34e729b92649bc6aaff45f5c3b2485a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34e729b92649bc6aaff45f5c3b2485a6_JaffaCakes118
Size

437KB
MD5

34e729b92649bc6aaff45f5c3b2485a6
SHA1

434e7e55ce4237c6e01a66fdc21d38b6c466f17f
SHA256

0a2b095d98d48c9f8f4f6bdd6f82be269f355283a3019fe19841704fbfe7f239
SHA512

2203ca562c0a2372b882faccc6d7c7e53da0fa1524d6853776aeae1cee6f5ecbbdace0641e7c05afa37123ff1614f524cfac43664592621327b52abb9f66bdbc
SSDEEP

6144:ZkRHhwfkfnUmyxdanfnxSwWWaqcJbVETUyhd0ZNdbkTBVS57NXcqImOzLU7e:GRHh78mFnJdRc1VuUy3CdwT3SVNYU7e

Score

1^/10

Malware Config

Signatures

Files

34e729b92649bc6aaff45f5c3b2485a6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4c5b12b76f145d009c88c59ee5a53416

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

34:d4:7a:c6:be:bb:51:74:57:11:11:eb:66:ef:8e:b0:87:c2:e6:34
Signer

Actual PE Digest

34:d4:7a:c6:be:bb:51:74:57:11:11:eb:66:ef:8e:b0:87:c2:e6:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\qqpcmgr_proj\trunk\Basic\Output\BinFinal\StartupMgrDll.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

htonl
ntohs
ntohl
htons

shlwapi

PathRemoveArgsW
PathRemoveFileSpecW
wnsprintfW
PathAddBackslashW
StrCmpIW
PathIsRelativeW
PathFileExistsW
PathIsDirectoryW
StrStrIW
StrRChrW
PathFindExtensionW
PathAppendW

kernel32

HeapSize
HeapReAlloc
HeapDestroy
GetLocalTime
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
SetEvent
ResetEvent
CreateEventW
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
lstrcpynW
CreateDirectoryW
CreateFileW
GetModuleFileNameW
SearchPathW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetModuleHandleW
GetProcAddress
DeleteFileW
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
FreeLibrary
GetPrivateProfileIntW
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetLastError
LocalAlloc
LocalFree
Sleep
GetTickCount
SizeofResource
LockResource
LoadResource
WaitForSingleObject
FindResourceExW
TerminateThread
InterlockedIncrement
InterlockedDecrement
FindResourceW
GetFileSize
ReadFile
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateFileMappingW
SetFilePointer
GetCurrentProcessId
GetSystemDirectoryW
lstrlenW
TerminateProcess
GetVersionExW
GetCurrentDirectoryW
CreateMutexW
GetCurrentProcess
GetSystemInfo
OpenEventW
GetVersionExA
HeapFree
GetProcessHeap
HeapAlloc
GetWindowsDirectoryW
lstrcatW
IsBadReadPtr
IsBadWritePtr
FormatMessageW
GetACP
ReleaseMutex
InterlockedExchange
ChangeTimerQueueTimer
SwitchToThread
FormatMessageA
DeleteTimerQueueTimer
GetCurrentThreadId
DuplicateHandle
CreateTimerQueueTimer
InitializeCriticalSectionAndSpinCount
CreateFileMappingA
OpenFileMappingA
MapViewOfFileEx
OpenFileMappingW
SetLastError
InterlockedCompareExchange
VirtualQuery
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

PostMessageW
FindWindowA
SendMessageTimeoutW
UnregisterClassA

advapi32

RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
EnumServicesStatusW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatus
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
GetUserNameW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
StgOpenStorage
StgCreateDocfile
StgIsStorageFile

msvcp80

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@0@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?copy@?$char_traits@_W@std@@SAPA_WPA_WPB_WI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

msvcr80

rename
_time64
memcpy
iswdigit
malloc
free
memcpy_s
_beginthreadex
_vscwprintf
wcscpy_s
vswprintf_s
_waccess
memmove
realloc
fwrite
fflush
fclose
wcschr
_snwprintf
wcsrchr
wcsncat_s
_wtoi
_wmakepath_s
towlower
_wsplitpath
wprintf
wcsncat
wcsstr
_except_handler3
memcmp
wcscmp
wcsncpy_s
swprintf_s
_wtol
swscanf_s
tolower
_vsnprintf_s
_vsnwprintf_s
__CxxFrameHandler3
fopen_s
_wfopen_s
ferror
fputc
fprintf
fread
ftell
isspace
isalpha
isalnum
strncmp
strchr
_snwscanf
setlocale
strncpy_s
strrchr
_memicmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_snprintf
atol
calloc
wcsncmp
_wcsnicmp
_wcslwr_s
_unlink
_CxxThrowException
_CIsqrt
_snwprintf_s
??3@YAXPAX@Z
??_V@YAXPAX@Z
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_snprintf_s
??1exception@std@@UAE@XZ
atoi
?what@exception@std@@UBEPBDXZ
_stricmp
_wcsicmp
strlen
memmove_s
_purecall
memset
wcslen
wcsncpy
fopen
_localtime64
fseek
wcstol

iphlpapi

GetIpForwardTable

Exports

Exports

QQDllGetClassObject

Sections

.text
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c5b12b76f145d009c88c59ee5a53416

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

34:d4:7a:c6:be:bb:51:74:57:11:11:eb:66:ef:8e:b0:87:c2:e6:34Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

shlwapi

kernel32

user32

advapi32

shell32

ole32

msvcp80

msvcr80

iphlpapi

Exports

Exports

Sections

.text Size: 284KB - Virtual size: 281KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

34:d4:7a:c6:be:bb:51:74:57:11:11:eb:66:ef:8e:b0:87:c2:e6:34
Signer

.text
Size: 284KB - Virtual size: 281KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 24KB