7d56f804ad73a56e79f193ca2ee72fdd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7d56f804ad73a56e79f193ca2ee72fdd_JaffaCakes118
Size

149KB
MD5

7d56f804ad73a56e79f193ca2ee72fdd
SHA1

7e6adcd65175aca4575c49ccc11b2353d5f19fae
SHA256

3e6ef60bb036770dcb3b55be5e46539adb3c8b050245112c206cbf4be271a2ef
SHA512

28bb01aa6a53ed4c6bcac067fb51a6c6893943d37294fcb5f70aa727dcb9e812b0e7dbdc87cd9f4c1b785c65920f011321d041521f725044518e0671db092dfd
SSDEEP

3072:o4ef48D+Ypp9Rnovsth0XDq+OPSpkMwZ65uKixGR4t/7h3:o4efAKp9Rnh0D1OKZ0zp

Score

1^/10

Malware Config

Signatures

Files

7d56f804ad73a56e79f193ca2ee72fdd_JaffaCakes118
.dll windows:6 windows x86 arch:x86

742bc158084dd6ff745498c0b40b5be2

Code Sign

27:32:cf:90:31:dc:e4:1d:18:72:da:fd:ce:25:57:e6
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

17/05/2016, 03:26

Not After

17/06/2017, 03:26

Subject

CN=北京趣玩互动信息技术有限公司,O=北京趣玩互动信息技术有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:d3:15:34:94:a1:b2:33:23:72:3e:d2:71:d0:7a:99:14:00:56:ae
Signer

Actual PE Digest

b8:d3:15:34:94:a1:b2:33:23:72:3e:d2:71:d0:7a:99:14:00:56:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\project\quanmin\androidappmgr\branches\AndroidAppMgr3.0\Output\Bin\Release\EmuKernel.pdb

Imports

kernel32

InitializeCriticalSection
HeapSize
GetLastError
HeapReAlloc
CloseHandle
RaiseException
CreateThread
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
Sleep
SetLastError
GetCurrentProcess
WaitForSingleObject
GetCurrentThreadId
CreateEventW
SetEvent
WaitForMultipleObjects
SetCurrentDirectoryW
LoadLibraryW
GetProcAddress
GetStartupInfoW
ReadFile
CreatePipe
CreateFileA
DeleteFileA
GetFileSize
CreateProcessW
GetTickCount
OutputDebugStringA
OutputDebugStringW
GetCurrentProcessId
LeaveCriticalSection
CreateFileW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
SetStdHandle
GetStringTypeW
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetFileType
GetStdHandle
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwind
GetModuleFileNameW
LoadLibraryExW
HeapFree
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
EnterCriticalSection
FlushFileBuffers
TlsAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
WaitForSingleObjectEx
ResetEvent
LoadLibraryExA
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree

user32

SetWindowPos
GetClassInfoExW
DispatchMessageW
PeekMessageW
TranslateMessage
LoadCursorW
SetWindowLongW
UnregisterClassW
PostThreadMessageW
RegisterClassExW
SendMessageW
GetSystemMetrics
GetClientRect
GetParent
GetWindowRect
GetClipCursor
ClipCursor
ShowCursor
GetKeyState
MapVirtualKeyW
SystemParametersInfoW
GetDesktopWindow
GetWindowLongW
GetMessageW
DefWindowProcW
CallWindowProcW
PostMessageW
DestroyWindow
CreateWindowExW
ScreenToClient

ole32

CoInitialize

shlwapi

SHGetValueA
PathCombineW
SHGetValueW
PathFileExistsW
PathCombineA
SHSetValueW
PathFileExistsA

dsound

ord1

winmm

waveInReset
waveInClose
waveInAddBuffer
waveInStart
waveInOpen
waveInUnprepareHeader
waveInGetNumDevs
waveInPrepareHeader
waveInStop

advapi32

SystemFunction036

Exports

Exports

DispatchEmuMessage
EmuCommand
EmuStart
EmuStop

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

742bc158084dd6ff745498c0b40b5be2

Code Sign

27:32:cf:90:31:dc:e4:1d:18:72:da:fd:ce:25:57:e6Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

b8:d3:15:34:94:a1:b2:33:23:72:3e:d2:71:d0:7a:99:14:00:56:aeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

shlwapi

dsound

winmm

advapi32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 3KB - Virtual size: 69KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

27:32:cf:90:31:dc:e4:1d:18:72:da:fd:ce:25:57:e6
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

b8:d3:15:34:94:a1:b2:33:23:72:3e:d2:71:d0:7a:99:14:00:56:ae
Signer

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 69KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB