47de35c097983dd2b444d1abfa9fcde4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

47de35c097983dd2b444d1abfa9fcde4_JaffaCakes118
Size

274KB
MD5

47de35c097983dd2b444d1abfa9fcde4
SHA1

50d14231e36a221b8ff355c592513277648f6b30
SHA256

73044ff8763f8c312f0b5c80b84df87c815ac4df13ecacb10f64dbbccba5fc91
SHA512

7f2d37d0fc72f386fa0b3ba55ba12c8499d99128fb1a9f66e33c4bbf999d1822cc96ae3779ea983f1a0b91bf47347e3c04ca8135dcebce2621f8a7d4b9007e46
SSDEEP

6144:1pqzISw7Rs2F/WDkIv8iD3W/yXuFqpEp3iqRLOqJyCwa2OqefoD6N+fuj7iBgVlq:1pqz3s3F/WDnv8n/yXuFPK

Score

1^/10

Malware Config

Signatures

Files

47de35c097983dd2b444d1abfa9fcde4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7c5ab582404de8f62e2680ef0946cf7d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/12/2015, 00:00

Not After

06/02/2018, 23:59

Subject

CN=BeiJing Baidu Netcom Science Technology Co.\, Ltd,OU=\ Engineering Excellence,O=BeiJing Baidu Netcom Science Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b3:9e:4a:07:51:60:6a:88:69:22:99:f7:d8:07:e6:fe:7e:66:ef:3b
Signer

Actual PE Digest

b3:9e:4a:07:51:60:6a:88:69:22:99:f7:d8:07:e6:fe:7e:66:ef:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Output\BinRelease\ExternalMgr.pdb

Imports

report

GetReportMgr

winmm

waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInStart
waveInClose
waveInUnprepareHeader
waveInStop
waveInAddBuffer

base

?OutputDebugInfoEx@Log@Base@@YAXHPBD0IHPB_WZZ
?UTF8AToW@StringUtils@Base@@YAPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PA_WH@Z
?GBKToUTF8@StringUtils@Base@@YAHPAE0H@Z
?WToA@StringUtils@Base@@YAPADPB_WPADH@Z
?SafeLoadLibrary@Library@Base@@YAPAUHINSTANCE__@@PB_WH@Z
?Instance@IPCMessager@Base@@YAAAVIIPCMessager@12@XZ
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IH0ZZ

kernel32

OpenEventA
ReleaseSemaphore
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
ResetEvent
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
CreateEventA
GetSystemTimeAsFileTime
GetProcAddress
GetLastError
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetEvent
WaitForSingleObject
TlsAlloc
InterlockedExchangeAdd
CreateEventW
SleepEx
PostQueuedCompletionStatus
SetWaitableTimer
CreateWaitableTimerW
TlsGetValue
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TerminateThread
QueueUserAPC
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedCompareExchange
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
WaitForMultipleObjects
TlsSetValue
GetTickCount
FreeLibrary
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
Sleep
DecodePointer
CloseHandle
IsProcessorFeaturePresent
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
EncodePointer

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPAD_J@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?do_length@?$codecvt@DDH@std@@MBEHABHPBD1I@Z
?do_unshift@?$codecvt@DDH@std@@MBEHAAHPAD1AAPAD@Z
?do_out@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?do_in@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?do_encoding@codecvt_base@std@@MBEHXZ
?do_max_length@codecvt_base@std@@MBEHXZ
??0?$codecvt@DDH@std@@QAE@I@Z
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPBD@Z
??1?$codecvt@DDH@std@@MAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Id_cnt@id@locale@std@@0HA
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Locimp@locale@std@@AAE@ABV012@@Z
??1_Locimp@locale@std@@MAE@XZ
?classic@locale@std@@SAABV12@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

msvcr100

__clean_type_info_names_internal
?terminate@@YAXXZ
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CIsqrt
_CIlog
memset
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_onexit
_lock
__dllonexit
_unlock
__CxxFrameHandler3
wcscat_s
_purecall
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??8type_info@@QBE_NABV0@@Z
_beginthreadex
_gmtime64
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
memmove
??0exception@std@@QAE@ABQBDH@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??9type_info@@QBE_NABV0@@Z
?before@type_info@@QBEHABV1@@Z
strerror
_CxxThrowException
memcpy

ws2_32

WSAStartup
WSACleanup

Exports

Exports

DllCanUnloadNow
DllGetClassCount
DllGetClassInfo
DllGetClassObject

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c5ab582404de8f62e2680ef0946cf7d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

b3:9e:4a:07:51:60:6a:88:69:22:99:f7:d8:07:e6:fe:7e:66:ef:3bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

report

winmm

base

kernel32

msvcp100

msvcr100

ws2_32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 136KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 25KB - Virtual size: 26KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 32KB - Virtual size: 32KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

b3:9e:4a:07:51:60:6a:88:69:22:99:f7:d8:07:e6:fe:7e:66:ef:3b
Signer

.text
Size: 136KB - Virtual size: 136KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 25KB - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 32KB - Virtual size: 32KB