a1f41c94900fe3b0057c70e58a925fb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a1f41c94900fe3b0057c70e58a925fb6_JaffaCakes118
Size

117KB
MD5

a1f41c94900fe3b0057c70e58a925fb6
SHA1

e2dc6698eee7cf09fb56eb6d31f11dbcd6406732
SHA256

c4df9a70f00741939186beabb4e467a486e0298015585cdce9d2b24abac4e2d4
SHA512

fd2b66bb479322f61adb5f71e4d14038dd04c293f0558465c510add45e0814378889638d3f765e4ec15488ba833f44a03bda690a61aed8bdce42abfe4ae0a598
SSDEEP

3072:HWQCNTbIMPMTHO6Uur7b8efRbPHOtsD2M0Usmb:HWQCaMUTtUyH8efRbHOtsJ0E

Score

1^/10

Malware Config

Signatures

Files

a1f41c94900fe3b0057c70e58a925fb6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

39e03e09b9e9d6c57c50d5ba13967b0d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:59:d4:69:1d:5f:5e:72:55:58:be:f6:cc:df:18:02:9a:32:c0:6b:f8:2d:38:5f:be:49:8f:8c:21:cc:71:a7
Signer

Actual PE Digest

66:59:d4:69:1d:5f:5e:72:55:58:be:f6:cc:df:18:02:9a:32:c0:6b:f8:2d:38:5f:be:49:8f:8c:21:cc:71:a7

Digest Algorithm

sha256

PE Digest Matches

true

66:25:61:39:ba:4e:b1:ba:41:54:af:b9:18:9b:6c:82:a0:2c:e4:08
Signer

Actual PE Digest

66:25:61:39:ba:4e:b1:ba:41:54:af:b9:18:9b:6c:82:a0:2c:e4:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DUOWAN_BUILD\build\Build_Src\dwinternal\client_protocol\bin\release\sessapp.pdb

Imports

protocomm

?getUid@ProtoUInfo@@QAEIXZ
?getSid@ProtoUInfo@@QAEIXZ
?net2app@ProtoA2U@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?UnZipString@ProtoHelper@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@I@Z
?currentSystemTime@ProtoTime@@SAIXZ
?getPid@ProtoUInfo@@QAEIXZ
?setPid@ProtoUInfo@@QAEXI@Z
?setUid@ProtoUInfo@@QAEXI@Z
?setUdb@ProtoUInfo@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setCookie@ProtoUInfo@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setAsid@ProtoUInfo@@QAEXI@Z
??0ProtoUInfo@@QAE@XZ
?setSid@ProtoUInfo@@QAEXI@Z
?freePacket@ProtoPacketPool@@UAEXPAVIProtoPacket@@@Z
?newPacket@ProtoPacketPool@@UAEPAVIProtoPacket@@HABUMarshallable@sox@@@Z
?newPacket@ProtoPacketPool@@UAEPAVIProtoPacket@@PBDHH@Z
?newPacket@ProtoPacketPool@@UAEPAVIProtoPacket@@HPBDHH@Z
??1ProtoPacketPool@@UAE@XZ

dwbase

?IsLogLevelEnabled@@YA_NG@Z
?DoLog@@YAXGPBD0G0PBG@Z
?queryDatabase@Data@@YA?AV?$comptr@UIDatabase@Data@@@@K@Z
insert_name_id

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
MultiByteToWideChar

msvcp90

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_Throw@std@@YAXABVexception@stdext@@@Z
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

msvcr90

_encoded_null
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??3@YAXPAX@Z
__CxxFrameHandler3
??_V@YAXPAX@Z
memcpy
??2@YAPAXI@Z
_purecall
_invalid_parameter_noinfo
strlen
_snwprintf_s
_CxxThrowException
free
memmove_s
malloc
memset
memmove
?terminate@@YAXXZ
_encode_pointer
_malloc_crt
_amsg_exit
_decode_pointer
_initterm
_initterm_e
_except_handler4_common

Exports

Exports

??0CPerfRecord@Perf@@QAE@XZ
??0IAudioMod@@QAE@ABV0@@Z
??0IAudioMod@@QAE@XZ
??0ISBypassMod@@QAE@ABV0@@Z
??0ISBypassMod@@QAE@XZ
??0ISInfoMod@@QAE@ABV0@@Z
??0ISInfoMod@@QAE@XZ
??0IServiceMod@@QAE@ABV0@@Z
??0IServiceMod@@QAE@XZ
??0ISessionMod@@QAE@ABV0@@Z
??0ISessionMod@@QAE@XZ
??0ProtoPacketPool@@QAE@ABV0@@Z
??0ProtoUInfo@@QAE@ABV0@@Z
??1IAudioMod@@UAE@XZ
??1ISBypassMod@@UAE@XZ
??1ISInfoMod@@UAE@XZ
??1IServiceMod@@UAE@XZ
??1ISessionMod@@UAE@XZ
??1ProtoUInfo@@QAE@XZ
??4CPerfRecord@Perf@@QAEAAV01@ABV01@@Z
??4IAudioMod@@QAEAAV0@ABV0@@Z
??4ISBypassMod@@QAEAAV0@ABV0@@Z
??4ISInfoMod@@QAEAAV0@ABV0@@Z
??4IServiceMod@@QAEAAV0@ABV0@@Z
??4ISessionMod@@QAEAAV0@ABV0@@Z
??4ProtoA2U@@QAEAAV0@ABV0@@Z
??4ProtoHelper@@QAEAAV0@ABV0@@Z
??4ProtoPacketPool@@QAEAAV0@ABV0@@Z
??4ProtoTime@@QAEAAV0@ABV0@@Z
??4ProtoUInfo@@QAEAAV0@ABV0@@Z
??_7IAudioMod@@6B@
??_7ISBypassMod@@6B@
??_7ISInfoMod@@6B@
??_7IServiceMod@@6B@
??_7ISessionMod@@6B@
??_7ProtoPacketPool@@6B@
?GetInstance@CPerfRecord@Perf@@SAPAV12@XZ
?s_pImpl@?1??GetInstance@CPerfRecord@Perf@@SAPAV23@XZ@4PAV23@A
_getModule@4
_releaseModule@4

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39e03e09b9e9d6c57c50d5ba13967b0d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

66:59:d4:69:1d:5f:5e:72:55:58:be:f6:cc:df:18:02:9a:32:c0:6b:f8:2d:38:5f:be:49:8f:8c:21:cc:71:a7Signer

66:25:61:39:ba:4e:b1:ba:41:54:af:b9:18:9b:6c:82:a0:2c:e4:08Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

protocomm

dwbase

kernel32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 17KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

66:59:d4:69:1d:5f:5e:72:55:58:be:f6:cc:df:18:02:9a:32:c0:6b:f8:2d:38:5f:be:49:8f:8c:21:cc:71:a7
Signer

66:25:61:39:ba:4e:b1:ba:41:54:af:b9:18:9b:6c:82:a0:2c:e4:08
Signer

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 17KB