39f852e07026e6cea3a850a13f594beb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39f852e07026e6cea3a850a13f594beb_JaffaCakes118
Size

363KB
MD5

39f852e07026e6cea3a850a13f594beb
SHA1

aa5e5b12e6c30b5ef4235ee5f53472fc5ec4de49
SHA256

02cd6878a4ae4b31740e88c5e7033135f32038f547bb9f75a623393dd83e8a8c
SHA512

e27dd76715d97ba1aaffb0bd35d03c93e9be65443b1493963a765126cbf7fbec14a9492d48cb98e606ef7223210b853aec0b2a7221053dcbf7bde0f0e8b657e4
SSDEEP

6144:SWuGLZeQh57GE9h9d0gxu2PUa7wWvaoECLqBhAV3yXfDkEnRT2q:SWuGLkQh57GE9h9d0gxura7woaoECOBD

Score

1^/10

Malware Config

Signatures

Files

39f852e07026e6cea3a850a13f594beb_JaffaCakes118
.dll windows:5 windows x86 arch:x86

56cf9c9b3371bf795135aa4793112567

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:13:66:ca:49:c9:2f:9f:2a:80:78:8f:d4:50:9a:25:c4:21:61:c2
Signer

Actual PE Digest

64:13:66:ca:49:c9:2f:9f:2a:80:78:8f:d4:50:9a:25:c4:21:61:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Work\YY\HYSDK\hysdk_pc_feature\build\win\hymediasdk\libs\Release\hymediasdk.pdb

Imports

avcodec-56

av_init_packet
avcodec_open2
avcodec_decode_video2
avcodec_close
avcodec_register_all
avcodec_find_decoder
avcodec_alloc_context3

avutil-54

av_free
av_frame_free
av_frame_alloc

hymediatrans

releaseHYTransMod
createHYTransMod
getHYTransMod

winmm

timeSetEvent
timeGetTime
timeKillEvent

ws2_32

WSAStartup

hyaudio_engine

CreateAudioEngine
CalcTickCount
GetAudioEngineFeature
AudioLog
CreateAudioConvert
CreateAudioEncoder
CreateAudioDecoder

kernel32

GetModuleFileNameA
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
InitializeSListHead
DisableThreadLibraryCalls
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
EnterCriticalSection
GetSystemTimeAsFileTime
CreateThread
Sleep
OutputDebugStringA
GetTickCount
TerminateThread
SetThreadPriority
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThread
GetLastError
GetCurrentThreadId
CreateEventA
CreateFileW
GetModuleFileNameW
WaitForSingleObject
SetEvent
CloseHandle
GetCurrentProcess

shell32

SHCreateDirectoryExW

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exceptions@std@@YAHXZ
?_BADOFF@std@@3_JB
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

dbghelp

MiniDumpWriteDump

shlwapi

PathRemoveFileSpecW
PathRemoveExtensionW
PathFindFileNameW

vcruntime140

__std_exception_destroy
__std_exception_copy
memchr
__std_terminate
_purecall
memmove
__CxxFrameHandler3
memset
__std_type_info_destroy_list
_except_handler4_common
memcpy
__RTDynamicCast
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_execute_onexit_table
_initterm_e
_initterm
_cexit
_beginthreadex
_crt_atexit
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
free
malloc

api-ms-win-crt-stdio-l1-1-0

fopen
fclose
ftell
__stdio_common_vsprintf
__stdio_common_vswprintf_s
__stdio_common_vfprintf
fseek
fwrite
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcscat_s
strncpy

api-ms-win-crt-time-l1-1-0

_time64
strftime
_localtime64

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-filesystem-l1-1-0

_findclose
_chdir
_findfirst64i32
_findnext64i32
_access
rename
remove
_mkdir

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
_libm_sse2_pow_precise
floor
_except1

Exports

Exports

createHYMediaEngine
getHYMediaSdkVersion
hymediaEngineCleanup
hymediaEngineInitialized

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56cf9c9b3371bf795135aa4793112567

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

64:13:66:ca:49:c9:2f:9f:2a:80:78:8f:d4:50:9a:25:c4:21:61:c2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

avcodec-56

avutil-54

hymediatrans

winmm

ws2_32

hyaudio_engine

kernel32

shell32

msvcp140

dbghelp

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 11KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 15KB - Virtual size: 15KB

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

64:13:66:ca:49:c9:2f:9f:2a:80:78:8f:d4:50:9a:25:c4:21:61:c2
Signer

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 15KB - Virtual size: 15KB