c97761f9abdca61a9a18707e1900313b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c97761f9abdca61a9a18707e1900313b_JaffaCakes118
Size

2.6MB
MD5

c97761f9abdca61a9a18707e1900313b
SHA1

d41823daf8c8839b35537539e389f7f811d6d80f
SHA256

bdcc964efbf1fb05f6c119efa6adb82341dd739e3d07a5ca71177ea982b3e664
SHA512

8fe7285049028045fb2e67a692f09417f57678010425f9bcbea3104d636cdccd3bce519eaab06f5a398a5321adc0f6394ae6859175a2e6d107f8fcec1cd25f62
SSDEEP

49152:lildzBoArPDAtd4bPfB+Ywh5BHiR2/ERhxf:g+AP6dIJnwhqR2K

Score

1^/10

Malware Config

Signatures

Files

c97761f9abdca61a9a18707e1900313b_JaffaCakes118
.dll windows:6 windows x86 arch:x86

3088d83def65d4b52812dff7727e1f48

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-02-2016 00:00

Not After

15-10-2018 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d5:90:c8:98:14:47:9c:33:54:a3:05:9e:1c:32:ff:07:30:d8:1d:f0
Signer

Actual PE Digest

d5:90:c8:98:14:47:9c:33:54:a3:05:9e:1c:32:ff:07:30:d8:1d:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\github\FFmpeg\FFmpeg\build_x64\libavformat\avformat-58.pdb

Imports

avcodec-58

avcodec_is_open
avpriv_mpa_bitrate_tab
avpriv_mpegaudio_decode_header
avpriv_pix_fmt_bps_mov
avpriv_ac3_parse_header
av_copy_packet_side_data
av_grow_packet
avpriv_ac3_channel_layout_tab
avpriv_split_xiph_headers
avcodec_get_type
avcodec_enum_to_chroma_pos
avpriv_mpeg4audio_sample_rates
av_fast_padded_malloc
avcodec_chroma_pos_to_enum
avpriv_copy_bits
avpriv_mpa_freq_tab
avcodec_get_name
avcodec_parameters_free
avcodec_parameters_alloc
av_parser_close
av_parser_parse2
av_parser_init
avpriv_fits_header_parse_line
avpriv_fits_header_init
av_packet_rescale_ts
avcodec_find_encoder
avcodec_parameters_from_context
av_dv_codec_profile2
av_dv_frame_profile
avcodec_string
avcodec_parameters_to_context
av_get_audio_frame_duration
avcodec_alloc_context3
avpriv_dca_parse_core_frame_header
avpriv_dca_convert_bitstream
av_bsf_free
av_bsf_receive_packet
av_bsf_send_packet
av_bsf_init
av_bsf_alloc
av_bsf_get_by_name
av_packet_pack_dictionary
avpriv_pix_fmt_bps_avi
avpriv_find_pix_fmt
av_packet_free
avpriv_find_start_code
avpriv_exif_decode_ifd
avcodec_parameters_copy
avcodec_descriptor_get
av_packet_move_ref
av_init_packet
av_packet_new_side_data
av_packet_alloc
avcodec_register_all
av_packet_ref
av_get_bits_per_sample
avpriv_mpeg4audio_get_config
av_packet_get_side_data
avpriv_align_put_bits
av_get_audio_frame_duration2
av_ac3_parse_header
av_packet_unref
av_shrink_packet
avpriv_toupper4
avpriv_dnxhd_get_frame_size
avpriv_dnxhd_get_interlaced
av_dirac_parse_sequence_header
av_vorbis_parse_init
av_vorbis_parse_free
av_vorbis_parse_frame_flags
av_vorbis_parse_reset
av_xiphlacing
av_packet_copy_props
av_packet_from_data
avpriv_mjpeg_bits_dc_luminance
avpriv_mjpeg_val_dc
avpriv_mjpeg_bits_dc_chrominance
avpriv_mjpeg_bits_ac_luminance
avpriv_mjpeg_val_ac_luminance
avpriv_mjpeg_bits_ac_chrominance
avpriv_mjpeg_val_ac_chrominance
av_adts_header_parse
avpriv_dca_sample_rates
av_new_packet
avpriv_tak_parse_streaminfo
av_bsf_list_parse_str
av_bsf_get_null_filter
av_codec_next
avcodec_open2
avcodec_close
avcodec_find_decoder
avcodec_find_decoder_by_name
avcodec_send_packet
avcodec_decode_subtitle2
avcodec_receive_frame
avcodec_pix_fmt_to_codec_tag
av_bitstream_filter_filter
av_codec_is_decoder
avpriv_h264_has_num_reorder_frames
avpriv_codec_get_cap_skip_frame_fill_param
avpriv_get_raw_pix_fmt_tags
av_get_exact_bits_per_sample
avcodec_free_context

