3422dd2f6ba1d2343be72d6b516e6297_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3422dd2f6ba1d2343be72d6b516e6297_JaffaCakes118
Size

2.4MB
MD5

3422dd2f6ba1d2343be72d6b516e6297
SHA1

3a2b9fca596831351ce06bbdeece97fccd1c6a47
SHA256

28eccadc6d948042858b667e745d56fb7c8a1c39e3b1345072e7d49942015269
SHA512

27d1472d7dc1b324c1e04fa6e73f6a0765cfa3fd19ea09c01e45ea10941083535701d8cab557abfcc7fbb2cc574f1c293a147b5dd9117f642f9567a7ee6a26f8
SSDEEP

49152:+9gfR0WTeOFaWMoO7WVCklW+QtUYvXL5P4pEfRWddzJ5Aua:tfR06aWMoO7WdW+Qt3dTfQba

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/nestopia/kailleraclient.dll	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/nestopia/PlayGame.exe	aspack_v212_v242

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/nestopia/kailleraclient.dll	upx
static1/unpack001/安装程序.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/nestopia/7zxa.dll
unpack001/nestopia/kailleraclient.dll
unpack002/out.upx
unpack001/nestopia/language/Chinese.nlg
unpack001/nestopia/nestopia.exe
unpack001/nestopia/unrar.dll
unpack003/out.upx

Files

3422dd2f6ba1d2343be72d6b516e6297_JaffaCakes118
.rar
nestopia/7zxa.dll
.dll windows:4 windows x86 arch:x86

dd1fcfec6ca1a2b0bfb46d7f425f87a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharUpperW
CharUpperA

oleaut32

SysFreeString
SysAllocStringByteLen
VariantClear
SysAllocString

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
WriteFile
CreateEventA
LeaveCriticalSection
EnterCriticalSection
ResetEvent
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateThread
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
GetSystemInfo
HeapAlloc
HeapFree
RaiseException
RtlUnwind
GetCommandLineA
GetVersion
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
LCMapStringA

Exports

Exports

CreateObject
GetHandlerProperty

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nestopia/InstallCfg.config
nestopia/PlayGame.exe
.exe windows:4 windows x86 arch:x86

Code Sign

40:13:5a:d6:20:21:5d:2d:c7:c7:f6:f2:d6:fc:59:07
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

17/04/2014, 00:00

Not After

17/04/2015, 23:59

Subject

CN=长沙聚丰网络科技有限公司,O=长沙聚丰网络科技有限公司,L=长沙,ST=湖南,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75
Signer

Actual PE Digest

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 406KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nestopia/changelog.txt
nestopia/copying.txt
nestopia/game/hdl2.nes
nestopia/kailleraclient.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_kailleraChatSend@4
_kailleraEndGame@0
_kailleraGetVersion@4
_kailleraInit@0
_kailleraModifyPlayValues@8
_kailleraSelectServerDialog@4
_kailleraSetInfos@4
_kailleraShutdown@0

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nestopia/language/Chinese.nlg
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nestopia/nestopia.cfg
nestopia/nestopia.exe
.exe windows:4 windows x86 arch:x86

1ca0bbfffd90e108764deff59d8d9333

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RaiseException
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentProcessId
HeapDestroy
InitializeCriticalSection
InterlockedExchange
LoadLibraryA
LCMapStringA
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetStartupInfoA
GetProcessHeap
GetVersionExA
GetCommandLineA
CreateThread
ResumeThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapFree
GetUserDefaultLangID
VirtualQuery
IsProcessorFeaturePresent
UnmapViewOfFile
OutputDebugStringA
CompareStringA
QueryPerformanceCounter
QueryPerformanceFrequency
SystemTimeToTzSpecificLocalTime
GetLocalTime
GetCommandLineW
FileTimeToSystemTime
SetEvent
GetSystemInfo
LoadResource
LockResource
SizeofResource
GlobalUnlock
GlobalLock
CloseHandle
FlushFileBuffers
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
WaitForSingleObject
GetCurrentThread
GetTickCount
SetThreadPriority
FindClose
GetLastError
GetCurrentThreadId
FreeLibrary
Sleep
GetSystemTimeAsFileTime

user32

GetWindow
AdjustWindowRectEx
GetClientRect
GetTopWindow
IsWindowEnabled
CallNextHookEx
GetAsyncKeyState
ReleaseDC
GetDC
GetDlgItem
CheckMenuRadioItem
EnableMenuItem
GetMenuState
DestroyAcceleratorTable
SetMenu
DrawMenuBar
SetMenuInfo
GetDlgCtrlID
GetSubMenu
GetMenuItemCount
GetMenuBarInfo
ShowScrollBar
DeleteMenu
CheckMenuItem
IsChild
ScreenToClient
GetForegroundWindow
GetSysColorBrush
SendInput
DestroyMenu
DestroyCursor
OpenClipboard
GetKeyState
CloseClipboard
EnumThreadWindows
GetCursorPos
GetMenu
UnhookWindowsHookEx
GetActiveWindow
ShowWindow
SetCursor
LockWindowUpdate
PostQuitMessage
SetTimer
KillTimer
EndDialog
GetWindowRect
DestroyWindow
ClientToScreen
SetWindowPlacement
SetWindowPos
InvalidateRect
GetWindowTextA
GetWindowPlacement
IsIconic
GetSystemMetrics
IsWindowVisible
IsZoomed
SetWindowTextA
SetForegroundWindow
GetFocus
GetParent
ValidateRect
GetWindowThreadProcessId
GetWindowTextLengthA
TranslateMessage

gdi32

SetDIBitsToDevice
CreatePen
DeleteObject
GetDeviceCaps
CreateSolidBrush
SelectObject
GetObjectA
GetTextMetricsA
GetGlyphOutlineA
CreateDIBSection
DeleteDC
GetCharacterPlacementA
SetTextColor
SetBkColor
SetBkMode
GetFontLanguageInfo
CreateFontIndirectA
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
Rectangle
GetStockObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

SHGetMalloc
DragFinish
DragQueryPoint

ole32

CoUninitialize
CoInitializeEx

oleaut32

VariantClear

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Destroy
ImageList_Create

avifil32

AVIFileCreateStreamW
AVIStreamWrite
AVIFileInit
AVIFileOpenW
AVIFileExit
AVIStreamSetFormat
AVIFileRelease
AVIStreamRelease
AVIMakeCompressedStream

msvfw32

ICCompressorChoose
ICCompressorFree

shlwapi

StrStrIW
StrChrW
StrCmpW
StrStrW
StrIsIntlEqualW
SHDeleteKeyW
StrTrimW
PathCompactPathExW

winmm

mmioSeek
timeGetTime
timeEndPeriod
timeGetDevCaps
timeBeginPeriod
mmioDescend
mmioSetInfo
mmioAscend
mmioAdvance
mmioClose
mmioCreateChunk
mmioWrite
mmioRead
mmioGetInfo

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

dsound

ord11
ord3

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 56KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nestopia/nestopia.ico
nestopia/nestopia.log
nestopia/readme.html
.html
nestopia/rungame.ini
nestopia/unrar.dll
.dll windows:4 windows x86 arch:x86

244d2f9772f4886a651db44514a2a29b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DeviceIoControl
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
Sleep
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
___CPPdebugHook

Sections

.text
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nestopia/游戏说明.txt
安装程序.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/08/2013, 00:00

Not After

07/08/2015, 23:59

Subject

CN=Wuhan Weijun Technology Co. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=技术部,O=Wuhan Weijun Technology Co. Ltd.,L=Wuhan,ST=Hubei,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:de:c8:2c:55:6c:6d:1f:20:8c:44:92:45:31:ae:37:b5:c7:83:a2
Signer

Actual PE Digest

37:de:c8:2c:55:6c:6d:1f:20:8c:44:92:45:31:ae:37:b5:c7:83:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 544KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 400KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd1fcfec6ca1a2b0bfb46d7f425f87a4

Headers

File Characteristics

Imports

user32

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 13KB - Virtual size: 37KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 11KB - Virtual size: 10KB

Code Sign

40:13:5a:d6:20:21:5d:2d:c7:c7:f6:f2:d6:fc:59:07Certificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75Signer

Headers

File Characteristics

Sections

CODE Size: 406KB - Virtual size: 1.0MB

DATA Size: 6KB - Virtual size: 16KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 76KB

.rsrc Size: 1.9MB - Virtual size: 2.3MB

.aspack Size: 97KB - Virtual size: 100KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 512B - Virtual size: 8B

1ca0bbfffd90e108764deff59d8d9333

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

avifil32

msvfw32

shlwapi

winmm

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 13KB - Virtual size: 37KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 11KB - Virtual size: 10KB

40:13:5a:d6:20:21:5d:2d:c7:c7:f6:f2:d6:fc:59:07
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75
Signer

CODE
Size: 406KB - Virtual size: 1.0MB

DATA
Size: 6KB - Virtual size: 16KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 76KB

.rsrc
Size: 1.9MB - Virtual size: 2.3MB

.aspack
Size: 97KB - Virtual size: 100KB

.adata
Size: - Virtual size: 4KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 512B - Virtual size: 8B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 231KB - Virtual size: 230KB

.data
Size: 56KB - Virtual size: 89KB

.rsrc
Size: 72KB - Virtual size: 72KB

.text
Size: 133KB - Virtual size: 136KB

.data
Size: 15KB - Virtual size: 44KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

37:de:c8:2c:55:6c:6d:1f:20:8c:44:92:45:31:ae:37:b5:c7:83:a2
Signer

UPX0
Size: - Virtual size: 544KB

UPX1
Size: 66KB - Virtual size: 68KB

.rsrc
Size: 400KB - Virtual size: 404KB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 399KB - Virtual size: 399KB

.reloc
Size: 15KB - Virtual size: 15KB