d3be059348d8447edeafe9d9561fe736_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d3be059348d8447edeafe9d9561fe736_JaffaCakes118
Size

537KB
MD5

d3be059348d8447edeafe9d9561fe736
SHA1

bec11687a3daeaa820530c61990aab93d0e12062
SHA256

9915e31c29085d4e53e4b22c08acca571f1f732059b115b47ad94132b1a6df95
SHA512

3c91c9ba5578515330a8aba0e76e013d3ef42e72025fbc195ac8450b776fb167979d22caa494512889b02ca03068ce8c8bfce90a6a9d92073eceae921116ef5a
SSDEEP

12288:ctEZkSsZnO3kc1Zxg8DH7rE2FHQ5TBsG7W0wuiJ/:TZkSshO3kcHm8r7rE2hQ5TBd7W0wlJ/

Score

1^/10

Malware Config

Signatures

Files

d3be059348d8447edeafe9d9561fe736_JaffaCakes118
.dll windows:4 windows x86 arch:x86

460b519be80112434494246b2f41a799

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:d4:c2:5f:ad:0b:d2:ae:5a:63:2f:74:a8:22:ba:34:cd:b6:34:1b
Signer

Actual PE Digest

6b:d4:c2:5f:ad:0b:d2:ae:5a:63:2f:74:a8:22:ba:34:cd:b6:34:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\qqpcmgr_proj\FTTrojan.main\qqpcmgr_proj\Basic\Output\BinFinal\TAVLogic.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA

shlwapi

PathAppendW
PathFindFileNameW
PathAddBackslashW
SHSetValueW
SHDeleteValueW
wnsprintfW
PathRemoveFileSpecW
PathFileExistsW
StrRStrIW
PathIsDirectoryW
SHGetValueW
SHDeleteKeyW

kernel32

CreateProcessW
OpenMutexW
WaitForSingleObject
ResetEvent
SetEvent
CreateEventW
GetThreadPriority
SetThreadPriority
UnhandledExceptionFilter
GetTickCount
GetFileSize
OpenFileMappingW
LocalFree
CreateFileMappingW
GetLastError
MapViewOfFileEx
UnmapViewOfFile
lstrcpynW
WideCharToMultiByte
ResumeThread
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
AllocConsole
WriteConsoleInputW
FlushConsoleInputBuffer
ScrollConsoleScreenBufferW
WriteConsoleW
MultiByteToWideChar
SetConsoleTitleW
SetConsoleCtrlHandler
FreeConsole
GetStdHandle
FillConsoleOutputCharacterW
ReadConsoleInputW
IsBadCodePtr
GetSystemInfo
lstrlenW
ReleaseMutex
CreateFileMappingA
OpenFileMappingA
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
FormatMessageA
GetCurrentThreadId
InterlockedExchange
ChangeTimerQueueTimer
SwitchToThread
DeleteTimerQueueTimer
DuplicateHandle
GetCurrentProcess
CreateTimerQueueTimer
CreateFileW
ReadFile
FindNextFileW
FindClose
RemoveDirectoryW
GetSystemDirectoryW
GetCurrentProcessId
ProcessIdToSessionId
SetFilePointer
WriteFile
OpenProcess
Sleep
CreateToolhelp32Snapshot
GetTempPathW
Process32FirstW
lstrcmpiW
Process32NextW
GetVersionExW
GetLocalTime
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetSystemTime
GlobalAlloc
GlobalLock
GlobalUnlock
GetComputerNameW
lstrlenA
OpenEventW
FindFirstFileW
DeleteFileW
Thread32First
Thread32Next
lstrcpynA
GetFileTime
HeapFree
GetProcessHeap
HeapAlloc
MapViewOfFile
GetModuleFileNameA
SetLastError
InterlockedCompareExchange
GetWindowsDirectoryW
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
RaiseException
CreateMutexW
CloseHandle
WritePrivateProfileStringW
GetDriveTypeW
SetFileAttributesW
DebugBreak
MoveFileW
GetSystemWindowsDirectoryW
GetSystemWow64DirectoryW
IsBadReadPtr
GetBinaryTypeW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
GetThreadLocale
LockResource
SizeofResource
InitializeCriticalSection
GetProcAddress
InterlockedIncrement
FindResourceExW
FindResourceW
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
LoadResource
LeaveCriticalSection
InterlockedDecrement
GetFileAttributesW
MoveFileExW
LoadLibraryW
GetPrivateProfileIntW
GetModuleFileNameW
GetExitCodeProcess
GetLogicalDrives
GetModuleHandleW

