f07ec8f5f9becbee9f988fd529242fad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f07ec8f5f9becbee9f988fd529242fad_JaffaCakes118
Size

129KB
MD5

f07ec8f5f9becbee9f988fd529242fad
SHA1

7f2bcfbb7b2ad8523f0eb3c7e761829013089c17
SHA256

8ffb2f445c4a5ee36bae0105233c0cb3f770b698d09d291f4e2b36ab5835c38e
SHA512

63494bd9b3adc648288a285b70d2d81ec8a081de06bffb962fcfe9a90ffc79cc00b4ac043b69c3588bb344e664082b0df3e0f7388ee267e0d9a0a3a30b7680a0
SSDEEP

3072:f3wf+UmC/QY08pbdtijyS+5h6upBBTBfPiKgVBjkOfBfxUwf:vHqImDBTBiKqBjkOft1

Score

1^/10

Malware Config

Signatures

Files

f07ec8f5f9becbee9f988fd529242fad_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7f48cf0db64b32babc27f0679393b2ef

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13/07/2016, 09:16

Not After

21/07/2019, 08:09

Subject

CN=深圳市为爱普信息技术有限公司,OU=IT Dept.,O=深圳市为爱普信息技术有限公司,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2f:ac:69:d5:54:03:8a:95:9f:bc:5f:ec:a8:98:0d:bb:99:2b:b7:a0
Signer

Actual PE Digest

2f:ac:69:d5:54:03:8a:95:9f:bc:5f:ec:a8:98:0d:bb:99:2b:b7:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\SVN\idm_2010\Release\idm_media.pdb

Imports

kernel32

Sleep
MultiByteToWideChar
FindClose
RemoveDirectoryW
LoadLibraryW
FindNextFileW
GetTempPathA
DeleteFileA
GetVersionExA
WideCharToMultiByte
CreateDirectoryW
SetEnvironmentVariableW
FindFirstFileW
GetEnvironmentVariableW
DeleteFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
IsProcessorFeaturePresent

advapi32

RegCloseKey
RegCreateKeyExW
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegSetValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
PropVariantClear
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

ws2_32

select
htons
setsockopt
recv
socket
closesocket
gethostbyname
send
connect

shlwapi

SHStrDupW
PathFileExistsW

setupapi

SetupDiGetDeviceInstanceIdA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
CM_Get_Parent
CM_Get_Device_IDA
CM_Get_Child
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

gdiplus

GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipSetInterpolationMode
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipBitmapUnlockBits
GdipFlush
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdipGetImageHeight
GdipFree
GdiplusStartup

libplist2

plist_dict_set_item
plist_get_string_val
plist_get_node_type
plist_free
plist_new_data
plist_get_bool_val
plist_to_bin
plist_from_xml
plist_to_xml
plist_from_bin
plist_dict_get_item
plist_new_string
plist_copy
plist_new_bool
plist_get_data_val
plist_new_dict
plist_get_uint_val
plist_dict_remove_item
plist_dict_next_item
plist_dict_new_iter
plist_array_get_item_index
plist_array_remove_item
plist_new_real
plist_new_array
plist_new_date
plist_array_append_item
plist_new_key
plist_get_key_val
plist_array_get_size
plist_array_get_item
plist_new_uint

libcurl

curl_easy_perform
curl_easy_cleanup
curl_easy_init
curl_slist_append
curl_slist_free_all
curl_easy_setopt

libcrypto-1_1

EVP_PKEY_new
X509_free
X509_set_version
ASN1_TIME_new
RSA_new
EVP_PKEY_free
BIO_s_mem
X509_set_serialNumber
ASN1_INTEGER_free
ASN1_INTEGER_new
PEM_read_bio_RSAPublicKey
X509_set1_notAfter
X509_set1_notBefore
BN_free
BIO_new
PEM_read_bio_RSAPrivateKey
BIO_new_mem_buf
BIO_int_ctrl
PEM_read_bio_X509
RSA_free
BIO_free
ASN1_TIME_free
X509_set_pubkey
X509_new
X509_sign
ASN1_TIME_set
PEM_write_bio_X509
X509_add_ext
X509_EXTENSION_free
ASN1_INTEGER_set
BN_set_word
PEM_write_bio_PrivateKey
X509V3_EXT_cleanup
X509V3_set_ctx
EVP_PKEY_assign
RSA_generate_key_ex
X509V3_EXT_conf_nid
EVP_sha1
BIO_ctrl
BN_new
BIO_s_socket

libssl-1_1

TLSv1_method
SSL_get_error
SSL_do_handshake
SSL_CIPHER_get_name
SSL_new
SSL_shutdown
SSL_get_current_cipher
SSL_CTX_new
SSL_write
SSL_free
SSL_CTX_free
SSL_read
SSL_set_connect_state
SSL_set_verify
SSL_CTX_use_RSAPrivateKey
SSL_set_bio
SSL_CTX_use_certificate

msvcr100

_wfopen
_strtoi64
malloc
free
strncmp
_atoi64
_strdup
fclose
strerror
_errno
realloc
_time64
perror
_stricmp
__iob_func
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_snwprintf
_snprintf
strtok
strstr
fwrite
toupper
ftell
fseek
wcstok
_wcsdup
clock
_itoa
_strtoui64
_i64toa
_wstat64
wcschr
mbstowcs
__CxxFrameHandler3
memset
_CxxThrowException
memcpy
tolower
wcsstr
rand
wcstombs
strtoul
_ui64toa
rewind
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
atoi
fread

Exports

Exports

cancel_proxy_media
init_dll_media
ios_add_media
ios_add_playlist
ios_add_ringtone
ios_del_all_ringtone
ios_del_media
ios_del_playlist
ios_del_ringtone
ios_get_ringtone_info
ios_photo_add
ios_photo_del
ios_photo_del_album
ios_photo_del_ex
ios_photo_rename_album
ios_update_playlist
set_proxy_media

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f48cf0db64b32babc27f0679393b2ef

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5Certificate

Extended Key Usages

Key Usages

2f:ac:69:d5:54:03:8a:95:9f:bc:5f:ec:a8:98:0d:bb:99:2b:b7:a0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcp100

ws2_32

shlwapi

setupapi

gdiplus

libplist2

libcurl

libcrypto-1_1

libssl-1_1

msvcr100

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 85KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

2f:ac:69:d5:54:03:8a:95:9f:bc:5f:ec:a8:98:0d:bb:99:2b:b7:a0
Signer

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB