0443990b5f0848767ca1954c8e78864c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0443990b5f0848767ca1954c8e78864c_JaffaCakes118
Size

11.0MB
MD5

0443990b5f0848767ca1954c8e78864c
SHA1

3e8e64e817a6bf2d67c57f3bf1874fe5ab769203
SHA256

6cfc83c67ff85c5928c79cb06e3dc538a2698102be8d89cc8ebe647dd4e8a069
SHA512

d6ebc5c49f0be59230902b1d87ed7019f09c0f548a02555166d331c5feb73abd6167fd368ebef27283b9dec4ea779855a8580591bbd4287914ce749b35263173
SSDEEP

98304:XoRg7JRnxu8ettZbcTru5DVlKYVRWgm/0gCINWnr2TlwppJ6N3/ux46ghHOa:l7nEVora8p/0mNWyee2xohz

Score

1^/10

Malware Config

Signatures

Files

0443990b5f0848767ca1954c8e78864c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b09d7432fb3c19fda1f54c568838c258

Code Sign

5e:d4:be:d4:44:e8:ba:80:2e:7a:60:1e:e8:11:e2:1f:2d:54:85:62
Signer

Actual PE Digest

5e:d4:be:d4:44:e8:ba:80:2e:7a:60:1e:e8:11:e2:1f:2d:54:85:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\yangguangbak\wke\bk_src\wke-src-v1.20\wke-src-v1.20\build\vs2008\Release_Cairo_CFLite\bin\lwpagecore.pdb

Imports

kernel32

FlushViewOfFile
LockFile
UnlockFile
UnlockFileEx
HeapValidate
LockFileEx
UnmapViewOfFile
MapViewOfFile
WaitForSingleObjectEx
GetDiskFreeSpaceW
CreateFileMappingW
GetDiskFreeSpaceA
AreFileApisANSI
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesW
CreateDirectoryW
GetLastError
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
GetCurrentDirectoryW
TlsSetValue
GetTickCount
TlsGetValue
TlsAlloc
InterlockedIncrement
OutputDebugStringW
OutputDebugStringA
CreateFileW
WriteFile
CloseHandle
IsValidCodePage
GetACP
WideCharToMultiByte
HeapCompact
SetEvent
WaitForSingleObject
CreateEventA
InterlockedExchange
GetProcessAffinityMask
GetCurrentProcess
GetCurrentProcessId
Sleep
SetLastError
GetThreadPriority
DuplicateHandle
GetCurrentThread
GetCurrentThreadId
ReleaseSemaphore
InterlockedDecrement
TlsFree
GetProcAddress
FreeLibrary
ResetEvent
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
WaitForMultipleObjects
LoadLibraryA
GetThreadTimes
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryW
GetSystemDirectoryW
DeleteFileW
RemoveDirectoryW
CreateFileA
GetTempPathA
GetTempPathW
GetVersionExW
GetModuleHandleA
ReadFile
GetFileSize
LoadLibraryExW
SetCurrentDirectoryW
GetModuleFileNameW
FindClose
FindNextFileW
FindFirstFileW
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GetLocaleInfoW
GetUserDefaultUILanguage
VirtualProtect
GetFileAttributesExW
GlobalAlloc
lstrlenW
RegisterWaitForSingleObject
CreateEventW
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueue
GetPrivateProfileStringW
InterlockedCompareExchange
GetLocaleInfoA
GetUserDefaultLangID
GetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleW
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
MapViewOfFileEx
CreateFileMappingA
OpenFileMappingA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
FlushFileBuffers
FindNextFileA
FindFirstFileA
GetSystemTime
IsDebuggerPresent
RaiseException
TryEnterCriticalSection
ReleaseMutex
CreateMutexW
CreateSemaphoreW
VirtualAlloc
VirtualFree
GetSystemInfo
VirtualQuery
LocalFree
FormatMessageW
GetVersionExA
FormatMessageA
SleepEx
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GetSystemDirectoryA
GetCommandLineA
HeapFree
HeapAlloc
ExitThread
CreateThread
RtlUnwind
ExitProcess
GetTimeFormatA
GetDateFormatA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
GetDriveTypeW
HeapSize
GetDriveTypeA
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetFileInformationByHandle
SetStdHandle
SetFileAttributesA
GetFileAttributesA
GetCPInfo
GetOEMCP
LCMapStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetFullPathNameW
GetFullPathNameA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEndOfFile
GetProcessHeap
MultiByteToWideChar

user32

MsgWaitForMultipleObjects
UnhookWindowsHookEx
SetTimer
GetQueueStatus
RegisterWindowMessageW
PostMessageW
KillTimer
GetLastInputInfo
GetIconInfo
EnumDisplaySettingsW
MonitorFromWindow
GetMonitorInfoW
SendMessageW
DefWindowProcA
SetWindowLongA
SetPropW
SetCapture
ReleaseCapture
CallWindowProcW
DestroyWindow
InvalidateRect
SetWindowRgn
MoveWindow
UpdateWindow
GetFocus
DrawEdge
SetFocus
ShowWindow
RegisterClassExW
GetPropW
GetClientRect
MessageBeep
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
EmptyClipboard
CloseClipboard
RegisterClassW
CreateWindowExW
RegisterClipboardFormatW
DefWindowProcW
NotifyWinEvent
GetMessageW
GetWindowLongW
SetWindowLongW
DrawIconEx
GetDC
CreateIconIndirect
ReleaseDC
LoadCursorW
DestroyIcon
GetSysColorBrush
SystemParametersInfoA
FrameRect
InflateRect
DrawFrameControl
FillRect
GetSysColor
SetCursor
DrawTextW
GetSystemMetrics
GetMessageTime
GetDoubleClickTime
SystemParametersInfoW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
PtInRect
FindWindowW
PeekMessageW
DispatchMessageW
TranslateMessage
CharNextExA
IsChild

gdi32

RestoreDC
ModifyWorldTransform
SetWorldTransform
IntersectClipRect
GetWorldTransform
GetRgnBox
CreateRectRgn
GetCharWidthI
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextMetricsW
SaveDC
SetBkMode
CreateCompatibleBitmap
CreateFontIndirectW
GetTextFaceW
EnumFontFamiliesExW
GetFontUnicodeRanges
BitBlt
EnumEnhMetaFile
CloseEnhMetaFile
SelectObject
CreateDIBSection
CreateCompatibleDC
SetTextColor
GetStockObject
CreateEnhMetaFileW
GetGlyphIndicesW
GetDeviceCaps
GdiFlush
StretchBlt
SetStretchBltMode
StretchDIBits
PatBlt
CreateSolidBrush
ExtTextOutW
SetTextAlign
GetClipRgn
GetClipBox
GetGraphicsMode
SelectClipRgn
ExtSelectClipRgn
DeleteDC
SetGraphicsMode
GetCurrentObject
GetObjectW
CreateBitmap
CreatePatternBrush
SetBkColor
GetViewportOrgEx
DeleteEnhMetaFile
DeleteObject
FillPath
SetMiterLimit
ExtCreatePen
StrokePath
WidenPath
SetPolyFillMode
PolyBezierTo
LineTo
BeginPath
MoveToEx
CloseFigure
EndPath
SelectClipPath
GetCharWidth32A
GetTextMetricsA
GetFontData
SetMapMode
GetOutlineTextMetricsA
ExtCreateRegion
SetBrushOrgEx

ole32

CoInitialize
OleGetClipboard
ReleaseStgMedium
OleDuplicateData
CoUninitialize
CoCreateInstance

iphlpapi

GetAdaptersAddresses
NotifyAddrChange

winmm

timeBeginPeriod
timeEndPeriod

ws2_32

recvfrom
ntohs
inet_addr
gethostbyname
inet_ntoa
getservbyname
gethostbyaddr
getservbyport
WSAGetLastError
select
gethostname
__WSAFDIsSet
getsockname
getpeername
ioctlsocket
recv
WSASetLastError
accept
htons
getsockopt
listen
closesocket
connect
bind
htonl
socket
WSACleanup
WSAStartup
send
sendto
setsockopt
shutdown

advapi32

CryptReleaseContext
CryptAcquireContextW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptGenRandom
DeregisterEventSource
ReportEventA
RegisterEventSourceA

shell32

SHCreateDirectoryExW
ExtractIconExW
DragQueryFileW
DragFinish
SHGetFileInfoW

usp10

ScriptXtoCP
ScriptStringFree
ScriptStringOut
ScriptItemize
ScriptPlace
ScriptFreeCache
ScriptShape
ScriptStringAnalyse

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathIsUNCW
PathFileExistsA
PathIsUNCA
PathFindExtensionW
PathRemoveExtensionW
PathFileExistsW
PathRenameExtensionW
PathGetCharTypeW
SHGetValueW
PathRemoveFileSpecW
PathAppendW
PathCombineA
PathFindFileNameW

msimg32

GradientFill

Exports

Exports

jsArg
jsArgCount
jsArgType
jsArray
jsBindFunction
jsBindGetter
jsBindSetter
jsBoolean
jsCall
jsCallGlobal
jsDouble
jsEval
jsEvalW
jsFalse
jsFloat
jsFunction
jsGC
jsGet
jsGetAt
jsGetGlobal
jsGetLength
jsGetWebView
jsGlobalObject
jsInt
jsIsArray
jsIsBoolean
jsIsFalse
jsIsFunction
jsIsNull
jsIsNumber
jsIsObject
jsIsString
jsIsTrue
jsIsUndefined
jsNull
jsObject
jsSet
jsSetAt
jsSetGlobal
jsSetLength
jsString
jsStringW
jsToBoolean
jsToDouble
jsToFloat
jsToInt
jsToString
jsToStringW
jsTrue
jsTypeOf
jsUndefined
wkeAddDirtyArea
wkeAllowCall
wkeAwaken
wkeBeforeFrameCall
wkeBeforeWebCall
wkeCanGoBack
wkeCanGoForward
wkeContentsHeight
wkeContentsWidth
wkeContextMenuEvent
wkeControlCall
wkeCookieEnabled
wkeCopy
wkeCreateWebView
wkeCut
wkeDelete
wkeDestroyWebView
wkeEqHost
wkeFocus
wkeFrameGetElementById
wkeFrameGetElementsByClassName
wkeFrameGetElementsByName
wkeFrameGetElementsByTagName
wkeGetAllCookieStr
wkeGetAltKey
wkeGetCapsKey
wkeGetCaret
wkeGetCtrlKey
wkeGetElementById
wkeGetElementClientRect
wkeGetElementIdAttribute
wkeGetElementInnerHead
wkeGetElementInnerHtml
wkeGetElementInnerText
wkeGetElementName
wkeGetElementNodeType
wkeGetElementOffsetRect
wkeGetElementOuterHead
wkeGetElementOuterHtml
wkeGetElementOuterText
wkeGetElementPrefix
wkeGetElementRect
wkeGetElementScreenRect
wkeGetElementURI
wkeGetElementsByClassName
wkeGetElementsByName
wkeGetElementsByTagName
wkeGetElementtagName
wkeGetFinishstr
wkeGetFirstChildElement
wkeGetFirstChildHeadElement
wkeGetFirstChildHtmlElement
wkeGetFirstElement
wkeGetFirstFrameElement
wkeGetHScrollbar
wkeGetHeadFirstElement
wkeGetHtmlFirstElement
wkeGetLastElement
wkeGetMainFirstElement
wkeGetMetaKey
wkeGetNextElement
wkeGetNextHeadElement
wkeGetNextHtmlElement
wkeGetPreviousElement
wkeGetPreviousHeadElement
wkeGetPreviousHtmlElement
wkeGetScriptElement
wkeGetShiftKey
wkeGetVScrollbar
wkeGetWebView
wkeGlobalExec
wkeGoBack
wkeGoForward
wkeHeight
wkeInit
wkeIsAwake
wkeIsDirty
wkeIsDocumentReady
wkeIsLoadComplete
wkeIsLoadFailed
wkeIsLoaded
wkeIsPopUp
wkeIsSaveSource
wkeIsSaveUrl
wkeIsStorage
wkeIsTransparent
wkeKeyDown
wkeKeyPress
wkeKeyUp
wkeLayoutIfNeeded
wkeLoadFile
wkeLoadFileW
wkeLoadHTML
wkeLoadHTMLW
wkeLoadURL
wkeLoadURLReferrerW
wkeLoadURLW
wkeMakeWebCall
wkeMediaVolume
wkeMouseEvent
wkeMouseWheel
wkePaint
wkePaste
wkeReferrerLoadURLW
wkeRefresh
wkeReload
wkeResize
wkeRunJS
wkeRunJSW
wkeSaveAllCookies
wkeSaveSourcePath
wkeSelectAll
wkeSetAgentList
wkeSetAllowCall
wkeSetAltKey
wkeSetBeforeFrameCall
wkeSetBeforeWebCall
wkeSetCapsKey
wkeSetControlCall
wkeSetCookieEnabled
wkeSetCookiePath
wkeSetCtrlKey
wkeSetDirty
wkeSetEditable
wkeSetFileSystem
wkeSetIsPopUp
wkeSetIsSaveSource
wkeSetIsSaveUrl
wkeSetIsStorage
wkeSetJSExtFix
wkeSetJSFix
wkeSetMakeWebCall
wkeSetMediaVolume
wkeSetMetaKey
wkeSetProxyInfo
wkeSetSaveSourcePath
wkeSetShiftKey
wkeSetStoragePath
wkeSetTransparent
wkeSetWebCall
wkeSetWebStatueCall
wkeSetWebViewName
wkeSetWindowPoint
wkeSetWindowSize
wkeSetZoomFactor
wkeShutdown
wkeSleep
wkeStopLoading
wkeStoragePath
wkeTitle
wkeTitleW
wkeUnfocus
wkeUpdate
wkeUrlW
wkeVersion
wkeVersionString
wkeWebCall
wkeWebStatueCall
wkeWebViewName
wkeWidth
wkeZoomFactor
wkegetAgent
wkesetAgent

Sections

.text
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 924KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.unwante
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 297B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b09d7432fb3c19fda1f54c568838c258

Code Sign

5e:d4:be:d4:44:e8:ba:80:2e:7a:60:1e:e8:11:e2:1f:2d:54:85:62Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

iphlpapi

winmm

ws2_32

advapi32

shell32

usp10

version

shlwapi

msimg32

Exports

Exports

Sections

.text Size: 8.9MB - Virtual size: 8.9MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 139KB - Virtual size: 924KB

.unwante Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 297B

.rsrc Size: 1024B - Virtual size: 844B

.reloc Size: 553KB - Virtual size: 552KB

5e:d4:be:d4:44:e8:ba:80:2e:7a:60:1e:e8:11:e2:1f:2d:54:85:62
Signer

.text
Size: 8.9MB - Virtual size: 8.9MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 139KB - Virtual size: 924KB

.unwante
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 297B

.rsrc
Size: 1024B - Virtual size: 844B

.reloc
Size: 553KB - Virtual size: 552KB