876fecb5c2c799171038148a232e50b2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

876fecb5c2c799171038148a232e50b2_JaffaCakes118
Size

327KB
MD5

876fecb5c2c799171038148a232e50b2
SHA1

adff870256f80f92dcec391d6fcededce8a393ad
SHA256

0c798b5660a58ed221faf4f3aa3b0b9004f7bd0cf435dc7ca7a0c665b96dbeb3
SHA512

9c1ddaeef37e96dc5c649aa81dbad843dbc2e7c0c49428f30b9b54128456399752e1923ae74cbe5010e45616438e6afa4d5eb2abcd5a6549ea0d1bf4f70b1670
SSDEEP

6144:SBUOk0WuV6iyGS8YeSD0Ntt+R1Rzeb3eCLLXPADOZooeVLC:SyOk0WylyGSreSDAtUNC3Gox

Score

1^/10

Malware Config

Signatures

Files

876fecb5c2c799171038148a232e50b2_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

edd2dd9cd207c4bba0e60063e4025849

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:5a:9d:93:d7:70:22:9c:50:3b:83:55:b1:5b:6d:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-02-2015 00:00

Not After

05-04-2016 23:59

Subject

CN=Beijing Baofeng Technology Co.\, Ltd.,OU=在线QA,O=Beijing Baofeng Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:c9:2d:62:47:36:99:f3:b8:ad:48:3e:d8:81:74:b5:5f:f3:6e:8c
Signer

Actual PE Digest

d3:c9:2d:62:47:36:99:f3:b8:ad:48:3e:d8:81:74:b5:5f:f3:6e:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\jenkins\workspace\官网p2p\download_lib_vc9\Bin\Product Release Pdb\StormNC\kinterface.pdb

Imports

kmem_ui

oom_chunk_free
oom_chunk_alloc

kernel32

InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetTickCount
OutputDebugStringA
SetEvent
CreateEventA
GetModuleHandleW
WaitForSingleObject
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
SetFileAttributesA
Sleep
EnterCriticalSection
DisableThreadLibraryCalls
IsDBCSLeadByte
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
GetLastError
GetModuleHandleA
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrlenW
IsBadCodePtr
VirtualQuery
GetModuleFileNameA
lstrlenA
LoadLibraryA
FreeLibrary
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
RaiseException
DeleteCriticalSection
GetCurrentThreadId
InterlockedExchange
DecodePointer
CloseHandle
IsProcessorFeaturePresent
GetProcessHeap
InterlockedCompareExchange
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
lstrcatA
CreateDirectoryA
GetFileAttributesA
lstrcpyA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
RemoveDirectoryA
GetVersionExA
GlobalMemoryStatus
GetSystemDefaultLangID
SetFilePointer
CreateFileA
EncodePointer
WriteFile
ReadFile
SetEndOfFile
GetFileSize
FlushFileBuffers
MoveFileA
CopyFileA
HeapFree
HeapAlloc

user32

CharNextW
CharNextA
GetSystemMetrics

advapi32

CloseServiceHandle
LockServiceDatabase
OpenSCManagerA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetFileSecurityA
GetSecurityDescriptorControl
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
GetFileSecurityA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
LookupAccountNameA
RegQueryValueExA
UnlockServiceDatabase

ole32

CoTaskMemFree
StringFromIID
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoUninitialize
CLSIDFromString
CoInitializeEx
IIDFromString

oleaut32

SysStringLen
RegisterTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi

msvcp100

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1_Container_base12@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?fail@ios_base@std@@QBE_NXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_BADOFF@std@@3_JB
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z

msvcr100

setvbuf
fwrite
fgetpos
_fseeki64
fsetpos
fclose
memmove_s
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_crt_debugger_hook
_stricmp
isspace
sscanf_s
_CIlog10
_CIpow
rand
atof
_strlwr_s
_ui64toa_s
_ultoa_s
_i64toa_s
strtoul
fflush
_unlock_file
_lock_file
ungetc
fputc
fgetc
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0exception@std@@QAE@XZ
memchr
_recalloc
malloc
wcsncpy_s
strcpy_s
strcat_s
memcmp
_mbsstr
_mbsnbcpy_s
_resetstkoflw
free
memcpy_s
_snprintf_s
memmove
strrchr
_itoa_s
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
memcpy
strlen
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memset
_purecall
strtol
_errno
_atoi64
atol
strcmp

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

WSAIoctl
WSASocketA
ntohs
inet_ntoa
inet_addr

wininet

InternetQueryOptionA

shell32

SHGetSpecialFolderPathA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edd2dd9cd207c4bba0e60063e4025849

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3f:5a:9d:93:d7:70:22:9c:50:3b:83:55:b1:5b:6d:f0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d3:c9:2d:62:47:36:99:f3:b8:ad:48:3e:d8:81:74:b5:5f:f3:6e:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kmem_ui

kernel32

user32

advapi32

ole32

oleaut32

msvcp100

msvcr100

version

ws2_32

wininet

shell32

Exports

Exports

Sections

.text Size: 223KB - Virtual size: 223KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3f:5a:9d:93:d7:70:22:9c:50:3b:83:55:b1:5b:6d:f0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d3:c9:2d:62:47:36:99:f3:b8:ad:48:3e:d8:81:74:b5:5f:f3:6e:8c
Signer

.text
Size: 223KB - Virtual size: 223KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB