68d31af93a9c7a47b8faa9a1a6cdf9dd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

68d31af93a9c7a47b8faa9a1a6cdf9dd_JaffaCakes118
Size

40KB
MD5

68d31af93a9c7a47b8faa9a1a6cdf9dd
SHA1

47e9b8bd117dbd0c3b9c2a9417e27463615a135a
SHA256

5137aeff8b1eb9646e3c6950e139828a8596ac58208f3324010448a666fa505e
SHA512

a7853ab18198ed82608665e7b32a6bb52e40a05cdb1471d1549b47a62171037585b096c98b485e41f26391c6d3687123254eb52baa01e12bbe342e12de9e0fe0
SSDEEP

768:HZQm8jn4YUCQYvxKocvrOiSdSc5mBy3whj:HZQme4Y3QYJKNObocQByghj

Score

1^/10

Malware Config

Signatures

Files

68d31af93a9c7a47b8faa9a1a6cdf9dd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2ef0878a2641151b5238a02ff794ded0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-02-2016 00:00

Not After

15-10-2018 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-02-2016 00:00

Not After

15-10-2018 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-01-2017 00:00

Not After

01-04-2028 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2d:1c:82:6c:08:ff:41:cf:bf:11:02:16:2b:e3:55:1c:87:ce:cc:3a:a0:d4:23:62:bc:50:5f:62:9a:e5:0e:97
Signer

Actual PE Digest

2d:1c:82:6c:08:ff:41:cf:bf:11:02:16:2b:e3:55:1c:87:ce:cc:3a:a0:d4:23:62:bc:50:5f:62:9a:e5:0e:97

Digest Algorithm

sha256

PE Digest Matches

true

9f:a2:97:ce:3f:f6:45:fc:d0:29:dd:81:6a:25:cd:45:47:ac:00:3e
Signer

Actual PE Digest

9f:a2:97:ce:3f:f6:45:fc:d0:29:dd:81:6a:25:cd:45:47:ac:00:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\DUOWAN_BUILD\build\Build_Src\yymixer\yymixer_4.0.1.x_fb\bin\release\installstat.pdb

Imports

dwbase

?DoLog@@YAXGPBD0G0PBG@Z
?IsLogLevelEnabled@@YA_NG@Z

dwutility

?loadLibraryEx@system@DwUtility@@YAPAUHINSTANCE__@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@I@Z
?appRootPath@app@DwUtility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?getMacInfo@minfo@DwUtility@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

qtgui4

??0QApplication@@QAE@AAHPAPADH@Z
??1QApplication@@UAE@XZ
??0QMainWindow@@QAE@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z
?exec@QApplication@@SAHXZ
?close@QWidget@@QAE_NXZ
??1QMainWindow@@UAE@XZ

qtcore4

??1QObject@@UAE@XZ
?allocate@QVectorData@@SAPAU1@HH@Z
?qMemSet@@YAPAXPAXHI@Z
?reallocate@QVectorData@@SAPAU1@PAU1@HHH@Z
??1QString@@QAE@XZ
?compare@QString@@QBEHABV1@W4CaseSensitivity@Qt@@@Z
?fromAscii_helper@QString@@CAPAUData@1@PBDH@Z
?qFree@@YAXPAX@Z
?toLocal8Bit@QString@@QBE?AVQByteArray@@XZ
?detach@QByteArray@@QAEXXZ
?qWinMain@@YAXPAUHINSTANCE__@@0PADHAAHAAV?$QVector@PAD@@@Z
??0QRegExp@@QAE@ABVQString@@W4CaseSensitivity@Qt@@W4PatternSyntax@0@@Z
?indexIn@QRegExp@@QBEHABVQString@@HW4CaretMode@1@@Z
?cap@QRegExp@@QAE?AVQString@@H@Z
??1QRegExp@@QAE@XZ
??0QString@@QAE@XZ
??0QString@@QAE@PBD@Z
?toStdString@QString@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?staticMetaObject@QObject@@2UQMetaObject@@B
?qt_metacall@QObject@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QObject@@UAEPAXPBD@Z
?shared_null@QString@@0UData@1@A
?fromStdWString@QString@@SA?AV1@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?exists@QFile@@SA_NABVQString@@@Z
??0QFile@@QAE@ABVQString@@@Z
?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??0QTextStream@@QAE@PAVQIODevice@@@Z
?readLine@QTextStream@@QAE?AVQString@@_J@Z
?contains@QString@@QBE?AVQBool@@ABV1@W4CaseSensitivity@Qt@@@Z
?lastIndexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z
?mid@QString@@QBE?AV1@HH@Z
?close@QFile@@UAEXXZ
??1QTextStream@@UAE@XZ
??1QFile@@UAE@XZ
?append@QString@@QAEAAV1@PBD@Z
?number@QString@@SA?AV1@HH@Z
?number@QString@@SA?AV1@KH@Z
?toUtf8@QString@@QBE?AVQByteArray@@XZ
??1QByteArray@@QAE@XZ
?fromStdString@QString@@SA?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?toUInt@QString@@QBEIPA_NH@Z
??1QTimer@@UAE@XZ
?timerEvent@QTimer@@MAEXPAVQTimerEvent@@@Z
?qt_metacall@QTimer@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QTimer@@UAEPAXPBD@Z
?metaObject@QTimer@@UBEPBUQMetaObject@@XZ
?disconnectNotify@QObject@@MAEXPBD@Z
?connectNotify@QObject@@MAEXPBD@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
??0QObject@@QAE@PAV0@@Z
??0QTimer@@QAE@PAVQObject@@@Z
?connect@QObject@@SA_NPBV1@PBD01W4ConnectionType@Qt@@@Z
?start@QTimer@@QAEXH@Z
?fromWCharArray@QString@@SA?AV1@PBGH@Z
?split@QString@@QBE?AVQStringList@@ABV1@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z
??4QString@@QAEAAV0@ABV0@@Z
?toInt@QString@@QBEHPA_NH@Z
??0QString@@QAE@ABV0@@Z
?free@QVectorData@@SAXPAU1@H@Z

kernel32

InterlockedCompareExchange
Sleep
InterlockedExchange
GetProcAddress
GetStartupInfoA
GetCommandLineW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
MultiByteToWideChar
TerminateProcess
GetTempPathW
GetCurrentProcess

shell32

SHGetSpecialFolderPathW

msvcp90

?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Bios_base@std@@QBEPAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z

msvcr90

memcpy
strlen
??3@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
wcslen
_invalid_parameter_noinfo
_ctime64
_time64
sprintf
strcmp
__CxxFrameHandler3
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
memset

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ef0878a2641151b5238a02ff794ded0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

2d:1c:82:6c:08:ff:41:cf:bf:11:02:16:2b:e3:55:1c:87:ce:cc:3a:a0:d4:23:62:bc:50:5f:62:9a:e5:0e:97Signer

9f:a2:97:ce:3f:f6:45:fc:d0:29:dd:81:6a:25:cd:45:47:ac:00:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dwbase

dwutility

qtgui4

qtcore4

kernel32

shell32

msvcp90

msvcr90

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

2d:1c:82:6c:08:ff:41:cf:bf:11:02:16:2b:e3:55:1c:87:ce:cc:3a:a0:d4:23:62:bc:50:5f:62:9a:e5:0e:97
Signer

9f:a2:97:ce:3f:f6:45:fc:d0:29:dd:81:6a:25:cd:45:47:ac:00:3e
Signer

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB