3ef6e0050c5dd26019070979b9cdadde_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3ef6e0050c5dd26019070979b9cdadde_JaffaCakes118
Size

143KB
MD5

3ef6e0050c5dd26019070979b9cdadde
SHA1

464edac7b93511253942e5661b1e6454f05de2f0
SHA256

3be2c2430b3e42e752875a108ff004733186a34424db0eaa94ac17a88f426f5e
SHA512

0462c604ab69526203c3827235f62bb6f8da6c03e6f021ab8f5eec621b99db92b0e8d5f909f6c0bb3ef0876deeac84a61a95372a82154916aac6a9d9af4acb8f
SSDEEP

3072:QzxdsSoGzwA5UoMc8HQ+75ZOOBWkjXGOpFcK6L:QddspNA5Uob+7WOBBjXGOvcv

Score

1^/10

Malware Config

Signatures

Files

3ef6e0050c5dd26019070979b9cdadde_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

cc0231083ce58b9c61ec818c70e5c433

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05-05-2015 00:00

Not After

31-12-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3f:5a:9d:93:d7:70:22:9c:50:3b:83:55:b1:5b:6d:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-02-2015 00:00

Not After

05-04-2016 23:59

Subject

CN=Beijing Baofeng Technology Co.\, Ltd.,OU=在线QA,O=Beijing Baofeng Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:85:17:9e:74:9e:9a:8e:ef:d8:f4:32:de:26:bb:81:98:9b:68:34
Signer

Actual PE Digest

81:85:17:9e:74:9e:9a:8e:ef:d8:f4:32:de:26:bb:81:98:9b:68:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\jenkins\workspace\暴风主干\trunk\bin\Release\webplayer\PlayerShell.pdb

Imports

kernel32

FindFirstFileW
lstrcpyW
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
WaitForSingleObject
CreateProcessW
GetVersionExW
LoadLibraryA
FindNextFileW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
FindClose
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
MultiByteToWideChar
CloseHandle
CreateMutexW
lstrcmpiW
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetTickCount
Sleep
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
lstrlenW

user32

TranslateMessage
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
FillRect
CharNextW
PostMessageW
GetWindowRect
GetMessageW
SetTimer
wsprintfW
FindWindowA
DestroyWindow
DefWindowProcW
PostThreadMessageW
PtInRect
UnionRect
SetWindowLongW
GetWindowLongW
ShowWindow
GetClassInfoExW
WaitForInputIdle
CreateWindowExW
RegisterClassExW
InvalidateRect
IsWindow
UnregisterClassA
GetFocus
IsChild
SetFocus
CallWindowProcW
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetDC
ReleaseDC
LoadCursorW

gdi32

LPtoDP
SetWindowOrgEx
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCW
GetStockObject
GetDeviceCaps
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
RestoreDC
CreateMetaFileW
SaveDC
SetWindowExtEx

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoUnmarshalInterface
CoGetClassObject
CoMarshalInterThreadInterfaceInStream
OleRegEnumVerbs
OleRegGetUserType
CoTaskMemFree
CreateDataAdviseHolder
CreateOleAdviseHolder
WriteClassStm
OleSaveToStream
CoCreateInstance
ReadClassStm
StringFromGUID2
CoTaskMemRealloc
OleRegGetMiscStatus
CoTaskMemAlloc

oleaut32

SysAllocStringLen
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
DispCallFunc
LoadRegTypeLi
LoadTypeLi
OleCreatePropertyFrame
UnRegisterTypeLi
RegisterTypeLi
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString
VarBstrCmp
SysStringLen
SysAllocString

shlwapi

SHDeleteValueW
SHSetValueW
SHGetValueW
PathFileExistsW
StrCatW
PathAppendW
SHDeleteKeyW
PathFindFileNameW

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

msvcp100

?_Xlength_error@std@@YAXPBD@Z

msvcr100

_beginthreadex
swprintf_s
_resetstkoflw
wcscpy_s
wcscat_s
?terminate@@YAXXZ
_except_handler4_common
_unlock
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
??3@YAXPAX@Z
sprintf
calloc
_recalloc
_purecall
??_V@YAXPAX@Z
vswprintf_s
_vscwprintf
_wcsicmp
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
__CxxFrameHandler3
memmove_s
memset
_snwprintf
_itow_s
wcsncpy_s
wmemcpy_s
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
wcsstr
malloc
free
memcpy_s
__dllonexit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc0231083ce58b9c61ec818c70e5c433

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

3f:5a:9d:93:d7:70:22:9c:50:3b:83:55:b1:5b:6d:f0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

81:85:17:9e:74:9e:9a:8e:ef:d8:f4:32:de:26:bb:81:98:9b:68:34Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 10KB - Virtual size: 10KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

3f:5a:9d:93:d7:70:22:9c:50:3b:83:55:b1:5b:6d:f0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

81:85:17:9e:74:9e:9a:8e:ef:d8:f4:32:de:26:bb:81:98:9b:68:34
Signer

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 10KB - Virtual size: 10KB