5c5bd3b8bd5ec01fd90abbd77a38bf59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c5bd3b8bd5ec01fd90abbd77a38bf59_JaffaCakes118
Size

94KB
MD5

5c5bd3b8bd5ec01fd90abbd77a38bf59
SHA1

458dfaf16d2ab6d3e0b18b052452b3b474ea9102
SHA256

51ee9eba4551297a200c379867b22cf30afc66de14a52dd16c2d6459bc8a8542
SHA512

14f48ade566c7e46c1efd7d32e66540eca1d21be2c1a537051bb54d371b4b5d6fbeeefcf78236fcb9bf44089c4af20a49d36c7b346bd9fe0954bce15526c3173
SSDEEP

1536:ykSYnVQ4voXO3x0EfHufN3Oflh6ucJDdZTDJ5E12+VaQu6gk434oUaxCP:eUK4voXO3FS364hpSdgJ34o1c

Score

1^/10

Malware Config

Signatures

Files

5c5bd3b8bd5ec01fd90abbd77a38bf59_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a6e91359b3b50cc8b197696b9ad2ae60

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6b:e9:8f:73:7a:9c:11:d6:9c:e0:b3:16:69:6e:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/12/2009, 00:00

Not After

21/12/2012, 23:59

Subject

CN=Duowan Entertainment Information Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Duowan Entertainment Information Technology (Beijing) Co.\, Ltd.,L=beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:fa:04:cb:3a:5d:e8:dd:4c:8d:e8:12:d0:b4:b9:17:d4:80:c2:48
Signer

Actual PE Digest

99:fa:04:cb:3a:5d:e8:dd:4c:8d:e8:12:d0:b4:b9:17:d4:80:c2:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\DUOWAN_BUILD\publish\yy_4.3rel_mb\console\source\app\bin\release\YY.pdb

Imports

dwutility

?DoLog@@YAXGPBD0G0PBG@Z

yycommon

?getProductInfo@YYConfig@@SA?AVQString@@ABV2@@Z

yymainframe

??1YYApplication@@UAE@XZ
?start@YYApplication@@QAE_NXZ
??0YYApplication@@QAE@HQAPAD@Z

qtgui4

?exec@QApplication@@SAHXZ

qtcore4

?qWinMain@@YAXPAUHINSTANCE__@@0PADHAAHAAV?$QVector@PAD@@@Z
?fromAscii@QString@@SA?AV1@PBDH@Z
??0QString@@QAE@ABV0@@Z
??1QLibrary@@UAE@XZ
??1QString@@QAE@XZ
?registerTypedef@QMetaType@@SAHPBDH@Z
?registerType@QMetaType@@SAHPBDP6AXPAX@ZP6APAXPBX@Z@Z
??0QString@@QAE@XZ
?toStdWString@QString@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?fromStdWString@QString@@SA?AV1@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?exists@QFile@@SA_NABVQString@@@Z
??0QString@@QAE@PBD@Z
??0QLibrary@@QAE@ABVQString@@PAVQObject@@@Z
?isLoaded@QLibrary@@QBE_NXZ
?free@QVectorData@@SAXPAU1@H@Z
?qBadAlloc@@YAXXZ
?allocate@QVectorData@@SAPAU1@HH@Z
?qMemSet@@YAPAXPAXHI@Z
?reallocate@QVectorData@@SAPAU1@PAU1@HHH@Z
?qFree@@YAXPAX@Z
?resolve@QLibrary@@QAEPAXPBD@Z
?detach@QByteArray@@QAEXXZ
?free@QString@@CAXPAUData@1@@Z
?toLocal8Bit@QString@@QBE?AVQByteArray@@XZ
?fromWCharArray@QString@@SA?AV1@PBGH@Z
?load@QLibrary@@QAE_NXZ
??YQString@@QAEAAV0@ABV0@@Z

kernel32

InterlockedExchange
HeapSetInformation
GetCommandLineW
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
GetProcessHeap
GetModuleFileNameW
LoadLibraryW
GetProcAddress
SetEnvironmentVariableW
GetEnvironmentVariableW
GetVersionExW
MultiByteToWideChar

msvcp90

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z

libtcmalloc_minimal

?instance@MallocExtension@@SAPAV1@XZ
?Initialize@MallocExtension@@SAXXZ

shlwapi

PathFindFileNameW

msvcr90

?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
_CxxThrowException
_decode_pointer
strlen
__set_app_type
_encode_pointer
__p__fmode
__p__commode
??3@YAXPAX@Z
??_V@YAXPAX@Z
memcpy
wcsrchr
__CxxFrameHandler3
wcsncat_s
memset
wcslen
wcscat
??2@YAPAXI@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
fprintf_s
__iob_func
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6e91359b3b50cc8b197696b9ad2ae60

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

3e:6b:e9:8f:73:7a:9c:11:d6:9c:e0:b3:16:69:6e:ebCertificate

Extended Key Usages

Key Usages

99:fa:04:cb:3a:5d:e8:dd:4c:8d:e8:12:d0:b4:b9:17:d4:80:c2:48Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dwutility

yycommon

yymainframe

qtgui4

qtcore4

kernel32

msvcp90

libtcmalloc_minimal

shlwapi

msvcr90

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 70KB - Virtual size: 70KB

.reloc Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

3e:6b:e9:8f:73:7a:9c:11:d6:9c:e0:b3:16:69:6e:eb
Certificate

99:fa:04:cb:3a:5d:e8:dd:4c:8d:e8:12:d0:b4:b9:17:d4:80:c2:48
Signer

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 70KB - Virtual size: 70KB

.reloc
Size: 1KB - Virtual size: 1KB