07caa6079663453e58d2a542a0623622_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07caa6079663453e58d2a542a0623622_JaffaCakes118
Size

4.9MB
MD5

07caa6079663453e58d2a542a0623622
SHA1

aeab5ce9991f318be9620b911be259d534333015
SHA256

3f2fb27fd23131e129d0ab8d66c53fb7afbf920ba4f81915e3f9a0ad6833ad31
SHA512

3c2537fe586d0becb2f683a39f332c6bc9c8c7e7a44480ec76ed4a45aa861453d3b04fef4b59c40a6badf189b908eaa251e10e58f9052fc5f34f5a9426cbfc5c
SSDEEP

98304:odQdXFfQ5uLFj1kGvrhAgzfHFuiB4UHYDjYkh0vTA5EZKcC6AQWEuh+:oKdXFfCIjWGvrhAgz/FRBt4D0kh0vTA8

Score

1^/10

Malware Config

Signatures

Files

07caa6079663453e58d2a542a0623622_JaffaCakes118
.exe windows:5 windows x86 arch:x86

510853f59656c46e9b9e23dab1ea9e39

Code Sign

6f:02:3a:c9:37:a0:54:12:fb:47:0a:7d:d5:28:3f:fa
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

14/04/2016, 07:40

Not After

14/04/2017, 07:40

Subject

CN=北京丰余科技有限公司,O=北京丰余科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:3c:85:21:3d:2f:bc:8a:0c:71:df:50:72:e0:89:00:4e:56:68:4f
Signer

Actual PE Digest

4c:3c:85:21:3d:2f:bc:8a:0c:71:df:50:72:e0:89:00:4e:56:68:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\yiwanplayer\bin\Release\YiwanLoader.pdb

Imports

kernel32

LocalFree
OutputDebugStringW
LocalAlloc
DeviceIoControl
GetVolumeInformationW
lstrcatW
GetWindowsDirectoryW
GetVersion
SetFileTime
GetFileTime
GetFileSizeEx
ReadFile
FindNextFileW
RemoveDirectoryW
GetFileAttributesW
GetFileSize
VirtualAlloc
VirtualFree
OpenEventW
GetPrivateProfileIntA
GetEnvironmentVariableW
SetEnvironmentVariableW
GetExitCodeProcess
SetUnhandledExceptionFilter
OpenMutexW
CreatePipe
SetHandleInformation
GetStdHandle
GetModuleFileNameA
CreateProcessA
VerSetConditionMask
VerifyVersionInfoW
GlobalMemoryStatusEx
CreateFileA
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
lstrcpyW
FindClose
QueryPerformanceFrequency
FindFirstFileW
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileW
GetModuleHandleW
CreateMutexA
GetPrivateProfileIntW
WritePrivateProfileStringA
lstrcmpiW
lstrcmpW
MulDiv
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
QueryDosDeviceW
GetLogicalDriveStringsW
GetDriveTypeW
IsBadReadPtr
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
DeleteFileW
GetTempFileNameA
OpenMutexA
lstrcmpiA
lstrcmpA
WaitForMultipleObjects
UnmapViewOfFile
ResetEvent
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
WriteConsoleW
SetFileAttributesW
FindFirstFileExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
MoveFileExW
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
GetCPInfo
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
SystemTimeToFileTime
LocalFileTimeToFileTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
SetConsoleCtrlHandler
GetFileAttributesExW
GetSystemTimeAsFileTime
ExitThread
VirtualQuery
VirtualProtect
GetModuleHandleExW
ExitProcess
RtlUnwind
AreFileApisANSI
EncodePointer
GetStringTypeW
lstrlenA
GetTempPathA
GetTickCount
SetThreadPriority
MultiByteToWideChar
ResumeThread
WideCharToMultiByte
GetTempFileNameW
DecodePointer
GetPrivateProfileStringA
GetSystemInfo
FreeLibrary
SetErrorMode
LoadLibraryExW
GetCurrentThreadId
FlushInstructionCache
SetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
GlobalFree
LeaveCriticalSection
EnterCriticalSection
GetLastError
WritePrivateProfileStringW
GetPrivateProfileStringW
HeapReAlloc
HeapSize
HeapDestroy
RaiseException
TerminateProcess
OpenProcess
GetStartupInfoA
GetCurrentProcessId
WriteFile
SetFilePointer
CreateDirectoryW
TerminateThread
CreateThread
GetFileAttributesA
GetShortPathNameA
GetLocalTime
GetTempPathW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
GetStartupInfoW
GetCommandLineW
SetEvent
CreateEventW
ReleaseMutex
CreateMutexW
WaitForSingleObject
CreateFileW
HeapFree
GetProcessHeap
HeapAlloc
Sleep
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
LoadLibraryW
GetCommandLineA
GetVersionExW