user32

SetForegroundWindow
EnumWindows
WindowFromPoint
GetParent
EnumThreadWindows
GetWindowThreadProcessId
EqualRect
GetForegroundWindow
IsIconic
GetClassNameW
GetDesktopWindow
GetSystemMetrics
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
DestroyIcon
SystemParametersInfoW
MessageBoxW
SetWindowPos
GetWindowTextW
GetClientRect
SetWindowLongW
GetWindowRect
GetWindowLongW
EnableWindow
FindWindowExW
SetWindowTextW
SetActiveWindow
FindWindowA
RemoveMenu
GetMessageExtraInfo
ShowWindow
SendMessageTimeoutW
BringWindowToTop
SetFocus
UnregisterClassA
IsWindowVisible
ExitWindowsEx
MoveWindow
MapVirtualKeyW
GetSystemMenu
FindWindowW
keybd_event
SendMessageW
IsWindow
RedrawWindow

gdi32

GetDeviceCaps
CreateDCW
CreateFontIndirectW
DeleteDC
GetObjectW
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

SetSecurityDescriptorSacl
RegSetKeySecurity
RegEnumKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
FreeSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
SetFileSecurityW
AdjustTokenPrivileges
RegOpenKeyExW
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegCloseKey
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
BuildExplicitAccessWithNameW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
GetSecurityDescriptorSacl

shell32

SHGetFileInfoW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFolderPathW
SHGetDesktopFolder
ShellExecuteW
SHBrowseForFolderW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
StgIsStorageFile
StgOpenStorage
StgCreateDocfile

oleaut32

VariantCopy
SysAllocString
VariantClear
VariantInit
SysFreeString

msvcp80

?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@II@Z
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?copy@?$char_traits@_W@std@@SAPA_WPA_WPB_WI@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?max@?$numeric_limits@I@std@@SAIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ

msvcr80

strstr
swscanf
wcscpy_s
wcsftime
tolower
_snprintf_s
_wcsnicmp
wcsncpy_s
wcsncat_s
_snwscanf
wcsncpy
wcstol
wcstoul
strnlen
fclose
fwrite
vsprintf_s
printf
_wtol
strncpy
wcschr
swscanf_s
_wtoi
_mktime64
_wcsicmp
wcsncmp
_CIpow
wcsncat
swprintf_s
_localtime64
fopen_s
fread
_wfopen_s
rand
_vswprintf_c_l
wcscat_s
_memicmp
setlocale
strncpy_s
_vsnprintf
_vsnprintf_s
strrchr
strchr
memset
_recalloc
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
__CxxFrameHandler3
_except_handler3
memcpy
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_vscprintf
_wfopen
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_vscwprintf
_invalid_parameter_noinfo
??2@YAPAXI@Z
_purecall
vswprintf_s
_wcslwr_s
memcpy_s
??_V@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
memmove_s
??0exception@std@@QAE@XZ
wcsrchr
_snwprintf_s
wcsstr
_localtime64_s
_ultow_s
_beginthreadex
malloc
free
calloc
_time64
_vsnwprintf_s
_snwprintf
fflush

iphlpapi

GetIpForwardTable

ws2_32

htonl
ntohl

psapi

EnumProcessModules
GetProcessImageFileNameW
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses

common

??4CTXStringW@@QAEAAV0@PB_W@Z
??1CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@XZ
?CompareNoCase@CTXStringW@@QBEHPB_W@Z

Exports

Exports

IsEngineEnable
TAVLogicGetModule
TAVLogicGetModuleEx

Sections

.text
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

460b519be80112434494246b2f41a799

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

6b:d4:c2:5f:ad:0b:d2:ae:5a:63:2f:74:a8:22:ba:34:cd:b6:34:1bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp80

msvcr80

iphlpapi

ws2_32

psapi

common

Exports

Exports

Sections

.text Size: 372KB - Virtual size: 371KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 44KB - Virtual size: 44KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

6b:d4:c2:5f:ad:0b:d2:ae:5a:63:2f:74:a8:22:ba:34:cd:b6:34:1b
Signer

.text
Size: 372KB - Virtual size: 371KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB