97315ceeb6fee7c1104bdaeec71ec06f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

97315ceeb6fee7c1104bdaeec71ec06f_JaffaCakes118
Size

282KB
MD5

97315ceeb6fee7c1104bdaeec71ec06f
SHA1

0e22bda8ad3d7c6611ab4366c4c4d86cfec8cb4d
SHA256

707c06596c23e93cae5723fd24f6446727077df7676709ae55f8fad6dc13d8ad
SHA512

fa50ba122a628a1b2a28ab2c16b18fdfa4625e4de45195bd21d7c90851ceb2789d3d0c2811f3a868483f752f28a3dbcfdd36ba0ea7e6fc99733d962db2abdfca
SSDEEP

6144:S8oJGoLz7BHpsk8PyfuPrTBnGR5/OeHMcDN7Y7t7qw:S8oJGoDhQOuPrT5IxMcp7YJew

Score

1^/10

Malware Config

Signatures

Files

97315ceeb6fee7c1104bdaeec71ec06f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

62bdeb1ad77f0dfc34cd74d246443f25

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:fb:95:50:98:cf:ab:f1:a0:fa:da:37:6b:d9:cb:35:31:d3:8f:53
Signer

Actual PE Digest

6d:fb:95:50:98:cf:ab:f1:a0:fa:da:37:6b:d9:cb:35:31:d3:8f:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\QT_Hummer\trunk\Hummer5.5Code\Output\PdbFinal\bugreport.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

dbghelp

SymCleanup
SymLoadModule
SymInitialize
SymGetModuleInfoW
SymSetOptions

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlA
HttpSendRequestA
InternetOpenA

psapi

GetModuleFileNameExW
GetModuleFileNameExA

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_ReplaceIcon

tinyxml

??0TiXmlDocument@@QAE@XZ
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
??1TiXmlDocument@@UAE@XZ
?Value@TiXmlNode@@QBEPBDXZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?GetText@TiXmlElement@@QBEPBDXZ
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z

kernel32

UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
SetUnhandledExceptionFilter
EncodePointer
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
HeapDestroy
IsDebuggerPresent
DecodePointer
DeviceIoControl
VirtualQuery
SetFileAttributesW
GetSystemTimeAsFileTime
GetCurrentProcess
GetProcessTimes
QueryPerformanceCounter
LeaveCriticalSection
GetThreadSelectorEntry
GetCommandLineW
InitializeCriticalSection
MoveFileW
HeapAlloc
GetProcessHeap
VirtualProtect
HeapFree
GetModuleHandleW
CloseHandle
GetTickCount
SetCurrentDirectoryW
ReadProcessMemory
WriteProcessMemory
OpenProcess
GetLastError
VirtualQueryEx
CreateFileA
OpenThread
CreateThread
GetExitCodeProcess
TerminateProcess
SetEvent
WaitForSingleObject
CreateProcessW
FreeLibrary
lstrlenW
lstrcatW
DeleteFileW
CopyFileW
LoadLibraryW
FindFirstFileW
FindNextFileW
FindClose
lstrcpyW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
WideCharToMultiByte
FindResourceExW
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
Sleep
IsDBCSLeadByte
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
ResumeThread
FreeResource
CreateEventW
GetFileAttributesW
CreateFileW
GetProcAddress
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WriteFile
RaiseException
DeleteCriticalSection
GetModuleFileNameW
GetPrivateProfileSectionW
GetSystemDefaultLCID
ReadFile
SetFilePointer
GetTempPathW
CreateDirectoryW
GetVersionExW
GetFileSize
GetPrivateProfileIntW
WritePrivateProfileStringW
EnterCriticalSection
VirtualAlloc
VirtualFree
GetCurrentProcessId
GetCurrentThreadId

user32

ShowWindow
LoadImageW
SetWindowPos
GetClientRect
GetDesktopWindow
DrawIconEx
SetWindowTextW
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetKeyState
GetMenuItemID
SetTimer
LoadIconW
EndDialog
GetDlgItem
GetMenuItemCount
GetSystemMenu
EnableWindow
PostMessageW
CallWindowProcW
DestroyWindow
CreateWindowExW
RegisterClassExW
GetClassInfoExW
DefWindowProcW
DestroyMenu
TrackPopupMenu
GetWindowThreadProcessId
CreatePopupMenu
IsWindow
GetGuiResources
ReleaseDC
DrawTextW
GetDC
EndPaint
BeginPaint
DialogBoxParamW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClipboardFormatW
InvalidateRect
MapDialogRect
GetWindowRect
MapWindowPoints
SetWindowLongW
ClientToScreen
KillTimer
GetSysColorBrush
SetDlgItemTextW
GetWindow
EnableMenuItem
SendDlgItemMessageW

gdi32

GetStockObject
DeleteObject
SetBkMode
SetTextColor
SelectObject
CreateFontW

advapi32

RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW

shell32

ShellExecuteExW
SHBindToParent
SHGetDesktopFolder
SHGetFileInfoW
ord155
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal
DoDragDrop
OleUninitialize
OleInitialize

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
SysStringLen

gdiplus

GdipDrawImageRectI
GdipDisposeImage
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipCloneImage
GdipGetImageWidth
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipAlloc
GdiplusStartup
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipFree
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipGetImageHeight

shlwapi

PathFileExistsW

msvcp100

?_Xlength_error@std@@YAXPBD@Z
??1_Container_base12@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_time64
iswalnum
iswalpha
iswdigit
wcscat_s
_snwprintf
fread
wcscpy_s
_gmtime32
_mbschr
_mbsicmp
memchr
isspace
atoi
strrchr
strchr
strncmp
towlower
wcsstr
_beginthreadex
fclose
fwrite
ftell
fseek
_wfopen
wcscat
wcscpy
fprintf
strtoul
strcmp
iswspace
_wcsicmp
memcmp
_vscprintf
vswprintf_s
_vscwprintf
wmemcpy_s
_mbscmp
_mbslwr_s
_mbsstr
wcsnlen
strnlen
strlen
wcschr
_wcslwr_s
wcscmp
_snprintf
_time32
wcsrchr
??_V@YAXPAX@Z
_XcptFilter
exit
_wcmdln
__CxxFrameHandler3
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
_controlfp_s
memset
malloc
swscanf
wcsncmp
__wargv
__argc
free
memmove
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
memcpy
srand
_purecall
memmove_s
wcslen
memcpy_s
??3@YAXPAX@Z
tolower
strncpy_s
isalnum
sprintf_s
_wtoi
vsprintf_s
wcsncpy
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CxxThrowException
_except_handler4_common

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62bdeb1ad77f0dfc34cd74d246443f25

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6d:fb:95:50:98:cf:ab:f1:a0:fa:da:37:6b:d9:cb:35:31:d3:8f:53Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

dbghelp

wininet

psapi

comctl32

tinyxml

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

msvcp100

msvcr100

wtsapi32

crypt32

wintrust

iphlpapi

netapi32

Sections

.text Size: 136KB - Virtual size: 136KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 62KB - Virtual size: 61KB

.reloc Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6d:fb:95:50:98:cf:ab:f1:a0:fa:da:37:6b:d9:cb:35:31:d3:8f:53
Signer

.text
Size: 136KB - Virtual size: 136KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 62KB - Virtual size: 61KB

.reloc
Size: 12KB - Virtual size: 11KB