81d4651ad8171d9b6ebaffcd8fc28458_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

81d4651ad8171d9b6ebaffcd8fc28458_JaffaCakes118
Size

259KB
MD5

81d4651ad8171d9b6ebaffcd8fc28458
SHA1

6d57b98eccf3bb44434ecdb38630d209fd94c74b
SHA256

304fc038ab723dd1278d020ac1d0c62a84403b91d2e1d6b061baea6bd6ecd3b0
SHA512

d1ad8412602a35119f50560bc1e2ef9278ba3637031352f25a4c79fc7709683fe41476d57eb98136434ca2e7389611d8a90fa2d83d038d0fd13e7f253e15bb8c
SSDEEP

6144:1Mx/UFHw3hkVAsNQOL53PeX/MWkNdGIIQadcCz4njUYGTBJgpuOtE7N3:1MhUFHwxkV7QONeEWkNlIQadcmojrGTb

Score

1^/10

Malware Config

Signatures

Files

81d4651ad8171d9b6ebaffcd8fc28458_JaffaCakes118
.dll windows:5 windows x86 arch:x86

058683af685398e229287e3979514bb1

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:76:9c:e4:5a:4c:55:0b:e4:99:a6:04:2a:3c:7d:64
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/10/2018, 00:00

Not After

08/11/2019, 23:59

Subject

CN=YY Inc.,OU=IT,O=YY Inc.,L=GuangZhou,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:76:9c:e4:5a:4c:55:0b:e4:99:a6:04:2a:3c:7d:64
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/10/2018, 00:00

Not After

08/11/2019, 23:59

Subject

CN=YY Inc.,OU=IT,O=YY Inc.,L=GuangZhou,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

94:e6:71:b6:c3:45:26:57:86:6f:ed:fe:b8:af:30:78:c6:96:52:00:a9:61:cf:1d:38:8b:fd:90:3c:6e:b3:03
Signer

Actual PE Digest

94:e6:71:b6:c3:45:26:57:86:6f:ed:fe:b8:af:30:78:c6:96:52:00:a9:61:cf:1d:38:8b:fd:90:3c:6e:b3:03

Digest Algorithm

sha256

PE Digest Matches

true

78:91:ef:71:3c:39:0f:53:db:e1:d1:d3:c3:c7:90:65:70:e3:4c:d7
Signer

Actual PE Digest

78:91:ef:71:3c:39:0f:53:db:e1:d1:d3:c3:c7:90:65:70:e3:4c:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DUOWAN_BUILD\build\Build_Src\dwinternal\protocol_checkTalkBanned_mb\bin\release\logininfo.pdb

Imports

protocomm

?remove@ProtoTaskThread@@UAEXPAVIProtoTask@@@Z
?getRecvBytes@ProtoLink@@UBE_KXZ
?getLinkHandler@ProtoLink@@UAEPAVIProtoLinkHandler@@XZ
?setProxy@ProtoLink@@UAEXPAUIProxy@protocol@@@Z
?connect@ProtoLink@@UAE_NIABV?$vector@GV?$allocator@G@std@@@std@@G@Z
?send@ProtoLink@@UAEXIABUMarshallable@sox@@II@Z
?setCompress@ProtoLink@@UAEX_N@Z
?setTcpNodelay@ProtoLink@@UAEX_N@Z
?setLinkOpt@ProtoLink@@UAEXW4LinkOpt@IProtoLink@@_N@Z
?getLastRecvTime@ProtoLink@@UBEIXZ
??1ProtoLink@@UAE@XZ
??1ProtoPacketPool@@UAE@XZ
??1ProtoTaskThread@@UAE@XZ
?newPacket@ProtoPacketPool@@UAEPAVIProtoPacket@@HPBDHH@Z
?newPacket@ProtoPacketPool@@UAEPAVIProtoPacket@@PBDHH@Z
?newPacket@ProtoPacketPool@@UAEPAVIProtoPacket@@HABUMarshallable@sox@@@Z
?freePacket@ProtoPacketPool@@UAEXPAVIProtoPacket@@@Z
?post@ProtoTaskThread@@UAEXPAVIProtoTask@@I@Z
?post@ProtoTaskThread@@UAEXPAVIProtoTask@@@Z
?getPeerPort@ProtoLink@@UBEGXZ
?getLocalPort@ProtoLink@@UBEGXZ
?getConnId@ProtoLink@@UBEIXZ
?addRtt@ProtoLink@@UAEXH@Z
?isSameLink@ProtoLink@@UBE_NI@Z
?getLastRtt@ProtoLink@@UBEIXZ
?isConnected@ProtoLink@@UBE_NXZ
?isReady@ProtoLink@@UBE_NXZ
?isConnecting@ProtoLink@@UBE_NXZ
?setEncPayload@ProtoLink@@UAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?isTcpLink@ProtoLink@@UBE_NXZ
?currentSystemTime@ProtoTime@@SAIXZ
?app2net@ProtoA2U@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@3@@Z
?toUint32@ProtoHelper@@SAIV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?toString@ProtoHelper@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?app2net@ProtoA2U@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBG@Z
?net2app@ProtoA2U@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?clear@ProtoTaskThread@@UAEXXZ
?stop@ProtoTaskThread@@UAEXXZ
?getAvgRtt@ProtoLink@@UBEIXZ
?getLocalIp@ProtoLink@@UBEIXZ
?getPeerIp@ProtoLink@@UBEIXZ
?getLastError@ProtoLink@@UBEIXZ
?startKeepAlive@ProtoLink@@UAEXI@Z
?getStatus@ProtoLink@@UAE?AW4LinkStatus@IProtoLink@@XZ
?setStatus@ProtoLink@@UAEXW4LinkStatus@IProtoLink@@@Z
?close@ProtoLink@@UAEXXZ
?send@ProtoLink@@UAEXPAVIProtoPacket@@@Z
?send@ProtoLink@@UAEXPBDI@Z
?send@ProtoLink@@UAEXIABUMarshallable@sox@@@Z
?reconnect@ProtoLink@@UAE_NXZ
?connect@ProtoLink@@UAE_NIABV?$vector@GV?$allocator@G@std@@@std@@@Z
?connect@ProtoLink@@UAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@GV?$allocator@G@std@@@3@@Z

ws2_32

inet_ntoa

dwutility

?getGlobalMid@minfo@DwUtility@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

dwbase

insert_name_id
?IsLogLevelEnabled@@YA_NG@Z
?DoLog@@YAXGPBD0G0PBG@Z
?dropDatabase@Data@@YAXK@Z
?queryDatabase@Data@@YA?AV?$comptr@UIDatabase@Data@@@@K@Z
?createDatabase@Data@@YA?AV?$comptr@UIDatabase@Data@@@@K@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
MultiByteToWideChar

msvcp90

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

msvcr90

?what@exception@std@@UBEPBDXZ
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
?terminate@@YAXXZ
memset
wcslen
memmove_s
_atoi64
memmove
strlen
_snwprintf_s
malloc
free
memcpy
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
??_V@YAXPAX@Z
_purecall
??2@YAPAXI@Z
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_onexit

Exports

Exports

??0CPerfRecord@Perf@@QAE@XZ
??0ILoginProtoMod@protocol@@QAE@ABV01@@Z
??0ILoginProtoMod@protocol@@QAE@XZ
??0IProtoLink@@QAE@ABV0@@Z
??0IProtoLink@@QAE@XZ
??0IProtoLinkHandler@@QAE@ABV0@@Z
??0IProtoLinkHandler@@QAE@XZ
??0ProtoLink@@QAE@ABV0@@Z
??0ProtoLinkMgr@@AAE@ABV0@@Z
??0ProtoPacketPool@@QAE@ABV0@@Z
??0ProtoTaskThread@@QAE@ABV0@@Z
??0ProtoTcpLink@@QAE@ABV0@@Z
??0ProtoUInfo@@QAE@ABV0@@Z
??0ProtoUdpLink@@QAE@ABV0@@Z
??1ILoginProtoMod@protocol@@UAE@XZ
??1IProtoLink@@UAE@XZ
??1ProtoTcpLink@@UAE@XZ
??1ProtoUInfo@@QAE@XZ
??1ProtoUdpLink@@UAE@XZ
??4CPerfRecord@Perf@@QAEAAV01@ABV01@@Z
??4ILoginProtoMod@protocol@@QAEAAV01@ABV01@@Z
??4IProtoLink@@QAEAAV0@ABV0@@Z
??4IProtoLinkHandler@@QAEAAV0@ABV0@@Z
??4ProtoA2U@@QAEAAV0@ABV0@@Z
??4ProtoHelper@@QAEAAV0@ABV0@@Z
??4ProtoLink@@QAEAAV0@ABV0@@Z
??4ProtoLinkMgr@@QAEAAV0@ABV0@@Z
??4ProtoPacketPool@@QAEAAV0@ABV0@@Z
??4ProtoTaskThread@@QAEAAV0@ABV0@@Z
??4ProtoTcpLink@@QAEAAV0@ABV0@@Z
??4ProtoTime@@QAEAAV0@ABV0@@Z
??4ProtoUInfo@@QAEAAV0@ABV0@@Z
??4ProtoUdpLink@@QAEAAV0@ABV0@@Z
??_7ILoginProtoMod@protocol@@6B@
??_7IProtoLink@@6B@
??_7IProtoLinkHandler@@6B@
??_7ProtoLink@@6B@
??_7ProtoPacketPool@@6B@
??_7ProtoTaskThread@@6B@
??_7ProtoTcpLink@@6B@
??_7ProtoUdpLink@@6B@
?GetInstance@CPerfRecord@Perf@@SAPAV12@XZ
?s_pImpl@?1??GetInstance@CPerfRecord@Perf@@SAPAV23@XZ@4PAV23@A
_getModule@4
_releaseModule@0

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

058683af685398e229287e3979514bb1

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

18:76:9c:e4:5a:4c:55:0b:e4:99:a6:04:2a:3c:7d:64Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

18:76:9c:e4:5a:4c:55:0b:e4:99:a6:04:2a:3c:7d:64Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

94:e6:71:b6:c3:45:26:57:86:6f:ed:fe:b8:af:30:78:c6:96:52:00:a9:61:cf:1d:38:8b:fd:90:3c:6e:b3:03Signer

78:91:ef:71:3c:39:0f:53:db:e1:d1:d3:c3:c7:90:65:70:e3:4c:d7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

protocomm

ws2_32

dwutility

dwbase

kernel32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 161KB - Virtual size: 160KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 25KB - Virtual size: 24KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

18:76:9c:e4:5a:4c:55:0b:e4:99:a6:04:2a:3c:7d:64
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

18:76:9c:e4:5a:4c:55:0b:e4:99:a6:04:2a:3c:7d:64
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

94:e6:71:b6:c3:45:26:57:86:6f:ed:fe:b8:af:30:78:c6:96:52:00:a9:61:cf:1d:38:8b:fd:90:3c:6e:b3:03
Signer

78:91:ef:71:3c:39:0f:53:db:e1:d1:d3:c3:c7:90:65:70:e3:4c:d7
Signer

.text
Size: 161KB - Virtual size: 160KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 25KB - Virtual size: 24KB