8a1566d9260e8e9c5efa1f938490a320_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8a1566d9260e8e9c5efa1f938490a320_JaffaCakes118
Size

434KB
MD5

8a1566d9260e8e9c5efa1f938490a320
SHA1

e7e0fa2c75ab139aa21885b463955d9b491fcc68
SHA256

c2abbb33d9855a9b1562263a283e722126375354f2762d5b658d20db9b255be9
SHA512

4f7a387f7675f04306e3b3b94df872499ab0cc4e9ba50951397f4b911de9b3e1db0574ac22a64be57cb8bf3aaab13685e1b13661718df799e9d14c69828878d4
SSDEEP

6144:MzC2+IK2H/OIkToiz1/OfRBoqVAyEFD728vg7k3RXFgrg4UqFYa:MzCHIKO7ImfRBoq26UXa

Score

1^/10

Malware Config

Signatures

Files

8a1566d9260e8e9c5efa1f938490a320_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bd80ceee87b95e23d2b93fbfe757993b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:04:dc:c9:be:35:c5:58:42:2b:af:ef:34:98:49:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/01/2015, 00:00

Not After

29/12/2016, 23:59

Subject

CN=DotCash Limited,OU=IT,O=DotCash Limited,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:aa:a2:51:56:77:82:7a:8a:5b:2b:0f:c4:df:63:3a:ed:09:3d:07
Signer

Actual PE Digest

e0:aa:a2:51:56:77:82:7a:8a:5b:2b:0f:c4:df:63:3a:ed:09:3d:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\AvazuMPC\Branch\2015_MPC_Option\Build\BranchBuild\Temp\CodeDir\2015_MPC_Option\Bin\Pdb\Release\AdcUninstall.pdb

Imports

kernel32

CreateFileW
GetLocalTime
GetCommandLineW
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
LoadLibraryW
GetProcAddress
VirtualProtect
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
MoveFileExW
FreeLibrary
QueryDosDeviceW
SetFilePointer
GetFileSize
GetDiskFreeSpaceExW
CreateDirectoryW
RemoveDirectoryW
FindClose
SetFileAttributesW
FindNextFileW
FindFirstFileW
GetFileAttributesW
DeleteFileW
GetCurrentProcess
SetFileTime
SystemTimeToFileTime
GetSystemTime
CreateEventW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GlobalMemoryStatusEx
GetSystemDirectoryW
GetThreadIOPendingFlag
SetProcessWorkingSetSize
SetThreadPriorityBoost
SetProcessPriorityBoost
GetProcessPriorityBoost
SetThreadPriority
GetThreadPriority
SetPriorityClass
GetPriorityClass
TerminateProcess
ReadFile
GetStartupInfoW
CreatePipe
CreateProcessW
GetExitCodeProcess
ReadProcessMemory
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetModuleHandleW
OpenThread
GetCurrentThread
OpenProcess
SetLastError
OutputDebugStringA
ReleaseMutex
GetLastError
CreateMutexW
OpenMutexW
HeapFree
GetProcessHeap
HeapAlloc
GetVolumeInformationW
WriteProcessMemory

user32

GetWindowLongW
PostMessageW
GetThreadDesktop
GetUserObjectInformationW
IsHungAppWindow
AttachThreadInput
EnumWindows
GetWindowTextW
GetClassNameW
SendMessageW
SetForegroundWindow
SetWindowPos
GetWindowThreadProcessId
GetForegroundWindow
IsWindowEnabled
IsWindowVisible
GetLastActivePopup
ShowWindow
GetParent
IsIconic

ole32

CoTaskMemFree

msvcp90

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
GetProcessMemoryInfo

utility

?ConvertFromIntW@StringHelper@util@@SA?AV?$AutoPtr@_W@2@H@Z
?ToLower@StringHelper@util@@SA?AV?$AutoPtr@_W@2@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

xskin

?GetAppPath@XAppData@@YA?AVXString@@XZ
?GetData@XString@@QBEPB_WXZ
?InitCore@Util@@YAJPB_W0@Z
??1XString@@QAE@XZ
??4XString@@QAEAAV0@ABV0@@Z
?CombinePath@FileUtil@@YA?AVXString@@PB_W0@Z
?DestoryCore@Util@@YAJXZ

xbus

?CreateXBus@XBus@@YAPAUIXBus@1@XZ
?ReleaseXBus@XBus@@YAXPAUIXBus@1@@Z

support

?InitProductType@AppHelper@support@@SAXW4ProductType@2@@Z
?GetLanguageSetting@AppHelper@support@@SAK_N@Z

msvcr90

tolower
strlen
wcschr
wcsrchr
wcsstr
memcpy
fclose
fgetc
fopen_s
iswalpha
toupper
??_V@YAXPAX@Z
wcscat_s
??_U@YAPAXI@Z
_wcsnicmp
wcslen
_wcsicmp
memset
printf
_vswprintf
memmove_s
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
_vsnwprintf_s
_vsnprintf_s
_unlock
__dllonexit
_encode_pointer
_lock
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_vsnwprintf
_onexit

dbghelp

MiniDumpWriteDump

iphlpapi

GetExtendedTcpTable

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor

ntdll

NtSuspendProcess
NtResumeProcess
NtTerminateProcess
NtQuerySystemInformation
NtSetSystemInformation
NtLockVirtualMemory
NtQueryInformationProcess
RtlNtPathNameToDosPathName
RtlInitUnicodeString
NtCreatePagingFile
NtOpenProcess
RtlNtStatusToDosError
NtClose
NtUnlockVirtualMemory
NtDuplicateObject
NtSetInformationProcess

shlwapi

PathFindFileNameW
StrStrW
PathRemoveBackslashW
PathStripPathW
PathFileExistsW

ws2_32

ntohs

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd80ceee87b95e23d2b93fbfe757993b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1c:04:dc:c9:be:35:c5:58:42:2b:af:ef:34:98:49:75Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e0:aa:a2:51:56:77:82:7a:8a:5b:2b:0f:c4:df:63:3a:ed:09:3d:07Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

msvcp90

psapi

utility

xskin

xbus

support

msvcr90

dbghelp

iphlpapi

version

mpr

advapi32

ntdll

shlwapi

ws2_32

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 366KB - Virtual size: 365KB

.reloc Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1c:04:dc:c9:be:35:c5:58:42:2b:af:ef:34:98:49:75
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e0:aa:a2:51:56:77:82:7a:8a:5b:2b:0f:c4:df:63:3a:ed:09:3d:07
Signer

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 366KB - Virtual size: 365KB

.reloc
Size: 4KB - Virtual size: 4KB