ab327c4864e68641ad4a94f1fe2106c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab327c4864e68641ad4a94f1fe2106c0_JaffaCakes118
Size

275KB
MD5

ab327c4864e68641ad4a94f1fe2106c0
SHA1

2919983e9258de857b1937670a5979cecfdd3099
SHA256

d35ca7050f553f0fb74f78f25e1a6a4d9909b56fd6ad5d1e5751462bdfc417dc
SHA512

67c1b54189e931fdbd5dc1dab629587ead556500fd205f246f9fc35780d26810e7c111127e75faf45fdb0842643ca29bbf3e65e642b31cad9f839ce9ca3a601e
SSDEEP

6144:khVsM2AshkSE80JoDYfAcChTBqdU9vyJOGLaMcDN7Y7t7q:khVD2r0mcoPhTsd/WMcp7YJe

Score

1^/10

Malware Config

Signatures

Files

ab327c4864e68641ad4a94f1fe2106c0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab3094c549d81e92dfcaaadd8615cc50

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:ee:21:10:55:2b:e6:66:80:f5:48:53:ae:60:bc:e1:18:38:69:a7
Signer

Actual PE Digest

0e:ee:21:10:55:2b:e6:66:80:f5:48:53:ae:60:bc:e1:18:38:69:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\QT_Hummer\trunk\Hummer1.90SP1\Output\PdbFinal\bugreport.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

dbghelp

SymSetOptions
SymCleanup
SymGetModuleInfoW
SymLoadModule
SymInitialize

wininet

InternetConnectA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetOpenA

psapi

GetModuleFileNameExW
GetModuleFileNameExA

comctl32

ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx

tinyxml

?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?Value@TiXmlNode@@QBEPBDXZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?GetText@TiXmlElement@@QBEPBDXZ
??1TiXmlDocument@@UAE@XZ
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
??0TiXmlDocument@@QAE@XZ

kernel32

HeapDestroy
HeapReAlloc
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
DeviceIoControl
MoveFileW
VirtualQuery
SetFileAttributesW
GetCurrentProcess
GetProcessTimes
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
HeapAlloc
GetProcessHeap
VirtualProtect
CloseHandle
HeapFree
GetTickCount
SetCurrentDirectoryW
OpenThread
SizeofResource
LockResource
LoadResource
ReadProcessMemory
WriteProcessMemory
FindResourceExW
CreateThread
FindResourceW
OpenProcess
GetLastError
lstrlenW
lstrcatW
DeleteFileW
CopyFileW
LoadLibraryW
FindFirstFileW
GetExitCodeProcess
FindNextFileW
VirtualQueryEx
TerminateProcess
FindClose
CreateFileA
SetEvent
lstrcpyW
MultiByteToWideChar
WaitForSingleObject
CreateProcessW
FreeLibrary
GlobalUnlock
GlobalFree
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
IsDBCSLeadByte
GlobalLock
WideCharToMultiByte
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FreeResource
CreateEventW
ResumeThread
Process32NextW
CreateToolhelp32Snapshot
Process32FirstW
Sleep
CreateFileW
WriteFile
DeleteCriticalSection
RaiseException
GetVersionExW
ReadFile
SetFilePointer
GetProcAddress
GetFileSize
GetModuleFileNameW
GetPrivateProfileSectionW
GetSystemDefaultLCID
GetPrivateProfileIntW
GetTempPathW
WritePrivateProfileStringW
CreateDirectoryW
GetThreadSelectorEntry
GetFileAttributesW
GetSystemTimeAsFileTime

user32

GetClassInfoExW
DefWindowProcW
IsWindow
DestroyMenu
TrackPopupMenu
GetWindowThreadProcessId
GetMenuItemCount
CreatePopupMenu
ReleaseDC
DrawTextW
SetWindowLongW
GetDC
ClientToScreen
EndPaint
GetSysColorBrush
RegisterClassExW
GetKeyState
DialogBoxParamW
SetDlgItemTextW
GetWindow
CloseClipboard
EnableWindow
SetClipboardData
GetWindowTextW
SendDlgItemMessageW
EmptyClipboard
GetWindowTextLengthW
SetTimer
OpenClipboard
RegisterClipboardFormatW
CallWindowProcW
InvalidateRect
MapDialogRect
GetWindowRect
MapWindowPoints
GetDesktopWindow
PostMessageW
EndDialog
DrawIconEx
GetDlgItem
GetClientRect
ShowWindow
LoadImageW
SetWindowPos
SetWindowTextW
SendMessageW
LoadIconW
CreateWindowExW
DestroyWindow
UnregisterClassA
BeginPaint
KillTimer

gdi32

GetStockObject
SetTextColor
DeleteObject
SetBkMode
CreateFontW
SelectObject

advapi32

RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

shell32

ord155
SHBindToParent
SHGetDesktopFolder
ShellExecuteW
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
OleInitialize
OleUninitialize
DoDragDrop

oleaut32

SysStringLen
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen

gdiplus

GdipLoadImageFromStreamICM
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDeleteGraphics
GdipDisposeImage
GdipCloneImage
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth

shlwapi

PathFileExistsW

msvcp80

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

msvcr80

_time32
memcpy
_invalid_parameter_noinfo
malloc
swscanf
strchr
vsprintf_s
wcsncmp
_vscprintf
__wargv
__argc
vswprintf_s
_mbscmp
free
_vscwprintf
srand
wcslen
memcpy_s
_purecall
memmove_s
??3@YAXPAX@Z
strlen
_snprintf
_mbsstr
_mbslwr_s
??2@YAPAXI@Z
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
wcscmp
??0exception@std@@QAE@ABQBD@Z
memset
??0exception@std@@QAE@ABV01@@Z
wcsrchr
_wcslwr_s
wcschr
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memcmp
iswspace
_wcsicmp
strcmp
strtoul
ftell
fwrite
fclose
fprintf
wcscpy
_lock
_encode_pointer
wcscat
__dllonexit
_unlock
_wfopen
fseek
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
strncpy_s
tolower
isalnum
sprintf_s
_wtoi
memmove
wcsncpy
_time64
iswalnum
iswalpha
iswdigit
wcscat_s
wcscpy_s
_gmtime32
_snwprintf
fread
atoi
strrchr
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_beginthreadex
wcsstr
towlower
isspace
__CxxFrameHandler3
_mbsicmp
_mbschr
strncmp
_CxxThrowException

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

netapi32

Netbios

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab3094c549d81e92dfcaaadd8615cc50

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0e:ee:21:10:55:2b:e6:66:80:f5:48:53:ae:60:bc:e1:18:38:69:a7Signer

Headers

File Characteristics

PDB Paths

Imports

version

dbghelp

wininet

psapi

comctl32

tinyxml

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

msvcp80

msvcr80

wtsapi32

crypt32

wintrust

iphlpapi

netapi32

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 64KB - Virtual size: 62KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0e:ee:21:10:55:2b:e6:66:80:f5:48:53:ae:60:bc:e1:18:38:69:a7
Signer

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 64KB - Virtual size: 62KB