b472b24ade5b97e8609cf0624f83318a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b472b24ade5b97e8609cf0624f83318a_JaffaCakes118
Size

358KB
MD5

b472b24ade5b97e8609cf0624f83318a
SHA1

97ead6022594980245dd82b81969d5af2a0f6131
SHA256

e3a21fcc692a3e39840ca4554a6dd953a8bf809caf26d3d64c6891cbbe2925e9
SHA512

bf2ecb4ee7b65d52c13bb1591b96f52833a7d7e571813c1ef6bc3593dedfc0af013b47803730b336500e3797354c1250989181a0035b92629b9fb5814a90c50d
SSDEEP

6144:W+EJscBxTf5KHARW4TMLXF6cRjoR+nmbL7yQJ3TTDgY0tJ2EDiJgysxp9Bk:2zBxty4TuM6o6gyQJ3Tgnv2Z5

Score

1^/10

Malware Config

Signatures

Files

b472b24ade5b97e8609cf0624f83318a_JaffaCakes118
.rar
《狮心王：国王十字军》中文汉化补丁/962乐游网.url
.url
《狮心王：国王十字军》中文汉化补丁/LionHeart.exe
.exe windows:4 windows x86 arch:x86

8178d11105de2f4fec95d1458f6fd78b

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cc:8d:90:2d:a3:65:87:c9:b2:11:3c:d7:6c:3c:3f:8d
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

17/12/2010, 00:00

Not After

17/12/2011, 23:59

Subject

CN=上海金俊坤计算机技术服务有限公司,OU=WoSign Class 3 Code Signing,O=上海金俊坤计算机技术服务有限公司,L=松江区,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

53:81:39:06:d2:4c:1f:4c:bd:19:e0:cc:0c:52:ea:23:29:bd:e8:50
Signer

Actual PE Digest

53:81:39:06:d2:4c:1f:4c:bd:19:e0:cc:0c:52:ea:23:29:bd:e8:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\trunk\Work\Order\Projects\GameLocal\MemLoader\Release\MemLoader.pdb

Imports

kernel32

CloseHandle
SetFilePointer
ReadFile
WriteFile
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
lstrlenA
GetFileAttributesA
TerminateProcess
CreateProcessA
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
CreateFileA
HeapFree
GetProcessHeap
FreeLibrary
HeapAlloc
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
SetEndOfFile
LCMapStringW
LCMapStringA
GetSystemInfo
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetFileType
SetHandleCount
GetLastError
IsBadReadPtr
GetFileSize
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
VirtualQuery
HeapDestroy
HeapCreate
IsBadWritePtr
GetCurrentProcess
HeapSize
GetStringTypeA
GetStringTypeW

user32

MessageBoxA
GetDesktopWindow
SendMessageA
SetWindowLongA
DialogBoxParamA
EndDialog
IsDlgButtonChecked
GetWindowLongA
LoadIconA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 764KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
《狮心王：国王十字军》中文汉化补丁/游戏说明.txt

Sharing

General

Malware Config

Signatures

Files

8178d11105de2f4fec95d1458f6fd78b

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

cc:8d:90:2d:a3:65:87:c9:b2:11:3c:d7:6c:3c:3f:8dCertificate

Extended Key Usages

Key Usages

53:81:39:06:d2:4c:1f:4c:bd:19:e0:cc:0c:52:ea:23:29:bd:e8:50Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

oleaut32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 764KB - Virtual size: 761KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

cc:8d:90:2d:a3:65:87:c9:b2:11:3c:d7:6c:3c:3f:8d
Certificate

53:81:39:06:d2:4c:1f:4c:bd:19:e0:cc:0c:52:ea:23:29:bd:e8:50
Signer

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 764KB - Virtual size: 761KB