0588202f9cb99d8c3d54d9c4b173eed6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0588202f9cb99d8c3d54d9c4b173eed6_JaffaCakes118
Size

257KB
MD5

0588202f9cb99d8c3d54d9c4b173eed6
SHA1

d3bbe9205da31826af5e5bbf9262ccf2bd5c7b7e
SHA256

69e192a94f7f8eadce4ea9ccba8c229ff93f47d604f0a426daa525f5b588d709
SHA512

666a04d06dfcfa6d41b3cfb7683beb020c461a86308af27c25f1fa1614266a344f0fe73027256d96553c4aa0eace1bb619fc583815783ddb9f5ba1c262ee801f
SSDEEP

3072:GCyB8GXFnIbZc5HlcgMAYjowyUOPwa51Q1KlPml48FQO8ksowNbph:jbZc5Fc7ol4az9ml48FQOQl1h

Score

1^/10

Malware Config

Signatures

Files

0588202f9cb99d8c3d54d9c4b173eed6_JaffaCakes118
.exe regsvr32 windows:4 windows x86 arch:x86

18726406a9cbc92cf1fd4c8c28a7ae8a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

75:d0:44:e6:59:cf:74:5a:77:bf:26:ec:e1:30:35:03:00:07:65:e0
Signer

Actual PE Digest

75:d0:44:e6:59:cf:74:5a:77:bf:26:ec:e1:30:35:03:00:07:65:e0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Download1.ShortProj_int\qqlivebuilder_QQPCMgr_proj_BranchTrunk_4.2\Basic\Output\BinFinal\QQPCAddWidget.pdb

Imports

common

??BCTXBSTR@@QBEPA_WXZ
?NotifyIdle@TXTimer@@YAXXZ
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?Replace@CTXStringW@@QAEHPB_W0@Z
??M@YA_NABVCTXStringW@@0@Z
??ACTXStringW@@QBE_WH@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?Find@CTXStringW@@QBEHPB_WH@Z
?Empty@CTXStringW@@QAEXXZ
?GetLength@CTXStringW@@QBEHXZ
?GetBuffer@CTXStringW@@QAEPA_WXZ
??0CTXBSTR@@QAE@PB_W@Z
??0CTXStringW@@QAE@PA_W@Z
?IsEmpty@CTXStringW@@QBE_NXZ
?CombinePath@FS@Util@@YA?AVCTXStringW@@ABV3@0@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??0CTXStringW@@QAE@ABV0@@Z
?Format@CTXStringW@@QAAXPB_WZZ
?GetLocalePath@TXI18N@@YA?AVCTXStringW@@PB_W@Z
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?GetParentDir@File@Util@@YA?AVCTXStringW@@ABV3@@Z
?GetFileName@FS@Util@@YA?AVCTXStringW@@ABV3@@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
??8CTXBSTR@@QBE_NPB_W@Z
?SplitQNC@FS@@YAHPB_WAAVCTXStringW@@1@Z
??ICTXBSTR@@QAEPAPA_WXZ
??0CTXBSTR@@QAE@XZ
?TrimLeft@CTXStringW@@QAEAAV1@PB_W@Z
?IsDirectoryExist@FS@@YAHPB_W@Z
?GetPlatformCore@CoreCenter@Util@@YAHPAPAUITXPlatformCore@@@Z
?GetPlatformTpc@CoreCenter@Util@@YAHPAPAUITXDataRead@@@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?SetBugReportUin@TXBugReport@@YAXKPB_W@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?OnUninitCom@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?DelIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?RemoveFileSystem@FS@@YAHPB_W@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
??1CTXBSTR@@QAE@XZ
??H@YA?AVCTXStringW@@ABV0@0@Z
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
??0CTXStringW@@QAE@XZ
??4CTXStringW@@QAEAAV0@PB_W@Z
??BCTXStringW@@QBEPB_WXZ
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??0CTXStringW@@QAE@PB_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??1CTXStringW@@QAE@XZ

mfc80u

ord1198
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord3795
ord6272
ord4008
ord4032
ord566
ord757
ord1121
ord1049
ord1079
ord2239
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord2984
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord3927
ord774
ord283
ord6700
ord282
ord870
ord1479
ord577
ord1472
ord265
ord909
ord764
ord762
ord266

msvcr80

fputc
fprintf
ferror
_wfopen_s
wcsncat
strncmp
wcsrchr
__argc
__wargv
_wcsnicmp
towlower
memcpy
_snwprintf
_time64
wcsncpy
free
_purecall
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
memset
__CxxFrameHandler3
wcsncmp
_vsnprintf_s
fread
ftell
fseek
fclose
memmove
isspace
tolower
isalpha
isalnum
strchr
wcsstr
swscanf
malloc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memmove_s
_wtol
_wcsicmp
_wsplitpath
_vswprintf
realloc
putchar
putwchar
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
wcschr

kernel32

GetACP
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetCommandLineW
GetLocaleInfoA
CreateEventW
FlushFileBuffers
SetEvent
ResetEvent
GetCurrentDirectoryW
IsBadReadPtr
VirtualQuery
GetSystemDefaultLangID
GetSystemInfo
LoadLibraryA
WaitForSingleObject
ReleaseMutex
GetVersionExW
GetCurrentProcess
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
GetSystemDirectoryW
CloseHandle
GetLastError
CreateFileW
GetFileAttributesW
FindClose
CopyFileW
FindNextFileW
FindFirstFileW
DeleteCriticalSection
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetProcAddress
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
InitializeCriticalSection
SetThreadLocale
GetThreadLocale
CreateMutexW
GetLongPathNameW
SetDllDirectoryW
RaiseException
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
WriteFile
GetFileSize
ReadFile
SetFilePointer
lstrcpynW
CreateDirectoryW
Sleep
ExpandEnvironmentStringsW
GetDriveTypeW

user32

SendMessageW
IsWindow
PostMessageW
UnregisterClassA
DestroyWindow
RegisterClassW
CreateWindowExW
RegisterClassExW
DefWindowProcW
SetWindowLongW
GetWindowRect
GetDesktopWindow
GetClassNameW
GetWindowTextW
GetWindowThreadProcessId
GetWindowLongW
DispatchMessageW
TranslateMessage
PeekMessageW
GetMessageW
WaitMessage
IsIconic
SystemParametersInfoW
MessageBoxW
EqualRect
SetWindowPos
GetClientRect
IsWindowVisible
EnableWindow
FindWindowExW
GetParent
SetWindowTextW
EnumWindows

gdi32

CreateDCW
DeleteDC
GetDeviceCaps

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHCreateDirectoryExW
SHFileOperationW

comctl32

InitCommonControlsEx

ole32

StgCreateDocfile
StgIsStorageFile
CoInitialize
CoUninitialize
StgOpenStorage
CoCreateInstance
CoFreeUnusedLibrariesEx

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

ws2_32

WSAStartup

atl80

ord18
ord30
ord15
ord22
ord64
ord23
ord61

msvcp80

??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gf

?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z
?SetUseWSCAPTIONInWin7@GF@Util@@YAXH@Z
?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18726406a9cbc92cf1fd4c8c28a7ae8a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

75:d0:44:e6:59:cf:74:5a:77:bf:26:ec:e1:30:35:03:00:07:65:e0Signer

Headers

File Characteristics

PDB Paths

Imports

common

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

ws2_32

atl80

msvcp80

version

gf

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 72KB - Virtual size: 72KB

.rsrc Size: 12KB - Virtual size: 9KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

75:d0:44:e6:59:cf:74:5a:77:bf:26:ec:e1:30:35:03:00:07:65:e0
Signer

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 12KB - Virtual size: 9KB