a86701a99b4d5226daf5033eb4b46a6e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a86701a99b4d5226daf5033eb4b46a6e_JaffaCakes118
Size

17.9MB
MD5

a86701a99b4d5226daf5033eb4b46a6e
SHA1

50cc3c78111676b6779672a2de9ca39ce9bfb1bd
SHA256

0d4251a0a93af1bc3cd1da4d9d23d18f3ade1fd55d65e7bec6bcfae1d3cc700d
SHA512

5a2697a3b48c8c666bd24fdcb08ab499b3eb3c95278e14afe7d4da9bd2df92aad5119b4ea5cecd175ad695290fd01e3eeab932f7693ef36a23dc686caa4596f3
SSDEEP

393216:ou6r4CVTbukWox1tNCASnFefeG1+/xKgO0nPrcBixcom:oB422Ho7SncfeI+/MKzeieP

Score

1^/10

Malware Config

Signatures

Files

a86701a99b4d5226daf5033eb4b46a6e_JaffaCakes118
.zip
toribash/????.data
toribash/Gamestart.exe
.exe windows:4 windows x86 arch:x86

689af7a1a78562de0914709be4132f6b

Code Sign

35:d0:db:03:c4:17:9b:99:e5:33:70:97:d3:ea:37:ce
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

02/07/2015, 05:55

Not After

02/09/2017, 05:55

Subject

CN=上海游创网络科技有限公司,O=上海游创网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c0d6c65697a40313138382e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:00:00:00:36:7b:02:ea:cd:06:50:7a:73:00:00:00:00:00:36
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:28

Not After

15/08/2023, 20:38

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:6a:3c:25:52:72:d0:92:01:18:05:b3:75:7b:75:bb:b6:58:7b:6b
Signer

Actual PE Digest

53:6a:3c:25:52:72:d0:92:01:18:05:b3:75:7b:75:bb:b6:58:7b:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\svn\APPS\GMSetupPacker\Build\bin\release_static\GMUnPacker.pdb

Imports

wininet

InternetCloseHandle
InternetOpenUrlW
InternetReadFile
HttpQueryInfoW
InternetOpenW
InternetSetOptionW

ws2_32

closesocket
socket
recv
gethostbyname
send
connect
inet_ntoa
WSAStartup
inet_addr
htons
setsockopt

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

MoveFileExW
GetFileAttributesW
GetCurrentDirectoryW
GetTempFileNameW
SetFileAttributesW
GetLongPathNameW
GetSystemDirectoryW
SetLastError
CreateFileW
SetCurrentDirectoryW
RemoveDirectoryW
CreateDirectoryW
lstrlenW
GetTempPathW
DeviceIoControl
DeleteFileW
GetFullPathNameW
SetFileTime
SuspendThread
ResumeThread
TerminateProcess
GetExitCodeProcess
FindClose
GetDriveTypeW
GetVolumeInformationW
GetLogicalDriveStringsW
GetDiskFreeSpaceW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
LoadLibraryW
FreeLibrary
LocalFree
GetProcAddress
LoadLibraryExW
SizeofResource
GetCurrentProcess
HeapFree
FreeResource
LockResource
ExpandEnvironmentStringsW
FindResourceW
LoadResource
MoveFileW
GetProcessHeap
GetFileSize
SetFilePointer
GetFileTime
SetEndOfFile
ReadFile
CreateEventW
WideCharToMultiByte
MultiByteToWideChar
GetSystemInfo
InterlockedDecrement
lstrcpyW
lstrcmpiW
GetVersionExW
SetPriorityClass
QueryPerformanceCounter
ReleaseSemaphore
CreateSemaphoreW
MulDiv
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InterlockedIncrement
GetSystemTimeAsFileTime
OutputDebugStringA
GetModuleHandleA
LocalAlloc
CreateProcessA
lstrcmpW
VerifyVersionInfoW
VerSetConditionMask
lstrcmpA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLastError
CreateProcessW
OutputDebugStringW
FindNextFileW
FindFirstFileW
ResetEvent
SetEvent
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateFileA
lstrcatA
WaitForSingleObject
GetModuleFileNameW
GetModuleFileNameA
GetCommandLineW
lstrcpyA
WriteFile
Sleep
GetPrivateProfileStringW
FormatMessageW
GetTickCount
RaiseException
GetTempPathA
GetModuleHandleW
GetPrivateProfileIntW
lstrlenA
WritePrivateProfileStringW
CopyFileW
CloseHandle
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
LCMapStringW
LCMapStringA
InterlockedExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetStartupInfoW
ExitThread
CreateThread
HeapReAlloc
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
GetCurrentProcessId
VirtualAlloc
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapAlloc
GetThreadLocale

user32

GetClassInfoExW
DestroyIcon
SetCapture
SetFocus
ShowCaret
TranslateAcceleratorW
InvalidateRect
UpdateLayeredWindow
SetWindowRgn
BeginPaint
PtInRect
GetKeyState
CreateCaret
HideCaret
IsWindow
ScreenToClient
CreateWindowExW
GetFocus
GetMonitorInfoW
ReleaseCapture
GetUpdateRect
GetDC
IsWindowEnabled
ReleaseDC
SetCaretPos
TranslateMessage
SendMessageW
EndPaint
GetMessageW
MonitorFromWindow
DispatchMessageW
DrawFocusRect
GetCursorPos
GetActiveWindow
LoadStringW
GetWindowRect
GetWindowThreadProcessId
EnableWindow
GetWindow
IsZoomed
GetWindowTextW
SystemParametersInfoW
GetForegroundWindow
SetForegroundWindow
GetClientRect
GetParent
AttachThreadInput
GetWindowTextLengthW
IsChild
LoadImageW
DefWindowProcW
CallWindowProcW
RegisterClassW
GetPropW
RegisterClassExW
LoadCursorW
SetPropW
PostQuitMessage
IsIconic
wsprintfA
MessageBoxW
PostMessageW
KillTimer
GetSystemMetrics
IsWindowVisible
ShowWindow
SetWindowTextW
SetTimer
SetWindowLongW
SetWindowPos
GetWindowLongW
IsRectEmpty
CopyImage
GetClassNameW
SetMenuItemInfoW
LoadMenuW
GetSubMenu
CreateAcceleratorTableW
DestroyAcceleratorTable
InvalidateRgn
ChildWindowFromPointEx
TrackMouseEvent
GetAsyncKeyState
MoveWindow
RedrawWindow
OffsetRect
CharNextA
SetCursor
LoadBitmapW
ClientToScreen
CharNextW
IntersectRect
MapWindowPoints
GetSysColor
CharPrevW
FillRect
DrawTextW
TrackPopupMenu
DrawIconEx
DestroyWindow

gdi32

GetCharABCWidthsW
SetStretchBltMode
GetBitmapBits
GetClipRgn
SetBitmapBits
ExtTextOutW
GetClipBox
CreateSolidBrush
RoundRect
ExtSelectClipRgn
GetTextExtentPoint32W
TextOutW
StretchBlt
SetBkMode
SetBkColor
SelectClipRgn
SetTextColor
GetDeviceCaps
LineTo
BitBlt
CombineRgn
GetObjectW
Rectangle
CreateRoundRectRgn
EnumFontsW
CreateRectRgn
DeleteObject
SelectObject
DeleteDC
CreatePen
CreateDIBSection
CreateFontIndirectW
CreateEllipticRgn
GetTextMetricsW
CreateCompatibleDC
MoveToEx
CreateCompatibleBitmap
GetStockObject
CreateRectRgnIndirect

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyW

shell32

SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
SHGetDesktopFolder
ShellExecuteA
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CLSIDFromProgID
CLSIDFromString
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
RevokeDragDrop
OleDuplicateData
ReleaseStgMedium

oleaut32

OleLoadPicture
VariantClear
SysAllocString
SysFreeString
VariantInit

shlwapi

PathGetArgsW
StrRetToStrW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
toribash/Readme.txt
toribash/config.dat

Sharing

General

Malware Config

Signatures

Files

689af7a1a78562de0914709be4132f6b

Code Sign

35:d0:db:03:c4:17:9b:99:e5:33:70:97:d3:ea:37:ceCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

33:00:00:00:36:7b:02:ea:cd:06:50:7a:73:00:00:00:00:00:36Certificate

Extended Key Usages

Key Usages

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

53:6a:3c:25:52:72:d0:92:01:18:05:b3:75:7b:75:bb:b6:58:7b:6bSigner

Headers

File Characteristics

PDB Paths

Imports

wininet

ws2_32

msimg32

comctl32

riched20

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 212KB - Virtual size: 208KB

.data Size: 24KB - Virtual size: 35KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 252KB - Virtual size: 251KB

35:d0:db:03:c4:17:9b:99:e5:33:70:97:d3:ea:37:ce
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

33:00:00:00:36:7b:02:ea:cd:06:50:7a:73:00:00:00:00:00:36
Certificate

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

53:6a:3c:25:52:72:d0:92:01:18:05:b3:75:7b:75:bb:b6:58:7b:6b
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 212KB - Virtual size: 208KB

.data
Size: 24KB - Virtual size: 35KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 252KB - Virtual size: 251KB