956b74cacf6d2cf30877522fca32b175_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

956b74cacf6d2cf30877522fca32b175_JaffaCakes118
Size

4.0MB
MD5

956b74cacf6d2cf30877522fca32b175
SHA1

569095a6f4ced796c68b317da125d136f64f39fe
SHA256

dbbebdc41ae22c8d7f6a8099f3991841df8a5d8f5e889b791316e387ff515873
SHA512

02f739f9d48598dd21aabe8e92229ec8b09e6d2aca0783de3da46bf5bf3c4c8a21c2743bc11629835c7b5a7ae4f6b753f6a96ccdd741c08747dd7050aa6a4007
SSDEEP

98304:/QussRSRVJwZmLC1KhdruKJOeeRpBVA6BLKo+:/Qg07JwA21K/rvJheg6oo+

Score

1^/10

Malware Config

Signatures

Files

956b74cacf6d2cf30877522fca32b175_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f9fe8a392ce17f4c1200c9a496ae8403

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c9:c9:e7:95:ee:09:55:75:dd:25:c2:be:e6:bc:e2:1f:72:25:a0:8f:f7:60:99:cd:31:36:06:0e:42:79:e8:0e
Signer

Actual PE Digest

c9:c9:e7:95:ee:09:55:75:dd:25:c2:be:e6:bc:e2:1f:72:25:a0:8f:f7:60:99:cd:31:36:06:0e:42:79:e8:0e

Digest Algorithm

sha256

PE Digest Matches

true

08:9f:00:ff:c6:8f:01:a2:d1:2c:44:ce:2d:74:23:38:e2:d9:e1:ee
Signer

Actual PE Digest

08:9f:00:ff:c6:8f:01:a2:d1:2c:44:ce:2d:74:23:38:e2:d9:e1:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins_Trunk\workspace\CEN_Hive_QQPCDownload_ForDCom\qqpcmgr_proj\bin\BinFinal\QQPCDownload.pdb

Imports

ws2_32

htons
ntohl
htonl

psapi

GetModuleInformation
GetModuleFileNameExW
EnumProcesses
GetProcessImageFileNameW

kernel32

GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
InterlockedCompareExchange
InterlockedExchange
WritePrivateProfileStringW
MultiByteToWideChar
FindFirstFileW
FindClose
FreeLibrary
GetLogicalDrives
CopyFileW
GetDriveTypeW
DeleteFileW
GetFileSize
ReadFile
WriteFile
LocalFree
ExpandEnvironmentStringsW
GetCurrentProcessId
IsBadWritePtr
GetSystemDirectoryW
InterlockedIncrement
VirtualAlloc
GetWindowsDirectoryW
InterlockedDecrement
DuplicateHandle
VirtualFree
SetDllDirectoryW
GetCommandLineW
FreeResource
LoadLibraryExW
GetPrivateProfileStringW
TerminateThread
WaitForMultipleObjects
GetCurrentThreadId
CreateMutexW
GetLongPathNameW
RaiseException
GetFullPathNameW
CreateFileMappingW
MapViewOfFileEx
OpenFileMappingW
UnmapViewOfFile
GetCPInfo
MapViewOfFile
OpenMutexW
SetFilePointer
GetSystemTime
SystemTimeToFileTime
OutputDebugStringW
GetLocalTime
FindNextFileW
SetLastError
FlushInstructionCache
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
ReadProcessMemory
VirtualAllocEx
lstrcpynW
GetSystemTimeAsFileTime
GetTempPathW
MoveFileW
OpenEventW
WriteProcessMemory
CreateDirectoryW
ReleaseMutex
SwitchToThread
CreateThread
Module32FirstW
Module32NextW
GetExitCodeThread
GetVersion
GetModuleHandleExW
CreateRemoteThread
ResumeThread
GetFileAttributesExW
GetModuleFileNameA
GetTempFileNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
RemoveDirectoryW
GetFileAttributesW
InterlockedExchangeAdd
VirtualQuery
GetSystemInfo
GetSystemDefaultLangID
LoadLibraryA
ResetEvent
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
IsDebuggerPresent
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
VirtualProtectEx
GetThreadContext
SetThreadContext
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetStdHandle
ExitProcess
VirtualQueryEx
SuspendThread
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetOEMCP
IsValidCodePage
HeapCreate
VirtualProtect
WideCharToMultiByte
lstrlenW
TlsSetValue
TlsGetValue
TlsFree
SetUnhandledExceptionFilter
TlsAlloc
GetUserDefaultLCID
EnumSystemLocalesA
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetTimeZoneInformation
CompareStringA
CompareStringW
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
IsValidLocale
GetModuleFileNameW
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
LoadLibraryW
CreateFileW
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
GetLastError
ProcessIdToSessionId
CompareFileTime
GetProcessTimes
OpenProcess
SleepEx
Thread32Next
Thread32First
Sleep
CreateProcessW
GetModuleHandleW
GetProcAddress
GetVersionExW
Process32NextW
lstrcmpiW
DeviceIoControl
Process32FirstW
CreateToolhelp32Snapshot
GetThreadTimes
OpenThread
GetCurrentProcess
CloseHandle
IsProcessorFeaturePresent
ExitThread
UnhandledExceptionFilter
GetCommandLineA
RtlUnwind
GetDriveTypeA
CreateFileA
SetEndOfFile
SetEnvironmentVariableA
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MoveFileExW
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
FreeEnvironmentStringsA

user32

KillTimer
WaitMessage
IsIconic
FindWindowA
SetForegroundWindow
GetClassNameW
GetLastInputInfo
MsgWaitForMultipleObjectsEx
GetUserObjectInformationW
GetDesktopWindow
wsprintfW
UnregisterClassW
GetForegroundWindow
RegisterWindowMessageW
LoadCursorW
SetTimer
RegisterClassExW
TranslateMessage
GetMessageW
CreateWindowExW
PostQuitMessage
GetWindowLongW
DestroyWindow
SetWindowLongW
IsWindow
CallWindowProcW
CharNextW
DefWindowProcW
PostMessageW
MessageBoxW
SendMessageTimeoutW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
SetThreadDesktop
CloseDesktop
SendMessageW
ShowWindow
CharUpperW
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetQueueStatus
EnumWindows
GetClassInfoExW
CallNextHookEx
UnregisterClassA
CreateDesktopW

advapi32

RegCreateKeyW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
RegOpenKeyW
RevertToSelf
GetUserNameW
RegQueryInfoKeyW
DeleteService
ChangeServiceConfig2W
CreateServiceW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
StartServiceW
ConvertSidToStringSidW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
LookupAccountNameW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
CreateProcessAsUserW
DuplicateTokenEx
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoTaskMemFree
CoInitializeEx
CoTaskMemRealloc
CoUninitialize
CoCreateGuid
CoInitializeSecurity
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoFreeLibrary
CoLoadLibrary
CoCreateInstance
CoSetProxyBlanket
CoTaskMemAlloc
CoInitialize
StringFromGUID2
CLSIDFromProgID

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
SysAllocStringLen
SysFreeString
VariantClear
VarUI4FromStr
SysAllocString
SysStringLen

shlwapi

PathCombineW
PathRemoveFileSpecW
PathAddExtensionW
PathRemoveExtensionW
PathQuoteSpacesW
SHDeleteKeyW
PathUnquoteSpacesW
PathFindFileNameA
PathFileExistsW
PathAppendW
PathFindFileNameW
PathAddBackslashW

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

wininet

InternetReadFile
InternetGetConnectedState
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
HttpQueryInfoW

Exports

Exports

Tx8Dl_InitDownloadEngine
Tx8Dl_LoadRoutine
Tx8Dl_Main
Tx8Dl_NotifyQuit

Sections

.text
Size: 512KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9fe8a392ce17f4c1200c9a496ae8403

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

c9:c9:e7:95:ee:09:55:75:dd:25:c2:be:e6:bc:e2:1f:72:25:a0:8f:f7:60:99:cd:31:36:06:0e:42:79:e8:0eSigner

08:9f:00:ff:c6:8f:01:a2:d1:2c:44:ce:2d:74:23:38:e2:d9:e1:eeSigner

Headers

File Characteristics

PDB Paths

Imports

ws2_32

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

wtsapi32

version

netapi32

wininet

Exports

Exports

Sections

.text Size: 512KB - Virtual size: 509KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 124KB - Virtual size: 158KB

.rsrc Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 52KB - Virtual size: 51KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

c9:c9:e7:95:ee:09:55:75:dd:25:c2:be:e6:bc:e2:1f:72:25:a0:8f:f7:60:99:cd:31:36:06:0e:42:79:e8:0e
Signer

08:9f:00:ff:c6:8f:01:a2:d1:2c:44:ce:2d:74:23:38:e2:d9:e1:ee
Signer

.text
Size: 512KB - Virtual size: 509KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 124KB - Virtual size: 158KB

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 52KB - Virtual size: 51KB