331fb4d55ae62fd9f4bc80d60ad3ac1b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

331fb4d55ae62fd9f4bc80d60ad3ac1b_JaffaCakes118
Size

105KB
MD5

331fb4d55ae62fd9f4bc80d60ad3ac1b
SHA1

42493d0456f93b3e251d724e5e684c0679878675
SHA256

4a88d3bfbaa3b42f81a96e720d0cb13a4e84bb7a32c9326255481ce47d2ba4e4
SHA512

a0c23db63fc9d4ce3e01d1d10ba4e73baa96a372dbd03baa008f7ab60c971b7910c99019a89efa63176a016c8943115457d79af99ae80a077fb2501e97310b87
SSDEEP

1536:Grs8DYnIfwmOKt3Wvmo0CZ/D+8JdSSJnviGasSGikn/bfNBa47yXdeX+y2ByOg1D:Grs8DYI4mOKgwCZ/DLSCPOg1Ixd+p1n

Score

1^/10

Malware Config

Signatures

Files

331fb4d55ae62fd9f4bc80d60ad3ac1b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

11fb4925d2f44b90f4934467d9aeca97

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

63:4e:cb:c5:bd:fd:83:f5:17:9b:26:47:eb:b1:d9:64:9c:96:07:b2
Signer

Actual PE Digest

63:4e:cb:c5:bd:fd:83:f5:17:9b:26:47:eb:b1:d9:64:9c:96:07:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\QQLive_Dailybuild\src\Symbol\ExceptCatch.pdb

Imports

mfc80u

ord572
ord3189
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2985
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord760
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord416
ord354
ord3176
ord4256
ord5199
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord4884
ord4729
ord4206
ord5178
ord1785
ord6063
ord1555
ord5803
ord4574
ord709
ord501
ord266
ord265
ord6086
ord3635
ord1894
ord1472
ord2651
ord1058
ord4119
ord1271
ord3155
ord1925
ord1118
ord3204
ord6749
ord6751
ord3390
ord280
ord384
ord5083
ord2897
ord2460
ord5319
ord5398
ord1430
ord6284
ord2011
ord629
ord777
ord370
ord2260
ord3927
ord2261
ord5558
ord4074
ord618
ord2310
ord4026
ord776
ord5416
ord1908
ord3990
ord386
ord2271
ord2279
ord2745
ord774
ord631
ord267
ord575
ord6111
ord6700
ord282
ord2895
ord1479
ord899
ord5524
ord4101
ord870
ord651
ord620
ord605
ord2121
ord900
ord293
ord2311
ord896
ord1093
ord371
ord1168
ord1079
ord762
ord5708
ord1176
ord283
ord577
ord1178
ord1182
ord927
ord764

msvcr80

_unlock
wcsncpy_s
wcscat_s
_wsplitpath_s
vswprintf_s
wcsncmp
wcsrchr
swscanf_s
srand
rand
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??0exception@std@@QAE@XZ
__dllonexit
wprintf
_set_invalid_parameter_handler
_recalloc
calloc
free
_vsnprintf_s
memcpy_s
_i64tow_s
memset
memcpy
_encode_pointer
_lock
_onexit
_decode_pointer
__CxxFrameHandler3
wcsftime
_localtime64_s
_time64
strchr
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??1exception@std@@UAE@XZ
__clean_type_info_names_internal

kernel32

GetCurrentProcessId
WriteFile
Sleep
SetFileAttributesW
DeleteFileW
OutputDebugStringW
GetCurrentProcess
GetPrivateProfileIntW
lstrlenA
MultiByteToWideChar
GetProcAddress
WritePrivateProfileStringW
VirtualQueryEx
GetModuleFileNameA
CreateFileA
CloseHandle
GetModuleHandleW
GetVersionExW
IsBadReadPtr
VirtualProtect
GetLastError
GetModuleFileNameW
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
OpenProcess
GetUserDefaultLCID
GetSystemDefaultLCID
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultUILanguage
GetSystemDefaultLangID
GetOEMCP
GetACP
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetCurrentThreadId
CreateFileW
SetUnhandledExceptionFilter
FindResourceExW
SetLastError
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
WideCharToMultiByte

user32

GetClientRect
KillTimer
GetWindowRect
SendMessageW
GetSystemMetrics
LoadBitmapW
MessageBeep
EnableWindow
UnregisterClassA
SetTimer

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

oleaut32

SysAllocString
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime

livelog

?CreateObjectFromFile@@YAJPB_WPAUIUnknown@@ABU_GUID@@2PAPAX@Z
?GetUserAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?CheckFileExist@@YAHPB_W@Z
?GetExeFolder@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ

msvcp80

?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?allocate@?$allocator@D@std@@QAEPADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ

psapi

EnumProcessModules

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imagehlp

SymGetModuleInfo
SymLoadModule
SymFunctionTableAccess
SymInitialize
SymSetOptions
StackWalk
SymGetSymFromAddr

wininet

InternetCloseHandle
HttpOpenRequestA
InternetOpenA
InternetConnectA
HttpSendRequestA

Exports

Exports

?SetExceptionCatcher@@YAXPB_WH@Z

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11fb4925d2f44b90f4934467d9aeca97

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

63:4e:cb:c5:bd:fd:83:f5:17:9b:26:47:eb:b1:d9:64:9c:96:07:b2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc80u

msvcr80

kernel32

user32

advapi32

shell32

oleaut32

livelog

msvcp80

psapi

version

imagehlp

wininet

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

63:4e:cb:c5:bd:fd:83:f5:17:9b:26:47:eb:b1:d9:64:9c:96:07:b2
Signer

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 5KB