4f3e23febe194848fe2ee577805b7000_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4f3e23febe194848fe2ee577805b7000_JaffaCakes118
Size

2.5MB
MD5

4f3e23febe194848fe2ee577805b7000
SHA1

5edf30034d74ee5ab1bc1f46b2843133dc4081ab
SHA256

bb6f46bf841fb5149081ab2ba97e40487394fecf0e42402ba7acf0bc1f58c865
SHA512

ced22c1aaecf25abf8ff699501fb099c077d191ec2a68fe02f8d42385436f0f83c87004c5f28b4670c2ca387edf74855a0cda2a5e42d595ba1800bfbd14a4417
SSDEEP

49152:kQY4ItNpdhCd6N91VM+keCh+Uycp6yYoKFuBcU6zc9x8NyDePw0udeNLHacC41ub:pY4Irpdhu6N91V8eCh+UycpHYoKFu0ze

Score

1^/10

Malware Config

Signatures

Files

4f3e23febe194848fe2ee577805b7000_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0e27d1ab3d52cf55a64d504acebd840c

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:5d:96:9b:78:2b:e0:b1:bc:1f:f4:27:2c:41:c7:a8:d5:4c:e7:4f
Signer

Actual PE Digest

d9:5d:96:9b:78:2b:e0:b1:bc:1f:f4:27:2c:41:c7:a8:d5:4c:e7:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\resent_work\reference\sdk\mediatrans\hymediatrans_pc_feature\build\win\libs\Release\hymediatrans.pdb

Imports

winmm

timeKillEvent
timeGetTime
timeSetEvent

ws2_32

ntohs
inet_ntoa
htonl
WSAStartup
__WSAFDIsSet
select
bind
closesocket
send
socket
connect
recvfrom
recv
sendto
getaddrinfo
inet_addr
WSAGetLastError
setsockopt
ioctlsocket
freeaddrinfo
htons

iphlpapi

GetBestRoute

kernel32

InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
FlushConsoleInputBuffer
MultiByteToWideChar
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
WaitForSingleObject
CloseHandle
CreateSemaphoreA
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount
SetThreadPriority
SetEvent
TerminateThread
CreateEventA
Sleep
GetLastError
FormatMessageA
CreateThread
InterlockedExchangeAdd
GetProcAddress
GetModuleHandleA
GetVersion
GetVersionExA
GetStdHandle
QueryPerformanceCounter
GlobalMemoryStatus
FreeLibrary
LoadLibraryA
GetFileType

user32

GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource

ole32

CoCreateGuid

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exceptions@std@@YAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

memmove
__std_terminate
memchr
strstr
memset
memcpy
strchr
wcsstr
__vcrt_InitializeCriticalSectionEx
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
_purecall

api-ms-win-crt-runtime-l1-1-0

_exit
raise
_invalid_parameter_noinfo_noreturn
terminate
_initterm_e
_initterm
_cexit
strerror
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_errno
_beginthreadex
signal

api-ms-win-crt-heap-l1-1-0

free
realloc
_callnewh
malloc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fputs
__stdio_common_vsprintf
fread
fwrite
__stdio_common_vfprintf
__stdio_common_vsprintf_s
fclose
fopen
_wfopen
fgets
fseek
feof
ftell
_setmode
fflush
ferror
__stdio_common_vsscanf
_fileno

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-string-l1-1-0

_stricmp
isdigit
strncpy
strncmp
isupper
tolower
isspace
_strnicmp
toupper
strcmp
isxdigit

api-ms-win-crt-time-l1-1-0

strftime
_gmtime64
_localtime64
_time64

api-ms-win-crt-convert-l1-1-0

strtoul
strtoll
atoi
atol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-math-l1-1-0

