2c879d6f9dfb71a548a7c3d14fbc174b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2c879d6f9dfb71a548a7c3d14fbc174b_JaffaCakes118
Size

37KB
MD5

2c879d6f9dfb71a548a7c3d14fbc174b
SHA1

b1e864f4abcf4c1cf1e11578cc768fe7c5ab2768
SHA256

9c771837b74093c89ac895d8bc3668f7423cdc59a045e36a0772b4e0663766a6
SHA512

4ffbae772f279e96e247a8982d93e10b2abfe4d461f2c93ba01c05e378b24e899153dc7cd49ac723e3d3bda30778171d30ffdad836495e88f6aa2563e9baaea2
SSDEEP

768:DlaxfEZ/+8vKt4ogZL/2uCGtyibfWGoTsiOrODSdSDSZauWj8:Dla+5Bvm45DzyizhoTsiGO2oDSZaur

Score

1^/10

Malware Config

Signatures

Files

2c879d6f9dfb71a548a7c3d14fbc174b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fb8c4c22d6f147be8c5f5f70a740ca7c

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:d3:d3:38:47:15:84:c1:31:dc:f0:a4:ac:c0:c5:fc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26-06-2012 00:00

Not After

26-06-2015 23:59

Subject

CN=xilisoft corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Center,O=xilisoft corporation,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:58:c9:4f:3c:ab:e6:1d:ea:32:b5:81:0d:f8:d4:f2:6c:9d:1b:c4
Signer

Actual PE Digest

96:58:c9:4f:3c:ab:e6:1d:ea:32:b5:81:0d:f8:d4:f2:6c:9d:1b:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\compile_tmp\20101212-170533-0e00\0948085968\depsrc\public\win32\bin\devchange.pdb

Imports

qtgui4

?paintEvent@QMenuBar@@MAEXPAVQPaintEvent@@@Z
?resizeEvent@QMenuBar@@MAEXPAVQResizeEvent@@@Z
?actionEvent@QMenuBar@@MAEXPAVQActionEvent@@@Z
?changeEvent@QMenuBar@@MAEXPAVQEvent@@@Z
?metaObject@QToolBar@@UBEPBUQMetaObject@@XZ
?qt_metacast@QToolBar@@UAEPAXPBD@Z
?qt_metacall@QToolBar@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?event@QToolBar@@MAE_NPAVQEvent@@@Z
?childEvent@QToolBar@@MAEXPAVQChildEvent@@@Z
?paintEvent@QToolBar@@MAEXPAVQPaintEvent@@@Z
?resizeEvent@QToolBar@@MAEXPAVQResizeEvent@@@Z
?actionEvent@QToolBar@@MAEXPAVQActionEvent@@@Z
?changeEvent@QToolBar@@MAEXPAVQEvent@@@Z
?metaObject@QStatusBar@@UBEPBUQMetaObject@@XZ
?qt_metacast@QStatusBar@@UAEPAXPBD@Z
?qt_metacast@QPushButton@@UAEPAXPBD@Z
?event@QStatusBar@@MAE_NPAVQEvent@@@Z
?paintEvent@QStatusBar@@MAEXPAVQPaintEvent@@@Z
?resizeEvent@QStatusBar@@MAEXPAVQResizeEvent@@@Z
?showEvent@QStatusBar@@MAEXPAVQShowEvent@@@Z
??1QWidget@@UAE@XZ
??1QPushButton@@UAE@XZ
??1QMenuBar@@UAE@XZ
??1QToolBar@@UAE@XZ
??1QStatusBar@@UAE@XZ
?hide@QWidget@@QAEXXZ
??0QMainWindow@@QAE@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z
?close@QWidget@@QAE_NXZ
?qt_metacast@QMainWindow@@UAEPAXPBD@Z
?qt_metacall@QMainWindow@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?staticMetaObject@QMainWindow@@2UQMetaObject@@B
?focusOutEvent@QMenuBar@@MAEXPAVQFocusEvent@@@Z
?focusInEvent@QMenuBar@@MAEXPAVQFocusEvent@@@Z
?keyPressEvent@QMenuBar@@MAEXPAVQKeyEvent@@@Z
?mouseMoveEvent@QMenuBar@@MAEXPAVQMouseEvent@@@Z
?mouseReleaseEvent@QMenuBar@@MAEXPAVQMouseEvent@@@Z
?mousePressEvent@QMenuBar@@MAEXPAVQMouseEvent@@@Z
?heightForWidth@QMenuBar@@UBEHH@Z
?minimumSizeHint@QMenuBar@@UBE?AVQSize@@XZ
?sizeHint@QMenuBar@@UBE?AVQSize@@XZ
?setVisible@QMenuBar@@UAEX_N@Z
?timerEvent@QMenuBar@@MAEXPAVQTimerEvent@@@Z
?eventFilter@QMenuBar@@MAE_NPAVQObject@@PAVQEvent@@@Z
?event@QMenuBar@@MAE_NPAVQEvent@@@Z
?qt_metacall@QMenuBar@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QMenuBar@@UAEPAXPBD@Z
?metaObject@QMenuBar@@UBEPBUQMetaObject@@XZ
?nextCheckState@QAbstractButton@@MAEXXZ
?checkStateSet@QAbstractButton@@MAEXXZ
?hitButton@QAbstractButton@@MBE_NABVQPoint@@@Z
?qt_metacall@QPushButton@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?changeEvent@QAbstractButton@@MAEXPAVQEvent@@@Z
?paintEvent@QPushButton@@MAEXPAVQPaintEvent@@@Z
?focusOutEvent@QPushButton@@MAEXPAVQFocusEvent@@@Z
?focusInEvent@QPushButton@@MAEXPAVQFocusEvent@@@Z
?metaObject@QPushButton@@UBEPBUQMetaObject@@XZ
?winEvent@QWidget@@MAE_NPAUtagMSG@@PAJ@Z
?contextMenuEvent@QWidget@@MAEXPAVQContextMenuEvent@@@Z
?event@QWidget@@MAE_NPAVQEvent@@@Z
?qt_metacall@QWidget@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QWidget@@UAEPAXPBD@Z
?metaObject@QWidget@@UBEPBUQMetaObject@@XZ
?resize@QWidget@@QAEXABVQSize@@@Z
??0QWidget@@QAE@PAV0@V?$QFlags@W4WindowType@Qt@@@@@Z
??0QPushButton@@QAE@PAVQWidget@@@Z
?setGeometry@QWidget@@QAEXABVQRect@@@Z
?setCentralWidget@QMainWindow@@QAEXPAVQWidget@@@Z
??0QMenuBar@@QAE@PAVQWidget@@@Z
?setMenuBar@QMainWindow@@QAEXPAVQMenuBar@@@Z
??0QToolBar@@QAE@PAVQWidget@@@Z
?addToolBar@QMainWindow@@QAEXW4ToolBarArea@Qt@@PAVQToolBar@@@Z
??0QStatusBar@@QAE@PAVQWidget@@@Z
?setStatusBar@QMainWindow@@QAEXPAVQStatusBar@@@Z
?metric@QWidget@@MBEHW4PaintDeviceMetric@QPaintDevice@@@Z
?releaseDC@QWidget@@UBEXPAUHDC__@@@Z
?getDC@QWidget@@UBEPAUHDC__@@XZ
?paintEngine@QWidget@@UBEPAVQPaintEngine@@XZ
?devType@QWidget@@UBEHXZ
?createPopupMenu@QMainWindow@@UAEPAVQMenu@@XZ
?languageChange@QWidget@@MAEXXZ
?windowActivationChange@QWidget@@MAEX_N@Z
?fontChange@QWidget@@MAEXABVQFont@@@Z
?paletteChange@QWidget@@MAEXABVQPalette@@@Z
?enabledChange@QWidget@@MAEX_N@Z
?styleChange@QWidget@@MAEXAAVQStyle@@@Z
?focusNextPrevChild@QWidget@@MAE_N_N@Z
?inputMethodQuery@QWidget@@UBE?AVQVariant@@W4InputMethodQuery@Qt@@@Z
?inputMethodEvent@QWidget@@MAEXPAVQInputMethodEvent@@@Z
?changeEvent@QWidget@@MAEXPAVQEvent@@@Z
?hideEvent@QWidget@@MAEXPAVQHideEvent@@@Z
?showEvent@QWidget@@MAEXPAVQShowEvent@@@Z
?dropEvent@QWidget@@MAEXPAVQDropEvent@@@Z
?dragLeaveEvent@QWidget@@MAEXPAVQDragLeaveEvent@@@Z
?dragMoveEvent@QWidget@@MAEXPAVQDragMoveEvent@@@Z
?dragEnterEvent@QWidget@@MAEXPAVQDragEnterEvent@@@Z
?actionEvent@QWidget@@MAEXPAVQActionEvent@@@Z
?tabletEvent@QWidget@@MAEXPAVQTabletEvent@@@Z
?contextMenuEvent@QMainWindow@@MAEXPAVQContextMenuEvent@@@Z
?closeEvent@QWidget@@MAEXPAVQCloseEvent@@@Z
?resizeEvent@QWidget@@MAEXPAVQResizeEvent@@@Z
?moveEvent@QWidget@@MAEXPAVQMoveEvent@@@Z
?paintEvent@QWidget@@MAEXPAVQPaintEvent@@@Z
?leaveEvent@QWidget@@MAEXPAVQEvent@@@Z
?enterEvent@QWidget@@MAEXPAVQEvent@@@Z
?focusOutEvent@QWidget@@MAEXPAVQFocusEvent@@@Z
?focusInEvent@QWidget@@MAEXPAVQFocusEvent@@@Z
?keyReleaseEvent@QWidget@@MAEXPAVQKeyEvent@@@Z
?keyPressEvent@QWidget@@MAEXPAVQKeyEvent@@@Z
?wheelEvent@QWidget@@MAEXPAVQWheelEvent@@@Z
?mouseMoveEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?mouseDoubleClickEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?mouseReleaseEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?keyReleaseEvent@QAbstractButton@@MAEXPAVQKeyEvent@@@Z
?keyPressEvent@QPushButton@@MAEXPAVQKeyEvent@@@Z
?mouseMoveEvent@QAbstractButton@@MAEXPAVQMouseEvent@@@Z
?mouseReleaseEvent@QAbstractButton@@MAEXPAVQMouseEvent@@@Z
?mousePressEvent@QAbstractButton@@MAEXPAVQMouseEvent@@@Z
?minimumSizeHint@QPushButton@@UBE?AVQSize@@XZ
?sizeHint@QPushButton@@UBE?AVQSize@@XZ
?timerEvent@QAbstractButton@@MAEXPAVQTimerEvent@@@Z
?event@QPushButton@@MAE_NPAVQEvent@@@Z
?leaveEvent@QMenuBar@@MAEXPAVQEvent@@@Z
?mousePressEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?heightForWidth@QWidget@@UBEHH@Z
?minimumSizeHint@QWidget@@UBE?AVQSize@@XZ
?sizeHint@QWidget@@UBE?AVQSize@@XZ
?setVisible@QWidget@@UAEX_N@Z
?event@QMainWindow@@MAE_NPAVQEvent@@@Z
??1QMainWindow@@UAE@XZ
?winId@QWidget@@QBEPAUHWND__@@XZ
?setWindowTitle@QWidget@@QAEXABVQString@@@Z
?setText@QAbstractButton@@QAEXABVQString@@@Z
??0QApplication@@QAE@AAHPAPADH@Z
?exec@QApplication@@SAHXZ
?qt_metacall@QStatusBar@@UAEHW4Call@QMetaObject@@HPAPAX@Z
??1QApplication@@UAE@XZ

qtcore4

?connect@QObject@@SA_NPBV1@PBD01W4ConnectionType@Qt@@@Z
?toLocal8Bit@QString@@QBE?AVQByteArray@@XZ
?detach@QByteArray@@QAEXXZ
?qWinMain@@YAXPAUHINSTANCE__@@0PADHAAHAAV?$QVector@PAD@@@Z
?qFree@@YAXPAX@Z
?reallocate@QVectorData@@SAPAU1@PAU1@HHH@Z
?qMemSet@@YAPAXPAXHI@Z
?allocate@QVectorData@@SAPAU1@HH@Z
?qBadAlloc@@YAXXZ
?free@QVectorData@@SAXPAU1@H@Z
??6QTextStream@@QAEAAV0@PBX@Z
?stop@QTimer@@QAEXXZ
??0QTimer@@QAE@PAVQObject@@@Z
?objectName@QObject@@QBE?AVQString@@XZ
?setObjectName@QObject@@QAEXABVQString@@@Z
?fromUtf8@QString@@SA?AV1@PBDH@Z
?connectSlotsByName@QMetaObject@@SAXPAVQObject@@@Z
?start@QTimer@@QAEXH@Z
?qDebug@@YA?AVQDebug@@XZ
??6QDebug@@QAEAAV0@PBD@Z
??6QTextStream@@QAEAAV0@D@Z
??1QDebug@@QAE@XZ
?disconnectNotify@QObject@@MAEXPBD@Z
?connectNotify@QObject@@MAEXPBD@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
??1QTimer@@UAE@XZ
?translate@QCoreApplication@@SA?AVQString@@PBD00W4Encoding@1@@Z
?free@QString@@CAXPAUData@1@@Z
??1QString@@QAE@XZ
?fromWCharArray@QString@@SA?AV1@PBGH@Z

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
CreateToolhelp32Snapshot
GetCommandLineW
IsDebuggerPresent
CloseHandle

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification

msvcp90

?_Lock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEHPBGH@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Unlock@_Mutex@std@@QAEXXZ

msvcr90

_initterm
_acmdln
_decode_pointer
_ismbblead
_XcptFilter
_exit
_cexit
_initterm_e
_amsg_exit
??2@YAPAXI@Z
??3@YAXPAX@Z
printf
__iob_func
fflush
__CxxFrameHandler3
atoi
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
__getmainargs
_onexit
_except_handler4_common
_invoke_watson
memcpy
_controlfp_s
_crt_debugger_hook
exit
_CxxThrowException

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb8c4c22d6f147be8c5f5f70a740ca7c

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

19:d3:d3:38:47:15:84:c1:31:dc:f0:a4:ac:c0:c5:fcCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

96:58:c9:4f:3c:ab:e6:1d:ea:32:b5:81:0d:f8:d4:f2:6c:9d:1b:c4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qtgui4

qtcore4

kernel32

user32

msvcp90

msvcr90

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 2KB - Virtual size: 2KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

19:d3:d3:38:47:15:84:c1:31:dc:f0:a4:ac:c0:c5:fc
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

96:58:c9:4f:3c:ab:e6:1d:ea:32:b5:81:0d:f8:d4:f2:6c:9d:1b:c4
Signer

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 2KB - Virtual size: 2KB