3808e7514decc8b947582ca9439c3cfb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3808e7514decc8b947582ca9439c3cfb_JaffaCakes118
Size

7.1MB
MD5

3808e7514decc8b947582ca9439c3cfb
SHA1

e45077df2568050fddf59e3cbe5515672579cac2
SHA256

4177896c930119f07b65ac86de3d2aad4499844edf3080908f33e31df343c90a
SHA512

981d0ec4554e1546ed70ee1c1833caf4960bf35b41752a36145b17af0bf3f5b5a6f02359adbdb4b85199291f6e75f3fe304a305cd6052806b953cf3b4ce8e261
SSDEEP

196608:Bo9Z75gakv4wQFn3mURXtngyZY0mNq7qyWg7:WZdDbFn3tts0mNyl7

Score

7^/10

vmprotect upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ywsj_20150311/余味视距20150308/Update.exe	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/ywsj_20150311/余味视距20150308/Common.dll	vmprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ywsj_20150311/余味视距20150308/Common.dll
unpack001/ywsj_20150311/余味视距20150308/iYuwei.dll
unpack001/ywsj_20150311/余味视距20150308/补丁.exe

Files

3808e7514decc8b947582ca9439c3cfb_JaffaCakes118
.rar
ywsj_20150311/9553下载站.url
.url
ywsj_20150311/余味视距20150308/Common.dll
.exe windows:5 windows x86 arch:x86

84f75c02dfa958417f27c786a75fad34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiOutUnprepareHeader

ws2_32

recvfrom

kernel32

GetVersionExA
GetVersion
GetModuleHandleW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ScrollWindowEx

gdi32

RealizePalette

winspool.drv

DocumentPropertiesA

comdlg32

ChooseColorA

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

RegisterTypeLi

comctl32

ImageList_Read

Sections

.text
Size: - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1006KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ywsj_20150311/余味视距20150308/Update.exe
.exe windows:4 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:b0:cd:1e:c2:90:a6
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

14/11/2011, 20:38

Not After

17/11/2014, 16:20

Subject

CN=广州华多网络科技有限公司,O=广州华多网络科技有限公司,L=广州市,ST=广东省,C=CN,1.2.840.113549.1.9.1=#0c1568757469616e7975406368696e6164756f2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:5b:58:2b:e5:b1:de:09:b0:81:6c:e6:57:9c:28:b0:eb:eb:28:ea
Signer

Actual PE Digest

88:5b:58:2b:e5:b1:de:09:b0:81:6c:e6:57:9c:28:b0:eb:eb:28:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 788KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ywsj_20150311/余味视距20150308/config.ini
ywsj_20150311/余味视距20150308/iYuwei.dll
.dll regsvr32 windows:5 windows x86 arch:x86

b7c891346b2ca3fb93110d878fbd839e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\vm加壳\CEyLogin.pdb

Imports

kernel32

GetVersion
GetVersionExA
GetVersionExW
SetLastError
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostMessageW

advapi32

RegQueryInfoKeyW

ole32

CoCreateInstance

shell32

ShellExecuteW

oleaut32

LoadTypeLi

shlwapi

PathFileExistsW

iphlpapi

GetAdaptersInfo

wldap32

ord143

ws2_32

WSAIoctl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: - Virtual size: 943KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ywsj_20150311/余味视距20150308/安装密码.txt
ywsj_20150311/余味视距20150308/补丁.exe
.exe windows:4 windows x86 arch:x86

cbd4203808488a1aedc61c5934bdb8c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut
midiOutPrepareHeader
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
waveOutGetNumDevs
waveOutClose

ws2_32

WSAAsyncSelect
closesocket
WSACleanup
recvfrom
ioctlsocket
inet_ntoa
recv
accept
getpeername

kernel32

MultiByteToWideChar
SetLastError
GetTimeZoneInformation
GetVersion
HeapSize
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
InterlockedExchange
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle

user32

IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
PeekMessageA
SetMenu
GetMenu
DefWindowProcA
GetClassInfoA
DeleteMenu
GetSystemMenu
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
ModifyMenuA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
GetSysColorBrush
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
LoadIconA
TranslateMessage
SystemParametersInfoA
GetDesktopWindow
GetClassNameA
GetDlgItem
FindWindowExA
GetWindowTextA
WinHelpA
UnregisterClassA
DispatchMessageA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA

gdi32

GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateRectRgnIndirect
SetBkColor
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
SetStretchBltMode
LPtoDP
GetClipRgn
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CLSIDFromString
OleUninitialize
OleInitialize

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

comctl32

ord17
ImageList_Destroy

comdlg32

ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

Sections

.text
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ywsj_20150311/游戏攻略教程 - 9553资讯.url
.url

Sharing

General

Malware Config

Signatures

Files

84f75c02dfa958417f27c786a75fad34

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: - Virtual size: 667KB

.rdata Size: - Virtual size: 1006KB

.data Size: - Virtual size: 287KB

.vmp0 Size: - Virtual size: 3.0MB

.vmp1 Size: 4.5MB - Virtual size: 4.5MB

.rsrc Size: 36KB - Virtual size: 35KB

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

02:b0:cd:1e:c2:90:a6Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

88:5b:58:2b:e5:b1:de:09:b0:81:6c:e6:57:9c:28:b0:eb:eb:28:eaSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 788KB

UPX1 Size: 187KB - Virtual size: 188KB

.rsrc Size: 24KB - Virtual size: 24KB

b7c891346b2ca3fb93110d878fbd839e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

iphlpapi

wldap32

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 943KB

.rdata Size: - Virtual size: 262KB

.data Size: - Virtual size: 95KB

.upx0 Size: - Virtual size: 1.4MB

.upx1 Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 512B - Virtual size: 116B

.rsrc Size: 9KB - Virtual size: 9KB

cbd4203808488a1aedc61c5934bdb8c0

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

.text
Size: - Virtual size: 667KB

.rdata
Size: - Virtual size: 1006KB

.data
Size: - Virtual size: 287KB

.vmp0
Size: - Virtual size: 3.0MB

.vmp1
Size: 4.5MB - Virtual size: 4.5MB

.rsrc
Size: 36KB - Virtual size: 35KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

19:9d:f8:8e
Certificate

02:b0:cd:1e:c2:90:a6
Certificate

3d
Certificate

88:5b:58:2b:e5:b1:de:09:b0:81:6c:e6:57:9c:28:b0:eb:eb:28:ea
Signer

UPX0
Size: - Virtual size: 788KB

UPX1
Size: 187KB - Virtual size: 188KB

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: - Virtual size: 943KB

.rdata
Size: - Virtual size: 262KB

.data
Size: - Virtual size: 95KB

.upx0
Size: - Virtual size: 1.4MB

.upx1
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 512B - Virtual size: 116B

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 520KB - Virtual size: 520KB

.rdata
Size: 104KB - Virtual size: 102KB

.data
Size: 72KB - Virtual size: 183KB

.rsrc
Size: 44KB - Virtual size: 44KB