5c56c9c9013dfabe507f3871452dc718_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c56c9c9013dfabe507f3871452dc718_JaffaCakes118
Size

171KB
MD5

5c56c9c9013dfabe507f3871452dc718
SHA1

69c1e6adba271449cb8894c642de686da31e5a44
SHA256

25bab636f2276ed94a487c03ac5c8e4a489f72fd24ec8cb5c611ccac6a504742
SHA512

006f4ca4fd71dfe5b09ac6cc2a0c97f557f533f839bdf9372f74c4463be2c438abd6c80107c0a895933b1e6f0f2fabb8989d6f5cf52745181406d37a1b2a351b
SSDEEP

3072:9uzkGGINm7tTvixDX3TJ4SaS+en+jvfXBpaMEYxTtOPILsZ:9uzi1aNX9xXlGZ4aLL6

Score

1^/10

Malware Config

Signatures

Files

5c56c9c9013dfabe507f3871452dc718_JaffaCakes118
.dll windows:5 windows x86 arch:x86

de0700c4b4863c46c60bf93747d0403b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/12/2014, 00:00

Not After

28/12/2017, 23:59

Subject

CN=GuangZhou KuGou Computer Technology Co.\,Ltd.,OU=PC Development Dept.,O=GuangZhou KuGou Computer Technology Co.\,Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:59:00:b5:10:6a:18:90:01:ed:ec:58:6d:c2:9d:b4:cf:5c:ca:7a
Signer

Actual PE Digest

fe:59:00:b5:10:6a:18:90:01:ed:ec:58:6d:c2:9d:b4:cf:5c:ca:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\buildbot\slave1\kugou_installer\build\Release\isx.pdb

Imports

kernel32

CreateFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
DeviceIoControl
CreateThread
WriteFile
GetFileSize
WaitForMultipleObjects
GlobalFree
lstrcpynW
GlobalAlloc
GetLastError
ReadFile
SetFilePointer
lstrlenA
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcessId
OpenProcess
TerminateProcess
Process32NextW
InterlockedDecrement
LoadLibraryW
FreeLibrary
GetPrivateProfileSectionW
GetCurrentProcess
GetVersionExW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
GetDriveTypeW
GetDiskFreeSpaceW
GetProcAddress
GetSystemInfo
GetProcessAffinityMask
Sleep
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoW
TlsFree
TlsSetValue
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
WritePrivateProfileStringW
GetLocalTime
lstrcatW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcmpiW
lstrlenW
GetPrivateProfileSectionNamesW
LCMapStringW
SetFilePointerEx
GetConsoleMode
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleCP
HeapReAlloc
LoadLibraryExW
SetUnhandledExceptionFilter
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
DeleteCriticalSection
GetFileType
lstrcpyW
SetProcessAffinityMask
GetStdHandle
GetProcessHeap
GetStringTypeW
LocalFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
SetLastError
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
GetModuleHandleW

user32

FindWindowExW
DestroyMenu
CreatePopupMenu
LoadStringW
wsprintfW
FindWindowW
SendMessageW
PostMessageW

advapi32

AdjustTokenPrivileges
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetDesktopFolder
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid

oleaut32

SysFreeString
VariantClear
SysAllocString

shlwapi

PathFileExistsW
StrToIntW
PathCombineW
PathIsRelativeW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathIsDirectoryEmptyW

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

AddFirewallWhiteList
CanDeleteFile
CheckKuGouShortCut
ConvertFileToUCS2LE
ConvertFileToUTF8
DeleteFolder
DeleteRadioLink
DownloadFile
ExitKugouSafely
FolderIsEmpty
GenerateGuid
GetBindItemCount
GetBindItemText
GetBindItemType
GetDefaultMusicPath
GetFileVersion
GetInstallOption
GetKugouVersion
GetLocalMacs
GetNetOptionState
GetPlaylistSongCount
GetSetupLogs
GetSetupLogs2
Initialize
InstallBindItem
InstallForceBinds
IsAdvancedVersion
IsIEDefaultBrowser
IsPathLegal
IsProcessRunning
KillProcess
ModifyRadioLink
ParseBindIni
PatchCodeForMsvcr120
PinToStartMenu
PinToTaskBar
RemoveFirewallWhiteList
SendBindStatistics
SendDailyActiveStatistics
SendHttpStatistics
SendKG2012UninstallStatistics
SendKG6UninstallStatistics
SendKG7UninstallStatistics
SendLogStatistics
SendNetBarStatistics
SendPhpStatistics
SendSelectStatistics
SendStatisticsUrl
SendUninstallUserInfoStatistics
SetGuidString
SetInstallInfo
SetInstallType
UnpinFromStartMenu
UnpinFromTaskBar
VerifyFile

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de0700c4b4863c46c60bf93747d0403b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fdCertificate

Extended Key Usages

Key Usages

fe:59:00:b5:10:6a:18:90:01:ed:ec:58:6d:c2:9d:b4:cf:5c:ca:7aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

iphlpapi

version

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

fe:59:00:b5:10:6a:18:90:01:ed:ec:58:6d:c2:9d:b4:cf:5c:ca:7a
Signer

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB