95ef10115ecb8d3d15feaf6de0b68839_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

95ef10115ecb8d3d15feaf6de0b68839_JaffaCakes118
Size

56KB
MD5

95ef10115ecb8d3d15feaf6de0b68839
SHA1

1514f60fa7ed15f0a085fbb4890397b91832e15f
SHA256

493a2876239d9df3417a1ce9b96904d4d73f9c90fad5216a76fba32cc38b0277
SHA512

1a0d8a6cca78701862b943b90e28c2fd206b6742b07f4d9d9bac46ac536bf11ba82cd6030574be64b01e69a25bdc285e804bd9325a5e93980e260f5ffc903174
SSDEEP

1536:2u9S6ri9LVK6p8S3bFTErcvpnNOKiLNH/ghR:2am14SrFTMcvvOKiLNHS

Score

1^/10

Malware Config

Signatures

Files

95ef10115ecb8d3d15feaf6de0b68839_JaffaCakes118
.dll windows:5 windows x86 arch:x86

57a2f90870a6c68d3891fbcbdfb6888b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d2:99:98:2a:eb:d8:4a:40:7a:e2:93:6f:ce:8a:ba:12:3f:5a:09:ec:db:e9:78:95:8b:6f:59:26:86:c4:15:55
Signer

Actual PE Digest

d2:99:98:2a:eb:d8:4a:40:7a:e2:93:6f:ce:8a:ba:12:3f:5a:09:ec:db:e9:78:95:8b:6f:59:26:86:c4:15:55

Digest Algorithm

sha256

PE Digest Matches

true

a0:24:89:78:91:5a:21:51:71:0b:9f:76:d8:ff:a0:94:4c:96:c4:ab
Signer

Actual PE Digest

a0:24:89:78:91:5a:21:51:71:0b:9f:76:d8:ff:a0:94:4c:96:c4:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DUOWAN_BUILD\build\Build_Src\dwinternal\client_protocol\bin\release\sesssvc.pdb

Imports

protocomm

?app2net@ProtoA2U@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@3@@Z
?net2app@ProtoA2U@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

dwbase

?comMgr@@YAPAUIDWComMgr@@XZ
?DoLog@@YAXGPBD0G0PBG@Z
?IsLogLevelEnabled@@YA_NG@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcess

msvcp90

??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?length@?$char_traits@D@std@@SAIPBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

msvcr90

__CxxFrameHandler3
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_purecall
??2@YAPAXI@Z
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
free
malloc
memcpy
memmove
memmove_s
_snwprintf_s
strlen
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ

Exports

Exports

??0CPerfRecord@Perf@@QAE@XZ
??0IAudioMod@@QAE@ABV0@@Z
??0IAudioMod@@QAE@XZ
??0ISBypassMod@@QAE@ABV0@@Z
??0ISBypassMod@@QAE@XZ
??0ISInfoMod@@QAE@ABV0@@Z
??0ISInfoMod@@QAE@XZ
??0IServiceMod@@QAE@ABV0@@Z
??0IServiceMod@@QAE@XZ
??0ISessionMod@@QAE@ABV0@@Z
??0ISessionMod@@QAE@XZ
??1IAudioMod@@UAE@XZ
??1ISBypassMod@@UAE@XZ
??1ISInfoMod@@UAE@XZ
??1IServiceMod@@UAE@XZ
??1ISessionMod@@UAE@XZ
??4CPerfRecord@Perf@@QAEAAV01@ABV01@@Z
??4IAudioMod@@QAEAAV0@ABV0@@Z
??4ISBypassMod@@QAEAAV0@ABV0@@Z
??4ISInfoMod@@QAEAAV0@ABV0@@Z
??4IServiceMod@@QAEAAV0@ABV0@@Z
??4ISessionMod@@QAEAAV0@ABV0@@Z
??4ProtoA2U@@QAEAAV0@ABV0@@Z
??4ProtoHelper@@QAEAAV0@ABV0@@Z
??_7IAudioMod@@6B@
??_7ISBypassMod@@6B@
??_7ISInfoMod@@6B@
??_7IServiceMod@@6B@
??_7ISessionMod@@6B@
?GetInstance@CPerfRecord@Perf@@SAPAV12@XZ
?s_pImpl@?1??GetInstance@CPerfRecord@Perf@@SAPAV23@XZ@4PAV23@A
_getModule@4
_releaseModule@4

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57a2f90870a6c68d3891fbcbdfb6888b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

d2:99:98:2a:eb:d8:4a:40:7a:e2:93:6f:ce:8a:ba:12:3f:5a:09:ec:db:e9:78:95:8b:6f:59:26:86:c4:15:55Signer

a0:24:89:78:91:5a:21:51:71:0b:9f:76:d8:ff:a0:94:4c:96:c4:abSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

protocomm

dwbase

kernel32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

d2:99:98:2a:eb:d8:4a:40:7a:e2:93:6f:ce:8a:ba:12:3f:5a:09:ec:db:e9:78:95:8b:6f:59:26:86:c4:15:55
Signer

a0:24:89:78:91:5a:21:51:71:0b:9f:76:d8:ff:a0:94:4c:96:c4:ab
Signer

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB