d69187156f73ef1b5eec965ad162ec1d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d69187156f73ef1b5eec965ad162ec1d_JaffaCakes118
Size

1013KB
MD5

d69187156f73ef1b5eec965ad162ec1d
SHA1

9295be46d36cf3ec27cd3bbadba69fc8013ebb8b
SHA256

c6d873374e7dfe9c9f1dac43a7356504460a013bcab3305147f658d7c82f6fbd
SHA512

afa74d8bc1f3e103057e1c3a079ad0557bb5136a9de3cc20d4f44e55a60cc09cd0fc296779d50d13ce9306a6ff9d0aec54165d232c742a9db75b79ff34ce4965
SSDEEP

24576:5+n+0HW/QfvRE0Ay0f+x/bv6OlwE2yxk4xyjJuBl09wwfu:5+nVuO0fSbv6QLkPduBl09w

Score

1^/10

Malware Config

Signatures

Files

d69187156f73ef1b5eec965ad162ec1d_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

ea8a21cae63151a4127726982a8978f8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bc:d9:a3:4e:82:5a:93:54:a5:35:c6:ff:be:45:b1:60:92:03:9b:25
Signer

Actual PE Digest

bc:d9:a3:4e:82:5a:93:54:a5:35:c6:ff:be:45:b1:60:92:03:9b:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\Projects\5070\ConnectServiceSrc\Output\Pdb\RubikEngine.pdb

Imports

ws2_32

connect
ioctlsocket
getpeername
ntohs
htons
ntohl
htonl
WSAStartup
getsockopt
send
closesocket
WSASetLastError
__WSAFDIsSet
freeaddrinfo
socket
bind
recv
WSACleanup
setsockopt
getsockname
WSAGetLastError
select
getaddrinfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

zlib

deflate
deflateInit2_
inflateEnd
crc32
inflateInit2_
inflate
deflateEnd

log4cplus

?isEnabledFor@Logger@log4cplus@@QBE_NH@Z
?get_macro_body_oss@detail@log4cplus@@YAAAV?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?macro_forced_log@detail@log4cplus@@YAXABVLogger@2@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBDH2@Z
?get_macro_body_snprintf_buf@detail@log4cplus@@YAAAVsnprintf_buf@helpers@2@XZ
?getRoot@Logger@log4cplus@@SA?AV12@XZ
?doConfigure@PropertyConfigurator@log4cplus@@SAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVHierarchy@2@I@Z
?getDefaultHierarchy@Logger@log4cplus@@SAAAVHierarchy@2@XZ
?getInstance@Logger@log4cplus@@SA?AV12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1Logger@log4cplus@@UAE@XZ
?print@snprintf_buf@helpers@log4cplus@@QAAPB_WPB_WZZ
??0Logger@log4cplus@@QAE@$$QAV01@@Z

kernel32

LoadLibraryW
FreeLibrary
CloseHandle
GetCurrentProcess
OpenProcess
ExpandEnvironmentStringsW
QueryDosDeviceW
GetLogicalDriveStringsW
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
SetEvent
CreateEventW
WaitForSingleObject
InterlockedExchange
GetVolumeInformationW
CreateFileW
GetFileSize
UnmapViewOfFile
DeleteFileW
MapViewOfFile
CreateFileMappingW
CopyFileW
CreateMutexW
Sleep
OpenMutexW
RaiseException
GetFileAttributesW
CreateDirectoryW
GetLongPathNameW
GetTempPathW
GetProcAddress
WriteFile
SetFileAttributesW
IsBadReadPtr
FindClose
FindFirstFileW
LocalFree
RemoveDirectoryW
FindNextFileW
GlobalUnlock
GlobalLock
GlobalSize
SetFilePointer
FileTimeToDosDateTime
SetFilePointerEx
GetPrivateProfileStringW
GetFileType
DuplicateHandle
CreateProcessW
lstrcmpW
MoveFileExW
SetLastError
GetFullPathNameW
GetFileTime
SetThreadLocale
GetThreadLocale
ReleaseMutex
GetTickCount
ResetEvent
TerminateThread
WaitForMultipleObjects
OpenEventW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcessId
SleepEx
ExpandEnvironmentStringsA
FormatMessageA
InitializeCriticalSection
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GetCurrentThreadId
GetModuleHandleA
GetVersion
GetStdHandle
QueryPerformanceCounter
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapDestroy
HeapSize
EncodePointer
DecodePointer
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
GetSystemTime
SystemTimeToFileTime
lstrlenW
GetFileInformationByHandle
GetModuleHandleW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
ReadFile

user32

wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
GetDesktopWindow
CharNextW

advapi32

RegQueryValueExW
CryptCreateHash
RegCloseKey
RegOpenKeyExW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetUserNameW
RegCreateKeyExW
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptDestroyHash
DeregisterEventSource
ReportEventA
RegisterEventSourceA

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW

ole32

CoCreateInstance
StringFromGUID2
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemFree
GetHGlobalFromStream
CoInitialize
CoFreeUnusedLibrariesEx
CoUninitialize

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
VariantClear
VariantChangeType
SysAllocString
SafeArrayUnaccessData
SafeArrayGetLBound
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysStringLen
SafeArrayAccessData
SafeArrayGetUBound

atl100

ord30
ord31
ord68
ord56
ord49
ord15
ord61
ord67
ord64
ord32
ord58
ord23

shlwapi

PathFindFileNameW
PathAddBackslashW
PathIsDirectoryW
PathFileExistsW
PathStripPathW
PathRemoveFileSpecW
PathAppendW
PathRemoveBackslashW

msvcr100

_onexit
_lock
__dllonexit
_unlock
_getch
signal
sprintf
_stricmp
fprintf
_strnicmp
_wfopen
feof
_fileno
_setmode
raise
_exit
_strdup
_except_handler4_common
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm_e
_initterm
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_tzset
__clean_type_info_names_internal
_vsnprintf
strcat
getenv
strtoul
realloc
strrchr
fwrite
isupper
??3@YAXPAX@Z
memmove_s
_CxxThrowException
wmemcpy_s
memcpy_s
__CxxFrameHandler3
memset
ceil
_vscwprintf
vswprintf_s
_itow_s
_ui64tow_s
wcschr
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
memmove
wcsstr
_wcsnicmp
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memcpy
_purecall
free
calloc
_recalloc
_vsnprintf_s
_wcsupr_s
wcsnlen
_wtoi
_snprintf
_snwprintf
_wtoi64
atoi
wcsncpy_s
isalpha
isdigit
strchr
sscanf_s
fopen_s
printf
isspace
strncmp
fread
ftell
ferror
fgetc
fseek
fclose
_vscprintf
vfprintf
__iob_func
_waccess
wcsncpy
malloc
wcsrchr
_time64
_wtol
wcscpy_s
_mktime64
wcscoll
_wcsicoll
_mktime32
strncpy
_localtime64_s
_mbslwr_s
_mbscmp
_wcsicmp
_wcslwr_s
rand
srand
_beginthreadex
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
memcmp
strlen
wcscmp
isxdigit
toupper
wcslen
fputc
_gmtime64
sscanf
qsort
_stat64
strerror
_strtoi64
fputs
strstr
strcpy
memchr
fflush
_errno
strtol
isalnum
tolower
fgets
fopen
strcmp
__sys_nerr
_crt_debugger_hook

msvcp100

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Id_cnt@id@locale@std@@0HA
??1_Lockit@std@@QAE@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@QAEXXZ
??0_Lockit@std@@QAE@H@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreateSequential
UuidToStringA
RpcStringFreeA

winhttp

WinHttpSetStatusCallback
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea8a21cae63151a4127726982a8978f8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

bc:d9:a3:4e:82:5a:93:54:a5:35:c6:ff:be:45:b1:60:92:03:9b:25Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

version

zlib

log4cplus

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl100

shlwapi

msvcr100

msvcp100

rpcrt4

winhttp

Exports

Exports

Sections

.text Size: 726KB - Virtual size: 726KB

.rdata Size: 206KB - Virtual size: 205KB

.data Size: 11KB - Virtual size: 21KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 56KB - Virtual size: 55KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

bc:d9:a3:4e:82:5a:93:54:a5:35:c6:ff:be:45:b1:60:92:03:9b:25
Signer

.text
Size: 726KB - Virtual size: 726KB

.rdata
Size: 206KB - Virtual size: 205KB

.data
Size: 11KB - Virtual size: 21KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 56KB - Virtual size: 55KB