0d5b67eb4901c5c1fe72f3bb2821b59e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d5b67eb4901c5c1fe72f3bb2821b59e_JaffaCakes118
Size

10.5MB
MD5

0d5b67eb4901c5c1fe72f3bb2821b59e
SHA1

d923d3726475a00416f23fc7ff5610f1832b9d33
SHA256

496718c555525dc2f040e09bbbb134020c981bb16f569c61d420c97956332754
SHA512

1a97a698f987e170019f48d8fda63cbec9604d046ba93f80f498cbdccb9a00820653cabd3e055b741a5a765e932532d40c60cee432ff836e655fdb8683c659cc
SSDEEP

196608:RjjuSPN0R7vWR6BDCQtJP6xELYeoX7GQpKtcPYxM4PHOPo2jCTItaEIVIo:Rjrk7vW4FCQnkE8eo7gfiRB+p

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/xinbancjmlwdb/PlayGame.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/安装程序.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

0d5b67eb4901c5c1fe72f3bb2821b59e_JaffaCakes118
.rar
xinbancjmlwdb/InstallCfg.config
xinbancjmlwdb/PlayGame.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/08/2013, 00:00

Not After

07/08/2015, 23:59

Subject

CN=Wuhan Weijun Technology Co. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=技术部,O=Wuhan Weijun Technology Co. Ltd.,L=Wuhan,ST=Hubei,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75
Signer

Actual PE Digest

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 406KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xinbancjmlwdb/flashplayer_10_sa_debug.exe
.exe windows:5 windows x86 arch:x86

7b79ac39f31a285f3182c031233d1a20

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/12/2010, 00:00

Not After

14/12/2012, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Information Systems+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:61:89:0b:3b:a8:96:84:80:bd:aa:36:08:03:29:bf:74:12:47:84
Signer

Actual PE Digest

82:61:89:0b:3b:a8:96:84:80:bd:aa:36:08:03:29:bf:74:12:47:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

FlashPlayer.pdb

Imports

crypt32

CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CertCloseStore
CryptVerifyMessageSignature

urlmon

CopyStgMedium

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

waveInOpen
timeSetEvent
waveOutGetPosition
timeGetTime
mixerGetID
waveInGetDevCapsA
waveOutGetDevCapsA
waveOutMessage
waveInMessage
mixerClose
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetDevCapsA
mixerOpen
mixerGetControlDetailsA
waveOutRestart
waveOutPause
waveInGetPosition
mixerSetControlDetails
waveInPrepareHeader
waveInReset
waveInUnprepareHeader
waveInClose
waveOutClose
waveInStop
waveInAddBuffer
waveInStart
waveOutReset
waveOutOpen
waveInGetNumDevs
waveOutGetNumDevs
waveInGetDevCapsW
waveOutGetDevCapsW
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
timeGetDevCaps
timeKillEvent
timeBeginPeriod
timeEndPeriod

oleaut32

SysFreeString

dsound

ord8

kernel32

CreateThread
LockResource
LoadResource
FindResourceExA
FindResourceExW
SetUnhandledExceptionFilter
GetTempPathW
FindClose
FindNextFileW
FindFirstFileW
InterlockedIncrement
InterlockedDecrement
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
ReleaseSemaphore
WaitForMultipleObjects
SetEvent
CreateSemaphoreW
GetTempPathA
GetModuleFileNameA
GetModuleFileNameW
GetTempFileNameW
GetSystemDirectoryW
ExpandEnvironmentStringsA
WideCharToMultiByte
CreateProcessW
GetTempFileNameA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
CreateMutexA
SetFilePointerEx
GetFileSizeEx
GetFileAttributesExW
GetFileInformationByHandle
GetVolumeInformationW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
OutputDebugStringA
GetFileSize
CreateDirectoryW
RaiseException
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
SetLastError
SetThreadPriority
GetSystemDirectoryA
TerminateThread
lstrcpyA
lstrlenA
QueryPerformanceFrequency
QueryPerformanceCounter
QueueUserAPC
OpenThread
SleepEx
FlushInstructionCache
GetModuleHandleA
GetCommandLineW
SetEndOfFile
SetFileAttributesA
CopyFileA
GetStartupInfoW
GetCommandLineA
FlushFileBuffers
GetNumberFormatW
GetCurrencyFormatW
CompareStringW
GetDateFormatW
GetTimeFormatW
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
GetProcessHeap
HeapFree
HeapSize
VirtualProtect
IsProcessorFeaturePresent
RtlUnwind
ExitProcess
GetStartupInfoA
UnhandledExceptionFilter
SetStdHandle
GetFileType
GetStdHandle
TerminateProcess
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
SetHandleCount
HeapCreate
HeapReAlloc
ReadFile
GlobalFree
CreateFileA
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
SetFilePointer
WriteFile
GetUserDefaultUILanguage
GetUserDefaultLangID
VirtualQuery
GetFileAttributesW
DeleteFileW
MoveFileExW
GetModuleHandleW
GetSystemInfo
LoadLibraryA
GlobalAlloc
GlobalSize
GetCurrentProcessId
GlobalLock
GlobalUnlock
GetCurrentProcess
GetProcessTimes
FreeLibrary
CreateProcessA
LCMapStringW
GetTickCount
LocalFree
GetCurrentThreadId
GetLocaleInfoW
GetEnvironmentVariableW
GetLastError
ResetEvent
WaitForSingleObject
GetVersionExW
LoadLibraryW
GetProcAddress
GetCurrentThread
SetThreadAffinityMask
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
CreateEventW
CloseHandle
ExitThread
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateNamedPipeA
ConnectNamedPipe
GetOEMCP
IsValidCodePage
LCMapStringA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
CompareStringA
SetEnvironmentVariableA
FormatMessageA
FormatMessageW
VirtualAlloc
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
CreateSemaphoreA
SwitchToThread
VirtualFree
DeviceIoControl
GetVersion
lstrlenW
InterlockedExchangeAdd
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerA
GetVersionExA
CreateEventA

user32

GetMenu
GetWindowTextW
DeleteMenu
LoadMenuW
PostQuitMessage
UnregisterClassA
GetWindowTextA
InsertMenuA
InsertMenuW
GetWindowTextLengthA
TranslateAcceleratorW
LoadAcceleratorsW
GetMenuStringA
GetMenuStringW
SetCaretPos
DestroyCaret
CreateCaret
ShowCaret
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
RegisterClipboardFormatW
IsWindow
TrackMouseEvent
CallWindowProcW
GetCapture
GetWindowThreadProcessId
AttachThreadInput
MessageBoxW
GetCursorPos
LoadStringA
GetFocus
EnableMenuItem
CheckMenuItem
GetQueueStatus
GetMenuItemInfoW
RemoveMenu
SetMenuItemInfoW
InsertMenuItemW
DrawMenuBar
SetMenuInfo
MapVirtualKeyW
GetKeyState
GetForegroundWindow
WaitForInputIdle
CreatePopupMenu
CreateMenu
ShowWindow
GetClassInfoExW
RegisterClassExW
GetSubMenu
TrackPopupMenu
ReleaseCapture
KillTimer
SetCapture
SetTimer
UpdateWindow
BeginPaint
EndPaint
DestroyWindow
GetActiveWindow
InvalidateRect
MessageBoxA
GetMessageW
EnableWindow
GetWindowTextLengthW
GetDlgItemTextA
IsWindowEnabled
SetDlgItemTextA
DialogBoxParamW
GetDlgItemTextW
SetDlgItemTextW
ScreenToClient
SetWindowTextA
GetClientRect
LoadStringW
RedrawWindow
DialogBoxIndirectParamW
PostMessageW
EndDialog
GetDesktopWindow
SetWindowPos
LoadIconW
GetDlgItem
SetWindowTextW
GetParent
SendMessageTimeoutW
SendMessageW
CreateIconIndirect
SetFocus
SetRectEmpty
SetWindowLongW
SetCursor
GetCursor
DestroyIcon
GetPropW
SetPropW
SystemParametersInfoW
ShowWindowAsync
GetWindow
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
IsZoomed
GetSystemMenu
SetMenu
EnumDisplaySettingsW
LoadCursorW
FlashWindowEx
GetSystemMetrics
GetClipboardFormatNameA
RegisterClipboardFormatA
CreateWindowExW
DdeInitializeW
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
DefWindowProcW
SendInput
GetKeyboardLayout
FillRect
GetWindowLongW
GetWindowRect
UpdateLayeredWindow
GetDC
ReleaseDC
ClientToScreen
GetMonitorInfoW
SetRect
OffsetRect
MonitorFromWindow
PeekMessageW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
GetDoubleClickTime
DestroyMenu
MapWindowPoints
PostMessageA
RegisterWindowMessageA
MoveWindow
CloseClipboard

gdi32

BitBlt
SelectObject
RealizePalette
SelectPalette
ExtTextOutW
SetBkColor
CreateSolidBrush
StretchBlt
SetStretchBltMode
GetStretchBltMode
EnumFontFamiliesW
GetICMProfileA
CreateDCA
GetStockObject
SetPixel
CreateBitmap
CreateFontIndirectW
GetTextMetricsW
EnumFontFamiliesA
SetBkMode
CreateDIBSection
GetObjectW
SetTextAlign
IntersectClipRect
SelectClipRgn
ExtTextOutA
SetTextColor
CreateFontIndirectA
GetClipRgn
CreateRectRgn
GetTextAlign
GetBkMode
GetTextColor
SetTextCharacterExtra
GetTextExtentPoint32W
GetCurrentObject
GetBkColor
CreatePen
DPtoLP
GetTextExtentPoint32A
GetTextCharacterExtra
SetWorldTransform
SetGraphicsMode
GetWorldTransform
CreatePalette
GetSystemPaletteEntries
LPtoDP
StartDocW
EndDoc
StrokePath
ExtCreatePen
FillPath
StretchDIBits
GetClipBox
GetDeviceCaps
CreateCompatibleBitmap
GetDIBits
GetFontData
EnumFontFamiliesExW
DeleteObject
GdiFlush
DeleteDC
CreateCompatibleDC
RestoreDC
SelectClipPath
PolyBezierTo
LineTo
MoveToEx
EndPath
BeginPath
SaveDC
SetPolyFillMode
StartPage
EndPage

comdlg32

GetSaveFileNameA
PrintDlgW
GetSaveFileNameW
GetOpenFileNameW
GetOpenFileNameA
CommDlgExtendedError

advapi32

RegOpenKeyExA
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

DragQueryFileA
DragAcceptFiles
SHGetDiskFreeSpaceExW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathA
DragQueryFileW

ole32

OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
ReleaseStgMedium
CreateBindCtx
CoTaskMemFree
CoTaskMemAlloc
OleGetClipboard
CoCreateInstance
PropVariantClear

mscms

CreateColorTransformW
CloseColorProfile
TranslateBitmapBits
DeleteColorTransform
OpenColorProfileW

ws2_32

recv
setsockopt
WSAStartup
WSASocketW
socket
WSAIoctl
WSAGetLastError
WSAAsyncSelect
closesocket
WSACleanup
send
ntohs
htons
WSACloseEvent
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
recvfrom
sendto
bind
WSAAddressToStringA
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
ioctlsocket
connect
ntohl
select
getsockname
gethostname

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 625KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xinbancjmlwdb/flashplayer_10_sa_debug.ico
xinbancjmlwdb/rungame.ini
xinbancjmlwdb/新版超级玛丽.swf
xinbancjmlwdb/新版超级玛丽.url
xinbancjmlwdb/游戏说明.txt
安装程序.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/08/2013, 00:00

Not After

07/08/2015, 23:59

Subject

CN=Wuhan Weijun Technology Co. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=技术部,O=Wuhan Weijun Technology Co. Ltd.,L=Wuhan,ST=Hubei,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:4e:36:4e:65:9d:9a:2c:f2:9b:10:16:a7:55:08:28:f5:90:ad:19
Signer

Actual PE Digest

ae:4e:36:4e:65:9d:9a:2c:f2:9b:10:16:a7:55:08:28:f5:90:ad:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 632KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 400KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75Signer

Headers

File Characteristics

Sections

CODE Size: 406KB - Virtual size: 1.0MB

DATA Size: 6KB - Virtual size: 16KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 76KB

.rsrc Size: 1.9MB - Virtual size: 2.3MB

.aspack Size: 97KB - Virtual size: 100KB

.adata Size: - Virtual size: 4KB

7b79ac39f31a285f3182c031233d1a20

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

82:61:89:0b:3b:a8:96:84:80:bd:aa:36:08:03:29:bf:74:12:47:84Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

urlmon

version

winmm

oleaut32

dsound

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

mscms

ws2_32

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rodata Size: 1KB - Virtual size: 1KB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 127KB - Virtual size: 225KB

.rodata Size: 1KB - Virtual size: 1KB

.rsrc Size: 625KB - Virtual size: 624KB

.reloc Size: 185KB - Virtual size: 185KB

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75
Signer

CODE
Size: 406KB - Virtual size: 1.0MB

DATA
Size: 6KB - Virtual size: 16KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 76KB

.rsrc
Size: 1.9MB - Virtual size: 2.3MB

.aspack
Size: 97KB - Virtual size: 100KB

.adata
Size: - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

82:61:89:0b:3b:a8:96:84:80:bd:aa:36:08:03:29:bf:74:12:47:84
Signer

.text
Size: 4.2MB - Virtual size: 4.2MB

.rodata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 127KB - Virtual size: 225KB

.rodata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 625KB - Virtual size: 624KB

.reloc
Size: 185KB - Virtual size: 185KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ae:4e:36:4e:65:9d:9a:2c:f2:9b:10:16:a7:55:08:28:f5:90:ad:19
Signer

UPX0
Size: - Virtual size: 632KB

UPX1
Size: 135KB - Virtual size: 136KB

.rsrc
Size: 400KB - Virtual size: 404KB

.text
Size: 274KB - Virtual size: 274KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 399KB - Virtual size: 399KB

.reloc
Size: 16KB - Virtual size: 16KB