a856da30cf27098a115cd66a0ecbba9a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a856da30cf27098a115cd66a0ecbba9a_JaffaCakes118
Size

753KB
MD5

a856da30cf27098a115cd66a0ecbba9a
SHA1

7b663499ad1372b059ef4de60b2b183498a1ee7c
SHA256

d6e42c583372d5bf62e3c0ec521eb95929cfeed04c0da5c711dc1880c014bc21
SHA512

75b36ac40d1ac9dd9b9013039841bfd79f5b334b89b84db07ef491a0fc66a53ef4ea1b7502c0ffcd1c0ee6add3d4e0e3d74c32d823740e50102ae4cf158a225e
SSDEEP

12288:5cW7Y+R0H2fx1hSDI5N8czoORXmHLSxABa1ICa6skS0bwF46U8i5d+/OyeQ+r9:5cW7h0H2fx1hSDI5uUXaLiABaZskBbwG

Score

1^/10

Malware Config

Signatures

Files

a856da30cf27098a115cd66a0ecbba9a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d9ef8c8b237a59704c422d0a01d229c3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:24:48:eb:34:95:42:d9:e6:05:fa:3f:23:b4:e9:0f:64:fc:c6:85
Signer

Actual PE Digest

71:24:48:eb:34:95:42:d9:e6:05:fa:3f:23:b4:e9:0f:64:fc:c6:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Develop\TXVQQ1.0Proj_int\Basic_TXVQQ_VOB\TVXQQ\Source\VQQ2\Release\VQQ2.pdb

Imports

kernel32

TerminateThread
WaitForSingleObject
SetEvent
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
ResetEvent
CreateEventW
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenW
ReleaseSemaphore
Sleep
GetLastError
GetCurrentThread
GetThreadPriority
SetThreadPriority
MulDiv
CloseHandle
InterlockedDecrement
InterlockedIncrement
RaiseException
GetTickCount
GetCurrentThreadId
GetProcAddress
FreeLibrary
LoadLibraryW
lstrcpyW
lstrcmpW
WaitForMultipleObjects
lstrcpynW
GetSystemTimeAsFileTime
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreW
GetVersionExA
HeapDestroy

user32

GetDC
UnregisterClassA
ClientToScreen
GetClientRect
ReleaseDC
CopyRect
GetWindowRect
GetSystemMetrics
DispatchMessageW
RegisterWindowMessageW
MsgWaitForMultipleObjects
PeekMessageW
GetQueueStatus
OffsetRect
PostThreadMessageW

gdi32

GetDeviceCaps

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserSize
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoLoadLibrary
CoFreeLibrary

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
LoadRegTypeLi
LoadTypeLi

atl80

ord23
ord30
ord61
ord32
ord58
ord31
ord15
ord64

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr80

memcpy_s
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
memmove_s
??2@YAPAXI@Z
memset
tolower
isspace
free
realloc
_vsnprintf
ceil
floor
??_V@YAXPAX@Z
feof
fclose
fopen
__RTDynamicCast
_CIsin
_CIcos
_snprintf
memmove
wcscpy_s
vswprintf_s
_vswprintf
_vscwprintf
_beginthreadex
wcsstr
_wcslwr
malloc
calloc
longjmp
_CIlog
_setjmp3
_CIpow
_CIsqrt
_CIlog10
rand
_CIexp
strtol
getenv
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
__CxxFrameHandler3
memcpy
??3@YAXPAX@Z
fgets

winmm

timeSetEvent
timeGetTime
timeEndPeriod
timeBeginPeriod
timeKillEvent

rpcrt4

NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 620KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9ef8c8b237a59704c422d0a01d229c3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

71:24:48:eb:34:95:42:d9:e6:05:fa:3f:23:b4:e9:0f:64:fc:c6:85Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

atl80

msvcp80

msvcr80

winmm

rpcrt4

Exports

Exports

Sections

.text Size: 620KB - Virtual size: 618KB

.orpc Size: 4KB - Virtual size: 576B

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 8KB - Virtual size: 97KB

.rodata Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 24KB - Virtual size: 23KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

71:24:48:eb:34:95:42:d9:e6:05:fa:3f:23:b4:e9:0f:64:fc:c6:85
Signer

.text
Size: 620KB - Virtual size: 618KB

.orpc
Size: 4KB - Virtual size: 576B

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 8KB - Virtual size: 97KB

.rodata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 24KB - Virtual size: 23KB