9cd3b6bc139fd6e57c2be95134b97e46_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9cd3b6bc139fd6e57c2be95134b97e46_JaffaCakes118
Size

275KB
MD5

9cd3b6bc139fd6e57c2be95134b97e46
SHA1

c19f11ee2db4f2f2fdf8a9cd9e59d8244acdebd1
SHA256

d43d50060f14c0d5d264ab58b57ff0e3426ffac95993bf3fe057390c928a3c5d
SHA512

23e48e58bdbd07a6d8f3b642c66a869f37760d98a21e295ccf6f8ee3b7b22036511069d1626ce496f184325756c4c2440e58aef21c0b20ff9a664c0ce62cb25a
SSDEEP

6144:K1tbWVuXHvVSHYt78cTOQwabrA/M01/qvLUBCfJN22s:K1tbWVkHv8Yt78caQwabr30BqvLB+

Score

1^/10

Malware Config

Signatures

Files

9cd3b6bc139fd6e57c2be95134b97e46_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e0f1992403c79d40fef4058a374abf8a

Code Sign

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3d
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

06/04/2016, 03:19

Not After

06/01/2018, 03:19

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

06/04/2016, 03:28

Not After

06/01/2018, 03:28

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:5a:2a:0b:43:68:c6:dd:17:5a:77:d1:2c:cb:a6:ce:c0:c6:e0:14:ec:bb:8d:fd:56:2e:55:e7:f5:20:a7:3b
Signer

Actual PE Digest

cc:5a:2a:0b:43:68:c6:dd:17:5a:77:d1:2c:cb:a6:ce:c0:c6:e0:14:ec:bb:8d:fd:56:2e:55:e7:f5:20:a7:3b

Digest Algorithm

sha256

PE Digest Matches

true

06:d1:8a:e4:0c:59:c5:e7:86:9d:55:3a:6f:d1:a4:47:79:ba:0b:6d
Signer

Actual PE Digest

06:d1:8a:e4:0c:59:c5:e7:86:9d:55:3a:6f:d1:a4:47:79:ba:0b:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__setusermatherr
_amsg_exit
_errno
_initterm
_iob
_lock
_onexit
time
calloc
div
fprintf
free
fwrite
log10
malloc
memcpy
memmove
memset
realloc
strlen
strncmp
_unlock
abort
atan2
vfprintf

avutil-54

av_calloc
av_frame_get_buffer
av_free
av_freep
av_get_bytes_per_sample
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_cpu_flags
av_get_default_channel_layout
av_get_packed_sample_fmt
av_get_planar_sample_fmt
av_get_sample_fmt_name
av_log
av_malloc
av_mallocz
av_opt_set_defaults
av_opt_set_int
av_reduce
av_rescale
av_sample_fmt_is_planar

Exports

Exports

swr_alloc
swr_alloc_set_opts
swr_close
swr_config_frame
swr_convert
swr_convert_frame
swr_drop_output
swr_ffversion
swr_free
swr_get_class
swr_get_delay
swr_init
swr_inject_silence
swr_is_initialized
swr_next_pts
swr_set_channel_mapping
swr_set_compensation
swr_set_matrix
swresample_configuration
swresample_license
swresample_version

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 603B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0f1992403c79d40fef4058a374abf8a

Code Sign

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3dCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

cc:5a:2a:0b:43:68:c6:dd:17:5a:77:d1:2c:cb:a6:ce:c0:c6:e0:14:ec:bb:8d:fd:56:2e:55:e7:f5:20:a7:3bSigner

06:d1:8a:e4:0c:59:c5:e7:86:9d:55:3a:6f:d1:a4:47:79:ba:0b:6dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

avutil-54

Exports

Exports

Sections

.text Size: 222KB - Virtual size: 222KB

.data Size: 1024B - Virtual size: 540B

.rdata Size: 26KB - Virtual size: 25KB

.rodata Size: 512B - Virtual size: 208B

.bss Size: - Virtual size: 57KB

.edata Size: 1024B - Virtual size: 603B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 6KB - Virtual size: 5KB

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3d
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

cc:5a:2a:0b:43:68:c6:dd:17:5a:77:d1:2c:cb:a6:ce:c0:c6:e0:14:ec:bb:8d:fd:56:2e:55:e7:f5:20:a7:3b
Signer

06:d1:8a:e4:0c:59:c5:e7:86:9d:55:3a:6f:d1:a4:47:79:ba:0b:6d
Signer

.text
Size: 222KB - Virtual size: 222KB

.data
Size: 1024B - Virtual size: 540B

.rdata
Size: 26KB - Virtual size: 25KB

.rodata
Size: 512B - Virtual size: 208B

.bss
Size: - Virtual size: 57KB

.edata
Size: 1024B - Virtual size: 603B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 6KB - Virtual size: 5KB