_libm_sse2_pow_precise
_libm_sse2_sqrt_precise
_except1
ceil

Exports

Exports

??0CNetEvent@HYMediaTrans@@QAE@XZ
??0CNetEventConnState@HYMediaTrans@@QAE@XZ
??0IEventHandler@HYMediaTrans@@QAE@ABV01@@Z
??0IEventHandler@HYMediaTrans@@QAE@XZ
??0Packet@HYMediaTrans@@QAE@ABU01@@Z
??0Packet@HYMediaTrans@@QAE@PADI@Z
??0Packet@HYMediaTrans@@QAE@XZ
??0sockaddrv46@HYMediaTrans@@QAE@ABV01@@Z
??0sockaddrv46@HYMediaTrans@@QAE@XZ
??1IEventHandler@HYMediaTrans@@UAE@XZ
??1Packet@HYMediaTrans@@QAE@XZ
??1sockaddrv46@HYMediaTrans@@UAE@XZ
??4CNetEvent@HYMediaTrans@@QAEAAU01@$$QAU01@@Z
??4CNetEvent@HYMediaTrans@@QAEAAU01@ABU01@@Z
??4CNetEventConnState@HYMediaTrans@@QAEAAU01@$$QAU01@@Z
??4CNetEventConnState@HYMediaTrans@@QAEAAU01@ABU01@@Z
??4ConnAttr@HYMediaTrans@@QAEAAU01@$$QAU01@@Z
??4ConnAttr@HYMediaTrans@@QAEAAU01@ABU01@@Z
??4IEventHandler@HYMediaTrans@@QAEAAV01@ABV01@@Z
??4Packet@HYMediaTrans@@QAEAAU01@ABU01@@Z
??4sockaddrv46@HYMediaTrans@@QAEAAV01@ABV01@@Z
??9sockaddrv46@HYMediaTrans@@QBE_NABV01@@Z
??_7IEventHandler@HYMediaTrans@@6B@
??_7sockaddrv46@HYMediaTrans@@6B@
?ConnClose@HYMediaTrans@@YAHH@Z
?ConnConnect@HYMediaTrans@@YAHHIG@Z
?ConnCreate@HYMediaTrans@@YAHPAUConnAttr@1@@Z
?ConnSend@HYMediaTrans@@YAXHPAUPacket@1@@Z
?ConnSetNodelay@HYMediaTrans@@YAHH_N@Z
?MAX_EXTENSIONS@ConnAttr@HYMediaTrans@@2HB
?PacketAlloc@HYMediaTrans@@YAPAUPacket@1@PBDI@Z
?PacketRelease@HYMediaTrans@@YAXPAUPacket@1@@Z
?getsockaddr@sockaddrv46@HYMediaTrans@@QBEPAUsockaddr@@XZ
?getsockaddrlen@sockaddrv46@HYMediaTrans@@QBEHXZ
?getsockaddrname@sockaddrv46@HYMediaTrans@@QBE?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getsockaddrv4@sockaddrv46@HYMediaTrans@@QBEIXZ
?getsockport@sockaddrv46@HYMediaTrans@@QBEGXZ
?getsockportv4@sockaddrv46@HYMediaTrans@@QBEGXZ
?getstackname@sockaddrv46@HYMediaTrans@@QBE?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?initsockaddrs@sockaddrv46@HYMediaTrans@@QAEXXZ
?reset@CNetEvent@HYMediaTrans@@QAEXXZ
?reset@Packet@HYMediaTrans@@QAEXXZ
?setsockaddrsv46@sockaddrv46@HYMediaTrans@@QAEXAATsockaddr_union@2@@Z
?setsockaddrsv46@sockaddrv46@HYMediaTrans@@QAEXIG@Z
HYNetModStart
HYNetModStop
createHYTransMod
getHYTransMod
releaseHYTransMod

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e27d1ab3d52cf55a64d504acebd840c

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

d9:5d:96:9b:78:2b:e0:b1:bc:1f:f4:27:2c:41:c7:a8:d5:4c:e7:4fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

ws2_32

iphlpapi

kernel32

user32

advapi32

ole32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 465KB - Virtual size: 464KB

.data Size: 39KB - Virtual size: 51KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 98KB - Virtual size: 98KB

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

d9:5d:96:9b:78:2b:e0:b1:bc:1f:f4:27:2c:41:c7:a8:d5:4c:e7:4f
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 465KB - Virtual size: 464KB

.data
Size: 39KB - Virtual size: 51KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 98KB - Virtual size: 98KB