ae6cbddf78bcc07c765fa4d944eff746_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae6cbddf78bcc07c765fa4d944eff746_JaffaCakes118
Size

599KB
MD5

ae6cbddf78bcc07c765fa4d944eff746
SHA1

bec1d361e9e311ad5311834dbe4e7f901186cb4b
SHA256

4932bc095b648db72d64e2f3eefc67ecea9e08eff6ac782fdfee53165e35e41c
SHA512

fce39d90c794f5038631396686691409e7dd42576a8fbfa0b6abe0396eca62b64d141cc49ae8887562ed8e10f1c69743e8c4aa4cdb92906cf267f32813e04099
SSDEEP

12288:yUu3BSqKCMxdiQzogUqWESco7RY334Qs+:2SbCMxoSogUqWESco7RY334Qs+

Score

1^/10

Malware Config

Signatures

Files

ae6cbddf78bcc07c765fa4d944eff746_JaffaCakes118
.dll windows:6 windows x64 arch:x64

dd665a7de176e0b427c89b4db45f6b42

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

07/06/2012, 00:00

Not After

06/06/2022, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:5a:31:32:cb:83:af:1c:42:39:0e:30:6a:1d:f4:e5
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/01/2014, 00:00

Not After

07/01/2016, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Premiere Pro\, AME\, After Effects\, Speedgrade,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:b2:77:e8:63:3e:d5:4c:ed:9a:42:ac:e8:47:ba:6a:ae:bf:22:4d
Signer

Actual PE Digest

0d:b2:77:e8:63:3e:d5:4c:ed:9a:42:ac:e8:47:ba:6a:ae:bf:22:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\ae1320cc\pro\lib\win\release\64\effect\Numbers.pdb

Imports

dvacore

?Dispose@SmallBlockAllocator@utility@dvacore@@YAXPEAX_K@Z
??1ReplacementValue@config@dvacore@@QEAA@XZ
?ThrowError@config@dvacore@@YAXW4ErrorLevel@12@PEBDKJ_NAEBVReplacementValue@12@333@Z
?Allocate@SmallBlockAllocator@utility@dvacore@@YAPEAX_K@Z
?AsciiToUTF16@utility@dvacore@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@PEBD_K@Z
??0ReplacementValue@config@dvacore@@QEAA@XZ

boost_date_time

??0greg_month@gregorian@boost@@QEAA@G@Z

boost_system

?system_category@system@boost@@YAAEBVerror_category@12@XZ
?generic_category@system@boost@@YAAEBVerror_category@12@XZ

dvaui

?MakeCursorFromPNG@OS_ResourceManager@utility@dvaui@@UEBAXHAEBV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@FFW4LoadByPolicy@ResourceManager@23@@Z
?HasBinary@OS_ResourceManager@utility@dvaui@@UEBA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@0@Z
?GetResourceDataNames@ResourceManager@utility@dvaui@@UEBAXHAEAV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@0@Z
?GetBinary@OS_ResourceManager@utility@dvaui@@UEBAXAEBV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@0PEAV?$vector@DV?$allocator@D@std@@@5@@Z
?DisplayCursor@OS_ResourceManager@utility@dvaui@@UEBAXH@Z
?SetValue@UI_RadioButton@controls@dvaui@@QEAAXW4RadioValue@23@@Z
?GetValue@UI_RadioButton@controls@dvaui@@QEBA?AW4RadioValue@23@XZ
?SetValue@UI_Checkbox@controls@dvaui@@QEAAXW4CheckboxValue@23@@Z
?GetValue@UI_Checkbox@controls@dvaui@@QEBA?AW4CheckboxValue@23@XZ
?SetButtons@UI_Dialog@ui@dvaui@@QEAAXV?$intrusive_ptr@VUI_Button@controls@dvaui@@@boost@@0@Z
?GetValueString@UI_Popup@controls@dvaui@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@XZ
?NotifyWhenChanged@UI_ControlView@controls@dvaui@@QEAAXV?$shared_ptr@V?$function@$$A6AXPEAV?$MessageT@VUI_Node@ui@dvaui@@@ui@dvaui@@@Z@boost@@@boost@@@Z
?UI_SetDisabled@UI_Node@ui@dvaui@@QEAAX_N@Z
??1OS_ResourceManager@utility@dvaui@@UEAA@XZ
??0OS_ResourceManager@utility@dvaui@@QEAA@PEAUHINSTANCE__@@@Z
?FindStringExact@UI_Popup@controls@dvaui@@QEAA_JAEBV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@@Z
?DeleteAllItems@UI_Popup@controls@dvaui@@QEAAXXZ
?AddItem@UI_Popup@controls@dvaui@@QEAA_JAEBV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@@Z
?GetItems@UI_Popup@controls@dvaui@@QEBAAEBV?$vector@UPopupItemDescriptor@controls@dvaui@@V?$allocator@UPopupItemDescriptor@controls@dvaui@@@std@@@std@@XZ
?SetValue@UI_Popup@controls@dvaui@@QEAAX_J@Z

dvaeve

?GetView@UI_Eve@dvaeve@@QEAA?AV?$intrusive_ptr@VUI_Dialog@ui@dvaui@@@boost@@XZ
?GetUINodePtr@UI_Eve@dvaeve@@QEAA?AV?$intrusive_ptr@VUI_Node@ui@dvaui@@@boost@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?Destruction@UI_Eve@dvaeve@@UEAAXXZ
?GetLayoutStream@UI_Eve@dvaeve@@UEAA?AV?$shared_array@D@boost@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@@Z
?SetupPostCloseCallback@UI_Eve@dvaeve@@UEAAXXZ
?ParseEveScript@UI_Eve@dvaeve@@QEAAXAEAV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
??1UI_Eve@dvaeve@@UEAA@XZ
??0UI_Eve@dvaeve@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@PEBUSupplierInterface@drawbot@dvaui@@PEAVUI_Node@ui@6@@Z

u

?U_SecondsToPtime@@YA?AVptime@posix_time@boost@@KW4U_SecondsType@@@Z
U_ReportFailedVerification
?U_TranslateAndReportException@@YAJAEAVexception@std@@@Z
U_CharByteFromScript
U_CopyString
?U_MBToUTF16String@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@PEBD@Z
?U_UTF16ToMBString@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@2@_N@Z
U_InternationalizeNum
?U_SecondsToDateTimeString@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@KW4U_DateType@@W4U_DateTimeDisplay@@_N@Z
Up_ReportErrString
?U_PtimeToSeconds@@YAKAEBVptime@posix_time@boost@@W4U_SecondsType@@@Z
?U_ZStringToUTF16String@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@PEBD@Z
U_CopyPtoCString

m

M_SetIdentityMatrix
M_ScaleMatrix
M_RotateMatrix
M_TranslateMatrix
?SetIdentity@M_Matrix3@@QEAAXXZ
M_RoundDouble
M_TransformFloatRect

txt

TXT_UpdateFonts

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
SwitchToThread

user32

SendMessageA

msvcp110

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Winerror_map@std@@YAPEBDH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??Bid@locale@std@@QEAA_KXZ
?_Orphan_all@_Container_base12@std@@QEAAXXZ
??1_Container_base12@std@@QEAA@XZ
??0_Container_base12@std@@QEAA@XZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Syserror_map@std@@YAPEBDH@Z
??0id@locale@std@@QEAA@_K@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_BADOFF@std@@3_JB
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z

msvcr110

_purecall
??3@YAXPEAX@Z
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
??0exception@std@@QEAA@AEBQEBDH@Z
memcpy_s
__RTDynamicCast
??8type_info@@QEBA_NAEBV0@@Z
memset
?what@exception@std@@UEBAPEBDXZ
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@AEBV01@@Z
_time64
_localtime64
??0bad_cast@std@@QEAA@PEBD@Z
??0exception@std@@QEAA@AEBQEBD@Z
strcmp
memcpy
__CxxFrameHandler3
_CxxThrowException
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@XZ
strchr
memmove
??2@YAPEAX_K@Z

Exports

Exports

EffectMainExtra

Sections

.text
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd665a7de176e0b427c89b4db45f6b42

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate

Extended Key Usages

Key Usages

34:5a:31:32:cb:83:af:1c:42:39:0e:30:6a:1d:f4:e5Certificate

Extended Key Usages

Key Usages

0d:b2:77:e8:63:3e:d5:4c:ed:9a:42:ac:e8:47:ba:6a:ae:bf:22:4dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dvacore

boost_date_time

boost_system

dvaui

dvaeve

u

m

txt

kernel32

user32

msvcp110

msvcr110

Exports

Exports

Sections

.text Size: 345KB - Virtual size: 344KB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 10KB - Virtual size: 22KB

.pdata Size: 28KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

34:5a:31:32:cb:83:af:1c:42:39:0e:30:6a:1d:f4:e5
Certificate

0d:b2:77:e8:63:3e:d5:4c:ed:9a:42:ac:e8:47:ba:6a:ae:bf:22:4d
Signer

.text
Size: 345KB - Virtual size: 344KB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 10KB - Virtual size: 22KB

.pdata
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 2KB