abb1ace4893e36b5b3cefd49d920e695_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

abb1ace4893e36b5b3cefd49d920e695_JaffaCakes118
Size

2.8MB
MD5

abb1ace4893e36b5b3cefd49d920e695
SHA1

1eab6da0a6bc2458f77c7bb52bf9966c572716e4
SHA256

e9f3b0d4ae1768b980b7586aee0d7f36f7a3eaff1670b2bb4e4304714358c107
SHA512

4dd0529f126cedddf4430158f8185f189edf4014f1c078f3d5bc424789e2ecbd421735f94985115b68bb50ff7e77d2e523ae66d06d36e07dc477b7887e071617
SSDEEP

49152:C5iqeJZws6OplrIW8uDmJC/EZTLlgM9OeM172/80YsOzQjok/AS5ASeE3r:C5irufOplEduDmJzJLlgME9sUMok/ASV

Score

1^/10

Malware Config

Signatures

Files

abb1ace4893e36b5b3cefd49d920e695_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3c426ef4913b2d1ad93c3a2fa563aa66

Code Sign

1d:27:67:31:19:fb:06:96:27:6c:d8:bb:c3:cb:1c:50
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

23/01/2017, 05:07

Not After

23/04/2018, 05:07

Subject

CN=Kunshan Kuaila Information Technology Co.\, Ltd.,O=Kunshan Kuaila Information Technology Co.\, Ltd.,L=Kunshan,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

ce:2f:99:82:5a:fa:5a:f1:33:ab:8f:cb:2c:c4:46:bc:22:20:f1:16:7b:d9:28:2c:1b:28:1c:71:17:16:6b:5a
Signer

Actual PE Digest

ce:2f:99:82:5a:fa:5a:f1:33:ab:8f:cb:2c:c4:46:bc:22:20:f1:16:7b:d9:28:2c:1b:28:1c:71:17:16:6b:5a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\吴玲玉\代码文件\微端制作\2、602游戏微端\Ls 蓝月传奇\Release\lycqr.pdb

Imports

kernel32

OpenEventA
IsProcessorFeaturePresent
FileTimeToLocalFileTime
CreateFileMappingA
SetEnvironmentVariableA
GetProcessHeap
GetDriveTypeA
GetCurrentDirectoryA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
HeapReAlloc
HeapSize
HeapAlloc
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
QueryPerformanceCounter
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetModuleFileNameA
RtlUnwind
IsBadReadPtr
HeapValidate
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
GetFileTime
GetFileSizeEx
VirtualProtect
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
GetThreadLocale
LocalAlloc
GetAtomNameW
CompareStringA
InterlockedExchange
lstrcmpA
GetCurrentThread
GetLocaleInfoW
ConvertDefaultLocale
EnumResourceLanguagesW
CompareStringW
InterlockedCompareExchange
GlobalGetAtomNameW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExA
GlobalFree
GetModuleHandleA
GetCurrentProcessId
ResumeThread
GetCurrentThreadId
WaitForMultipleObjects
ExitThread
CreateSemaphoreW
ReleaseSemaphore
SetEvent
LocalFree
DeleteCriticalSection
lstrcmpiW
RaiseException
lstrcmpW
MulDiv
FormatMessageW
InitializeCriticalSection
LoadLibraryExW
GetShortPathNameW
FileTimeToSystemTime
UnmapViewOfFile
MapViewOfFile
GetFileSize
FreeResource
WriteProcessMemory
IsWow64Process
VirtualAllocEx
GlobalUnlock
TerminateProcess
GetVersionExW
ReadProcessMemory
VirtualFreeEx
GlobalAlloc
GlobalLock
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
CreateEventW
ResetEvent
lstrlenW
GetModuleHandleW
CreateThread
SetFileAttributesW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
SetProcessWorkingSetSize
RemoveDirectoryW
Process32FirstW
FindClose
GetFileAttributesW
OpenProcess
WaitForSingleObject
FindFirstFileW
GetProcAddress
GetTickCount
FindResourceW
lstrlenA
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileIntW
EnterCriticalSection
SetLastError
FlushInstructionCache
LeaveCriticalSection
GetCurrentProcess
WideCharToMultiByte
DeleteFileW
CloseHandle
GetLastError
WritePrivateProfileStringW
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
CopyFileW
Sleep
LoadLibraryW
WriteFile
GetPrivateProfileStringW
CreateDirectoryW
SetUnhandledExceptionFilter
FreeLibrary
CreateMutexW
GetCommandLineW
ExitProcess
LockResource
SizeofResource
LoadResource
LoadLibraryA

user32

WindowFromPoint
SetParent
GetTopWindow
GetNextDlgTabItem
GetNextDlgGroupItem
GetCapture
KillTimer
ShowOwnedPopups
ValidateRect
UpdateWindow
MapWindowPoints
BringWindowToTop
SetWindowRgn
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
MapDialogRect
ModifyMenuW
InsertMenuItemW
GetMenuItemInfoW
GetMenuState
GetMenuItemID
GetMenuItemCount
EnableMenuItem
CheckMenuItem
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetSysColorBrush
GetWindowDC
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EndPaint
UnhookWindowsHookEx
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
UnregisterClassW
GetFocus
GetParent
InvalidateRgn
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
InflateRect
InvalidateRect
GetWindowTextW
GetDlgItem
RedrawWindow
GetSysColor
SetWindowTextW
LoadIconW
GetSubMenu
LoadMenuW
GetDesktopWindow
FindWindowExW
GetWindowThreadProcessId
wsprintfW
SystemParametersInfoW
TranslateMessage
PeekMessageW
DispatchMessageW
SetCursor
UpdateLayeredWindow
IsIconic
LoadImageW
SetForegroundWindow
GetDC
ReleaseDC
WinHelpW
RegisterHotKey
MessageBoxW
GetSystemMetrics
IsWindowVisible
MoveWindow
PostMessageW
SetTimer
GetWindowRect
IsMenu
MonitorFromPoint
TrackPopupMenu
LoadCursorW
GetClassInfoExW
RegisterClassExW
AppendMenuW
GetClassNameW
SetWindowPos
GetCursorPos
CreatePopupMenu
CreateWindowExW
ReleaseCapture
GetForegroundWindow
SetWindowContextHelpId
PostThreadMessageW
GetKeyNameTextW
DestroyMenu
GetMonitorInfoW
MapVirtualKeyW
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
GetMessagePos
GetMessageTime
GetMenu
SetMenu
RemovePropW
UnregisterHotKey
DefWindowProcW
UnregisterClassA
SetRect
PtInRect
CallWindowProcW
SendMessageW
IsWindow
ShowWindow
SetWindowLongW
GetWindowLongW
GetKeyState
GetPropW
PostQuitMessage
DestroyWindow
GetWindow
SetPropW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
ClientToScreen
GetDlgCtrlID
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
DeferWindowPos
EqualRect
AdjustWindowRectEx
SendDlgItemMessageA
SendDlgItemMessageW
RegisterClassW
GetClassInfoW
IsDialogMessageW
GetMessageW
RegisterClipboardFormatW
CharUpperW
LoadAcceleratorsW
TranslateAcceleratorW
ReuseDDElParam
UnpackDDElParam
SetRectEmpty
GetClipboardFormatNameA
GetClipboardFormatNameW
IsRectEmpty
MessageBeep
CopyAcceleratorTableW
LoadBitmapW

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetObjectType
CreatePatternBrush
CreateFontIndirectW
CreateRectRgnIndirect
CreateRoundRectRgn
GetRgnBox
GetBkColor
GetTextColor
GetMapMode
OffsetViewportOrgEx
GetWindowExtEx
DPtoLP
SetMapMode
PtVisible
RectVisible
GetPixel
TextOutW
ExtTextOutW
GetTextExtentPoint32W
Escape
SetViewportOrgEx
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
BitBlt
GetDeviceCaps
CreateCompatibleBitmap
GetObjectW
GetStockObject
GetClipBox
CreateSolidBrush
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
GetViewportExtEx
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteValueW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
SetThreadToken
RevertToSelf
OpenThreadToken
RegCreateKeyExW
RegQueryInfoKeyW

shell32

CommandLineToArgvW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragFinish
DragQueryFileW
ShellExecuteW

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsW
PathRenameExtensionW
PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathIsUNCW
PathStripToRootW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoGetClassObject
OleUninitialize
OleInitialize
StringFromGUID2
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
StringFromCLSID
CLSIDFromString
CoTaskMemRealloc
OleLockRunning
CoTaskMemFree
CoFreeUnusedLibraries
CLSIDFromProgID
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantChangeType
SysStringLen
LoadTypeLi
OleCreateFontIndirect
VarUI4FromStr
LoadRegTypeLi
VariantCopy
SysAllocStringLen
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit

wininet

InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
HttpAddRequestHeadersW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetOpenW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
InternetCrackUrlW

gdiplus

GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipDrawImageRectI
GdipDrawImageRectRect
GdipCreatePen1
GdipDrawLineI
GdipFillRectangle
GdipDeletePen
GdipReleaseDC
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdiplusShutdown
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipDrawString
GdipCreateFont
GdipAlloc
GdipCreateSolidFill
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteFont
GdipSetTextRenderingHint
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipDrawImageRectRectI

psapi

EmptyWorkingSet
EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

netapi32

Netbios

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidCpy
SnmpUtilOidNCmp

sensapi

IsNetworkAlive

ws2_32

WSAStartup
connect
select
WSAGetLastError
recv
socket
__WSAFDIsSet
closesocket
gethostbyname
send
htons

Sections

.text
Size: 865KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c426ef4913b2d1ad93c3a2fa563aa66

Code Sign

1d:27:67:31:19:fb:06:96:27:6c:d8:bb:c3:cb:1c:50Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

01Certificate

Key Usages

ce:2f:99:82:5a:fa:5a:f1:33:ab:8f:cb:2c:c4:46:bc:22:20:f1:16:7b:d9:28:2c:1b:28:1c:71:17:16:6b:5aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

gdiplus

psapi

iphlpapi

netapi32

snmpapi

sensapi

ws2_32

Sections

.text Size: 865KB - Virtual size: 865KB

.rdata Size: 217KB - Virtual size: 217KB

.data Size: 16KB - Virtual size: 35KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 117KB - Virtual size: 116KB

1d:27:67:31:19:fb:06:96:27:6c:d8:bb:c3:cb:1c:50
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

ce:2f:99:82:5a:fa:5a:f1:33:ab:8f:cb:2c:c4:46:bc:22:20:f1:16:7b:d9:28:2c:1b:28:1c:71:17:16:6b:5a
Signer

.text
Size: 865KB - Virtual size: 865KB

.rdata
Size: 217KB - Virtual size: 217KB

.data
Size: 16KB - Virtual size: 35KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 117KB - Virtual size: 116KB