667330b791c857f7f63950d8792f6f1e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

667330b791c857f7f63950d8792f6f1e_JaffaCakes118
Size

333KB
MD5

667330b791c857f7f63950d8792f6f1e
SHA1

5de89c8f72464ccac2319f0fa584ebbb31bd8496
SHA256

56edc2ed9e8120a07a244a0c44f353bedfce343c84369110df67039c2fb5bcf4
SHA512

0aab62b07a863cde1d34ec304b99ca36a0ec3e19d63772a3d122d8c6cde83d4fa64d42c6c328a52e834aa1adc3dbcee9f3266276d101865aa08daf0c5fb5030a
SSDEEP

6144:fCqjL4uwdQ8sD549x7CDcPEcZwWTBQeJYozsODcTNgAowiOxaOahqFP:f9L4uwdQNDKbCD3cZwWTOMqgAow6qFP

Score

1^/10

Malware Config

Signatures

Files

667330b791c857f7f63950d8792f6f1e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

459afa23809d548bf09886371460d17e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:75:d5:aa:45:8f:a6:9d:19:9f:94:18:60:ab:90:a9:da:5a:3f:7a
Signer

Actual PE Digest

39:75:d5:aa:45:8f:a6:9d:19:9f:94:18:60:ab:90:a9:da:5a:3f:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\temp\p2papp\Release\TenioDL_DLL.pdb

Imports

imm32

ImmAssociateContext

ws2_32

socket
WSACleanup
WSAStartup
ntohl
htons
recv
htonl
WSAGetLastError
inet_addr
gethostbyname
ioctlsocket
closesocket
select
__WSAFDIsSet
connect
ntohs
send

kernel32

SearchPathW
GetACP
GetLocaleInfoA
GetProcAddress
MultiByteToWideChar
GetModuleFileNameA
lstrlenA
WideCharToMultiByte
GetCurrentThreadId
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetLocalTime
GetLastError
GetModuleHandleA
GetCurrentProcessId
VirtualQuery
DeleteFileA
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
GetLongPathNameA
CreateFileA
CreateDirectoryA
OpenProcess
WriteFile
SetFilePointer
FindClose
GetPrivateProfileStringA
FindFirstFileA
FindNextFileA
DeleteCriticalSection
WritePrivateProfileStringA
lstrlenW
InterlockedDecrement
GetVersionExA
CloseHandle
WaitForSingleObject
LoadLibraryExA
FreeLibrary
Sleep
SetEvent
ReadFile
WaitNamedPipeA
ResetEvent
CreateNamedPipeA
SetNamedPipeHandleState
GetOverlappedResult
CreateEventA
ConnectNamedPipe
CancelIo
WaitForSingleObjectEx
GetWindowsDirectoryA
LoadLibraryA
HeapFree
DuplicateHandle
WriteProcessMemory
CreateProcessW
HeapAlloc
SetUnhandledExceptionFilter
InitializeCriticalSection
GetThreadLocale
GetProcessHeap
GetModuleFileNameW
GetCurrentProcess
VirtualAllocEx
SetErrorMode
GetPrivateProfileIntA
GetFileAttributesA
InterlockedExchange
GetTickCount
CopyFileA
SleepEx
GetSystemTimeAsFileTime
GlobalAlloc
GlobalFree
InterlockedCompareExchange
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
TerminateThread
IsBadReadPtr
lstrcpynA
InterlockedIncrement

user32

PeekMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
DestroyWindow
SendMessageA
GetWindowLongA
MsgWaitForMultipleObjects
CloseWindow
RegisterClassA
KillTimer
SetTimer
UnregisterClassA
DefWindowProcA
SetWindowLongA
wsprintfW
MessageBoxA
PostMessageA

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoFreeLibrary
CoLoadLibrary
CoInitialize
CoCreateGuid
StringFromGUID2

oleaut32

SysAllocStringByteLen
VariantClear
SysFreeString
SysStringLen
SysAllocStringLen

msvcr80

tolower
strftime
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_mbsicmp
??0exception@std@@QAE@ABQBD@Z
_snprintf_s
??0exception@std@@QAE@ABV01@@Z
fprintf
__iob_func
wcsncpy
strncpy
_mbsnbcpy
_vsnwprintf_s
free
memmove_s
_beginthreadex
_endthreadex
_mbsnbcat
realloc
calloc
_recalloc
malloc
ceil
fclose
toupper
fopen
fwrite
_mbsnbcmp
memset
memcpy
_wassert
strstr
strnlen
memmove
fread
ferror
ftell
fseek
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_splitpath_s
sprintf_s
strchr
_strnicmp
_purecall
_vsnprintf_s
strcpy_s
_localtime64_s
_access
strcat_s
_invalid_parameter_noinfo
_mbsrchr
_time64
strncpy_s
??2@YAPAXI@Z
printf
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??3@YAXPAX@Z
rand
srand
__CxxFrameHandler3
_CxxThrowException
_getpid
_mbsnbcat_s
strspn
atoi
memchr
_mbschr
_CIsqrt

msvcp80

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringA

shlwapi

wnsprintfA

Exports

Exports

TenioDL_CleanUp
TenioDL_StartUp

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

459afa23809d548bf09886371460d17e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

39:75:d5:aa:45:8f:a6:9d:19:9f:94:18:60:ab:90:a9:da:5a:3f:7aSigner

Headers

File Characteristics

PDB Paths

Imports

imm32

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcr80

msvcp80

version

wintrust

crypt32

shlwapi

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 68KB - Virtual size: 88KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 17KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

39:75:d5:aa:45:8f:a6:9d:19:9f:94:18:60:ab:90:a9:da:5a:3f:7a
Signer

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 68KB - Virtual size: 88KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 17KB