6a5d22653b9f387dff7cba902bcf5d44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a5d22653b9f387dff7cba902bcf5d44_JaffaCakes118
Size

9.8MB
MD5

6a5d22653b9f387dff7cba902bcf5d44
SHA1

c5fa45fd75720df49ed330b7e49030d9920d0465
SHA256

4eb7c1e7d95aa0f0b1baf2754ed3874b4a0fd752204782f8cd3596db26d3f3b4
SHA512

e6e7be10d1821865d36021a88e71698f46f03e0bb3fac9f6caeac0009814dd0f95de5224c169efef543f47bb8ee0fd26e849b55593efbf5b0dd36cc461c33ade
SSDEEP

196608:PFZZbij45Dsqc/Cesn69kRefCE5KrX8QfQfloOPw:P5x+qc/Cx69kRp1rX8Xflw

Score

1^/10

Malware Config

Signatures

Files

6a5d22653b9f387dff7cba902bcf5d44_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e7776b4de314efe4ede439bda1530faa

Code Sign

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

09/11/2016, 08:45

Not After

09/11/2026, 08:45

Subject

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:da:7b:aa:df:c1:09:35:c9:dd:95:23:62:3c:99:89
Certificate

Issuer

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

30/08/2017, 08:46

Not After

30/08/2018, 08:46

Subject

CN=昆山百诺信息科技有限公司,O=昆山百诺信息科技有限公司,L=苏州市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c1079756875696a756e403630322e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:48:3d:a7:a1:54:c3:ac:3d:46:e7:d1:28:5d:26:cb:53:39:ba:b8:4e:50:98:8b:5f:9e:a5:87:0b:e3:45:4f
Signer

Actual PE Digest

03:48:3d:a7:a1:54:c3:ac:3d:46:e7:d1:28:5d:26:cb:53:39:ba:b8:4e:50:98:8b:5f:9e:a5:87:0b:e3:45:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\leyou\trunk\bin\Win32\Release\build\leyoubox\igame_01030923.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetQueryOptionW
InternetSetOptionExW
InternetQueryDataAvailable
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
DeleteUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetOpenW
InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetOpenUrlW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetCanonicalizeUrlW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

kernel32

GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
FileTimeToSystemTime
InterlockedIncrement
InterlockedDecrement
IsBadWritePtr
GetSystemDirectoryW
ResumeThread
SetEvent
CreateEventW
ExitThread
WaitForMultipleObjects
SetVolumeLabelW
MoveFileW
ReleaseSemaphore
CreateSemaphoreW
lstrcmpW
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
SetLastError
GlobalAddAtomW
InitializeCriticalSection
LocalAlloc
MulDiv
GetThreadLocale
DuplicateHandle
GetVolumeInformationW
GetModuleHandleA
CompareStringW
GlobalFindAtomW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetConsoleCP
GetConsoleMode
GetFileType
SetStdHandle
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
GetCurrentDirectoryA
GetDriveTypeA
FormatMessageA
GetProcessHeap
UnlockFileEx
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
CreateThread
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
GetStdHandle
GetCurrentProcess
FindNextFileW
GetExitCodeProcess
FindClose
FindFirstFileW
CreatePipe
GetStartupInfoW
CreateProcessW
lstrcpyW
GetDiskFreeSpaceExW
GetShortPathNameW
RemoveDirectoryW
GetProcAddress
TerminateProcess
LoadLibraryW
OpenProcess
GetLogicalDriveStringsW
FreeLibrary
GetDriveTypeW
GlobalFree
GetLastError
CreateDirectoryA
GetModuleHandleW
WaitForSingleObject
SetEnvironmentVariableW
lstrlenA
UpdateResourceW
BeginUpdateResourceW
ReadFile
EndUpdateResourceW
GetFileSize
Sleep
WriteFile
CreateDirectoryW
DeleteFileW
WritePrivateProfileStringW
CreateFileW
CopyFileW
GetPrivateProfileStringW
FreeResource
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
GetSystemInfo
LockResource
Process32FirstW
GlobalUnlock
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
GetVersionExW
SizeofResource
WideCharToMultiByte
GlobalAlloc
GetTickCount
GlobalLock
LoadResource
FindResourceW
SetFileAttributesW
GetFileAttributesW
GetSystemTimeAsFileTime
HeapDestroy
LCMapStringW
FormatMessageW
FileTimeToLocalFileTime

user32

RemovePropW
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
CharUpperW
GetWindowTextLengthW
GetWindowTextW
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
RegisterClipboardFormatW
GetMenuItemID
GetMenuItemCount
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
CheckMenuItem
IsRectEmpty
IntersectRect
SetRectEmpty
SetCursor
SetCapture
SetFocus
GetWindowLongW
SetWindowLongW
ReleaseCapture
CallWindowProcW
DefWindowProcW
IsWindow
UpdateLayeredWindow
DrawTextW
PtInRect
ReleaseDC
GetSubMenu
GetDesktopWindow
ClientToScreen
SetWindowRgn
SetTimer
ScreenToClient
PostMessageW
DestroyMenu
PostThreadMessageW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
KillTimer
LoadCursorW
InvalidateRgn
SetRect
CopyAcceleratorTableW
GetSysColorBrush
CharNextW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageA
FindWindowW
LoadIconW
OffsetRect
GetCursorPos
ShowWindow
FindWindowExW
SendMessageW
CopyRect
GetWindowThreadProcessId
GetWindow
GetClientRect
LoadStringW
InvalidateRect
GetSysColor
EnableWindow
SendMessageTimeoutW
GetDC
MessageBoxW
wsprintfW
GetSystemMetrics
UpdateWindow
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
UnhookWindowsHookEx
GetPropW
EnableMenuItem

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
CreateFontIndirectW
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
CreateRectRgnIndirect
GetClipBox
ExtSelectClipRgn
DeleteDC
CreateDIBSection
GetWindowExtEx
GetViewportExtEx
SelectObject
GetStockObject
CreateRoundRectRgn
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
CreateSolidBrush
DeleteObject
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
InitializeSecurityDescriptor
RegOpenKeyW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHBrowseForFolderW
ExtractIconW

comctl32

_TrackMouseEvent

shlwapi

PathIsDirectoryW
PathFileExistsW
PathRemoveBackslashW
PathAppendW
StrCpyW
PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoGetMalloc
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysFreeString
SysStringLen
OleCreateFontIndirect
VariantInit
VariantChangeType
SysAllocStringLen
VariantClear
SysAllocString
OleCreatePictureIndirect

urlmon

URLDownloadToFileW

gdiplus

GdipGetImageWidth
GdipDrawImageRectRect
GdipDeleteBrush
GdipCloneBrush
GdipSetStringFormatLineAlign
GdipDeleteFont
GdipSetStringFormatAlign
GdipDeleteFontFamily
GdipCreateSolidFill
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDrawString
GdipCreateFontFamilyFromName
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeletePen
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetSolidFillColor
GdipFillRectangleI
GdipCreatePen1
GdipDrawRectangleI
GdipGetPathWorldBounds
GdipGetFontStyle
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipDeletePath
GdipCreatePath
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageHeight
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdiplusShutdown

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

snmpapi

SnmpUtilOidCpy
SnmpUtilVarBindFree
SnmpUtilOidNCmp

setupapi

SetupIterateCabinetW

ws2_32

send
gethostbyname
closesocket
__WSAFDIsSet
socket
WSAStartup
htons
WSAGetLastError
select
connect
recv

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7776b4de314efe4ede439bda1530faa

Code Sign

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:aeCertificate

Extended Key Usages

Key Usages

2d:da:7b:aa:df:c1:09:35:c9:dd:95:23:62:3c:99:89Certificate

Extended Key Usages

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

03:48:3d:a7:a1:54:c3:ac:3d:46:e7:d1:28:5d:26:cb:53:39:ba:b8:4e:50:98:8b:5f:9e:a5:87:0b:e3:45:4fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wininet

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

gdiplus

iphlpapi

netapi32

snmpapi

setupapi

ws2_32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 231KB - Virtual size: 231KB

.data Size: 25KB - Virtual size: 52KB

.rsrc Size: 8.3MB - Virtual size: 8.3MB

.reloc Size: 99KB - Virtual size: 99KB

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

2d:da:7b:aa:df:c1:09:35:c9:dd:95:23:62:3c:99:89
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

03:48:3d:a7:a1:54:c3:ac:3d:46:e7:d1:28:5d:26:cb:53:39:ba:b8:4e:50:98:8b:5f:9e:a5:87:0b:e3:45:4f
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 231KB - Virtual size: 231KB

.data
Size: 25KB - Virtual size: 52KB

.rsrc
Size: 8.3MB - Virtual size: 8.3MB

.reloc
Size: 99KB - Virtual size: 99KB