f929ed722477d09ef320f0327b4101af_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f929ed722477d09ef320f0327b4101af_JaffaCakes118
Size

160KB
MD5

f929ed722477d09ef320f0327b4101af
SHA1

2ad9dfd5037da4d420170af591d59044e22e78c5
SHA256

281b4bbc2f344b52e2c89570946d96fb4eabdba18b49b00a45655b834a338d92
SHA512

5a93cbda4d1bb8c7a754d23a555c97ac551b0fd6df36d9731fc173af6cc1e6f6d08a42f24dd1b28dcc5ca0711a3796d4ebf738a49e9eeeb5c73c5a2784e3a49b
SSDEEP

3072:ts8cdwGaEek+OigUw36/117s8L5ru7ph5uUH+tHugIp/Pqzpes6xNVey6I6W3XS5:XvRIwGzvZradFAvwVMOxR

Score

1^/10

Malware Config

Signatures

Files

f929ed722477d09ef320f0327b4101af_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b8f2ab7047882681659c648637d68e73

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/12/2014, 00:00

Not After

28/12/2017, 23:59

Subject

CN=GuangZhou KuGou Computer Technology Co.\,Ltd.,OU=PC Development Dept.,O=GuangZhou KuGou Computer Technology Co.\,Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9f:19:60:b7:f9:d4:bd:36:33:2f:04:0c:c2:03:d3:3b:5b:ea:66:cb
Signer

Actual PE Digest

9f:19:60:b7:f9:d4:bd:36:33:2f:04:0c:c2:03:d3:3b:5b:ea:66:cb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Administrator\桌面\源码\新改版正式版1.3源码\Server\svchost\Release\wuxue.pdb

Imports

msvcr90

_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_invoke_watson
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
_controlfp_s
_strnicmp
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_stricmp
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
calloc
_beginthreadex
realloc
strncat
_errno
strncmp
atoi
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
malloc
strchr
memmove
ceil
strstr
memcpy
memset
_CxxThrowException
__CxxFrameHandler3
??3@YAXPAX@Z
??2@YAPAXI@Z

shlwapi

SHDeleteKeyA

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
CreateMutexA
SetErrorMode
GetSystemInfo
HeapAlloc
HeapFree
Sleep
GetProcAddress
LoadLibraryA
CloseHandle
WaitForSingleObject
SetEvent
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrlenA
lstrcatA
FreeLibrary
WideCharToMultiByte
lstrcmpA
GetLastError
LocalFree
GetCurrentProcess
CreateRemoteThread
VirtualAllocEx
OpenProcess
GetTickCount
InterlockedExchange
WriteFile
SetFilePointer

user32

LoadCursorA
DestroyCursor
GetCursorInfo
ReleaseDC
GetDC
OpenWindowStationA
GetProcessWindowStation
ExitWindowsEx
SendMessageA
IsWindow
CreateWindowExA
SetRect
TranslateMessage
wsprintfA
GetWindowTextA

gdi32

DeleteDC
GetDIBits
CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
ClearEventLogA
OpenEventLogA
CloseEventLog
RegOpenKeyA
RegQueryValueExA
SetEntriesInAclA
BuildExplicitAccessWithNameA
RegCreateKeyA
RegSetValueExA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaClose
IsValidSid
RegDeleteKeyA
RegDeleteValueA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
RegSetKeySecurity
FreeSid
LookupPrivilegeValueA
OpenProcessToken

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

winmm

waveOutWrite
waveInGetNumDevs
waveInOpen
waveOutUnprepareHeader
waveOutReset
waveInPrepareHeader
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveInStart
waveOutClose

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

ws2_32

ntohs
getsockname
bind
inet_addr
recvfrom
__WSAFDIsSet
getpeername
accept
listen
WSACleanup
gethostname
inet_ntoa
socket
gethostbyname
htons
connect
select
recv
send
closesocket
WSAStartup
sendto
setsockopt

msvfw32

ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree

psapi

EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

tergtr

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ABAB
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UUU
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8f2ab7047882681659c648637d68e73

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fdCertificate

Extended Key Usages

Key Usages

9f:19:60:b7:f9:d4:bd:36:33:2f:04:0c:c2:03:d3:3b:5b:ea:66:cbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

shlwapi

kernel32

user32

gdi32

advapi32

shell32

winmm

msvcp90

ws2_32

msvfw32

psapi

wtsapi32

Exports

Exports

Sections

.text Size: 117KB - Virtual size: 116KB

ABAB Size: 2KB - Virtual size: 1KB

UUU Size: 5KB - Virtual size: 5KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 688B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

9f:19:60:b7:f9:d4:bd:36:33:2f:04:0c:c2:03:d3:3b:5b:ea:66:cb
Signer

.text
Size: 117KB - Virtual size: 116KB

ABAB
Size: 2KB - Virtual size: 1KB

UUU
Size: 5KB - Virtual size: 5KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 688B