47d7fcfd6792304fda2877a5799d8cc8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

47d7fcfd6792304fda2877a5799d8cc8_JaffaCakes118
Size

192KB
MD5

47d7fcfd6792304fda2877a5799d8cc8
SHA1

ff1e64aaaccc2e9441d44be1589c8e48ae06a3c1
SHA256

203548782249ea35e690593072f6e08bd230752876133dcef4c35e39005bfed3
SHA512

625c9fec5e2076d561ce30de2aa331aa33736146632d96a21b7121d0efc0a1e69aaa9802f8514f4e69d049d9577d5aff1f63b015e3a275a18f959b52f760bf04
SSDEEP

6144:pC3sH6zQF8Lvjcz0r6hn7MfkLY5gR5VS3SC:Y3yFUQMfknN

Score

1^/10

Malware Config

Signatures

Files

47d7fcfd6792304fda2877a5799d8cc8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f9eabfe5c79bf64d95e5cfcf393998b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:e5:f5:5a:1e:b8:4e:57:3c:6e:8e:9b:78:cf:35:09:9b:72:53:48
Signer

Actual PE Digest

cd:e5:f5:5a:1e:b8:4e:57:3c:6e:8e:9b:78:cf:35:09:9b:72:53:48

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\cygwin\home\scmpf\compiler_src\lisuhui_1424598_win64\0\app\ttplayer\newttplayer\Release\CrashReporter.pdb

Imports

kernel32

lstrcmpiW
LoadLibraryExW
FreeLibrary
GetCurrentThreadId
OpenProcess
FindResourceW
SizeofResource
LoadResource
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
MultiByteToWideChar
EncodePointer
GetSystemTime
GetFileInformationByHandle
GetModuleHandleW
GetFileType
GetLocalTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DeleteFileW
ReadFile
FileTimeToSystemTime
WideCharToMultiByte
WriteFile
SystemTimeToFileTime
UnmapViewOfFile
MapViewOfFile
FileTimeToDosDateTime
CreateFileMappingW
GetProcAddress
SetFilePointer
GetFileSize
GetLastError
CreateFileW
GetTempPathW
CloseHandle
WaitForSingleObject
CreateThread
GetModuleFileNameW
LocalFree
DecodePointer

user32

CharNextW
PostMessageW
SendMessageW
PostQuitMessage
SetTimer
wsprintfW
GetMessageW
LoadImageW
DestroyIcon
InvalidateRect
IsWindow
GetWindowThreadProcessId
ShowWindow
BringWindowToTop
DestroyWindow
TranslateMessage
PeekMessageW
DispatchMessageW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW

shell32

SHCreateDirectoryExW

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString

base

??0ProxyInfo@http@base@@QAE@XZ
?GetMachineID@os_utils@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
??1ProxyInfo@http@base@@QAE@XZ
?SetProxy@WinHttpRequest@http@base@@SAXVProxyInfo@23@@Z
?GetWindowsVersionInfo@os_utils@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?Utf16ToUtf8@string_utils@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z
?Open@WinHttpRequest@http@base@@QAEXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0_N1@Z
?SetRequestHeader@WinHttpRequest@http@base@@QAEXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?Send@WinHttpRequest@http@base@@QAEXI@Z
?WriteData@WinHttpRequest@http@base@@QAEXV?$vector@EV?$allocator@E@std@@@std@@@Z
?WaitForResponse@WinHttpRequest@http@base@@QAE_NI@Z
??0WinHttpRequest@http@base@@QAE@XZ
??0Dispatcher@thread@base@@QAE@XZ
??1Dispatcher@thread@base@@QAE@XZ

nsclickapi

?BeginRequest@RequestBase@nsclick_api@@QAEX_N@Z
??0CraskReport@app@nsclick_api@@QAE@XZ
??1CraskReport@app@nsclick_api@@UAE@XZ

settings

?Instance@LanguageSettings@language@settings@@SAAAV123@XZ
?GetString@LanguageSettings@language@settings@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V45@@Z
?GetDefaultSkinFilePath@LanguageSettings@language@settings@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

msvcp110

?_Future_error_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xinvalid_argument@std@@YAXPBD@Z

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msvcr110

_fmode
_initterm
_commode
_except_handler4_common
__CxxFrameHandler3
__crtSetUnhandledExceptionFilter
_CxxThrowException
memset
_stricmp
_tzset
_controlfp_s
_wcmdln
_invoke_watson
_initterm_e
__setusermatherr
_configthreadlocale
memcpy
??3@YAXPAX@Z
memmove
??2@YAPAXI@Z
sprintf
wcsrchr
_waccess
_wfopen
fprintf
fclose
_purecall
??_V@YAXPAX@Z
memcpy_s
free
_errno
wcstoul
malloc
memmove_s
wcsncpy_s
wcsstr
_recalloc
_wcsicmp
_wtol
__wargv
__argc
_mktime32
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
?terminate@@YAXXZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit

comctl32

InitCommonControlsEx

ttui

?CreateTTManager@@YAJPAPAUITTManager@@@Z
?SetDefaultTextRenderingHint@@YAXJ@Z

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedD
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yfwtavt
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9eabfe5c79bf64d95e5cfcf393998b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49Certificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

cd:e5:f5:5a:1e:b8:4e:57:3c:6e:8e:9b:78:cf:35:09:9b:72:53:48Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

base

nsclickapi

settings

msvcp110

version

msvcr110

comctl32

ttui

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 2KB

.SharedD Size: 512B - Virtual size: 4B

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 47KB - Virtual size: 48KB

yfwtavt Size: 6KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

cd:e5:f5:5a:1e:b8:4e:57:3c:6e:8e:9b:78:cf:35:09:9b:72:53:48
Signer

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 2KB

.SharedD
Size: 512B - Virtual size: 4B

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 47KB - Virtual size: 48KB

yfwtavt
Size: 6KB - Virtual size: 6KB