8585e31790b9b7da9fb6fad505bfe27c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8585e31790b9b7da9fb6fad505bfe27c_JaffaCakes118
Size

3.0MB
MD5

8585e31790b9b7da9fb6fad505bfe27c
SHA1

14fc5e6ddd224f567e12390d192feda6499ec11b
SHA256

3d0917f51c59e22b3a6dac51061182abad49e5a4cebfebd102a59147ed19d1c2
SHA512

d8f78bcf1903881ed0ac25a747ef0fc48e6bb05a8627e44ad840f7bbf0ce67589099a5b4348ee96750d42cb80da74ae0ca1ebdc4a89956cca202bca61956bbee
SSDEEP

49152:uscXuAj56TOGtof5Tr9x2GUFOBncKOpop/vSHTgtRNXkVG3odxSOYbRrZ2C4l/z8:PcX356TOUoziOdcbEHSSE/EOWN4C4l1S

Score

1^/10

Malware Config

Signatures

Files

8585e31790b9b7da9fb6fad505bfe27c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d7f039b5793ca79e40a5884b61271bae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:9f:e5:88:4f:82:ed:d7:4c:16:7f:ab:74:63:43:ac:04:6a:05:38
Signer

Actual PE Digest

3f:9f:e5:88:4f:82:ed:d7:4c:16:7f:ab:74:63:43:ac:04:6a:05:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins_Trunk\workspace\CEN_Hive_QQPCDownload_ForDCom\qqpcmgr_proj\bin\Release\QQPCDownload.pdb

Imports

ws2_32

ntohl
WSCEnumProtocols
WSCInstallProvider
WSCWriteProviderOrder
WSCDeinstallProvider
htons
htonl

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleFileNameExW
GetModuleInformation

kernel32

InterlockedDecrement
RaiseException
GetPrivateProfileStringW
GetPrivateProfileIntW
DuplicateHandle
SetDllDirectoryW
GetCommandLineW
SetLastError
TerminateThread
WaitForMultipleObjects
GetVersion
LoadLibraryExW
GetCurrentThreadId
GetCPInfo
CreateFileMappingW
MapViewOfFileEx
OpenFileMappingW
UnmapViewOfFile
GetCurrentThread
SystemTimeToFileTime
OutputDebugStringW
GetLocalTime
FindNextFileW
SetFilePointer
OpenMutexW
GetFullPathNameW
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
SetUnhandledExceptionFilter
ReadProcessMemory
VirtualAllocEx
lstrcpynW
GetSystemTimeAsFileTime
CreateThread
GetTempPathW
MoveFileW
MoveFileExW
ResumeThread
GetExitCodeThread
GetModuleHandleExW
MapViewOfFile
ReleaseMutex
SwitchToThread
Module32FirstW
Module32NextW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesExW
IsBadReadPtr
GetTempFileNameW
WTSGetActiveConsoleSessionId
GetLogicalDriveStringsW
lstrcmpA
LocalAlloc
FileTimeToSystemTime
GetModuleFileNameA
GetExitCodeProcess
GetSystemInfo
GetSystemDefaultLangID
VirtualQuery
LoadLibraryA
ResetEvent
InitializeCriticalSectionAndSpinCount
GetFileAttributesW
IsDebuggerPresent
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
VirtualAlloc
VirtualProtectEx
GetThreadContext
SetThreadContext
CreateRemoteThread
VirtualFree
lstrlenA
FlushInstructionCache
FindResourceW
CreateMutexW
InterlockedIncrement
GetSystemDirectoryW
IsBadWritePtr
ExitProcess
HeapDestroy
HeapReAlloc
HeapSize
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
IsProcessorFeaturePresent
ExitThread
UnhandledExceptionFilter
FileTimeToLocalFileTime
GetCommandLineA
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetCurrentProcessId
GlobalAlloc
WaitForSingleObject
GetLastError
ProcessIdToSessionId
GetModuleHandleW
GetOEMCP
IsValidCodePage
HeapCreate
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetTimeZoneInformation
CompareStringA
CompareStringW
GetProcAddress
CompareFileTime
GetProcessTimes
Process32NextW
OpenProcess
Thread32Next
lstrcmpiW
Thread32First
Sleep
SleepEx
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateProcessW
Process32FirstW
GetVersionExW
CreateToolhelp32Snapshot
CloseHandle
WriteFile
FreeResource
DeviceIoControl
CreateFileW
GetThreadTimes
GetCurrentProcess
LockResource
GlobalFree
LocalFree
VirtualQueryEx
SuspendThread
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
SetEndOfFile
GetDriveTypeA
SetEnvironmentVariableA
CreateFileA
FindClose
FindFirstFileW
MultiByteToWideChar
GetDiskFreeSpaceExW
ReadFile
GetFileSize
DeleteFileW
CopyFileW
GetDriveTypeW
GetLogicalDrives
FreeLibrary
ExpandEnvironmentStringsW
WritePrivateProfileStringW
InterlockedExchange
InterlockedCompareExchange
SetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteProcessMemory
VirtualProtect
WideCharToMultiByte
lstrlenW
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetTickCount
LoadLibraryW
GetModuleFileNameW
FindResourceExW
OpenThread
LoadResource
SizeofResource
GlobalLock
CreatePipe
OpenEventW
GetStdHandle