avutil-56

avpriv_dict_set_timestamp
av_content_light_metadata_alloc
av_spherical_alloc
av_get_bytes_per_sample
av_lfg_init
av_sha_alloc
av_sha_init
av_sha_update
av_sha_final
av_aes_ctr_alloc
av_aes_ctr_init
av_aes_ctr_free
av_aes_ctr_crypt
av_aes_ctr_set_iv
av_color_primaries_name
av_color_transfer_name
av_color_space_name
av_timecode_make_string
av_mastering_display_metadata_alloc
av_timecode_check_frame_rate
avpriv_get_gamma_from_trc
av_aes_ctr_get_iv
av_aes_ctr_set_random_iv
av_aes_ctr_increment_iv
av_frame_free
av_opt_set_dict2
av_strtod
av_sub_q
av_find_nearest_q_idx
av_calloc
av_gcd
av_image_check_sar
av_log_get_level
av_des_mac
av_md5_sum
av_hmac_alloc
av_hmac_free
av_hmac_init
av_hmac_update
av_hmac_final
av_opt_set_bin
av_opt_flag_is_set
av_opt_get_int
av_find_info_tag
av_escape
av_opt_get_key_value
av_image_fill_linesizes
av_get_sample_fmt_name
av_sample_fmt_is_planar
av_add_stable
av_opt_set_from_string
av_opt_next
av_opt_set_dict_val
av_opt_get_dict_val
av_opt_ptr
av_buffer_create
av_buffer_default_free
av_frame_alloc
av_parse_ratio
av_pix_fmt_get_chroma_sub_sample
av_opt_set_int
av_realloc_array
av_lzo1x_decode
av_stereo3d_alloc
av_q2intfloat
av_get_pix_fmt
av_get_channel_layout_nb_channels
av_dynarray_add_nofree
av_md5_final
av_md5_update
av_md5_init
av_md5_alloc
av_get_random_seed
av_gettime
av_strndup
av_dirname
av_stristart
av_dynarray_add
av_compare_mod
av_base64_encode
av_basename
av_hash_final_hex
av_hash_update
av_hash_init
av_hash_get_name
av_hash_alloc
avpriv_set_systematic_pal2
av_timegm
av_small_strptime
av_append_path_component
av_strtok
av_stristr
av_image_get_buffer_size
av_get_channel_layout_string
av_opt_get
av_match_name
av_thread_message_flush
av_thread_message_queue_set_free_func
av_thread_message_queue_set_err_recv
av_thread_message_queue_set_err_send
av_thread_message_queue_recv
av_thread_message_queue_send
av_thread_message_queue_free
av_thread_message_queue_alloc
av_opt_serialize
av_opt_find
av_dict_get_string
av_strlcat
av_set_options_string
av_pix_fmt_desc_get
av_timecode_init_from_string
av_timecode_init
av_timecode_get_smpte_from_framenum
av_timecode_make_smpte_tc_string
av_stereo3d_type_name
av_spherical_projection_name
av_spherical_tile_bounds
av_display_rotation_get
av_get_picture_type_char
av_get_channel_name
av_base64_decode
av_strncasecmp
av_strlcatf
av_aes_crypt
av_aes_init
av_aes_alloc
av_memdup
av_fast_malloc
av_adler32_update
av_parse_time
av_get_token
av_compare_ts
av_rescale_q_rnd
av_dict_parse_string
av_parse_video_rate
av_tree_enumerate
av_tree_destroy
av_tree_insert
av_tree_find
av_tree_node_alloc
av_dict_set_int
av_fast_realloc
av_usleep
av_gettime_relative
av_opt_copy
av_opt_set
av_opt_set_dict
av_opt_free
av_opt_set_defaults
av_strdup
av_match_list
av_get_pix_fmt_name
avpriv_report_missing_feature
av_mul_q
av_realloc_f
av_get_media_type_string
av_div_q
av_reallocp
av_mallocz_array
av_fifo_realloc2
av_fifo_generic_read
av_fifo_alloc_array
av_bprint_append_data
av_strcasecmp
av_fifo_drain
av_fifo_generic_write
av_fifo_generic_peek_at
av_fifo_space
av_fifo_size
av_fifo_reset
av_fifo_freep
av_fifo_alloc
av_strstart
av_strerror
av_rescale_rnd
av_asprintf
av_bprint_finalize
av_bprint_clear
av_bprint_chars
av_bprintf
av_bprint_init
av_dict_count
av_dict_free
av_dict_copy
av_buffer_unref
av_buffer_alloc
av_strlcpy
av_rc4_crypt
av_rc4_init
av_rc4_alloc
av_des_crypt
av_des_init
av_des_alloc
av_reduce
av_image_check_size
av_rescale_q
av_realloc
av_malloc_array
av_fourcc_make_string
av_rescale
av_crc
av_crc_get_table
av_tea_crypt
av_tea_init
av_tea_alloc
av_dict_set
av_default_item_name
av_dict_get
av_freep
av_free
av_reallocp_array
av_mallocz
av_malloc
av_d2q
avpriv_request_sample
av_log
av_hash_freep

