767572f6e2c07b356b0b5992677ecdc9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

767572f6e2c07b356b0b5992677ecdc9_JaffaCakes118
Size

379KB
MD5

767572f6e2c07b356b0b5992677ecdc9
SHA1

c9e5a55dcffb11200884b7c0a8a196194dd224f6
SHA256

c88c0cbeacc0e0766488bb09248ab2b8f55ff5ad1851210fad97903c0f081cfc
SHA512

fc039e8a2638fefe890bbb0bb474e48cdc4af7d1ec7d0e3655dd776f68d0b208b71beb91482d0410f0bcaaf2449984825d7ee5cb5a1d61bcf4365dd7acc411b8
SSDEEP

6144:pnuw1lc/CzjUt0WJvY8vCWAWmgTtGLtBNDa3GOsU:pugMt0WxJLAWBTtGda2G

Score

1^/10

Malware Config

Signatures

Files

767572f6e2c07b356b0b5992677ecdc9_JaffaCakes118
.dll windows:5 windows x64 arch:x64

f823295e26818de2df052f2c08b08503

Code Sign

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2018, 00:00

Not After

09/01/2020, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:f7:84:c7:e5:33:92:3b:69:00:c2:c0:dc:8c:fd:ac:ee:e2:5d:57
Signer

Actual PE Digest

f4:f7:84:c7:e5:33:92:3b:69:00:c2:c0:dc:8c:fd:ac:ee:e2:5d:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\PCReviver_with_tests\trunk\cxx\bin\x64\Release\FileExtensionManager-vc100-mt.pdb

Imports

kernel32

SetLastError
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
GlobalUnlock
GlobalLock
GlobalAlloc
SetEvent
WaitForSingleObjectEx
CloseHandle
CreateEventA
GetUserDefaultLangID
GetVersionExW
FindResourceExW
DisableThreadLibraryCalls
QueryPerformanceCounter
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
FormatMessageA
SystemTimeToFileTime
CreateWaitableTimerA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
FindResourceW
ExpandEnvironmentStringsW
GetModuleHandleW
GetModuleFileNameW
SetWaitableTimer
ResetEvent
GetCurrentProcessId
ReleaseSemaphore
WaitForMultipleObjectsEx
GetTickCount
GetModuleHandleA
OpenEventA
SizeofResource
LoadResource
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetCurrentThreadId
RaiseException
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LocalFree
GetProcAddress
LockResource
GlobalFree
GetSystemTimeAsFileTime
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
InitializeCriticalSection
DecodePointer

user32

CreateWindowExW
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetPropW
SetPropW
InvalidateRect
EndPaint
ReleaseDC
GetDC
SetWindowPos
SendMessageW
TrackMouseEvent
DestroyWindow
ShowWindow
BeginPaint
GetClientRect
FillRect
GetWindowLongPtrW
GetWindowLongW
LoadCursorW
RegisterWindowMessageW
IsWindowVisible
GetWindowRect
GetClassNameW
CallNextHookEx
mouse_event
SendInput
SetCursorPos
GetCursorPos
FindWindowW
SetWindowsHookExW
SetWindowLongW
GetParent
GetFocus
IsWindow
IsWindowEnabled
SetCursor
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
GetGuiResources
DestroyIcon
UnregisterClassW
DestroyCursor
LoadBitmapW
SetWindowLongPtrW
ReleaseCapture

gdi32

DeleteObject
DeleteDC
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
RestoreDC
SaveDC
GetDeviceCaps
StretchBlt
SetStretchBltMode
GetObjectW
GetBitmapBits

shell32

ExtractIconExW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize

advapi32

RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
ConvertStringSidToSidW
ConvertSidToStringSidW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
LookupAccountSidW
GetTokenInformation
OpenProcessToken

psapi

EnumProcesses

msvcp140

?_Incref@facet@locale@std@@UEAAXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?toupper@?$ctype@_W@std@@QEBA_W_W@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Getcoll
_Wcscoll
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Wcsxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xbad_alloc@std@@YAXXZ

shlwapi

AssocQueryKeyW
SHGetValueW
AssocQueryStringW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdiplus

GdipCreateBitmapFromResource
GdipCreateStringFormat
GdipGetFontStyle
GdipDeleteFont
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCloneFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFromHWND
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageGraphicsContext
GdipGetStringFormatTrimming
GdipSetStringFormatTrimming
GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipGetFontHeight
GdipGetFontSize
GdipGetFamily
GdipGetFamilyName
GdipDeleteFontFamily
GdipGetDpiY
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneBitmapAreaI
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdiplusStartup
GdipSetImageAttributesWrapMode

vcruntime140

wcsstr
__vcrt_InitializeCriticalSectionEx
__std_type_info_destroy_list
__C_specific_handler
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
_purecall
__std_terminate
memmove
__std_exception_destroy
__std_exception_copy
strchr

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_seh_filter_dll
_cexit
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_errno
_beginthreadex
strerror
_invalid_parameter_noinfo

api-ms-win-crt-string-l1-1-0

wmemcpy_s
_wcsupr_s
_wcslwr_s
wcscpy_s
iswspace
wcsnlen
tolower

api-ms-win-crt-heap-l1-1-0

realloc
_recalloc
free
malloc
_callnewh

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s

api-ms-win-crt-math-l1-1-0

floor
ceil
pow

api-ms-win-crt-time-l1-1-0

_gmtime64

Exports

Exports

??0CFileExtensionManager@FileExtensionManagerLib@@QEAA@XZ
??1CFileExtensionManager@FileExtensionManagerLib@@QEAA@XZ
?canWork@CFileExtensionManager@FileExtensionManagerLib@@SA_NXZ
?changeExtensionAssociation@CFileExtensionManager@FileExtensionManagerLib@@QEAA_NHV?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@@Z
?createApplicationHandler@CFileExtensionManager@FileExtensionManagerLib@@QEAA?AV?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?createIcon@CFileExtensionManager@FileExtensionManagerLib@@AEAA?AV?$shared_ptr@V?$CIconT@$00@FileExtensionManagerLib@@@boost@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?getAdditionalData@CFileExtensionManager@FileExtensionManagerLib@@QEAA?AV?$vector@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@V?$allocator@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@@std@@@std@@H@Z
?getApplicationByProgIdOrProg@CFileExtensionManager@FileExtensionManagerLib@@AEAA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAEAV?$vector@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@V?$allocator@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@@std@@@4@AEBV34@@Z
?getExtension@CFileExtensionManager@FileExtensionManagerLib@@QEBA?AV?$shared_ptr@VCExtension@FileExtensionManagerLib@@@boost@@H@Z
?getExtensionCount@CFileExtensionManager@FileExtensionManagerLib@@QEBA_KXZ
?getExtensionData@CFileExtensionManager@FileExtensionManagerLib@@AEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEAUIQueryAssociations@@AEAV?$shared_ptr@VCExtension@FileExtensionManagerLib@@@boost@@@Z
?isScanRunning@CFileExtensionManager@FileExtensionManagerLib@@QEAA_NXZ
?join@CFileExtensionManager@FileExtensionManagerLib@@QEAAXXZ
?pathToNormal@CFileExtensionManager@FileExtensionManagerLib@@AEAAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?scanFinished@CFileExtensionManager@FileExtensionManagerLib@@AEAAXXZ
?scaningThreadFunction@CFileExtensionManager@FileExtensionManagerLib@@AEAAXXZ
?start@CFileExtensionManager@FileExtensionManagerLib@@QEAAXPEAVIExtensionNotificationHandler@2@@Z
?stop@CFileExtensionManager@FileExtensionManagerLib@@QEAAXXZ
?updateInfo@CFileExtensionManager@FileExtensionManagerLib@@QEAA_NH@Z
?useWinEightStyle@CFileExtensionManager@FileExtensionManagerLib@@SA_NXZ
HookProcFunc
showOpenWithDlg

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f823295e26818de2df052f2c08b08503

Code Sign

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

f4:f7:84:c7:e5:33:92:3b:69:00:c2:c0:dc:8c:fd:ac:ee:e2:5d:57Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

advapi32

psapi

msvcp140

shlwapi

wtsapi32

version

gdiplus

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 235KB - Virtual size: 234KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 10KB - Virtual size: 14KB

.pdata Size: 17KB - Virtual size: 16KB

.gfids Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

f4:f7:84:c7:e5:33:92:3b:69:00:c2:c0:dc:8c:fd:ac:ee:e2:5d:57
Signer

.text
Size: 235KB - Virtual size: 234KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 10KB - Virtual size: 14KB

.pdata
Size: 17KB - Virtual size: 16KB

.gfids
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB