW
GetTempPathW
GetCurrentDirectoryW
DeleteFileW
GetFileSize
SetEndOfFile
ReadFile
GetFileTime
FileTimeToSystemTime
InterlockedExchange
SetLastError
GlobalMemoryStatusEx
CreateEventW
DeviceIoControl
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime

msvcp120

?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

msvcr120

__clean_type_info_names_internal
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__CxxFrameHandler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
swscanf_s
calloc
_vswprintf_c_l
wcstoul
sprintf
?terminate@@YAXXZ
_localtime64
_mktime64
_splitpath_s
_stricmp
toupper
tolower
memchr
_wtoi
fclose
fwrite
memcpy_s
_except1
strstr
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_time64
srand
rand
_errno
_beginthreadex
towupper
_vsnwprintf
towlower
wcschr
??_V@YAXPAX@Z
malloc
free
atoi
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
memmove
ftell
fseek
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
sprintf_s
_dtest
modf
memcpy
memset
_wfopen_s
rewind
fread

Exports

Exports

RCVBusGetModuleCount
RCVBusQueryModule
RCVBusReleaseModule

Sections

.text
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faaab299bd5146eb764a1d8242b97d63

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:dfCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

47:b9:95:9f:53:58:52:5f:84:65:6b:20:1d:67:cc:afCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

08:71:d1:04:66:a1:ab:42:a4:56:ae:a6:b2:09:05:52:3b:7e:af:4c:6e:4d:41:ac:84:34:a3:cb:06:df:e9:05Signer

71:43:ac:d1:0f:cb:c1:05:47:ae:89:4f:c1:cc:7c:cb:c3:c2:ca:beSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp120

msvcr120

Exports

Exports

Sections

.text Size: 527KB - Virtual size: 527KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 27KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

47:b9:95:9f:53:58:52:5f:84:65:6b:20:1d:67:cc:af
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

08:71:d1:04:66:a1:ab:42:a4:56:ae:a6:b2:09:05:52:3b:7e:af:4c:6e:4d:41:ac:84:34:a3:cb:06:df:e9:05
Signer

71:43:ac:d1:0f:cb:c1:05:47:ae:89:4f:c1:cc:7c:cb:c3:c2:ca:be
Signer

.text
Size: 527KB - Virtual size: 527KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 27KB