37ca28495ab9164cff46e7624ca0a1c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37ca28495ab9164cff46e7624ca0a1c5_JaffaCakes118
Size

109KB
MD5

37ca28495ab9164cff46e7624ca0a1c5
SHA1

8f50f1330b34ade76bdc18ba71e8e1ff2ed1c18c
SHA256

cb24d0570b61ea612728a6b97fb314ab5cf05a64b2ca770e7c27a5f337e3780c
SHA512

0e507406c78859ad92504c74deaacf278c8b4d6e87e90f208860c5c2b5b316388381256383e0c299c6ce01c77592a1e1314840d4e06157ba96873eae169a0018
SSDEEP

1536:lPolTiC7RS22lE5ZISypLxOFs+SCjawU3zVrfODWwC6a7CH:lpRl6TypLD+SCmDxbODWDD+

Score

1^/10

Malware Config

Signatures

Files

37ca28495ab9164cff46e7624ca0a1c5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c4bb2877e33c4bb78bb8ac1ad985cf6a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

17:f4:d3:25:25:0c:d3:f4:9f:ed:c8:b5:29:ab:4f:91:87:f3:c3:f2
Signer

Actual PE Digest

17:f4:d3:25:25:0c:d3:f4:9f:ed:c8:b5:29:ab:4f:91:87:f3:c3:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Code\Ark_0.7.5\qqapp\pdb\release\Storage.pdb

Imports

lua

?lua_type@@YAHPAUlua_State@@H@Z
?lua_pushfstring@@YAPBDPAUlua_State@@PBDZZ
?lua_next@@YAHPAUlua_State@@H@Z
?lua_toboolean@@YAHPAUlua_State@@H@Z
?lua_remove@@YAXPAUlua_State@@H@Z
?luaL_ref@@YAHPAUlua_State@@H@Z
?luaL_register@@YAXPAUlua_State@@PBDPBUluaL_Reg@@@Z
?lua_pushnumber@@YAXPAUlua_State@@N@Z
?lua_pushboolean@@YAXPAUlua_State@@H@Z
?lua_rawseti@@YAXPAUlua_State@@HH@Z
?lua_pushinteger@@YAXPAUlua_State@@H@Z
?lua_touserdata@@YAPAXPAUlua_State@@H@Z
?lua_pushlightuserdata@@YAXPAUlua_State@@PAX@Z
?lua_newuserdata@@YAPAXPAUlua_State@@I@Z
?lua_setfenv@@YAHPAUlua_State@@H@Z
?luaL_loadbuffer@@YAHPAUlua_State@@PBDI1@Z
?lua_setmetatable@@YAHPAUlua_State@@H@Z
?lua_pushcclosure@@YAXPAUlua_State@@P6AH0@ZH@Z
?lua_getmetatable@@YAHPAUlua_State@@H@Z
?lua_rawgeti@@YAXPAUlua_State@@HH@Z
?lua_createtable@@YAXPAUlua_State@@HH@Z
?lua_getfield@@YAXPAUlua_State@@HPBD@Z
?lua_setfield@@YAXPAUlua_State@@HPBD@Z
?luaL_newmetatable@@YAHPAUlua_State@@PBD@Z
?lua_pushstring@@YAXPAUlua_State@@PBD@Z
?luaL_unref@@YAXPAUlua_State@@HH@Z
?lua_pushvalue@@YAXPAUlua_State@@H@Z
?lua_settop@@YAXPAUlua_State@@H@Z
?luaL_argerror@@YAHPAUlua_State@@HPBD@Z
?lua_tolstring@@YAPBDPAUlua_State@@HPAI@Z
?luaL_checknumber@@YANPAUlua_State@@H@Z
?lua_gettop@@YAHPAUlua_State@@@Z
?lua_tonumber@@YANPAUlua_State@@H@Z
?lua_settable@@YAXPAUlua_State@@H@Z
?lua_pushnil@@YAXPAUlua_State@@@Z
?luaL_loadstring@@YAHPAUlua_State@@PBD@Z
?lua_pushlstring@@YAXPAUlua_State@@PBDI@Z
?luaL_checklstring@@YAPBDPAUlua_State@@HPAI@Z
?lua_tointeger@@YAHPAUlua_State@@H@Z
?lua_pcall@@YAHPAUlua_State@@HHH@Z
?lua_gettable@@YAXPAUlua_State@@H@Z

jsonc

json_object_new_int
json_object_new_array
json_object_to_json_string
json_object_put
json_tokener_parse
json_object_array_add
json_object_get_object
json_object_get_type
json_object_get_double
json_object_new_boolean
json_object_new_string
json_object_object_add
json_object_get_boolean
json_object_new_double
json_object_get_int
json_object_get_string
json_object_new_object
json_object_array_get_idx
json_object_array_length

sqlite

sqlite3_step
sqlite3_bind_text
sqlite3_bind_blob
sqlite3_prepare
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_close
sqlite3_open
sqlite3_bind_null
sqlite3_column_double
sqlite3_column_name
sqlite3_errmsg
sqlite3_last_insert_rowid
sqlite3_column_count
sqlite3_prepare_v2
sqlite3_exec
sqlite3_bind_double
sqlite3_bind_parameter_count
sqlite3_changes
sqlite3_bind_int
sqlite3_errcode
sqlite3_column_int
sqlite3_column_type
sqlite3_column_text
sqlite3_finalize

arkfs

arkArkToSyspath

jgxtml

jgGetXtmlTagSubTag
jgAddXtmlTagSubTag
jgSetXtmlTagValue
jgGetXtmlTagAttrCount
jgCreateXtmlTag
jgGetXtmlTagName
jgDeleteXtmlParser
jgParserXtmlBuffer
jgCreateXtmlParser
jgGetParserXtml
jgDeleteXtmlTag
jgGetXtmlTagSubTagCount
jgGetXtmlTagAttrName
jgGetXtmlTagAttrValue
jgGetXtmlTagValue
jgGetXtmlTagAttr

kernel32

WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
MultiByteToWideChar

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_except_handler4_common
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
__CxxFrameHandler3
atoi
strtod
memcpy_s
isspace
strtoul
??_U@YAPAXI@Z
??_V@YAXPAX@Z
sprintf_s
_purecall
malloc
memmove_s
free
??0exception@std@@QAE@ABQBD@Z
_CxxThrowException
strchr
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
_invalid_parameter_noinfo
_amsg_exit
__clean_type_info_names_internal
?what@exception@std@@UBEPBDXZ

msvcp80

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

jgiostub

jgDeleteStub
jgCreateStub

Exports

Exports

luaopen_Storage

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4bb2877e33c4bb78bb8ac1ad985cf6a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

17:f4:d3:25:25:0c:d3:f4:9f:ed:c8:b5:29:ab:4f:91:87:f3:c3:f2Signer

Headers

File Characteristics

PDB Paths

Imports

lua

jsonc

sqlite

arkfs

jgxtml

kernel32

msvcr80

msvcp80

jgiostub

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1012B

.reloc Size: 8KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

17:f4:d3:25:25:0c:d3:f4:9f:ed:c8:b5:29:ab:4f:91:87:f3:c3:f2
Signer

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1012B

.reloc
Size: 8KB - Virtual size: 4KB