5f437e8bd373a2169b399b8831791603_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f437e8bd373a2169b399b8831791603_JaffaCakes118
Size

918KB
MD5

5f437e8bd373a2169b399b8831791603
SHA1

2f6860823d615ebf08f0892549542165dcbc52fb
SHA256

eae86e2c8b015d4b863a54b13b6ddf879d9ec58bd8e5d9fafde230fffd36f05d
SHA512

00740b43e9ea0679da6f1b38a65e027383181ed33345dd05b830c9f45cb0bb02934e641a2b3bb2fb1aad45c27d78336b0ff68457eacb057c6b4f1b0c6e7ae385
SSDEEP

12288:8kmi0sXqZsQApmVikhx/ofBVJCpte+AqZxoBHA4ddJIGTQ6J4:8kmi0QqZsQge4bJHTQ6J4

Score

1^/10

Malware Config

Signatures

Files

5f437e8bd373a2169b399b8831791603_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2295f20d8c9acc998da1b0ccbe858380

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

40:ef:58:6f:ba:65:9c:86:4b:6e:a6:eb:bd:11:4a:16
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

28/10/2014, 02:06

Not After

28/12/2017, 02:06

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:97:b5:c2:25:a9:51:71:0d:f5:ea:45:17:c6:c1:05:40:c5:21:e6
Signer

Actual PE Digest

21:97:b5:c2:25:a9:51:71:0d:f5:ea:45:17:c6:c1:05:40:c5:21:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

gdi32

BitBlt
CombineRgn
CreateCompatibleDC
CreateDIBSection
CreateRectRgn
DeleteDC
DeleteObject
GetDIBColorTable
GetDeviceCaps
GetObjectA
GetStockObject
SelectObject

kernel32

AllocConsole
CloseHandle
CreateConsoleScreenBuffer
CreateEventA
CreateFileA
CreateMutexA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleInputEvents
GetProcAddress
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
ReadConsoleInputA
ReleaseMutex
ResetEvent
SetConsoleActiveScreenBuffer
SetConsoleCursorInfo
SetConsoleMode
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleTitleA
SetConsoleWindowInfo
SetEvent
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleOutputW

msvcrt

__dllonexit
__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_lseeki64
_onexit
_snprintf
_vsnprintf
time
calloc
fflush
fprintf
fputs
free
fwrite
getc
getenv
islower
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
rand
realloc
setlocale
sprintf
srand
sscanf
strchr
strcmp
strerror
strlen
strncmp
strtok
strtol
strtoul
_stricmp
_unlock
_wopen
abort
atoi
tolower
ungetc
vfprintf
wcscmp
wcscpy
wcstombs
_write
_wcsdup
_strdup
_read
_open
_getpid
_close

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

user32

AdjustWindowRectEx
BeginPaint
CopyIcon
CreateWindowExA
DefWindowProcA
DestroyCursor
DestroyWindow
DispatchMessageA
DrawIcon
EndPaint
FindWindowA
FrameRect
GetClientRect
GetCursorInfo
GetDC
GetIconInfo
GetSystemMetrics
GetWindowLongA
GetWindowRect
LoadCursorA
PeekMessageA
ReleaseDC
SendMessageA
SetWindowLongA
SetWindowRgn
ShowWindow

avcodec-56

av_destruct_packet
av_free_packet
av_get_pcm_codec
av_new_packet
av_packet_new_side_data
avcodec_find_decoder
avpicture_get_size
avpicture_layout
avpriv_find_pix_fmt
avpriv_get_raw_pix_fmt_tags

avfilter-5

av_buffersink_get_frame_flags
avfilter_get_by_name
avfilter_graph_alloc
avfilter_graph_config
avfilter_graph_create_filter
avfilter_graph_dump
avfilter_graph_free
avfilter_graph_parse_ptr
avfilter_inout_free
avfilter_link
avfilter_link_get_channels
avfilter_register_all

avformat-56

av_codec_get_id
av_iformat_next
av_oformat_next
av_register_input_format
av_register_output_format
avformat_get_riff_video_tags
avformat_new_stream
avio_close
avio_open
avio_read_to_bprint
avpriv_set_pts_info

avutil-54

av_bprint_chars
av_bprint_finalize
av_bprint_init
av_bprintf
av_default_item_name
av_dict_get
av_frame_alloc
av_frame_free
av_frame_get_channels
av_frame_get_metadata
av_frame_get_pkt_pos
av_frame_unref
av_free
av_freep
av_get_bits_per_pixel
av_get_bytes_per_sample
av_get_padded_bits_per_pixel
av_get_pix_fmt_name
av_get_sample_fmt_name
av_gettime
av_int_list_length_for_size
av_log
av_malloc
av_mallocz
av_opt_set_bin
av_opt_set_defaults
av_opt_set_dict
av_opt_set_int
av_parse_video_rate
av_parse_video_size
av_pix_fmt_desc_get
av_rescale_q
av_strdup
av_usleep

Exports

Exports

av_device_capabilities
av_device_ffversion
av_input_audio_device_next
av_input_video_device_next
av_output_audio_device_next
av_output_video_device_next
avdevice_app_to_dev_control_message
avdevice_capabilities_create
avdevice_capabilities_free
avdevice_configuration
avdevice_dev_to_app_control_message
avdevice_free_list_devices
avdevice_license
avdevice_list_devices
avdevice_register_all
avdevice_version

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 709KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 625B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2295f20d8c9acc998da1b0ccbe858380

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

40:ef:58:6f:ba:65:9c:86:4b:6e:a6:eb:bd:11:4a:16Certificate

Extended Key Usages

Key Usages

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

21:97:b5:c2:25:a9:51:71:0d:f5:ea:45:17:c6:c1:05:40:c5:21:e6Signer

Headers

DLL Characteristics

File Characteristics

Imports

avicap32

gdi32

kernel32

msvcrt

ole32

user32

avcodec-56

avfilter-5

avformat-56

avutil-54

Exports

Exports

Sections

.text Size: 182KB - Virtual size: 182KB

.data Size: 1024B - Virtual size: 980B

.rdata Size: 709KB - Virtual size: 708KB

.bss Size: - Virtual size: 19KB

.edata Size: 1024B - Virtual size: 625B

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 6KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

40:ef:58:6f:ba:65:9c:86:4b:6e:a6:eb:bd:11:4a:16
Certificate

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

21:97:b5:c2:25:a9:51:71:0d:f5:ea:45:17:c6:c1:05:40:c5:21:e6
Signer

.text
Size: 182KB - Virtual size: 182KB

.data
Size: 1024B - Virtual size: 980B

.rdata
Size: 709KB - Virtual size: 708KB

.bss
Size: - Virtual size: 19KB

.edata
Size: 1024B - Virtual size: 625B

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 6KB - Virtual size: 5KB