44cd1991346bcf0ba7fe327a72134222_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44cd1991346bcf0ba7fe327a72134222_JaffaCakes118
Size

1.2MB
MD5

44cd1991346bcf0ba7fe327a72134222
SHA1

73f46b9d3d03563df5465e86a4bade9c219a0d53
SHA256

4671e0edf3f8bbc69127a3bbe478932b56f56c23041b342883b920f3b33ff359
SHA512

3722b273d86680debcae3ed9c554082898b5b497b7bc425ac47c2e79bd81800a58235ced3cc73c47c5444e005fbe2ba5de96d4351837d30976456dd7066e91e8
SSDEEP

24576:+N+9XokUwbcWb9S1Vhstwszswj1ZcvMFpf:V9XbUw4o9SHh0wszswJZlFpf

Score

1^/10

Malware Config

Signatures

Files

44cd1991346bcf0ba7fe327a72134222_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b9e04e0422b0d6910f2110f63d4513b4

Code Sign

31:5b:47:d3:7a:76:91:6e:33:e3:3a:d5:9f:6c:52:c6
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

05/05/2016, 05:33

Not After

05/06/2019, 05:33

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

19:6d:f8:a7
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2012, 01:00

Not After

08/08/2027, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:b7:a8:d0:5e:37:43:12:5f:42:0d:6a:dd:b5:f2:c7
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

05/05/2016, 05:25

Not After

05/06/2019, 05:25

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:ee:57:c7:7b:7d:d0:4c:ee:c1:2e:4f:92:7c:7f:21:4b:08:67:84:20:60:c9:2c:97:27:83:b9:a8:47:82:c3
Signer

Actual PE Digest

b5:ee:57:c7:7b:7d:d0:4c:ee:c1:2e:4f:92:7c:7f:21:4b:08:67:84:20:60:c9:2c:97:27:83:b9:a8:47:82:c3

Digest Algorithm

sha256

PE Digest Matches

true

0a:64:87:9a:f4:dc:39:c3:ba:24:17:6e:d5:5a:f9:41:6b:52:ed:6f
Signer

Actual PE Digest

0a:64:87:9a:f4:dc:39:c3:ba:24:17:6e:d5:5a:f9:41:6b:52:ed:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\XunYouPlatform2012_游戏圈子\output\xunyou.pdb

Imports

ws2_32

closesocket
sendto
socket
htons
inet_addr
WSAGetLastError
recvfrom
select
ioctlsocket
gethostbyname
ntohl
WSACleanup
WSAStartup

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_Draw
ImageList_Destroy
ImageList_GetIconSize
ImageList_LoadImageA

psapi

GetProcessImageFileNameA
EnumProcessModules
GetModuleFileNameExA

kernel32

GetTickCount
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
FreeLibrary
GetCurrentThreadId
LoadLibraryA
Sleep
SetLastError
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
lstrcmpA
MulDiv
RaiseException
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleA
SetThreadPriority
WaitForSingleObject
SuspendThread
ResumeThread
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
ExitProcess
GetProcAddress
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
DeviceIoControl
OutputDebugStringW
DeleteFileA
CreateMutexA
LoadLibraryExA
lstrcpynA
CreateProcessA
TerminateThread
CreateThread
GlobalFree
GlobalHandle
OpenProcess
GetModuleFileNameW
IsDBCSLeadByte
LocalFree
LocalAlloc
SetFilePointerEx
WriteFile
FileTimeToSystemTime
GetFileTime
GetSystemDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
SetEvent
CreateEventA
OpenEventA
UnmapViewOfFile
GetCPInfo
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetProcessHeap
GetVersionExA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
HeapFree
HeapAlloc
RtlUnwind
HeapCreate
GetStdHandle
GetStringTypeA
GetStringTypeW
HeapSize
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
SetFilePointer
SetEndOfFile
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetFileAttributesA
CreateDirectoryA
OutputDebugStringA
DebugBreak
InterlockedIncrement
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrcmpiW
lstrcmpiA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
CompareStringW
CompareStringA
lstrlenW
lstrlenA
InterlockedDecrement
GetVersion
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetACP
GetOEMCP
IsValidCodePage
FatalAppExitA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
GetFileSizeEx
HeapDestroy

user32

EqualRect
LoadMenuA
GetSubMenu
DestroyIcon
SetMenuDefaultItem
RemoveMenu
EnableMenuItem
DestroyMenu
LoadImageA
wsprintfA
IsDialogMessageA
EnableScrollBar
DrawTextW
FrameRect
SendMessageW
GetSystemMenu
TrackPopupMenu
TrackMouseEvent
GetWindowDC
MessageBoxA
EnumChildWindows
EnumWindows
DialogBoxIndirectParamA
CreateDialogParamA
GetPropW
DestroyCursor
SetCursor
OffsetRect
SetRectEmpty
SetRect
IsRectEmpty
SetDlgItemTextA
GetDlgItemTextA
EnableWindow
IsWindowVisible
LoadIconA
SetPropW
SetClassLongA
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetActiveWindow
CreateAcceleratorTableA
RegisterClassExA
GetClassInfoExA
GetDesktopWindow
SetFocus
GetFocus
MonitorFromPoint
GetMonitorInfoA
IsIconic
DestroyAcceleratorTable
GetClassNameA
IsChild
RedrawWindow
TranslateMessage
ScreenToClient
MapDialogRect
SetWindowContextHelpId
GetSysColor
GetSystemMetrics
InflateRect
ReleaseCapture
DrawEdge
DrawFocusRect
GetCapture
GetDlgCtrlID
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ClientToScreen
DestroyWindow
EndPaint
BeginPaint
EndDialog
DrawTextA
FillRect
GetForegroundWindow
GetWindowThreadProcessId
CopyRect
PeekMessageA
RegisterWindowMessageA
GetMessageA
AttachThreadInput
SetForegroundWindow
GetMessageTime
GetCursorPos
CallWindowProcA
DefWindowProcA
LoadBitmapA
PtInRect
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
IsWindow
AdjustWindowRectEx
GetDlgItem
GetTopWindow
KillTimer
SetTimer
ShowWindow
ReleaseDC
GetDC
GetClientRect
SetWindowPos
MoveWindow
GetMenu
PostMessageA
SendMessageA
CreateWindowExA
GetWindowLongA
SetWindowLongA
CharNextA
CharUpperW
CharUpperA
CharLowerW
CharLowerA
LoadStringA
DispatchMessageA
PostQuitMessage
InvalidateRgn
CreateDialogIndirectParamA
UnregisterClassA
LoadCursorA

gdi32

GetTextMetricsA
DPtoLP
SetTextColor
SetBkMode
SelectObject
CreateCompatibleDC
CreateFontIndirectA
GetTextExtentPoint32A
CreateFontW
GetStockObject
CreateSolidBrush
GetDeviceCaps
CreatePatternBrush
DeleteDC
GetObjectA
DeleteObject
CreateCompatibleBitmap
SetBkColor
ExtTextOutA
TextOutA
BitBlt
SetViewportOrgEx
SetDCBrushColor

advapi32

CryptImportKey
CryptSetKeyParam
CryptDecrypt
CryptDestroyKey
CryptCreateHash
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExA
RegSetValueExA
CryptDeriveKey
CryptDestroyHash
CryptHashData
CryptEncrypt
CryptAcquireContextA
CryptReleaseContext
OpenSCManagerA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
CloseServiceHandle
EnumServicesStatusA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoCreateInstance
StringFromGUID2
OleLockRunning
CoTaskMemAlloc
CoGetClassObject
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromProgID

oleaut32

SysAllocString
SysAllocStringLen
VariantInit
VariantClear
DispCallFunc
SysStringLen
LoadTypeLi
SysStringByteLen
OleCreateFontIndirect
VarUI4FromStr
SystemTimeToVariantTime
SysFreeString
LoadRegTypeLi
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

PathFileExistsA
StrStrIA
StrRStrIA

msimg32

TransparentBlt

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
HttpQueryInfoA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetCrackUrlA

Sections

.text
Size: 804KB - Virtual size: 803KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9e04e0422b0d6910f2110f63d4513b4

Code Sign

31:5b:47:d3:7a:76:91:6e:33:e3:3a:d5:9f:6c:52:c6Certificate

Extended Key Usages

Key Usages

19:6d:f8:a7Certificate

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

1c:b7:a8:d0:5e:37:43:12:5f:42:0d:6a:dd:b5:f2:c7Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

b5:ee:57:c7:7b:7d:d0:4c:ee:c1:2e:4f:92:7c:7f:21:4b:08:67:84:20:60:c9:2c:97:27:83:b9:a8:47:82:c3Signer

0a:64:87:9a:f4:dc:39:c3:ba:24:17:6e:d5:5a:f9:41:6b:52:ed:6fSigner

Headers

File Characteristics

PDB Paths

Imports

ws2_32

comctl32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

wininet

Sections

.text Size: 804KB - Virtual size: 803KB

.rdata Size: 116KB - Virtual size: 114KB

.data Size: 20KB - Virtual size: 27KB

.rsrc Size: 288KB - Virtual size: 284KB

31:5b:47:d3:7a:76:91:6e:33:e3:3a:d5:9f:6c:52:c6
Certificate

19:6d:f8:a7
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

1c:b7:a8:d0:5e:37:43:12:5f:42:0d:6a:dd:b5:f2:c7
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

b5:ee:57:c7:7b:7d:d0:4c:ee:c1:2e:4f:92:7c:7f:21:4b:08:67:84:20:60:c9:2c:97:27:83:b9:a8:47:82:c3
Signer

0a:64:87:9a:f4:dc:39:c3:ba:24:17:6e:d5:5a:f9:41:6b:52:ed:6f
Signer

.text
Size: 804KB - Virtual size: 803KB

.rdata
Size: 116KB - Virtual size: 114KB

.data
Size: 20KB - Virtual size: 27KB

.rsrc
Size: 288KB - Virtual size: 284KB