6f3b03a3a93c38e29727cba7a6be5ee2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6f3b03a3a93c38e29727cba7a6be5ee2_JaffaCakes118
Size

679KB
MD5

6f3b03a3a93c38e29727cba7a6be5ee2
SHA1

798044567817bd97c709aa1e58ec9471e7925b4a
SHA256

2f7debfcca94e29ca0ff997e71b7a3762408fb9ee157873ed50682405206bbd2
SHA512

ef4dc22a794b16f8ecd91746acf55b0871623ceae12b7f58b06d053902e1e4586d8c0def45b368ad767a2fee95fd26999a6eed93de364642207d3926a7bc12e0
SSDEEP

12288:JhKDF4f+FIPgv92nvHQMhhQEoFrVjOw/j1pF6+0QO3AA8czObbw3vG/PEoO:DKDFEkIWAThhQEoFMG8+IAA8oMw3vIPQ

Score

1^/10

Malware Config

Signatures

Files

6f3b03a3a93c38e29727cba7a6be5ee2_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

7f3b2bb3395738324d21637a0b497a11

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15-12-2015 00:00

Not After

06-02-2018 23:59

Subject

CN=BeiJing Baidu Netcom Science Technology Co.\, Ltd,OU=\ Engineering Excellence,O=BeiJing Baidu Netcom Science Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:12:ea:cf:46:bb:f7:c1:c5:92:02:13:5c:41:da:23:da:d4:20:98
Signer

Actual PE Digest

d9:12:ea:cf:46:bb:f7:c1:c5:92:02:13:5c:41:da:23:da:d4:20:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\clientci\workspace\yingyin_compile_4.1.2\yingyin2\build\Release\pdb\RealMediaSplitter.pdb

Imports

winmm

timeSetEvent
timeKillEvent

kernel32

GetCurrentProcessId
GetModuleHandleExW
GetPrivateProfileIntW
GetModuleFileNameW
RaiseException
ReadFile
CreateFileW
GetFileSizeEx
SetFilePointerEx
DeleteFileW
Sleep
OutputDebugStringW
CreateThread
GetTickCount
SetThreadPriority
GetModuleHandleW
InterlockedExchange
VirtualAlloc
CreateSemaphoreW
GetCurrentThreadId
GetCurrentProcess
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
ResetEvent
SetEvent
CreateEventW
CloseHandle
InterlockedIncrement
lstrcmpW
lstrlenA
InterlockedDecrement
GetVersionExW
GetModuleFileNameA
lstrcpyW
lstrlenW
WideCharToMultiByte
FreeLibrary
GetProcAddress
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
TlsFree
WriteConsoleW
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
SetHandleCount
LCMapStringW
GetStdHandle
IsProcessorFeaturePresent
HeapDestroy
HeapCreate
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
HeapReAlloc
ExitProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineA
DecodePointer
EncodePointer
HeapAlloc
HeapFree
RtlUnwind
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
FlushFileBuffers
SetFilePointer
WriteFile
ReleaseActCtx
GlobalAlloc
GlobalLock
GlobalDeleteAtom
lstrcmpA
GlobalAddAtomW
GlobalUnlock
LocalFree
FormatMessageW
GlobalFree
InitializeCriticalSectionAndSpinCount
CompareStringW
GlobalFindAtomW
GlobalFlags
LocalAlloc

user32

GetMenuItemID
SetWindowLongW
IsWindow
GetWindowLongW
UnhookWindowsHookEx
PostQuitMessage
PostMessageW
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetKeyState
CallNextHookEx
SetWindowsHookExW
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowThreadProcessId
SetMenu
GetCapture
LoadIconW
GetDlgCtrlID
GetDlgItem
WinHelpW
DestroyMenu
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
SetWindowPos
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
PtInRect
CallWindowProcW
GetWindowRect
RegisterClassW
GetClassInfoExW
SetForegroundWindow
MonitorFromWindow
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetForegroundWindow
GetWindowTextW
RemovePropW
GetPropW
PeekMessageW
GetClassLongW
SetWindowTextW
RealChildWindowFromPoint
RedrawWindow
AdjustWindowRectEx
GetSysColorBrush
ScreenToClient
GetClassNameW
GetMenu
LoadCursorW
GetSysColor
GetSystemMetrics
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
DefWindowProcW
GetParent
MapWindowPoints
GetClientRect
SendMessageW
GetSubMenu
GetMenuItemCount
CreateWindowExW
GetClassInfoW
SetRectEmpty
CopyRect
GetWindow
SetPropW
SetRect
DispatchMessageW
RegisterWindowMessageW

gdi32

SetTextColor
SetMapMode
GetClipBox
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetTextMetricsW
GetDeviceCaps
GetObjectW
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
CreatePen
GetStockObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegSetValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW

ole32

CoCreateInstance
CoInitialize
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoFreeUnusedLibraries
StringFromGUID2
CoUninitialize

oleaut32

VariantChangeType
SysAllocString
SysAllocStringLen
VariantInit
VariantClear
SysFreeString

shlwapi

PathAddBackslashA
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveFileSpecA

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f3b2bb3395738324d21637a0b497a11

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

d9:12:ea:cf:46:bb:f7:c1:c5:92:02:13:5c:41:da:23:da:d4:20:98Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

oleacc

winspool.drv

Exports

Exports

Sections

.text Size: 415KB - Virtual size: 414KB

.rdata Size: 126KB - Virtual size: 125KB

.data Size: 44KB - Virtual size: 103KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 83KB - Virtual size: 83KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

d9:12:ea:cf:46:bb:f7:c1:c5:92:02:13:5c:41:da:23:da:d4:20:98
Signer

.text
Size: 415KB - Virtual size: 414KB

.rdata
Size: 126KB - Virtual size: 125KB

.data
Size: 44KB - Virtual size: 103KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 83KB - Virtual size: 83KB