secur32

AcquireCredentialsHandleA
InitializeSecurityContextA
DeleteSecurityContext
ApplyControlToken
QueryContextAttributesA
FreeContextBuffer
EncryptMessage
DecryptMessage
FreeCredentialsHandle

ws2_32

accept
closesocket
connect
getsockopt
listen
ntohl
setsockopt
socket
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
ioctlsocket
htonl
select
gethostname
htons
ntohs
recvfrom
sendto
getaddrinfo
freeaddrinfo
getpeername
getsockname
getnameinfo
recv
send
shutdown
bind

kernel32

GetTempPathW
InitOnceBeginInitialize
InitOnceComplete
CloseHandle
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
WaitForSingleObjectEx
MultiByteToWideChar
MoveFileExA
MoveFileExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
WideCharToMultiByte
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
DeleteFileW
SetFilePointerEx
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
RaiseException
ExitProcess
ReadFile
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleCP
HeapFree
HeapAlloc
GetCurrentThread
GetACP
SetConsoleCtrlHandler
OutputDebugStringA
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
EncodePointer
DecodePointer
SetStdHandle
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
SetEndOfFile
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
HeapReAlloc
HeapSize
FlushFileBuffers
GetStringTypeW
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA

Exports

Exports

av_add_index_entry
av_append_packet
av_apply_bitstream_filters
av_codec_get_id
av_codec_get_tag
av_codec_get_tag2
av_demuxer_open
av_dump_format
av_filename_number_test
av_find_best_stream
av_find_default_stream_index
av_find_input_format
av_find_program_from_stream
av_fmt_ctx_get_duration_estimation_method
av_fopen_utf8
av_format_ffversion
av_format_get_audio_codec
av_format_get_control_message_cb
av_format_get_data_codec
av_format_get_metadata_header_padding
av_format_get_opaque
av_format_get_open_cb
av_format_get_probe_score
av_format_get_subtitle_codec
av_format_get_video_codec
av_format_inject_global_side_data
av_format_set_audio_codec
av_format_set_control_message_cb
av_format_set_data_codec
av_format_set_metadata_header_padding
av_format_set_opaque
av_format_set_open_cb
av_format_set_subtitle_codec
av_format_set_video_codec
av_get_frame_filename
av_get_frame_filename2
av_get_output_timestamp
av_get_packet
av_guess_codec
av_guess_format
av_guess_frame_rate
av_guess_sample_aspect_ratio
av_hex_dump
av_hex_dump_log
av_iformat_next
av_index_search_timestamp
av_interleaved_write_frame
av_interleaved_write_uncoded_frame
av_match_ext
av_new_program
av_oformat_next
av_pkt_dump2
av_pkt_dump_log2
av_probe_input_buffer
av_probe_input_buffer2
av_probe_input_format
av_probe_input_format2
av_probe_input_format3
av_program_add_stream_index
av_read_frame
av_read_pause
av_read_play
av_register_all
av_register_input_format
av_register_output_format
av_sdp_create
av_seek_frame
av_stream_add_side_data
av_stream_get_codec_timebase
av_stream_get_end_pts
av_stream_get_parser
av_stream_get_r_frame_rate
av_stream_get_recommended_encoder_configuration
av_stream_get_side_data
av_stream_new_side_data
av_stream_set_r_frame_rate
av_stream_set_recommended_encoder_configuration
av_url_split
av_write_frame
av_write_trailer
av_write_uncoded_frame
av_write_uncoded_frame_query
avformat_alloc_context
avformat_alloc_output_context2
avformat_close_input
avformat_configuration
avformat_find_stream_info
avformat_flush
avformat_free_context
avformat_get_class
avformat_get_mov_audio_tags
avformat_get_mov_video_tags
avformat_get_riff_audio_tags
avformat_get_riff_video_tags
avformat_init_output
avformat_license
avformat_match_stream_specifier
avformat_network_deinit
avformat_network_init
avformat_new_stream
avformat_open_input
avformat_query_codec
avformat_queue_attached_pictures
avformat_seek_file
avformat_transfer_internal_stream_timing_info
avformat_version
avformat_write_header
avio_accept
avio_alloc_context
avio_check
avio_close
avio_close_dir
avio_close_dyn_buf
avio_closep
avio_context_free
avio_enum_protocols
avio_feof
avio_find_protocol_name
avio_flush
avio_free_directory_entry
avio_get_dyn_buf
avio_get_str
avio_get_str16be
avio_get_str16le
avio_handshake
avio_open
avio_open2
avio_open_dir
avio_open_dyn_buf
avio_pause
avio_printf
avio_put_str
avio_put_str16be
avio_put_str16le
avio_r8
avio_rb16
avio_rb24
avio_rb32
avio_rb64
avio_read
avio_read_dir
avio_read_partial
avio_read_to_bprint
avio_rl16
avio_rl24
avio_rl32
avio_rl64
avio_seek
avio_seek_time
avio_size
avio_skip
avio_w8
avio_wb16
avio_wb24
avio_wb32
avio_wb64
avio_wl16
avio_wl24
avio_wl32
avio_wl64
avio_write
avio_write_marker
avpriv_dv_get_packet
avpriv_dv_init_demux
avpriv_dv_produce_packet
avpriv_io_delete
avpriv_io_move
avpriv_mpegts_parse_close
avpriv_mpegts_parse_open
avpriv_mpegts_parse_packet
avpriv_new_chapter
avpriv_set_pts_info
ff_inet_aton
ff_rtp_get_local_rtcp_port
ff_rtp_get_local_rtp_port
ff_rtsp_parse_line
ff_socket_nonblock
ffio_open_dyn_packet_buf
ffio_set_buf_size
ffurl_close
ffurl_closep
ffurl_open
ffurl_open_whitelist
ffurl_write

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3088d83def65d4b52812dff7727e1f48

Code Sign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

d5:90:c8:98:14:47:9c:33:54:a3:05:9e:1c:32:ff:07:30:d8:1d:f0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

avcodec-58

avutil-56

secur32

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 430KB - Virtual size: 429KB

.data Size: 58KB - Virtual size: 64KB

.idata Size: 15KB - Virtual size: 15KB

.gfids Size: 1024B - Virtual size: 726B

.00cfg Size: 512B - Virtual size: 260B

.reloc Size: 57KB - Virtual size: 56KB

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

d5:90:c8:98:14:47:9c:33:54:a3:05:9e:1c:32:ff:07:30:d8:1d:f0
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 430KB - Virtual size: 429KB

.data
Size: 58KB - Virtual size: 64KB

.idata
Size: 15KB - Virtual size: 15KB

.gfids
Size: 1024B - Virtual size: 726B

.00cfg
Size: 512B - Virtual size: 260B

.reloc
Size: 57KB - Virtual size: 56KB