user32

GetCapture
SetMenuDefaultItem
TrackPopupMenu
RegisterWindowMessageW
LoadMenuW
UpdateWindow
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRgn
CreateAcceleratorTableW
DefWindowProcW
LoadCursorW
RegisterClassExW
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetWindowRect
SetWindowPos
ShowWindow
DestroyWindow
MoveWindow
GetWindowRgn
GetParent
FindWindowW
EnumDisplaySettingsW
PeekMessageW
ShowCursor
TrackMouseEvent
AdjustWindowRect
CreateWindowExA
SetForegroundWindow
GetDC
GetMessageW
DispatchMessageW
ChangeDisplaySettingsW
SendMessageW
PostMessageW
UnregisterClassW
GetClassInfoExW
PostQuitMessage
IsDialogMessageW
SetWindowTextW
GetDlgItem
EnableWindow
SystemParametersInfoW
LoadImageW
CharNextW
GetSysColor
GetClassNameW
SetFocus
GetFocus
IsChild
GetPropA
IsIconic
SendMessageTimeoutW
TranslateMessage
CreateDialogParamW
OffsetRect
GetCursor
InflateRect
ChildWindowFromPoint
UnionRect
IsRectEmpty
GetSystemMetrics
CopyRect
SetTimer
GetClientRect
ClientToScreen
EqualRect
BeginPaint
EndPaint
CallWindowProcW
IsWindow
InvalidateRect
DrawTextW
SetCapture
ReleaseCapture
GetCursorPos
WindowFromPoint
IsWindowEnabled
ScreenToClient
MessageBoxW
GetWindow
ReleaseDC
wsprintfW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
FillRect
RedrawWindow
SetPropA
RemovePropA
GetMenu
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
IsWindowVisible
SetCursor
KillTimer
PtInRect
GetActiveWindow
IsMenu
RegisterClassW
LoadIconW
EnumDisplayDevicesW
LoadStringW
MsgWaitForMultipleObjects
GetSubMenu

advapi32

AdjustTokenPrivileges
RegEnumKeyExA
InitializeSecurityDescriptor
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
QueryServiceStatus
EnumDependentServicesW
ControlService
RegDeleteKeyW
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
CreateServiceW
StartServiceW
QueryServiceStatusEx
ChangeServiceConfigW
GetTokenInformation
RegOpenKeyExA
RegQueryValueExA

ole32

OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
CoCreateGuid
OleUninitialize
CreateStreamOnHGlobal
CoTaskMemRealloc
CreateBindCtx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathA
Shell_NotifyIconW
SHChangeNotify
ord165
SHCreateDirectoryExW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteA

oleaut32

SafeArrayGetLBound
SafeArrayLock
SafeArrayDestroy
SafeArrayGetVartype
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
SafeArrayGetUBound
VarUI4FromStr
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
VariantTimeToSystemTime
VarDateFromStr
VariantChangeType
SafeArrayUnlock
VariantInit
SysAllocStringLen
VariantClear
DispCallFunc

shlwapi

StrStrIW
PathAddBackslashA
PathAddBackslashW
PathRemoveFileSpecA
PathCombineW
StrStrA
PathRemoveFileSpecW
PathIsDirectoryW
StrStrIA
PathAppendA
PathFileExistsW
StrCpyW
PathAppendW
PathIsUNCW
PathIsNetworkPathW
PathIsNetworkPathA
PathIsRelativeW
PathFileExistsA
PathIsRootW
PathIsRelativeA
SHGetValueA
SHSetValueA
PathFindFileNameW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdi32

