a7058eb8099ddc626c9dd53603cac31e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a7058eb8099ddc626c9dd53603cac31e_JaffaCakes118
Size

452KB
MD5

a7058eb8099ddc626c9dd53603cac31e
SHA1

2394a63bd9798846c71642b0a21e5631a64b6502
SHA256

06d20b34d8cac7984274a9fc688c2ab9b4d6d6cc64bef65efab38e957c9429ea
SHA512

0bd137ddaadf52a0591e8cb04a0c44ee03a74f4488f8d8ad244a433522429ce06590aed3e034c9779216556b086736d03f3cc029eccd0e587a733ecec8d0e432
SSDEEP

12288:iVKwXtEprTJ0v+JILG+7M5q7klaCB4LexA7S1AMZmvMRO3EFK6ZEz6hofClQTdKo:DwdElmcpa+4CNT3hwp

Score

1^/10

Malware Config

Signatures

Files

a7058eb8099ddc626c9dd53603cac31e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f12335ba40bcaca8c59f6ba74ecb3714

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:48:9e:b7:d6:63:9a:5b:0c:b9:49:a9:c3:19:c0:24:fe
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

26/02/2016, 07:20

Not After

20/06/2016, 08:09

Subject

CN=深圳市为爱普信息技术有限公司,OU=IT Dept.,O=深圳市为爱普信息技术有限公司,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:b1:5b:09:f1:1b:60:8c:61:4a:2b:75:67:59:f7:d7:6e:35:69:ae
Signer

Actual PE Digest

09:b1:5b:09:f1:1b:60:8c:61:4a:2b:75:67:59:f7:d7:6e:35:69:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\i4mpro\i4m\Release\i4m.pdb

Imports

kernel32

DeleteFileW
FreeLibrary
GetProcAddress
GetCurrentThreadId
WaitForSingleObject
CloseHandle
CreateThread
CopyFileW
LoadLibraryW
SetEvent
CreateEventA
GetExitCodeThread
GetDiskFreeSpaceExW
GetVersionExA
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateDirectoryW
WideCharToMultiByte
GetExitCodeProcess
MultiByteToWideChar
GetTempPathW
GetLocalTime
RemoveDirectoryW
GetSystemInfo
GetModuleHandleA
GetTempPathA
FindNextFileW
FindClose
GetLastError
GetFileAttributesW
FindFirstFileW
DeleteFileA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForMultipleObjects
Sleep
InterlockedExchange
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange

advapi32

RegCloseKey
OpenSCManagerA
QueryServiceStatus
StartServiceA
RegCreateKeyExW
CloseServiceHandle
OpenServiceA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
PropVariantClear
CoTaskMemFree
CoInitializeEx
CoInitialize

oleaut32

SysFreeString
SysAllocString

msvcp90

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z

ws2_32

socket
closesocket
recv
htons
select
WSAStartup
send
connect
accept
listen
bind
htonl
gethostbyname
setsockopt

libcurl

curl_slist_free_all
curl_formfree
curl_formadd
curl_easy_escape
curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_free
curl_slist_append
curl_easy_init

msvcr90

strchr
_wmkdir
_fseeki64
_errno
_wremove
wcsrchr
fwrite
_wrename
_time64
_stricmp
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__iob_func
??0exception@std@@QAE@ABV01@@Z
printf
ftell
fseek
atol
_localtime64
_itoa
atoi
_i64toa
fprintf
toupper
realloc
_strtoui64
_wstat64
_itow
wcsstr
_wcsdup
mbstowcs
tolower
wcstombs
strtoul
perror
strtol
vsprintf_s
wcstok
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
rewind
strerror
_ftelli64
_invalid_parameter_noinfo
_snwprintf
fclose
fread
strtok
_snprintf
_wfopen
_strtoi64
strncmp
_atoi64
??2@YAPAXI@Z
_strdup
??3@YAXPAX@Z
clock
strncpy
strstr
malloc
free
memcpy
memset
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
_CxxThrowException

libzip

zip_stat_index
zip_fopen_index
zip_fread
zip_close
zip_open_w
zip_fclose
zip_get_num_entries
zip_stat_init
zip_dir_add
zip_source_file_w
zip_get_name
zip_source_free
zip_source_buffer
zip_file_add

libeay32

ord1882
ord4445
ord401
ord484
ord66
ord98
ord78
ord196
ord1804
ord197
ord641
ord129
ord333
ord1177
ord3686
ord668
ord279
ord1508
ord1175
ord419
ord161
ord8
ord541
ord633
ord421
ord1253
ord674
ord664
ord670
ord1954
ord150
ord669
ord283
ord52
ord673
ord1973
ord486
ord281
ord95
ord671
ord2111
ord2131
ord943
ord504
ord502
ord503
ord400
ord53

libplist2

plist_new_date
plist_get_real_val
plist_dict_next_item
plist_dict_new_iter
plist_new_bool
plist_new_array
plist_get_uint_val
plist_get_key_val
plist_array_get_size
plist_dict_set_item
plist_new_data
plist_dict_get_size
plist_array_get_item
plist_new_key
plist_new_string
plist_get_data_val
plist_new_dict
plist_free
plist_get_node_type
plist_get_string_val
plist_dict_get_item
plist_copy
plist_to_xml
plist_get_bool_val
plist_array_remove_item
plist_set_uint_val
plist_to_bin
plist_dict_remove_item
plist_new_real
plist_array_get_item_index
plist_from_xml
plist_array_append_item
plist_from_bin
plist_new_uint

shlwapi

SHStrDupW
PathFileExistsW
StrStrIA

ssleay32

ord86
ord183
ord170
ord58
ord125
ord130
ord25
ord83
ord28
ord78
ord8
ord48
ord108
ord12
ord127
ord75
ord94
ord96

setupapi

SetupDiGetDeviceInstanceIdA
CM_Get_Parent
SetupDiGetDeviceRegistryPropertyA
CM_Get_Child
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDA
SetupDiGetClassDevsA

gdiplus

GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipSetInterpolationMode
GdipCreateBitmapFromFile
GdipAlloc
GdipBitmapUnlockBits
GdipFlush
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipFree
GdipGetImageHeight
GdipDrawImageRectRectI
GdipBitmapLockBits
GdipCreateBitmapFromScan0

Exports

Exports

??0FileMgr@@QAE@XZ
??1FileMgr@@QAE@XZ
??4FileMgr@@QAEAAV0@ABV0@@Z
?DelDir@FileMgr@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?DelDir@FileMgr@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AA_N@Z
?DelFile@FileMgr@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?File2Dev@FileMgr@@QAEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?File2Dev@FileMgr@@QAEHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@AAU_tran_pro@@@Z
?File2PC@FileMgr@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?File2PC@FileMgr@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@AAU_tran_pro@@@Z
?FileBuf2Dev@FileMgr@@QAEHPBDIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FileBuf2PC@FileMgr@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAPADPAI@Z
?GetDirInfo@FileMgr@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$list@Ufile_info@@V?$allocator@Ufile_info@@@std@@@3@@Z
?GetFSSize@FileMgr@@QAEHAA_J0@Z
?GetPathDetailInfo@FileMgr@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAUfile_info@@@Z
?NewDir@FileMgr@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?PathExists@FileMgr@@QAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Rename@FileMgr@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?Set@FileMgr@@QAEXPAX@Z
?Start@FileMgr@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAXPAH@Z
?Start@FileMgr@@QAEHPAX_N@Z
AMDServiceIsRun
am_archive_app
am_close_get_app_icon
am_get_app_icon_data
am_get_device_app_container
am_get_device_app_iTunesMetadata
am_get_device_app_list
am_get_device_app_path
am_get_device_app_size
am_get_device_app_version_sig
am_get_grey_icon
am_get_icon_state
am_get_wallpaper_data
am_init_get_app_icon
am_install_app
am_set_icon_state
am_uninstall_app
auth
cancel_proxy
close_screenshotr
cm_add_edit_contact
cm_backup_contact
cm_del_all_contact
cm_del_contact
cm_get_contact
cm_restore_contact
get_screenshotr
init_dll
init_screenshotr
ios_actiavte
ios_actiavte_ex
ios_add_book
ios_add_bookmark
ios_add_edit_notes
ios_add_media
ios_add_old_calendar
ios_add_playlist
ios_add_ringtone
ios_backup_and_restore
ios_backup_change_password
ios_check_backup_encrypt
ios_check_fmip
ios_check_iCloud
ios_check_iCloud_Backup
ios_check_password_protected
ios_del_all_calendar
ios_del_all_ringtone
ios_del_book
ios_del_calendar
ios_del_device
ios_del_media
ios_del_notes
ios_del_playlist
ios_del_ringtone
ios_get_book_info
ios_get_bookmark
ios_get_calendar
ios_get_detailed_battery_info
ios_get_detailed_disk_info
ios_get_detailed_disk_usage
ios_get_device_list
ios_get_msg_db
ios_get_notes
ios_get_ringtone_info
ios_install_appsync
ios_jailbreak
ios_jailbreak_check
ios_jailbreak_clear
ios_log_start
ios_log_stop
ios_new_device
ios_notify_start
ios_notify_stop
ios_parse_production_date
ios_photo_add
ios_photo_del
ios_photo_del_album
ios_photo_del_ex
ios_photo_rename_album
ios_read_battery_info
ios_read_disk_info
ios_read_identity
ios_read_imei_bbv_momdev_info
ios_restart_shutdown_device
ios_restore_calendar
ios_restore_notes
ios_set_bookmark
ios_set_device_name
ios_update_playlist
iproxy
set_proxy
zip_add_from_buf
zip_add_from_file
zip_find_file
zip_read_small_file_index

Sections

.text
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f12335ba40bcaca8c59f6ba74ecb3714

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

11:21:48:9e:b7:d6:63:9a:5b:0c:b9:49:a9:c3:19:c0:24:feCertificate

Extended Key Usages

Key Usages

09:b1:5b:09:f1:1b:60:8c:61:4a:2b:75:67:59:f7:d7:6e:35:69:aeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcp90

ws2_32

libcurl

msvcr90

libzip

libeay32

libplist2

shlwapi

ssleay32

setupapi

gdiplus

Exports

Exports

Sections

.text Size: 277KB - Virtual size: 276KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 24KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

11:21:48:9e:b7:d6:63:9a:5b:0c:b9:49:a9:c3:19:c0:24:fe
Certificate

09:b1:5b:09:f1:1b:60:8c:61:4a:2b:75:67:59:f7:d7:6e:35:69:ae
Signer

.text
Size: 277KB - Virtual size: 276KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 24KB