user32

PostThreadMessageW
PtInRect
GetDlgCtrlID
LoadImageW
EqualRect
KillTimer
DrawFrameControl
DrawTextW
SetCursor
DrawIconEx
SetTimer
ReleaseCapture
IsWindowVisible
SetCapture
LoadIconW
EndPaint
BeginPaint
SetWindowTextW
GetSystemMenu
DestroyIcon
MapWindowPoints
CallWindowProcW
MoveWindow
ReleaseDC
SetActiveWindow
DefWindowProcW
GetDC
GetParent
GetDesktopWindow
TranslateMessage
wsprintfW
GetUserObjectInformationW
CallNextHookEx
GetForegroundWindow
MsgWaitForMultipleObjectsEx
GetLastInputInfo
IsIconic
GetActiveWindow
GetMessageW
SystemParametersInfoW
RegisterClassExW
SetWindowRgn
CreateWindowExW
ClientToScreen
InvalidateRect
GetClientRect
GetWindow
OffsetRect
LoadCursorW
GetWindowRect
SetWindowPos
InflateRect
GetClassInfoExW
SetRect
GetDlgItem
CopyRect
GetKeyState
CharLowerW
RegisterWindowMessageW
SetWindowLongW
GetMonitorInfoW
EnableWindow
MonitorFromWindow
DestroyWindow
IsWindow
PostMessageW
GetWindowLongW
CharNextW
MessageBoxW
SendMessageTimeoutW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
SetThreadDesktop
CloseDesktop
CreateDesktopW
FindWindowA
UnregisterClassW
SendMessageW
ShowWindow
CharUpperW
GetWindowThreadProcessId
FindWindowExW
FindWindowW
PostQuitMessage
GetQueueStatus
WaitMessage
EnumWindows
TrackPopupMenu
LoadStringW
CopyImage
UnregisterClassA
IsWindowEnabled

gdi32

TextOutW
CreateRectRgnIndirect
RoundRect
SelectClipRgn
GetClipRgn
RestoreDC
SaveDC
GetStockObject
BitBlt
OffsetRgn
SetRectRgn
Rectangle
SetTextColor
GetTextExtentPoint32W
CombineRgn
CreateRectRgn
StretchBlt
DeleteDC
ExtTextOutW
CreatePen
SetBkColor
SelectObject
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
GetObjectW
RectInRegion
SetBkMode
MoveToEx
LineTo
CreateBitmap

advapi32

RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
CreateServiceW
ChangeServiceConfig2W
DeleteService
StartServiceW
RegQueryInfoKeyW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
GetUserNameW
IsValidSid
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CLSIDFromProgID
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoLoadLibrary
CoFreeLibrary
CreateStreamOnHGlobal
CoTaskMemAlloc

oleaut32

VarBstrCmp
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
OleLoadPicture
SysAllocString
VarUI4FromStr
SysStringByteLen
SysFreeString

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathRemoveExtensionW
StrToIntA
PathAddExtensionW
PathQuoteSpacesW
PathUnquoteSpacesW
PathFindFileNameA
PathCombineW
PathAddBackslashW

userenv

CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

comctl32

_TrackMouseEvent

gdiplus

GdipSetImageAttributesColorMatrix
GdipGetImageHeight
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipGetImageWidth
GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImage
GdipFree
GdipAlloc
GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipCloneImage
GdiplusShutdown
GdipDrawImageI
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipDisposeImageAttributes
GdipCreateImageAttributes

rpcrt4

UuidCreate

crypt32

CryptMsgGetParam
CryptQueryObject
CryptDecodeObject
CertCloseStore
CryptMsgClose

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetGetConnectedState
InternetCloseHandle

Exports

Exports

CreateTxdlController
EntryPoint
IsSupportNoReName
TxDl_AsyncStartDownload
TxDl_Finalize
TxDl_GetChildLaucherParam
TxDl_GetCurrentLaucherIndex
TxDl_GetLaucher
TxDl_InitDownloadEngine
TxDl_Initialize
TxDl_IsDownloading
TxDl_LoadRoutine
TxDl_Main
TxDl_NotifyQuit
TxDl_RegisterCompleteEvent
TxDl_ReleaseLaucher
Txdl_GetVersion

Sections

.text
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ShareInj
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Downlaod
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DLLShare
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EventHoo
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7f039b5793ca79e40a5884b61271bae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

3f:9f:e5:88:4f:82:ed:d7:4c:16:7f:ab:74:63:43:ac:04:6a:05:38Signer

Headers

File Characteristics

PDB Paths

Imports

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

wtsapi32

version

netapi32

comctl32

gdiplus

rpcrt4

crypt32

wininet

Exports

Exports

Sections

.text Size: 604KB - Virtual size: 603KB

.rdata Size: 144KB - Virtual size: 141KB

.data Size: 112KB - Virtual size: 120KB

ShareInj Size: 4KB - Virtual size: 1KB

Downlaod Size: 28KB - Virtual size: 24KB

DLLShare Size: 4KB - Virtual size: 1KB

EventHoo Size: 4KB - Virtual size: 1KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 56KB - Virtual size: 55KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3f:9f:e5:88:4f:82:ed:d7:4c:16:7f:ab:74:63:43:ac:04:6a:05:38
Signer

.text
Size: 604KB - Virtual size: 603KB

.rdata
Size: 144KB - Virtual size: 141KB

.data
Size: 112KB - Virtual size: 120KB

ShareInj
Size: 4KB - Virtual size: 1KB

Downlaod
Size: 28KB - Virtual size: 24KB

DLLShare
Size: 4KB - Virtual size: 1KB

EventHoo
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 56KB - Virtual size: 55KB