GetTextMetricsW
CreateFontIndirectW
CreateSolidBrush
SetTextColor
SetBkMode
SetDIBitsToDevice
PtInRegion
CreateRectRgn
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateDIBSection
GetObjectW
GetStockObject
StretchBlt
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateDCW
PatBlt
SetStretchBltMode
SetViewportOrgEx
EnumFontFamiliesW
GetObjectA
SetBkColor
GetTextExtentPoint32W
ChoosePixelFormat
SetPixelFormat
CreateFontW
SwapBuffers

msimg32

AlphaBlend

opengl32

wglMakeCurrent
wglDeleteContext
wglCreateContext

gdiplus

GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangleI
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipCreatePen1
GdipDeleteGraphics
GdipCloneBrush
GdipDeleteBrush
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipSetTextRenderingHint
GdipDrawString
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromResource
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateFromHDC
GdipFillRectangleI

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

HttpEndRequestW
InternetWriteFile
HttpSendRequestExA
HttpSendRequestA
InternetSetCookieA
HttpOpenRequestA
InternetAttemptConnect
InternetOpenA
InternetConnectA
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
HttpAddRequestHeadersA
InternetReadFile

ws2_32

ioctlsocket
connect
ntohl
htonl
htons
ntohs
setsockopt
recv
shutdown
WSAEventSelect
WSASetEvent
WSACreateEvent
WSARecv
WSAGetOverlappedResult
WSASend
WSAResetEvent
WSAEnumNetworkEvents
WSAConnect
WSAGetLastError
WSASocketW
WSACloseEvent
closesocket
getaddrinfo
freeaddrinfo
socket
WSASetLastError
WSACleanup
WSAStartup
send

winmm

timeBeginPeriod
timeEndPeriod

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupIterateCabinetW
CM_Get_Device_IDW
SetupDiGetDeviceRegistryPropertyW

urlmon

RegisterBindStatusCallback
CreateURLMoniker
URLDownloadToFileW

psapi

GetProcessImageFileNameW

uxtheme

IsAppThemed
IsThemeActive

iphlpapi

GetAdaptersInfo

crypt32

CertFindCertificateInStore
CertGetNameStringW
CryptMsgGetParam
CryptQueryObject

netapi32

Netbios

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 549KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

510853f59656c46e9b9e23dab1ea9e39

Code Sign

6f:02:3a:c9:37:a0:54:12:fb:47:0a:7d:d5:28:3f:faCertificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

4c:3c:85:21:3d:2f:bc:8a:0c:71:df:50:72:e0:89:00:4e:56:68:4fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

msimg32

opengl32

gdiplus

version

wininet

ws2_32

winmm

setupapi

urlmon

psapi

uxtheme

iphlpapi

crypt32

netapi32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 549KB - Virtual size: 548KB

.data Size: 29KB - Virtual size: 242KB

.tls Size: 512B - Virtual size: 5B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 84KB - Virtual size: 83KB

6f:02:3a:c9:37:a0:54:12:fb:47:0a:7d:d5:28:3f:fa
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

4c:3c:85:21:3d:2f:bc:8a:0c:71:df:50:72:e0:89:00:4e:56:68:4f
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 549KB - Virtual size: 548KB

.data
Size: 29KB - Virtual size: 242KB

.tls
Size: 512B - Virtual size: 5B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 84KB - Virtual size: 83KB