4930edc9e3089e85a4588d9145b99875_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4930edc9e3089e85a4588d9145b99875_JaffaCakes118
Size

260KB
MD5

4930edc9e3089e85a4588d9145b99875
SHA1

c5bd4e9fb28a5e074a777b5e0c109f3ccc870159
SHA256

235875dec7197c50aa2a6765a759872b5bdf338d0113fa0f0f4411c000cf1bd4
SHA512

327c4db398075e3ca45612ae42abb3a503b73a9e2fcc630f4ec9e4a758a3e0b4828165f97379fcdf30af877a3267cf369c8cda87b590138043672e618b788b37
SSDEEP

3072:daQSJjd6vi4taOuIS8KcLS2wFhsIdE2STKF6iKO/h5ZmCQf:dy5d6vJtaOmCWFqkSTKD/Z+

Score

1^/10

Malware Config

Signatures

Files

4930edc9e3089e85a4588d9145b99875_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d6e1fe9803dcdf79f857fbea4f8fe8a7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:8e:0e:55:5d:1f:4c:a8:36:d3:c4:19:d7:d6:8d:20:c0:ca:06:02
Signer

Actual PE Digest

99:8e:0e:55:5d:1f:4c:a8:36:d3:c4:19:d7:d6:8d:20:c0:ca:06:02

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\CEN_CUBE_BUILD_NZ_PREFETCH\qqpcmgr_proj\Basic\Output\BinFinal\QQPCSoftCmd.pdb

Imports

imm32

ImmDisableIME

common

?ValidateBugReport@TXBugReport@@YAXXZ
?SetBugReportUin@TXBugReport@@YAXKPB_W@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z

kernel32

OpenProcess
TerminateProcess
lstrcmpiW
GetCurrentProcessId
SetFilePointer
GetShortPathNameW
GetModuleFileNameA
OpenFileMappingW
GetModuleHandleW
OpenEventW
InterlockedExchange
DeleteCriticalSection
SetLastError
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
MapViewOfFile
UnmapViewOfFile
GetLocalTime
ExpandEnvironmentStringsW
SwitchToThread
SetEvent
LeaveCriticalSection
VirtualQuery
GetProcAddress
IsBadWritePtr
VirtualProtect
GetCurrentProcess
LoadLibraryW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
lstrlenW
CreateMutexW
GetLastError
CloseHandle
GetCommandLineW
LocalFree
ReleaseMutex
GetModuleFileNameW
WideCharToMultiByte
LocalAlloc
GetTempPathW
DeleteFileW
GetFileAttributesW
FindFirstFileW
Sleep
WriteFile
FindNextFileW
FindClose
lstrcpynW
CreateDirectoryW
CreateFileW
GetFileSize
ReadFile
GetSystemDirectoryW
InterlockedCompareExchange

user32

DispatchMessageW
GetMessageW
TranslateMessage
FindWindowA
SendMessageTimeoutW

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
CloseServiceHandle
RegQueryValueExW
ChangeServiceConfigW
OpenServiceW
QueryServiceStatus
CreateServiceW
StartServiceW
ChangeServiceConfig2W
QueryServiceConfigW
OpenSCManagerW

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsW

msvcr80

_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
__CxxFrameHandler3
_amsg_exit
?terminate@@YAXXZ
_memicmp
strrchr
fwrite
_vsnprintf_s
_snprintf_s
strncpy_s
fclose
fflush
wcsncat_s
realloc
free
malloc
rand
srand
_itow_s
wcscat_s
tolower
_time64
_vsnwprintf_s
_wtol
wcscpy_s
strchr
??_U@YAPAXI@Z
wcsncpy_s
wcsrchr
wcschr
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
__argc
__wargv
??_V@YAXPAX@Z
_wtoi
_purecall
??2@YAPAXI@Z
_wcsicmp
??3@YAXPAX@Z
memset
memcpy
_except_handler3
__wgetmainargs
_CxxThrowException

msvcp80

?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdipFree
GdipDrawString
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipCreateFontFamilyFromName
GdiplusShutdown
GdipDeleteGraphics
GdipDeleteBrush
GdipSaveImageToFile
GdipCreateFont
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetTextRenderingHint
GdipDisposeImage
GdipAlloc
GdipDeleteFontFamily
GdiplusStartup
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetInterpolationMode
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCloneImage
GdipGetImageWidth
GdipDrawImageRectI

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

imagehlp

ImageRvaToSection
ImageLoad
ImageUnload

ximage

?Destroy@CxImage@@QAE_NXZ
??0CxImage@@QAE@K@Z
?IsValid@CxImage@@QBE_NXZ
?Save@CxImage@@QAE_NPB_WK@Z
?Load@CxImage@@QAE_NPB_WK@Z

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 164KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d6e1fe9803dcdf79f857fbea4f8fe8a7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

99:8e:0e:55:5d:1f:4c:a8:36:d3:c4:19:d7:d6:8d:20:c0:ca:06:02Signer

Headers

File Characteristics

PDB Paths

Imports

imm32

common

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcr80

msvcp80

version

gdiplus

psapi

imagehlp

ximage

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 20KB

.reloc Size: 164KB - Virtual size: 178KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

99:8e:0e:55:5d:1f:4c:a8:36:d3:c4:19:d7:d6:8d:20:c0:ca:06:02
Signer

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 164KB - Virtual size: 178KB