e9c5187dd6e31c128eaadf3fcb88abc9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e9c5187dd6e31c128eaadf3fcb88abc9_JaffaCakes118
Size

389KB
MD5

e9c5187dd6e31c128eaadf3fcb88abc9
SHA1

af1f1dffb648e7ee3aac5c4b01ce26419aa492c8
SHA256

d7d38c5c015c6907089133a43eefd2346d91d01c40556eb78ff242be93682bd0
SHA512

eade7816d7d3c2568bbfbe8241cbcee4fa6c10c8a129478e169a31f927b468a1d4c82c57bc0980d6a0f0b4ff5455cd9f2464ed43146c78c354d176765c9e82b4
SSDEEP

12288:Hb6jeCfYyEgg4+JtfEsUzdN790j0tfDU+CEG:H5odHfDUSG

Score

1^/10

Malware Config

Signatures

Files

e9c5187dd6e31c128eaadf3fcb88abc9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

47fe2b3ce3b6bcbf5c726a01beaba009

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:af:94:04:9a:ae:ad:90:be:87:e3:8f:79:01:81:ac:98:96:e4:7d
Signer

Actual PE Digest

55:af:94:04:9a:ae:ad:90:be:87:e3:8f:79:01:81:ac:98:96:e4:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\qqpcmgr_proj\QQPCMgr_Public\Basic\Output\BinFinal\HPScannerPlugin\HPExternalScan\HPExternalScan.pdb

Imports

ws2_32

htonl
htons

kernel32

Sleep
lstrcpynW
ExpandEnvironmentStringsW
GetLongPathNameW
GetCurrentProcessId
MultiByteToWideChar
CloseHandle
ReadFile
GetFileSize
CreateFileW
lstrlenA
GetLastError
lstrlenW
WaitForSingleObject
ReleaseMutex
CreateMutexW
DeleteFileW
OpenProcess
FormatMessageW
WideCharToMultiByte
GetACP
ResetEvent
SetEvent
CreateEventW
TerminateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
ProcessIdToSessionId
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocaleInfoW
GetNumberFormatW
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoA
MapViewOfFile
UnmapViewOfFile
GetCurrentThreadId
InterlockedExchange
InterlockedCompareExchange
SetLastError
GetLocalTime
GetModuleHandleW
OpenFileMappingW
OpenEventW
GetSystemInfo
GetSystemDefaultLangID
VirtualQuery
LoadLibraryA
SwitchToThread
GetCurrentProcess
lstrcmpiW
HeapSize
HeapReAlloc
GetThreadLocale
GetVersionExA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueueUserAPC
InterlockedExchangeAdd
FreeLibrary
InterlockedDecrement
GetTickCount
InterlockedIncrement
GetProcAddress
LoadLibraryW
HeapFree
HeapAlloc
SystemTimeToFileTime
HeapDestroy
WriteFile
GetProcessHeap
WaitNamedPipeW
SetNamedPipeHandleState
CreateNamedPipeW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetOverlappedResult
WaitForMultipleObjects
ConnectNamedPipe

user32

SetWindowLongW
SendMessageTimeoutW
FindWindowA
SendMessageW
PostMessageW
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
IsWindow
GetWindowLongW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW

ole32

CoUninitialize
CoInitialize

shlwapi

PathRemoveFileSpecW
StrFromTimeIntervalW
StrFormatKBSizeW
StrFormatByteSizeW
PathFindFileNameW
StrCmpIW
wnsprintfW
SHGetValueW
StrStrIW
PathFileExistsW
PathAppendW

msvcp80

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0strstreambuf@std@@QAE@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1strstreambuf@std@@UAE@XZ
?freeze@strstreambuf@std@@QAEX_N@Z
?str@strstreambuf@std@@QAEPADXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z

msvcr80

??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_snwprintf_s
memcpy_s
memmove_s
_vscwprintf
free
vswprintf_s
calloc
_purecall
__CxxFrameHandler3
memset
??_V@YAXPAX@Z
memcpy
wcsncpy_s
_CxxThrowException
wcsncmp
strlen
wcsncat_s
_wtoi
_wcsicmp
wcstol
malloc
swprintf_s
wcschr
fwrite
wcsstr
fflush
fread
fseek
memmove
_beginthreadex
wcsncpy
_wcsupr
strchr
realloc
putchar
putwchar
_wtol
_vsnwprintf_s
_snprintf_s
strncpy_s
strrchr
_memicmp
setlocale
wcsrchr
_wsplitpath_s
swscanf_s
wcscpy_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
_time64
_wcsupr_s
ldiv
_invalid_parameter_noinfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleBaseNameW
EnumProcesses
GetModuleFileNameExW
EnumProcessModules

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
DllCanUnloadNow
DllGetClassCount
DllGetClassInfo
DllGetClassObject

Sections

.text
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47fe2b3ce3b6bcbf5c726a01beaba009

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

55:af:94:04:9a:ae:ad:90:be:87:e3:8f:79:01:81:ac:98:96:e4:7dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcp80

msvcr80

version

psapi

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 249KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

55:af:94:04:9a:ae:ad:90:be:87:e3:8f:79:01:81:ac:98:96:e4:7d
Signer

.text
Size: 252KB - Virtual size: 249KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB