9581cbf7b7922fbc3a7fee8bc8c8c2ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9581cbf7b7922fbc3a7fee8bc8c8c2ba_JaffaCakes118
Size

950KB
MD5

9581cbf7b7922fbc3a7fee8bc8c8c2ba
SHA1

c47cbc1d77bf8c99b994a340e869da109bb96f41
SHA256

0156ca76b1609bc943bd6f1d23464ce990bec79ed0a062b0787d906b189f6cce
SHA512

8527fddff01d1c92fed5a1bd83f8ed420a6b9d418c562376677989bb857dba3f827b124a799d678371f912d281c0127974789bced82b59ff7dcac7f8b070fee7
SSDEEP

12288:Ham8frwTCBZrWGVlw0UySFkMgwkQjqRWODCPc7w4YHsOH4Yj+WFs2eDM1dklmja1:6m8frbTtVG+OlO4Gd

Score

1^/10

Malware Config

Signatures

Files

9581cbf7b7922fbc3a7fee8bc8c8c2ba_JaffaCakes118
.dll windows:6 windows x86 arch:x86

9a6fa5015eb8b91531f1f254ab6130f0

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:09:41:59:98:9f:bf:a7:0f:ea:48:8d:b6:a7:88:1c:97:ec:32:33
Signer

Actual PE Digest

76:09:41:59:98:9f:bf:a7:0f:ea:48:8d:b6:a7:88:1c:97:ec:32:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\github\FFmpeg\FFmpeg\build_x64\libswscale\swscale-5.pdb

Imports

avutil-56

av_opt_get_int
av_opt_set_int
av_opt_set_defaults
av_image_alloc
av_pix_fmt_swap_endianness
av_pix_fmt_get_chroma_sub_sample
av_get_bits_per_pixel
av_malloc_array
av_mallocz
av_get_pix_fmt_name
av_get_cpu_flags
av_free
av_freep
av_mallocz_array
av_malloc
av_pix_fmt_desc_get
av_log

kernel32

GetModuleHandleExW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
WriteConsoleW
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
SetConsoleCtrlHandler
EncodePointer
DecodePointer
GetCurrentThread
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW

Exports

Exports

sws_addVec
sws_allocVec
sws_alloc_context
sws_alloc_set_opts
sws_cloneVec
sws_convVec
sws_convertPalette8ToPacked24
sws_convertPalette8ToPacked32
sws_freeContext
sws_freeFilter
sws_freeVec
sws_getCachedContext
sws_getCoefficients
sws_getColorspaceDetails
sws_getConstVec
sws_getContext
sws_getDefaultFilter
sws_getGaussianVec
sws_getIdentityVec
sws_get_class
sws_init_context
sws_isSupportedEndiannessConversion
sws_isSupportedInput
sws_isSupportedOutput
sws_normalizeVec
sws_printVec2
sws_scale
sws_scaleVec
sws_setColorspaceDetails
sws_shiftVec
sws_subVec
swscale_configuration
swscale_license
swscale_version

Sections

.text
Size: 835KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 707B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a6fa5015eb8b91531f1f254ab6130f0

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

76:09:41:59:98:9f:bf:a7:0f:ea:48:8d:b6:a7:88:1c:97:ec:32:33Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

avutil-56

kernel32

Exports

Exports

Sections

.text Size: 835KB - Virtual size: 835KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 3KB - Virtual size: 47KB

.idata Size: 3KB - Virtual size: 3KB

.rodata Size: 1024B - Virtual size: 656B

.gfids Size: 1024B - Virtual size: 707B

_RDATA Size: 3KB - Virtual size: 2KB

.00cfg Size: 512B - Virtual size: 260B

.reloc Size: 19KB - Virtual size: 19KB

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

76:09:41:59:98:9f:bf:a7:0f:ea:48:8d:b6:a7:88:1c:97:ec:32:33
Signer

.text
Size: 835KB - Virtual size: 835KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 3KB - Virtual size: 47KB

.idata
Size: 3KB - Virtual size: 3KB

.rodata
Size: 1024B - Virtual size: 656B

.gfids
Size: 1024B - Virtual size: 707B

_RDATA
Size: 3KB - Virtual size: 2KB

.00cfg
Size: 512B - Virtual size: 260B

.reloc
Size: 19KB - Virtual size: 19KB