a28abcc31a84e471cef6fb5181196e1a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a28abcc31a84e471cef6fb5181196e1a_JaffaCakes118
Size

2.4MB
MD5

a28abcc31a84e471cef6fb5181196e1a
SHA1

2e3f8b23c00d3397df00c8738da91e406b407569
SHA256

0a228be5a076474666cd5d36ab121cb061b67f35d2b1f37367df94f77c03a066
SHA512

d12de60b2e61861525f80b463c9f7dba6650dabd12974f80cd6e16c31c42aa14233ce0d2f420cdcf672459bacf16a2c8cefe8df21a7a7c464cac83abf4c9cbaa
SSDEEP

49152:CsvbCPlpI8uDmJQGgXCY7RJEm7oCUz70zQjok/AS5AShZh:pbCPDruDmJQGgyYlJOCUYMok/AS5ASh

Score

1^/10

Malware Config

Signatures

Files

a28abcc31a84e471cef6fb5181196e1a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

37b1c5a46f79da11ae82188c5bd0ad8d

Code Sign

53:34:43:f6:9f:c6:1b:86:e9:45:f4:0c:1b:8e:07:78
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

23/01/2017, 04:47

Not After

23/04/2018, 04:47

Subject

CN=Kunshan Kuaila Information Technology Co.\, Ltd.,O=Kunshan Kuaila Information Technology Co.\, Ltd.,L=Kunshan,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

13:99:dc:a2:c9:56:20:84:87:a0:6d:e9:55:f4:d2:79:be:21:1f:65
Signer

Actual PE Digest

13:99:dc:a2:c9:56:20:84:87:a0:6d:e9:55:f4:d2:79:be:21:1f:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\吴玲玉\代码文件\微端制作\2、602游戏微端\Cs 传奇世界\Release\CqsjR.pdb

Imports

kernel32

FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
SetErrorMode
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
SetStdHandle
GetFileType
GetStdHandle
GetModuleFileNameA
FileTimeToLocalFileTime
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
GetProcessHeap
SetEnvironmentVariableA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
FormatMessageW
LocalFree
GlobalFree
GetModuleHandleA
GetCurrentProcessId
ResumeThread
WaitForMultipleObjects
ExitThread
CreateSemaphoreW
ReleaseSemaphore
SetEvent
DeleteCriticalSection
lstrcmpiW
lstrcmpW
MulDiv
InitializeCriticalSection
LoadLibraryExW
GetShortPathNameW
FileTimeToSystemTime
UnmapViewOfFile
GetFileSize
GetThreadLocale
LCMapStringA
LocalAlloc
FreeResource
WriteProcessMemory
IsWow64Process
VirtualAllocEx
GlobalUnlock
TerminateProcess
GetVersionExW
ReadProcessMemory
VirtualFreeEx
GlobalAlloc
GlobalLock
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
CreateEventW
ResetEvent
lstrlenW
GetModuleHandleW
CreateThread
InterlockedCompareExchange
IsProcessorFeaturePresent
SetFileAttributesW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
SetProcessWorkingSetSize
RemoveDirectoryW
Process32FirstW
FindClose
GetFileAttributesW
OpenProcess
WaitForSingleObject
FindFirstFileW
GetProcAddress
GetTickCount
lstrlenA
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileIntW
GetCurrentThreadId
EnterCriticalSection
SetLastError
RaiseException
FlushInstructionCache
LeaveCriticalSection
GetCurrentProcess
WideCharToMultiByte
DeleteFileW
CloseHandle
GetLastError
WritePrivateProfileStringW
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
CopyFileW
Sleep
LoadLibraryW
WriteFile
GetPrivateProfileStringW
CreateDirectoryW
SetUnhandledExceptionFilter
FreeLibrary
CreateMutexW
GetCommandLineW
ExitProcess
LockResource
SizeofResource
LoadResource
FreeEnvironmentStringsW
FindResourceW

user32

IsDialogMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
GetMenu
OffsetRect
SystemParametersInfoA
MapVirtualKeyW
GetKeyNameTextW
GetMenuItemID
GetMenuItemCount
IntersectRect
GetActiveWindow
MapDialogRect
CreateDialogIndirectParamW
WindowFromPoint
EndDialog
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
IsWindowEnabled
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
EndPaint
ClientToScreen
GetWindowTextLengthW
DestroyAcceleratorTable
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
UnregisterClassW
GetFocus
GetParent
InvalidateRgn
CreateAcceleratorTableW
SetFocus
BeginPaint
InflateRect
GetWindowTextW
GetDlgItem
RedrawWindow
GetSysColor
GetWindowPlacement
SetWindowTextW
GetDesktopWindow
FindWindowExW
GetWindowThreadProcessId
wsprintfW
ScreenToClient
GetClientRect
SystemParametersInfoW
CopyRect
SetWindowRgn
SetRectEmpty
TranslateMessage
PeekMessageW
DispatchMessageW
SetCursor
UpdateLayeredWindow
SetWindowContextHelpId
IsIconic
LoadImageW
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
CopyAcceleratorTableW
SetActiveWindow
GetSysColorBrush
KillTimer
GetSubMenu
SetForegroundWindow
GetDC
LoadIconW
CharUpperW
RegisterClipboardFormatW
GetMessageW
GetNextDlgTabItem
ValidateRect
SetRect
LoadMenuW
ReleaseDC
MessageBoxW
GetSystemMetrics
IsWindowVisible
CheckMenuItem
MoveWindow
PostMessageW
SetParent
SetTimer
GetWindowRect
MonitorFromPoint
TrackPopupMenu
LoadCursorW
GetClassInfoExW
RegisterClassExW
AppendMenuW
GetClassNameW
SetWindowPos
GetCursorPos
CreatePopupMenu
CreateWindowExW
EqualRect
ReleaseCapture
DestroyMenu
GetMonitorInfoW
GetWindow
DestroyWindow
PostQuitMessage
GetWindowLongW
SetWindowLongW
ShowWindow
IsWindow
UpdateWindow
CallWindowProcW
DefWindowProcW
PtInRect
InvalidateRect
SendMessageW
EnableWindow
UnregisterHotKey
RegisterHotKey
GetLastActivePopup
UnregisterClassA

gdi32

RectVisible
CreateFontIndirectW
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
DPtoLP
CreateCompatibleBitmap
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetObjectW
GetStockObject
CreateSolidBrush
CreateRoundRectRgn
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
BitBlt
CreateCompatibleDC
TextOutW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
AdjustTokenPrivileges
RegOpenKeyExW
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey

shell32

CommandLineToArgvW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsW
PathRenameExtensionW
PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
CoTaskMemRealloc
OleLockRunning
CoTaskMemFree
CoFreeUnusedLibraries
CLSIDFromProgID
CoInitialize
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CoGetClassObject
OleUninitialize
OleInitialize
StringFromGUID2
CLSIDFromString

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantInit
SysAllocStringLen
SysFreeString
VariantClear
SysAllocString
VariantChangeType
SysStringLen
LoadTypeLi
OleCreateFontIndirect
VarUI4FromStr
LoadRegTypeLi
VariantCopy

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetCrackUrlW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
InternetCanonicalizeUrlW
InternetQueryDataAvailable

gdiplus

GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipDrawImageRectRectI
GdipSetTextRenderingHint
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteFontFamily
GdipCreateSolidFill
GdipAlloc
GdipCreateFont
GdipDrawString
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateStringFormat
GdipDeleteStringFormat
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipReleaseDC
GdipDeletePen
GdipFillRectangle
GdipDrawLineI
GdipDrawImageRectI
GdipDrawImageRectRect
GdipCreatePen1

psapi

EmptyWorkingSet
EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

snmpapi

SnmpUtilOidCpy
SnmpUtilVarBindFree
SnmpUtilOidNCmp

sensapi

IsNetworkAlive

ws2_32

WSAGetLastError
htons
recv
socket
__WSAFDIsSet
select
gethostbyname
send
connect
WSAStartup
closesocket

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37b1c5a46f79da11ae82188c5bd0ad8d

Code Sign

53:34:43:f6:9f:c6:1b:86:e9:45:f4:0c:1b:8e:07:78Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

01Certificate

Key Usages

13:99:dc:a2:c9:56:20:84:87:a0:6d:e9:55:f4:d2:79:be:21:1f:65Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

gdiplus

psapi

iphlpapi

netapi32

snmpapi

sensapi

ws2_32

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 16KB - Virtual size: 33KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 59KB - Virtual size: 58KB

53:34:43:f6:9f:c6:1b:86:e9:45:f4:0c:1b:8e:07:78
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

13:99:dc:a2:c9:56:20:84:87:a0:6d:e9:55:f4:d2:79:be:21:1f:65
Signer

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 16KB - Virtual size: 33KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 59KB - Virtual size: 58KB