5ae90a45d51eb74ad4d2c6c56695ce5e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ae90a45d51eb74ad4d2c6c56695ce5e_JaffaCakes118
Size

207KB
MD5

5ae90a45d51eb74ad4d2c6c56695ce5e
SHA1

a228220869d40d04d9915b3443e229a4962e4820
SHA256

28363d8cfbce71f898eaf37b4e330a6b5f526d410a1d9844143f01c6ac58c01e
SHA512

b15d7cdc55ce8bbc16811cd01acbe77413308ce07e95c31d3e24744f941ef428892eb5c11d1a6223d8ef1a9ae80493f4c612cb59bc61e8f685c7d7f48d76701f
SSDEEP

3072:aM8vCOW8StBh92iDqiZ6hJzbMmhzaTOLTo88WapoECz:FDv8Sqi7SJPMmsTOLTp8Wqohz

Score

1^/10

Malware Config

Signatures

Files

5ae90a45d51eb74ad4d2c6c56695ce5e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c2406a518202c2d7013f51a3044c7c28

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:37:e7:f2:1c:4a:6a:d6:39:3e:8a:e1:c9:70:26:eb:9f:02:79:37
Signer

Actual PE Digest

81:37:e7:f2:1c:4a:6a:d6:39:3e:8a:e1:c9:70:26:eb:9f:02:79:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\sec_proj\trunk\tcj\output\Release\TP0005.pdb

Imports

shlwapi

PathRemoveFileSpecA
PathAppendA

kernel32

GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
CloseHandle
TerminateThread
CreateThread
GetModuleFileNameA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetProcAddress

msvcr90

_snprintf_s
_vsnprintf_s
fclose
fgets
fopen
strncmp
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
??_U@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memset
memmove_s
memcpy
_time64
??_V@YAXPAX@Z
_adjust_fdiv
_CxxThrowException
_invalid_parameter_noinfo
??2@YAPAXI@Z
_purecall
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
__CppXcptFilter
strnlen
strncpy

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

ws2_32

ntohl
socket
ioctlsocket
htons
connect
select
__WSAFDIsSet
getsockname
send
recv
inet_ntoa
closesocket
gethostbyname
inet_addr
sendto
WSAStartup
WSAGetLastError

Exports

Exports

DllEntry

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvmp
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2406a518202c2d7013f51a3044c7c28

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

81:37:e7:f2:1c:4a:6a:d6:39:3e:8a:e1:c9:70:26:eb:9f:02:79:37Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

msvcr90

msvcp90

ws2_32

Exports

Exports

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 29KB - Virtual size: 42KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.tvmp Size: 39KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

81:37:e7:f2:1c:4a:6a:d6:39:3e:8a:e1:c9:70:26:eb:9f:02:79:37
Signer

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 29KB - Virtual size: 42KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

.tvmp
Size: 39KB - Virtual size: 40KB