470d1955b35f66323e137a71bff06ba9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

470d1955b35f66323e137a71bff06ba9_JaffaCakes118
Size

2.2MB
MD5

470d1955b35f66323e137a71bff06ba9
SHA1

31c755c3ff9a2ebab88c7dd9d8cfcec8191a0d20
SHA256

38cea031caf40949e9c92a343b5440cfff5b05335d0e176e9bab32dd75457482
SHA512

8f9c75ac3fbaec757eabd1eac16c83c8bdc2d43d22b970e71f0a794d275400cf4b7755bc1b9645c3e6c7f7762cfa8b478589939a9f2d89a36a2814618f083580
SSDEEP

49152:oVUy+JbIqi19MVQ+ZvEYAPJmDk5+tv2gYsRWfrgcljm9:oV9+xIqi19MJZvB86Y9W

Score

1^/10

Malware Config

Signatures

Files

470d1955b35f66323e137a71bff06ba9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

56fdfb58cd5eb76d0416089fc8a212c5

Code Sign

31:5b:47:d3:7a:76:91:6e:33:e3:3a:d5:9f:6c:52:c6
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

05/05/2016, 05:33

Not After

05/06/2019, 05:33

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

19:6d:f8:a7
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2012, 01:00

Not After

08/08/2027, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1c:b7:a8:d0:5e:37:43:12:5f:42:0d:6a:dd:b5:f2:c7
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

05/05/2016, 05:25

Not After

05/06/2019, 05:25

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b4:e7:ed:29:d7:37:98:64:89:19:44:e4:4a:83:58:e8:75:d8:7d:f9:62:eb:3c:cd:e4:7f:7a:10:55:c2:46:d6
Signer

Actual PE Digest

b4:e7:ed:29:d7:37:98:64:89:19:44:e4:4a:83:58:e8:75:d8:7d:f9:62:eb:3c:cd:e4:7f:7a:10:55:c2:46:d6

Digest Algorithm

sha256

PE Digest Matches

true

c7:61:33:e4:09:1b:27:78:67:74:84:a8:bb:fd:88:a6:c5:53:66:2f
Signer

Actual PE Digest

c7:61:33:e4:09:1b:27:78:67:74:84:a8:bb:fd:88:a6:c5:53:66:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\workspace\xunyoukernel\output\js.pdb

Imports

kernel32

FileTimeToSystemTime
GetSystemDirectoryA
SetFileAttributesA
FileTimeToLocalFileTime
SetFilePointerEx
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateFileMappingA
OpenFileMappingA
GetVersionExW
GetModuleHandleW
Sleep
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetFileAttributesExW
MoveFileExW
CopyFileW
GetTempFileNameW
MoveFileW
TerminateProcess
GetSystemInfo
CreateProcessA
GetNativeSystemInfo
ResetEvent
GlobalMemoryStatusEx
SetThreadPriority
GetCurrentThreadId
CreateThread
GlobalLock
GlobalUnlock
GlobalReAlloc
SetPriorityClass
SuspendThread
ResumeThread
SetCurrentDirectoryA
CreateProcessW
lstrcmpiA
GetCurrentThread
DeleteFileW
FreeResource
lstrcpyA
lstrcpynA
InterlockedExchange
WinExec
MulDiv
VirtualProtect
VirtualFree
VirtualAlloc
OpenEventW
UnregisterWaitEx
QueryDepthSList
ReleaseSemaphore
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetModuleFileNameW
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
GetConsoleCP
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetExitCodeProcess
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetACP
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
RtlUnwind
LoadLibraryExW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
SetLastError
GetFileSizeEx
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
Module32NextW
LocalFree
Module32FirstW
LoadLibraryW
DeviceIoControl
MapViewOfFile
CreateEventA
CreateFileMappingW
GetCurrentProcessId
UnmapViewOfFile
OpenFileMappingW
OpenEventA
lstrcmpW
FreeLibrary
GetProcAddress
Process32FirstW
LoadLibraryA
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
FindClose
OutputDebugStringA
GetCurrentProcess
FindNextFileW
FindFirstFileW
QueryDosDeviceW
GetModuleFileNameA
FlushFileBuffers
ConnectNamedPipe
GetOverlappedResult
SetEvent
CreateEventW
DisconnectNamedPipe
WaitForSingleObject
WaitForMultipleObjects
CreateNamedPipeW
GlobalFree
GlobalAlloc
DebugBreak
InterlockedIncrement
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
GetFileSize
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
CreateDirectoryW
LoadResource
TlsGetValue
TlsAlloc
DuplicateHandle
TryEnterCriticalSection
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
LoadLibraryExA
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
RaiseException
CloseHandle
HeapReAlloc
LockResource
OutputDebugStringW
GetLastError
MultiByteToWideChar
HeapSize
CreateFileW
lstrlenA
SetEndOfFile
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
WriteFile
lstrlenW
HeapFree
SizeofResource
ReadFile
GetProcessAffinityMask

user32

GetDesktopWindow
GetDlgItem
GetClientRect
SetCapture
GetClassNameW
LoadCursorW
SetFocus
CreateAcceleratorTableW
MoveWindow
CallWindowProcW
DefWindowProcW
GetWindowTextLengthW
GetWindowLongW
CharNextW
LoadStringW
UnregisterClassW
wsprintfW
wsprintfA
GetClassInfoExW
GetParent
ReleaseCapture
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
GetWindowTextW
CharLowerW
GetPropW
EnumWindows
RegisterWindowMessageW
PostMessageW
IsDialogMessageW
GetMessageW
IsWindow
GetFocus
DestroyWindow
GetDC
SetWindowPos
FillRect
CreateWindowExW
ScreenToClient
SendMessageW
DispatchMessageW
GetWindow
SetWindowTextW
RegisterClassExW
InvalidateRgn
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
IsChild
GetSysColor
CreateDialogIndirectParamW
SetWindowLongW
TranslateMessage
SetTimer
SetPropW
PeekMessageW

gdi32

DeleteObject
GetObjectW
DeleteDC
GetDeviceCaps
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
BitBlt

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExA
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptDeriveKey
CryptCreateHash
CryptDecrypt
RegSetValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExA
QueryServiceStatus
LookupPrivilegeValueA
StartServiceW
ChangeServiceConfigW
QueryServiceStatusEx
OpenServiceA
RegSetValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptAcquireContextW
CryptEncrypt

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
SHGetMalloc

ole32

OleLockRunning
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoGetClassObject
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantClear
SafeArrayAccessData
SysAllocStringLen
SafeArrayUnaccessData
SysStringLen
SysAllocString
VarBstrCat
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
SafeArrayCreateVector
SafeArrayCreate
SafeArrayPutElement
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi

shlwapi

StrStrIA
PathFileExistsA
StrRStrIA
StrStrIW
StrCmpNIW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
StrCmpIW
PathRemoveFileSpecA
PathAppendA

ws2_32

send
ntohl
__WSAFDIsSet
htonl
WSAEnumNetworkEvents
WSCEnumProtocols
sendto
htons
recvfrom
connect
WSAStartup
select
gethostbyname
closesocket
gethostname
inet_ntoa
inet_addr
WSACleanup
ntohs
WSAEventSelect
recv
ioctlsocket
setsockopt
WSAGetLastError
WSACloseEvent
WSACreateEvent
socket
bind
WSAWaitForMultipleEvents

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

iphlpapi

GetAdaptersInfo
SendARP
CreateIpForwardEntry
AddIPAddress
GetPerAdapterInfo
DeleteIPAddress
GetIfTable
GetIfEntry
GetAdaptersAddresses
DeleteIpForwardEntry
GetIpForwardTable

wininet

InternetOpenW
InternetWriteFile
HttpOpenRequestA
InternetSetOptionW
InternetConnectA
InternetCloseHandle
HttpAddRequestHeadersA
HttpSendRequestExW
HttpEndRequestW

rasapi32

RasEnumConnectionsA
RasHangUpA
RasHangUpW
RasDialA
RasGetErrorStringW
RasSetEntryPropertiesW
RasEnumConnectionsW
RasSetEntryPropertiesA
RasGetEntryPropertiesW
RasGetConnectStatusW

psapi

EnumProcessModules
GetModuleFileNameExA
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeKillEvent
timeSetEvent
timeEndPeriod
timeGetTime
timeBeginPeriod

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpReceiveResponse

mprapi

MprConfigGetFriendlyName
MprConfigServerConnect

crypt32

CertOpenStore
PFXIsPFXBlob
CertCloseStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
PFXImportCertStore

Exports

Exports

text_match
xuny_start_accel_speed_game_area
xunyou_accel
xunyou_default_node_type_on_game_area
xunyou_destroy
xunyou_encode
xunyou_exist_recommend_node
xunyou_get_area_from_ip_address
xunyou_get_client_gray_value
xunyou_get_client_ip_country_code
xunyou_get_config
xunyou_get_error_text
xunyou_get_game_area_count
xunyou_get_game_area_server_info
xunyou_get_game_area_server_info_count
xunyou_get_game_areas
xunyou_get_game_catalog_count
xunyou_get_game_catalog_type
xunyou_get_game_catalogs
xunyou_get_game_max_count_by_type
xunyou_get_game_name
xunyou_get_game_name_ex
xunyou_get_game_nodes_indicator
xunyou_get_game_privilege_text
xunyou_get_game_program_names_to_accel
xunyou_get_game_program_names_to_boot
xunyou_get_game_server_count
xunyou_get_game_servers
xunyou_get_game_type
xunyou_get_game_vip_time
xunyou_get_game_weights
xunyou_get_games_by_type
xunyou_get_host_recommend_network_addr
xunyou_get_local_ip
xunyou_get_node_line_name
xunyou_get_node_list_max_count
xunyou_get_node_list_support_game_area_accel
xunyou_get_node_list_support_game_area_accel_ex
xunyou_get_special_config
xunyou_get_state_line_area_info
xunyou_get_state_line_area_info_count
xunyou_get_update_server_count
xunyou_get_update_servers
xunyou_get_url_argument
xunyou_get_user_information
xunyou_get_version
xunyou_get_vpn_ip
xunyou_get_webgame_url
xunyou_get_winsock_status
xunyou_get_xunyou_url_config
xunyou_is_privilege_game
xunyou_is_privilege_node
xunyou_is_recommend_node
xunyou_is_state_line_area
xunyou_is_valid_game
xunyou_is_valid_game_area_server
xunyou_is_valid_node_line
xunyou_load_data
xunyou_login
xunyou_logout
xunyou_need_update_game_information
xunyou_open_url
xunyou_open_url_with_key
xunyou_open_webgame_url
xunyou_phonecode
xunyou_process_url
xunyou_register
xunyou_reset_winsock
xunyou_search_games_by_key
xunyou_set_application_type
xunyou_set_client_to_node_link_type
xunyou_set_user_vip_time
xunyou_start_game_exe
xunyou_stop_accel
xunyou_support_game_type
xunyou_support_mode_on_game_area
xunyou_test_speed_on_game_area
xunyou_unInstall_Lsp
xunyou_unInstall_VNetCard
xunyou_update_game_information
xunyou_update_game_information_ex
xunyou_write_data

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 910KB - Virtual size: 909KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56fdfb58cd5eb76d0416089fc8a212c5

Code Sign

31:5b:47:d3:7a:76:91:6e:33:e3:3a:d5:9f:6c:52:c6Certificate

Extended Key Usages

Key Usages

19:6d:f8:a7Certificate

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

1c:b7:a8:d0:5e:37:43:12:5f:42:0d:6a:dd:b5:f2:c7Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

b4:e7:ed:29:d7:37:98:64:89:19:44:e4:4a:83:58:e8:75:d8:7d:f9:62:eb:3c:cd:e4:7f:7a:10:55:c2:46:d6Signer

c7:61:33:e4:09:1b:27:78:67:74:84:a8:bb:fd:88:a6:c5:53:66:2fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

wintrust

iphlpapi

wininet

rasapi32

psapi

version

winmm

winhttp

mprapi

crypt32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 183KB - Virtual size: 182KB

.data Size: 16KB - Virtual size: 22KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 910KB - Virtual size: 909KB

.reloc Size: 49KB - Virtual size: 48KB

31:5b:47:d3:7a:76:91:6e:33:e3:3a:d5:9f:6c:52:c6
Certificate

19:6d:f8:a7
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

1c:b7:a8:d0:5e:37:43:12:5f:42:0d:6a:dd:b5:f2:c7
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

b4:e7:ed:29:d7:37:98:64:89:19:44:e4:4a:83:58:e8:75:d8:7d:f9:62:eb:3c:cd:e4:7f:7a:10:55:c2:46:d6
Signer

c7:61:33:e4:09:1b:27:78:67:74:84:a8:bb:fd:88:a6:c5:53:66:2f
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 183KB - Virtual size: 182KB

.data
Size: 16KB - Virtual size: 22KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 910KB - Virtual size: 909KB

.reloc
Size: 49KB - Virtual size: 48KB