492f2231c421a8eccdfb114a7e7e291b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

492f2231c421a8eccdfb114a7e7e291b_JaffaCakes118
Size

357KB
MD5

492f2231c421a8eccdfb114a7e7e291b
SHA1

0976d932e8c356858bd51973b2a94cb6d802d192
SHA256

d4c5bc9856dad5aa5b57fe1a720fd5aaa0a39622be13bb013b38024e56f6f47d
SHA512

830538c6e6c319bc307ba1a6df55eb4c4b675abc28de289a30ab3ca9c11f84eeced2ee74ceb830a71f6b471a83cbb2e1d2080f7f1ea3a7f7565655bab234b8be
SSDEEP

6144:nejLSIpBqbEELBbT1XNB04uBvaFLiQgLWYnv/WDTWO/izu9p6:n4vpBy1XNB04uBvaFLilLZX+TjL6

Score

1^/10

Malware Config

Signatures

Files

492f2231c421a8eccdfb114a7e7e291b_JaffaCakes118
.dll regsvr32 windows:5 windows x64 arch:x64

d49f5e30b04607a0b22739d08c757c6d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

40:ef:58:6f:ba:65:9c:86:4b:6e:a6:eb:bd:11:4a:16
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

28/10/2014, 02:06

Not After

28/12/2017, 02:06

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:30:29:45:b2:d6:f7:ca:c2:ef:d0:13:24:46:05:89:a6:88:f2:28
Signer

Actual PE Digest

66:30:29:45:b2:d6:f7:ca:c2:ef:d0:13:24:46:05:89:a6:88:f2:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\iku_code\trunk3\tools\BHO\YoukuBHOPlugin64\x64\Release\ykcool64.pdb

Imports

kernel32

lstrcmpiW
lstrcpyW
lstrlenW
GetModuleFileNameW
TlsAlloc
CreateEventA
SetEvent
FreeLibrary
TlsGetValue
GetModuleHandleW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
WaitForSingleObject
AssignProcessToJobObject
CreateProcessW
SetInformationJobObject
CreateJobObjectW
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
LoadLibraryW
GetCurrentThreadId
ReleaseSemaphore
GetCurrentProcess
GetSystemTimeAsFileTime
GetModuleHandleA
OutputDebugStringA
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
TlsSetValue
TerminateThread
GetProcessHeap
HeapAlloc
HeapFree
VerifyVersionInfoW
SetLastError
QueueUserAPC
WaitForMultipleObjects
CreateIoCompletionPort
GetFileSize
SetFilePointer
SystemTimeToFileTime
WriteFile
CreateFileW
GlobalAlloc
GlobalFree
FormatMessageA
Sleep
LocalFree
GetCurrentProcessId
GetProcAddress
PostQueuedCompletionStatus
TlsFree
OpenMutexW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
TerminateProcess
DecodePointer
EncodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
AreFileApisANSI
GetFileAttributesW
DeviceIoControl
DeleteFileW
RemoveDirectoryW
CreateWaitableTimerA
ResumeThread
ResetEvent
UnhandledExceptionFilter
OpenEventA

user32

CharNextW
PostMessageW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitializeEx
CoSetProxyBlanket

oleaut32

SysFreeString
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantInit
VariantClear
DispCallFunc
LoadRegTypeLi

msvcp100

?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Incref@facet@locale@std@@QEAAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Decref@facet@locale@std@@QEAAPEAV123@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Lockit@std@@QEAA@H@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_BADOFF@std@@3_JB
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1facet@locale@std@@UEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?classic@locale@std@@SAAEBV12@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z
?_Xmem@tr1@std@@YAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
_Wcscoll
_Wcsxfrm
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?max@?$numeric_limits@_W@std@@SA_WXZ
?id@?$collate@_W@std@@2V0locale@2@A
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?_Xlength_error@std@@YAXPEBD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?endl@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$codecvt@_WDH@std@@QEAA@_K@Z
?do_length@?$codecvt@_WDH@std@@MEBAHAEBHPEBD1_K@Z
??1?$codecvt@_WDH@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Getcat@?$codecvt@_WDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??1_Locimp@locale@std@@MEAA@XZ
?out@?$codecvt@_WDH@std@@QEBAHAEAHPEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

msvcr100

__CxxFrameHandler3
??0exception@std@@QEAA@AEBQEBDH@Z
_purecall
??_V@YAXPEAX@Z
_beginthreadex
_wcslwr
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
fgetc
fputc
ungetc
_lock_file
_unlock_file
fflush
setvbuf
memcpy_s
fwrite
fgetpos
_fseeki64
fsetpos
fclose
sprintf
wcsstr
malloc
free
wcscpy_s
wcsncpy_s
wcscat_s
_recalloc
_wcsnicmp
realloc
strchr
_wtoi
strstr
vsprintf_s
_wrename
_localtime64
_time64
_gmtime64
_itow_s
_wtoi64
__C_specific_handler
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
_vsnprintf
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__clean_type_info_names_internal
_CxxThrowException
??2@YAPEAX_K@Z
memset
memcmp
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
memmove
memcpy
??3@YAXPEAX@Z
strerror
_stricmp
??0exception@std@@QEAA@AEBV01@@Z

ws2_32

WSACleanup
WSAStartup

iphlpapi

GetAdaptersInfo

wininet

HttpQueryInfoA
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetTimeToSystemTimeA
InternetReadFile
InternetOpenW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d49f5e30b04607a0b22739d08c757c6d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

40:ef:58:6f:ba:65:9c:86:4b:6e:a6:eb:bd:11:4a:16Certificate

Extended Key Usages

Key Usages

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

66:30:29:45:b2:d6:f7:ca:c2:ef:d0:13:24:46:05:89:a6:88:f2:28Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp100

msvcr100

ws2_32

iphlpapi

wininet

Exports

Exports

Sections

.text Size: 206KB - Virtual size: 206KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 11KB - Virtual size: 15KB

.pdata Size: 16KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

40:ef:58:6f:ba:65:9c:86:4b:6e:a6:eb:bd:11:4a:16
Certificate

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

66:30:29:45:b2:d6:f7:ca:c2:ef:d0:13:24:46:05:89:a6:88:f2:28
Signer

.text
Size: 206KB - Virtual size: 206KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 11KB - Virtual size: 15KB

.pdata
Size: 16KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB