704fea41d1074f426e68640bc3bdd89a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

704fea41d1074f426e68640bc3bdd89a_JaffaCakes118
Size

257KB
MD5

704fea41d1074f426e68640bc3bdd89a
SHA1

27916bb71571a9323a33773e3df184d72f520a78
SHA256

fc8bafbdbc6f51722be12d39417b09a6e90f62ae45ec7b9dfb6123e33895b0ff
SHA512

7bc9cd6a28ab755241000368fd190ef85b8c9ced1a527548ae26bccd9e0020ca1a23981e03f1d3026f1d59a0d98345d4744ff72eec130921c0f300b17fc92d50
SSDEEP

3072:X8aTQr6USCxwjRY+SdFJLlM4PakQpinRgKd9vJS8OSwhLa3cRwL5oXPdd7C/OASR:saTQGUSwwjRott6YGUOAS2cHnb

Score

1^/10

Malware Config

Signatures

Files

704fea41d1074f426e68640bc3bdd89a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ad1cbc2e7abe32fe99133a9716703fae

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f9:58:14:75:03:bb:ad:0a:b1:2a:e4:b9:f3:cc:81:ec:6a:39:3f:1f
Signer

Actual PE Digest

f9:58:14:75:03:bb:ad:0a:b1:2a:e4:b9:f3:cc:81:ec:6a:39:3f:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\qqpcmgr_proj\QQPCMgr_Public\Basic\Output\BinFinal\GFCustom.pdb

Imports

common

??4CTXStringW@@QAEAAV0@PB_W@Z
??0CTXStringW@@QAE@XZ
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
?Format@CTXStringW@@QAAXPB_WZZ
??1CTXBSTR@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
??0CTXBSTR@@QAE@PB_W@Z
??0CTXBSTR@@QAE@HPB_W@Z
??ICTXBSTR@@QAEPAPA_WXZ
??0CTXBSTR@@QAE@XZ
??4CTXStringW@@QAEAAV0@ABV0@@Z
??BCTXStringW@@QBEPB_WXZ
?GetBSTR@CTXStringW@@QBEPA_WXZ
??4CTXBSTR@@QAEAAV0@PB_W@Z
?GetString@CTXStringW@@QBEPB_WXZ
?CreateFileW@FS@@YAHPB_WKPAPAUITXFile@@@Z
??0CTXStringW@@QAE@PA_W@Z
?GetBuffer@CTXStringW@@QAEPA_WXZ
?Right@CTXStringW@@QBE?AV1@H@Z
?GetLength@CTXStringW@@QBEHXZ
?Left@CTXStringW@@QBE?AV1@H@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??0CTXStringW@@QAE@PB_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??1CTXStringW@@QAE@XZ
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??0CTXStringW@@QAE@ABV0@@Z

gf

?GetBOOL@Metadata@Util@@YAJPAUITXData@@PA_WPAH@Z
?Get@Metadata@Util@@YAJPAUITXData@@PA_WPAH@Z
?FreeData@Metadata@Util@@YAJAAPA_W@Z
?Get@Metadata@Util@@YAJPAUITXData@@PA_WPAPA_W@Z
?GetService@GF@Util@@YAJABU_GUID@@PA_WPAPAX@Z
?TransMd2GFElement@Metadata@Util@@YAJPAUITXData@@PAPAUIGFElement@@PAUIGFEnvironment@@PA_W@Z
?Get@Metadata@Util@@YAJPAUITXData@@PA_WPAK@Z
?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z

xgraphic32

GetCanvasHandle

shlwapi

PathFindFileNameW

kernel32

DeleteCriticalSection
GetLastError
lstrcmpiW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSection
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExW
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
GetSystemTimeAsFileTime
EnterCriticalSection
RaiseException
lstrlenW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
InterlockedCompareExchange
Sleep
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetACP
GetLocaleInfoA
InterlockedExchange

user32

SetParent
SetWindowPos
CharNextW
IsWindow
UnregisterClassA
ShowWindow

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW

shell32

SHGetFileInfoW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
StringFromCLSID

oleaut32

SysAllocStringLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
UnRegisterTypeLi

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

gdiplus

GdipResetWorldTransform
GdipSetSmoothingMode
GdipCreateFromHDC
GdipDisposeImage
GdipTranslateWorldTransform
GdipLoadImageFromFile
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipRotateWorldTransform
GdipDrawImageRectI
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipDeleteBrush
GdipCreateSolidFill
GdipFillPieI

msvcr80

??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??2@YAPAXI@Z
memmove_s
_unlock
_purecall
_wtol
_except_handler4_common
_ltow_s
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
??3@YAXPAX@Z
malloc
free
memcpy_s
_CxxThrowException
wcscpy_s
wcsncpy_s
wcscat_s
??_V@YAXPAX@Z
__CxxFrameHandler3
_recalloc
memset
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad1cbc2e7abe32fe99133a9716703fae

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

f9:58:14:75:03:bb:ad:0a:b1:2a:e4:b9:f3:cc:81:ec:6a:39:3f:1fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

common

gf

xgraphic32

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

gdiplus

msvcr80

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 40KB - Virtual size: 39KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

f9:58:14:75:03:bb:ad:0a:b1:2a:e4:b9:f3:cc:81:ec:6a:39:3f:1f
Signer

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 40KB - Virtual size: 39KB