ebd11496258156d53be0eb681469203e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ebd11496258156d53be0eb681469203e_JaffaCakes118
Size

126KB
MD5

ebd11496258156d53be0eb681469203e
SHA1

d3e05e285ee888bce23b98e00558db60f3811cd7
SHA256

76dc72a195b19d0fb2924bfe1897ba10d7bb50774505c0140356664577b66925
SHA512

d962e67ac6b4991aa9b819a75bc61c8a1aff45572fed4876950d385ca6596d34be8fc8194bac621458f691d4e2267442fbf7695670624ddb49a0ae6739fc8bc2
SSDEEP

3072:QU3oEXlAO0YmNdiidUZ4exrn4KOB4yWA89SqS:QUAO0JNdiiHnKOBfWA89lS

Score

1^/10

Malware Config

Signatures

Files

ebd11496258156d53be0eb681469203e_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

e433ce9d2633b55ca29c5fce3c0512a2

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3f:5a:9d:93:d7:70:22:9c:50:3b:83:55:b1:5b:6d:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/02/2015, 00:00

Not After

05/04/2016, 23:59

Subject

CN=Beijing Baofeng Technology Co.\, Ltd.,OU=在线QA,O=Beijing Baofeng Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:59:02:f2:8f:72:8f:84:d1:29:d7:15:cb:40:62:72:5b:16:8b:e6
Signer

Actual PE Digest

b1:59:02:f2:8f:72:8f:84:d1:29:d7:15:cb:40:62:72:5b:16:8b:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\jenkins\workspace\暴风主干\trunk\bin\Release\npBFWebBrowserPlugin.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
MultiByteToWideChar
LoadLibraryW
SetThreadLocale
GetThreadLocale
FindResourceExW
WideCharToMultiByte
VirtualFree
InterlockedIncrement
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedExchange
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
DecodePointer
GetCurrentThreadId
lstrcmpiW
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
lstrlenW
GetModuleFileNameW
FindFirstFileW
FindNextFileW
FindClose
GetProcAddress
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeLibrary
VirtualAlloc
InterlockedPopEntrySList
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime

user32

GetClassInfoExW
LoadCursorW
ReleaseDC
GetDC
SetWindowPos
CharNextW
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
GetClientRect
BeginPaint
CallWindowProcW
SetFocus
IsChild
GetFocus
GetKeyState
InvalidateRect
RegisterClassExW
CreateWindowExW
ShowWindow
GetWindowLongW
SetWindowLongW
UnionRect
PtInRect
SendMessageTimeoutW
DefWindowProcW
DestroyWindow
IsWindow
UnregisterClassA

gdi32

CreateRectRgnIndirect
GetDeviceCaps
DeleteMetaFile
LPtoDP
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileW
CreateDCW
SetMapMode
SetViewportOrgEx
DeleteDC

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW

ole32

StringFromGUID2
CoCreateInstance
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleRegGetMiscStatus

oleaut32

VarBstrCmp
SysFreeString
VariantInit
VariantClear
VariantCopy
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysAllocString

shlwapi

PathFileExistsW
PathAppendW
PathFindFileNameW
SHSetValueW
SHDeleteKeyW

msvcp100

?_Xlength_error@std@@YAXPBD@Z

msvcr100

?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
wcsnlen
vswprintf_s
_vscwprintf
wmemcpy_s
_wcsnicmp
wcscat_s
wcscpy_s
_crt_debugger_hook
memcpy
_resetstkoflw
swprintf_s
calloc
_recalloc
_purecall
??_V@YAXPAX@Z
_itow_s
wcsncpy_s
free
malloc
wcsstr
memset
__CxxFrameHandler3
memcpy_s
??0exception@std@@QAE@ABV01@@Z
memmove_s
_CxxThrowException
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
_snwprintf
??2@YAPAXI@Z
__clean_type_info_names_internal

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterNPPlugin
DllRegisterServer
DllUnregisterNPPlugin
DllUnregisterServer
NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e433ce9d2633b55ca29c5fce3c0512a2

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

3f:5a:9d:93:d7:70:22:9c:50:3b:83:55:b1:5b:6d:f0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b1:59:02:f2:8f:72:8f:84:d1:29:d7:15:cb:40:62:72:5b:16:8b:e6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 8KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

3f:5a:9d:93:d7:70:22:9c:50:3b:83:55:b1:5b:6d:f0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b1:59:02:f2:8f:72:8f:84:d1:29:d7:15:cb:40:62:72:5b:16:8b:e6
Signer

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 8KB