b6d13c79138a1bb21cdfcc7b2caeb546_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6d13c79138a1bb21cdfcc7b2caeb546_JaffaCakes118
Size

142KB
MD5

b6d13c79138a1bb21cdfcc7b2caeb546
SHA1

ab6d034fefabeb0f3739fa3bd9cd8fa2e787f8de
SHA256

02dc33e916e273717194b5ce979181ee6d862a70b6ad3175b7b2e5ef822ae91f
SHA512

5f24b0e71aad065bc1822db25b7c626cdb81055b1dbed04d3e07c0d133aaf27acf777d4fdac27ad7beb63993519bda2f5baad6ed1d091f1bad339d9442c8f61a
SSDEEP

3072:tGIsyGdS3wOWrM65KFX6V0Ji0Mm+6/J4DKOfASSrEo7VmE:4IsyG//5JVD0c6/cKOfANrD5

Score

1^/10

Malware Config

Signatures

Files

b6d13c79138a1bb21cdfcc7b2caeb546_JaffaCakes118
.dll windows:5 windows x86 arch:x86

89706bff3484f0e143f3057e2b97e430

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:a6:55:e0:0a:54:3a:7d:05:12:fe:69:c2:1e:17:bb
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/08/2016, 00:00

Not After

05/08/2017, 23:59

Subject

CN=暴风集团股份有限公司,OU=OPS,O=暴风集团股份有限公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:da:83:fe:41:aa:37:29:53:d5:5b:90:66:cb:a9:d5:e6:b3:aa:e7
Signer

Actual PE Digest

7b:da:83:fe:41:aa:37:29:53:d5:5b:90:66:cb:a9:d5:e6:b3:aa:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\BFWORKSPACE\workspace\暴风主干官网\trunk2\bin\Release\ListDownload.pdb

Imports

crt

ord68
ord77
ord58
ord126
ord55
ord46
ord34
ord36

wininet

InternetGetConnectedState

kernel32

MapViewOfFile
OpenFileMappingA
OutputDebugStringW
lstrcmpiW
MultiByteToWideChar
DeleteFileW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FreeLibrary
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
SetEvent
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetModuleFileNameW
lstrlenW
RaiseException
GetLastError
GetProcAddress
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
CloseHandle
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLocalTime
GetPrivateProfileStringW
WritePrivateProfileStringW
GetVersionExW
InitializeCriticalSection
WaitForSingleObject
FlushViewOfFile
OutputDebugStringA
GetTickCount
CreateEventW
TerminateThread
GetTempPathW
SuspendThread
lstrcpynW
lstrcatW
lstrlenA
DeleteFileA
MoveFileA
CreateFileW
ReadFile
GetFileSize
GetPrivateProfileIntW
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetFileAttributesW
CreateDirectoryW
WriteFile
SetFileTime
MoveFileExW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnmapViewOfFile
IsProcessorFeaturePresent
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
LoadLibraryW
GetCurrentProcess

user32

CharNextW
PeekMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
GetMessageW
wsprintfW
RegisterWindowMessageW
KillTimer
DefWindowProcW
RegisterClassExW
CreateWindowExW
ShowWindow
UpdateWindow
SetTimer
SendMessageTimeoutW
DestroyWindow
PostMessageW

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW

ole32

CoFreeLibrary
CoLoadLibrary
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CLSIDFromProgID
CoCreateInstance
CoInitialize

oleaut32

VarUI4FromStr
VarBstrCmp
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
VariantClear
SysStringLen
SysAllocStringLen

shlwapi

PathAppendW
PathFileExistsA
PathAddBackslashW
StrCpyNW
StrNCatW
PathFindFileNameW
PathFileExistsW

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_CxxThrowException
__CxxFrameHandler3
memcpy
_vsnprintf_s
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
memset
_snwprintf_s
calloc
_crt_debugger_hook
_snwprintf
_wcsicmp
_beginthreadex
_snprintf
isxdigit
isalnum
strncpy
sprintf_s
_time64
_localtime64
sprintf
_purecall
_recalloc
malloc
vswprintf_s
_vscwprintf
wcsnlen
memmove_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_ltow_s
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
memcpy_s
??2@YAPAXI@Z
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove
free
_wtol
_wtoi
_wtof
wcsncpy_s
wcsstr
memchr
wmemcpy_s

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89706bff3484f0e143f3057e2b97e430

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

68:a6:55:e0:0a:54:3a:7d:05:12:fe:69:c2:1e:17:bbCertificate

Extended Key Usages

Key Usages

7b:da:83:fe:41:aa:37:29:53:d5:5b:90:66:cb:a9:d5:e6:b3:aa:e7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crt

wininet

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

68:a6:55:e0:0a:54:3a:7d:05:12:fe:69:c2:1e:17:bb
Certificate

7b:da:83:fe:41:aa:37:29:53:d5:5b:90:66:cb:a9:d5:e6:b3:aa:e7
Signer

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB