359cb56f8c00023a68ea361ccd223ab9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

359cb56f8c00023a68ea361ccd223ab9_JaffaCakes118
Size

570KB
MD5

359cb56f8c00023a68ea361ccd223ab9
SHA1

89c32e7579cfb18b2855a90c552d3dddf57c1a00
SHA256

b016c7d4f5531723909386f75b6d0879b587240240007adb89a52da69854b180
SHA512

e0dcbbf4f90e72c83eab5b5a6d64652920e4f901be16822cc3efb8e69078126d5f21857ebe73baa78208d95d92c3cfc8bafcfe2192386510a43d96f4404691c0
SSDEEP

12288:d6CWJ3kn2Wnz3zVXHr+8m0k4VXaL0TIDKOolTwZQyAp:kO2+zW0k4TTIDKfmQy

Score

1^/10

Malware Config

Signatures

Files

359cb56f8c00023a68ea361ccd223ab9_JaffaCakes118
.dll windows:6 windows x86 arch:x86

b0cfcc6b25c461ed7af95b9ab6644550

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9d:2f:e8:2c:de:fe:f8:de:cd:85:98:c4:dd:27:aa:9c:62:26:63:d7
Signer

Actual PE Digest

9d:2f:e8:2c:de:fe:f8:de:cd:85:98:c4:dd:27:aa:9c:62:26:63:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\github\FFmpeg\FFmpeg\build_x64\libavdevice\avdevice-58.pdb

Imports

avfilter-7

avfilter_graph_parse_ptr
av_buffersink_get_frame_flags
av_buffersink_get_type
av_buffersink_get_time_base
av_buffersink_get_format
avfilter_inout_free
av_buffersink_get_h
av_buffersink_get_sample_aspect_ratio
av_buffersink_get_channels
av_buffersink_get_channel_layout
av_buffersink_get_sample_rate
avfilter_graph_free
avfilter_graph_config
avfilter_graph_create_filter
avfilter_graph_alloc
avfilter_get_by_name
avfilter_register_all
avfilter_link
av_buffersink_get_w
avfilter_pad_get_type
avfilter_graph_dump

avformat-58

av_register_input_format
av_oformat_next
avformat_free_context
avformat_alloc_output_context2
avformat_new_stream
av_codec_get_id
avformat_get_riff_video_tags
avpriv_set_pts_info
avio_open2
avio_closep
avio_read_to_bprint
avformat_alloc_context
av_find_input_format
av_iformat_next

avcodec-58

av_packet_new_side_data
av_init_packet
avpriv_find_pix_fmt
avpriv_get_raw_pix_fmt_tags
avcodec_find_decoder
av_packet_unref
av_new_packet
av_get_pcm_codec

avutil-56

av_log
av_freep
av_free
av_mallocz
av_bprint_finalize
av_malloc_array
av_dict_copy
av_dict_set
av_rescale_q_rnd
av_int_list_length_for_size
av_get_padded_bits_per_pixel
av_pix_fmt_desc_get
av_image_get_buffer_size
av_dict_free
av_bprint_chars
av_opt_set_dict
av_opt_set_dict2
av_default_item_name
av_malloc
av_strdup
av_parse_video_rate
av_get_pix_fmt_name
av_mallocz_array
av_gettime
av_usleep
av_bprint_init
av_dict_get
av_bprintf
av_image_copy_to_buffer
av_get_sample_fmt_name
av_get_bytes_per_sample
av_opt_set_int
av_opt_set_bin
av_frame_alloc
av_frame_free
av_frame_unref
avpriv_report_missing_feature
av_parse_video_size
av_opt_set_defaults

ole32

CoGetMalloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
CreateBindCtx
OleLoadFromStream
OleSaveToStream
CoTaskMemAlloc

oleaut32

OleCreatePropertyFrame

shlwapi

SHCreateStreamOnFileA

gdi32

SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
CreateDIBSection
CreateRectRgn
CreateCompatibleDC
CombineRgn
BitBlt
GetDIBColorTable
DeleteDC
GetObjectA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

user32

DefWindowProcA
CreateWindowExA
DestroyWindow
ShowWindow
GetSystemMetrics
DrawIcon
GetDC
ReleaseDC
BeginPaint
EndPaint
SetWindowRgn
PeekMessageA
GetWindowRect
AdjustWindowRectEx
FrameRect
SetWindowLongA
FindWindowA
LoadCursorA
DestroyCursor
CopyIcon
GetIconInfo
GetCursorInfo
SendMessageA
GetWindowLongA
DispatchMessageA
GetClientRect

kernel32

GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetACP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
OutputDebugStringW
OutputDebugStringA
GetStdHandle
SetFilePointerEx
ReadConsoleW
ReadFile
SetEndOfFile
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
GetCurrentThread
SetConsoleCtrlHandler
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
RaiseException
GetFileType
CreateFileW
LoadLibraryExW
GetCPInfo
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
WaitForMultipleObjects
CreateEventA
CreateMutexA
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
DuplicateHandle
CloseHandle
InitOnceBeginInitialize
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
GetFileAttributesExW
GetStringTypeW
HeapSize
HeapReAlloc
GetTempPathW
WriteConsoleW
EncodePointer
GetProcAddress
DecodePointer
InitOnceComplete

Exports

Exports

av_device_capabilities
av_device_ffversion
av_fopen_utf8
av_input_audio_device_next
av_input_video_device_next
av_output_audio_device_next
av_output_video_device_next
avdevice_app_to_dev_control_message
avdevice_capabilities_create
avdevice_capabilities_free
avdevice_configuration
avdevice_dev_to_app_control_message
avdevice_free_list_devices
avdevice_license
avdevice_list_devices
avdevice_list_input_sources
avdevice_list_output_sinks
avdevice_register_all
avdevice_version

Sections

.text
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0cfcc6b25c461ed7af95b9ab6644550

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

9d:2f:e8:2c:de:fe:f8:de:cd:85:98:c4:dd:27:aa:9c:62:26:63:d7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

avfilter-7

avformat-58

avcodec-58

avutil-56

ole32

oleaut32

shlwapi

gdi32

avicap32

user32

kernel32

Exports

Exports

Sections

.text Size: 450KB - Virtual size: 450KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 4KB - Virtual size: 9KB

.idata Size: 8KB - Virtual size: 8KB

.gfids Size: 1024B - Virtual size: 712B

.00cfg Size: 512B - Virtual size: 260B

.reloc Size: 13KB - Virtual size: 12KB

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

9d:2f:e8:2c:de:fe:f8:de:cd:85:98:c4:dd:27:aa:9c:62:26:63:d7
Signer

.text
Size: 450KB - Virtual size: 450KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 4KB - Virtual size: 9KB

.idata
Size: 8KB - Virtual size: 8KB

.gfids
Size: 1024B - Virtual size: 712B

.00cfg
Size: 512B - Virtual size: 260B

.reloc
Size: 13KB - Virtual size: 12KB