f621820dcc28ce761e8c70658f18a9e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f621820dcc28ce761e8c70658f18a9e8_JaffaCakes118
Size

159KB
MD5

f621820dcc28ce761e8c70658f18a9e8
SHA1

e84015f2e7f7e8bb659bf194eba8c810e517dfa2
SHA256

8ff36798e6d6c16feecabea4136948745234bb567d99d7e8ce7edbdb2a903c5f
SHA512

ec956054fc1c8c856a9f9725f8866414a8dac723dfed6eccae18e95a86de1ffa5fd20694c5032416a33896e289a63cc14efbf9e3cc41fbf3c8c5d72404fbdfe3
SSDEEP

3072:+Y8u5ZY/n3VqlmMWnyH8zMijlCSM+iebHUtRYMe82vsqL:+yvYPVqIb08zMijlZM+5UFeRp

Score

1^/10

Malware Config

Signatures

Files

f621820dcc28ce761e8c70658f18a9e8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

19ff83a984ca7c28fc88d8b951335484

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7a:37:75:fa:92:0f:d1:e5:ba:12:23:f0:1e:e1:a3:6b:aa:74:8c:9e:57:43:11:a9:d7:10:c4:3b:5e:1c:48:dc
Signer

Actual PE Digest

7a:37:75:fa:92:0f:d1:e5:ba:12:23:f0:1e:e1:a3:6b:aa:74:8c:9e:57:43:11:a9:d7:10:c4:3b:5e:1c:48:dc

Digest Algorithm

sha256

PE Digest Matches

true

2b:27:31:37:a9:dc:ff:34:fd:7f:f9:2c:0e:cb:0c:e8:d1:01:38:cf
Signer

Actual PE Digest

2b:27:31:37:a9:dc:ff:34:fd:7f:f9:2c:0e:cb:0c:e8:d1:01:38:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
OutputDebugStringA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_open
_read
_write
__dllonexit
__mb_cur_max
_assert
_errno
_fstati64
_iob
_isctype
_lseeki64
_open
_pctype
_stati64
_stricmp
_strnicmp
_wopen
abort
atoi
bsearch
calloc
fflush
fputc
free
fwrite
getenv
localeconv
malloc
memchr
memcmp
memmove
setlocale
sscanf
strchr
strcmp
strcpy
strcspn
strrchr
strspn
strstr
toupper
vfprintf
wcslen

avcodec-53

av_destruct_packet
av_dup_packet
av_fast_malloc
av_fast_realloc
av_free_packet
av_get_bits_per_sample
av_get_codec_tag_string
av_grow_packet
av_init_packet
av_log_ask_for_sample
av_new_packet
av_packet_merge_side_data
av_parser_close
av_parser_init
av_parser_parse2
av_shrink_packet
avcodec_alloc_context
avcodec_close
avcodec_decode_audio3
avcodec_decode_video2
avcodec_find_decoder
avcodec_get_frame_defaults
avcodec_open2
avcodec_pix_fmt_to_codec_tag
avcodec_register_all
avcodec_string
ff_find_pix_fmt
ff_flac_is_extradata_valid
ff_mpa_freq_tab
ff_mpeg4audio_get_config
ff_raw_pix_fmt_tags
ff_split_xiph_headers
ff_toupper4

avutil-51

av_compare_mod
av_compare_ts
av_crc
av_crc_get_table
av_dbl2int
av_dict_copy
av_dict_free
av_dict_get
av_dict_set
av_dynarray_add
av_find_info_tag
av_free
av_freep
av_gcd
av_get_bytes_per_sample
av_get_pix_fmt_name
av_get_random_seed
av_lfg_init
av_log
av_malloc
av_mallocz
av_opt_find
av_opt_free
av_opt_set_defaults
av_opt_set_dict
av_parse_time
av_realloc
av_realloc_f
av_reduce
av_rescale
av_rescale_q
av_rescale_rnd
av_strdup
av_strlcat
av_strlcatf
av_strlcpy
av_strstart

Exports

Exports

_get_output_format
_nm__ff_mpa_freq_tab
_nm__ff_raw_pix_fmt_tags
av_add_index_entry
av_alloc_put_byte
av_append_packet
av_close_input_file
av_close_input_stream
av_codec_get_id
av_codec_get_tag
av_convert_lang_to
av_demuxer_open
av_dump_format
av_filename_number_test
av_find_best_stream
av_find_default_stream_index
av_find_input_format
av_find_stream_info
av_gen_search
av_get_frame_filename
av_get_packet
av_gettime
av_guess_codec
av_guess_format
av_hex_dump
av_hex_dump_log
av_iformat_next
av_index_search_timestamp
av_interleave_packet_per_dts
av_interleaved_write_frame
av_match_ext
av_metadata_conv
av_metadata_copy
av_metadata_free
av_metadata_get
av_metadata_set2
av_new_program
av_new_stream
av_oformat_next
av_open_input_file
av_open_input_stream
av_pkt_dump
av_pkt_dump2
av_pkt_dump_log
av_pkt_dump_log2
av_probe_input_buffer
av_probe_input_format
av_probe_input_format2
av_probe_input_format3
av_protocol_next
av_read_frame
av_read_packet
av_read_pause
av_read_play
av_register_all
av_register_input_format
av_register_output_format
av_register_protocol2
av_sdp_create
av_seek_frame
av_seek_frame_binary
av_set_parameters
av_set_pts_info
av_update_cur_dts
av_url_read_fpause
av_url_read_fseek
av_url_read_pause
av_url_read_seek
av_url_split
av_write_frame
av_write_header
av_write_trailer
avf_sdp_create
avformat_alloc_context
avformat_alloc_output_context
avformat_alloc_output_context2
avformat_configuration
avformat_find_stream_info
avformat_free_context
avformat_license
avformat_open_input
avformat_seek_file
avformat_version
avformat_write_header
avio_alloc_context
avio_check
avio_close
avio_close_dyn_buf
avio_enum_protocols
avio_flush
avio_get_str
avio_get_str16be
avio_get_str16le
avio_open
avio_open_dyn_buf
avio_open_dyn_bufex
avio_pause
avio_printf
avio_put_str
avio_put_str16le
avio_r8
avio_rb16
avio_rb24
avio_rb32
avio_rb64
avio_read
avio_rl16
avio_rl24
avio_rl32
avio_rl64
avio_seek
avio_seek_time
avio_set_interrupt_cb
avio_size
avio_skip
avio_w8
avio_wb16
avio_wb24
avio_wb32
avio_wb64
avio_wl16
avio_wl24
avio_wl32
avio_wl64
avio_write
brktimegm
codec_movaudio_tags
codec_movvideo_tags
dump_format
ff_add_index_entry
ff_avc_find_startcode
ff_avc_parse_nal_units
ff_avc_parse_nal_units_buf
ff_codec_bmp_tags
ff_codec_get_id
ff_codec_get_tag
ff_codec_guid_get_id
ff_codec_movsubtitle_tags
ff_codec_wav_guids
ff_codec_wav_tags
ff_crc04C11DB7_update
ff_data_to_hex
ff_end_tag
ff_find_stream_index
ff_flac_write_header
ff_free_parser_state
ff_gen_syncpoint_search
ff_get_guid
ff_get_line
ff_get_v_length
ff_hex_to_data
ff_id3v1_genre_str
ff_id3v1_read
ff_id3v2_2_metadata_conv
ff_id3v2_34_metadata_conv
ff_id3v2_3_tags
ff_id3v2_4_metadata_conv
ff_id3v2_4_tags
ff_id3v2_match
ff_id3v2_read
ff_id3v2_tag_len
ff_id3v2_tags
ff_index_search_timestamp
ff_interleave_add_packet
ff_isom_write_avcc
ff_make_absolute_url
ff_metadata_conv
ff_metadata_conv_ctx
ff_mkv_codec_tags
ff_mkv_metadata_conv
ff_mkv_mime_tags
ff_mov_iso639_to_lang
ff_mov_lang_to_iso639
ff_mov_read_chan
ff_mov_write_chan
ff_mp4_obj_type
ff_mp4_read_dec_config_descr
ff_mp4_read_descr
ff_mp4_read_descr_len
ff_new_chapter
ff_ntp_time
ff_parse_key_value
ff_parse_specific_params
ff_program_add_stream_index
ff_put_bmp_header
ff_put_v
ff_put_wav_header
ff_read_frame_flush
ff_reduce_index
ff_restore_parser_state
ff_sdp_write_media
ff_start_tag
ff_store_parser_state
ff_url_join
ff_win32_open
ff_write_chained
ffio_fdopen
ffio_fill
ffio_get_checksum
ffio_init_checksum
ffio_init_context
ffio_open_dyn_packet_buf
ffio_read_partial
ffio_read_varlen
ffio_rewind_with_probe_data
ffio_set_buf_size
ffurl_alloc
ffurl_close
ffurl_connect
ffurl_get_file_handle
ffurl_open
ffurl_read
ffurl_read_complete
ffurl_register_protocol
ffurl_seek
ffurl_size
ffurl_write
find_info_tag
first_protocol
get_be16
get_be24
get_be32
get_be64
get_buffer
get_byte
get_checksum
get_le16
get_le24
get_le32
get_le64
get_partial_buffer
get_strz
init_checksum
init_put_byte
matroska_video_stereo_mode
matroska_video_stereo_plane
parse_date
put_be16
put_be24
put_be32
put_be64
put_buffer
put_byte
put_flush_packet
put_le16
put_le24
put_le32
put_le64
put_nbyte
put_strz
put_tag
url_alloc
url_close
url_close_buf
url_close_dyn_buf
url_connect
url_exist
url_fclose
url_fdopen
url_feof
url_ferror
url_fget_max_packet_size
url_fgetc
url_fgets
url_fileno
url_filesize
url_fopen
url_fprintf
url_fseek
url_fsize
url_fskip
url_ftell
url_get_file_handle
url_get_filename
url_get_max_packet_size
url_interrupt_cb
url_open
url_open_buf
url_open_dyn_buf
url_open_dyn_packet_buf
url_open_protocol
url_read
url_read_complete
url_seek
url_set_interrupt_cb
url_setbufsize
url_write

