b4675088470b4b775f6eb51e9ac02193_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4675088470b4b775f6eb51e9ac02193_JaffaCakes118
Size

965KB
MD5

b4675088470b4b775f6eb51e9ac02193
SHA1

7736599c3f0a46bd9a36e0df2eaf090c25d35550
SHA256

fae40bcb04442842ccc329b25bc7d94984fb7e46ea84eeb1bc399d20748ded88
SHA512

ecef5f03c1f3f023ebd651866a20b08c5f282a92adf030ec8fa087bdefbc16b51d83ce80bcca78d3d84e35c265a86d8a0add0b3b082036a40804d7bd407436de
SSDEEP

24576:NQG8z/2gYjhIZkvIHYG+FXdJPXC9cDeYkHbwF46U8Fys5ScRFf:NQG8z/WjUz5kXnftWHbwF46U8Fys51RZ

Score

1^/10

Malware Config

Signatures

Files

b4675088470b4b775f6eb51e9ac02193_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

aecbb64ae9414bf9e00be025f06b5102

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:5d:ca:61:e4:36:84:a0:06:40:19:0e:44:73:23:e8:8d:28:92:c1
Signer

Actual PE Digest

48:5d:ca:61:e4:36:84:a0:06:40:19:0e:44:73:23:e8:8d:28:92:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\code\vqq\kevinchen_TXVQQ1.0Proj_5_int\Basic_TXVQQ_VOB\TVXQQ\Source\VQQ2\release\VQQ2.pdb

Imports

kernel32

TerminateThread
WaitForSingleObject
SetEvent
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
ResetEvent
CreateEventW
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenW
ReleaseSemaphore
Sleep
CreateThread
GetVersionExW
GetLastError
GetCurrentThread
GetThreadPriority
SetThreadPriority
lstrcmpiW
MulDiv
CloseHandle
InterlockedDecrement
InterlockedIncrement
RaiseException
GetTickCount
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
LoadLibraryW
lstrcpyW
VirtualAlloc
DuplicateHandle
lstrcmpW
VirtualFree
WaitForMultipleObjects
lstrcpynW
GetSystemTimeAsFileTime
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreW
GetVersionExA
HeapDestroy
OutputDebugStringA

user32

GetDC
UnregisterClassA
ClientToScreen
GetClientRect
ReleaseDC
CopyRect
GetWindowRect
GetSystemMetrics
DispatchMessageW
RegisterWindowMessageW
wsprintfW
wvsprintfW
MsgWaitForMultipleObjects
PeekMessageW
GetQueueStatus
UnregisterClassW
OffsetRect
PostThreadMessageW

gdi32

GetObjectW
CreateCompatibleDC
SelectObject
BitBlt
StretchBlt
DeleteDC
GetDeviceCaps

advapi32

RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserSize
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoLoadLibrary
CoFreeLibrary

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
LoadRegTypeLi
LoadTypeLi

atl80

ord23
ord30
ord61
ord32
ord58
ord31
ord15
ord64

msvcp80

?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@D@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr80

memcpy_s
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
memmove_s
??2@YAPAXI@Z
memset
toupper
tolower
isspace
_getcwd
free
realloc
_vsnprintf
ceil
floor
??_V@YAXPAX@Z
feof
fclose
fopen
__RTDynamicCast
_CIsin
_CIcos
_snprintf
qsort
memmove
wcscpy_s
vswprintf_s
_vswprintf
_vscwprintf
_beginthreadex
wcsstr
_wcslwr
malloc
calloc
longjmp
_CIlog
_setjmp3
_CIpow
_CIsqrt
_CIlog10
rand
_CIexp
strtol
getenv
_recalloc
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
__CxxFrameHandler3
memcpy
??3@YAXPAX@Z
_rmdir
_mkdir
fgets
_itoa

winmm

timeSetEvent
timeGetTime
timeEndPeriod
timeBeginPeriod
timeKillEvent

rpcrt4

NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 796KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aecbb64ae9414bf9e00be025f06b5102

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

48:5d:ca:61:e4:36:84:a0:06:40:19:0e:44:73:23:e8:8d:28:92:c1Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

atl80

msvcp80

msvcr80

winmm

rpcrt4

Exports

Exports

Sections

.text Size: 796KB - Virtual size: 792KB

.orpc Size: 4KB - Virtual size: 576B

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 8KB - Virtual size: 98KB

.rodata Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 24KB - Virtual size: 23KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

48:5d:ca:61:e4:36:84:a0:06:40:19:0e:44:73:23:e8:8d:28:92:c1
Signer

.text
Size: 796KB - Virtual size: 792KB

.orpc
Size: 4KB - Virtual size: 576B

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 8KB - Virtual size: 98KB

.rodata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 24KB - Virtual size: 23KB