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19ff83a984ca7c28fc88d8b951335484

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

7a:37:75:fa:92:0f:d1:e5:ba:12:23:f0:1e:e1:a3:6b:aa:74:8c:9e:57:43:11:a9:d7:10:c4:3b:5e:1c:48:dcSigner

2b:27:31:37:a9:dc:ff:34:fd:7f:f9:2c:0e:cb:0c:e8:d1:01:38:cfSigner

Headers

File Characteristics

Imports

kernel32

msvcrt

avcodec-53

avutil-51

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 92KB

.data Size: 512B - Virtual size: 316B

.rdata Size: 22KB - Virtual size: 22KB

/4 Size: 15KB - Virtual size: 15KB

.bss Size: - Virtual size: 2KB

.edata Size: 7KB - Virtual size: 7KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

7a:37:75:fa:92:0f:d1:e5:ba:12:23:f0:1e:e1:a3:6b:aa:74:8c:9e:57:43:11:a9:d7:10:c4:3b:5e:1c:48:dc
Signer

2b:27:31:37:a9:dc:ff:34:fd:7f:f9:2c:0e:cb:0c:e8:d1:01:38:cf
Signer

.text
Size: 92KB - Virtual size: 92KB

.data
Size: 512B - Virtual size: 316B

.rdata
Size: 22KB - Virtual size: 22KB

/4
Size: 15KB - Virtual size: 15KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 7KB - Virtual size: 7KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 2KB - Virtual size: 2KB