32d3f84b3eccd4ce89349c6a009e322a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

32d3f84b3eccd4ce89349c6a009e322a_JaffaCakes118
Size

5.2MB
MD5

32d3f84b3eccd4ce89349c6a009e322a
SHA1

cb0958b7303943b57986068453f30a726c18f893
SHA256

4582f81a92d57354e4111c7eab4042b807d1b0ea5c1ab8e1e9b80dbbb28e7a9c
SHA512

76c9a5ae612b7d591f83cbee67a41f6d314e0e349dfc7e549a865ab94787cc5b347f5f2c71968629686caf04496ff4c7d59ac5079f29edff454bee9fe2a72b0c
SSDEEP

98304:LWZdi44J4BEBMZy67lgsddQE/h0JZclsPzF0V2IrLaz4T7HvhhgNk426:LWZdw4BEBM4EasXQE/hUZQwzF0G4T7Py

Score

1^/10

Malware Config

Signatures

Files

32d3f84b3eccd4ce89349c6a009e322a_JaffaCakes118
.rar
ygtq20100901-v1.0.11.4.exe
.exe windows:4 windows x86 arch:x86

e34355cdbe43d33887e0b3a17055a310

Code Sign

6b:26:74:95:b2:3f:12:e5:8f:a9:15:53:98:d8:c1:fa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/12/2009, 00:00

Not After

12/12/2011, 23:59

Subject

CN=EAZ SOLUTION\, INC.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=EAZ SOLUTION\, INC.,L=Richardson,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:d2:51:73:d4:f0:c9:71:8a:6a:7b:7a:06:00:44:95:5a:b0:f4:24
Signer

Actual PE Digest

1d:d2:51:73:d4:f0:c9:71:8a:6a:7b:7a:06:00:44:95:5a:b0:f4:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryA
PathFileExistsA

kernel32

WritePrivateProfileStringA
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
lstrlenW
GlobalSize
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
SetEnvironmentVariableA
SetCurrentDirectoryA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RaiseException
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
GetACP
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FatalAppExitA
CompareStringA
CompareStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
GetProfileStringA
InterlockedExchange
MulDiv
FreeResource
SizeofResource
GetPrivateProfileStringA
LockResource
LoadResource
FindResourceA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
GetCurrentProcess
DeleteFileA
SetFileAttributesA
GetTempPathA
CloseHandle
WriteFile
CreateFileA
RemoveDirectoryA
FormatMessageA
GetLastError
WaitForSingleObject
CreateProcessA
CreateDirectoryA
FindClose
FindFirstFileA
GetModuleFileNameA
GetSystemDirectoryA
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetCurrentProcessId
GetCurrentThreadId
ReleaseMutex
CreateMutexA
OpenProcess
CopyFileA
GetProcAddress
GetModuleHandleA
lstrcmpiA
GetVersionExA
FreeLibrary
LoadLibraryA
GetSystemInfo
GetFileAttributesA
GetDriveTypeA
GetTickCount
SetFilePointer
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetPrivateProfileIntA
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
SetVolumeLabelA
GetDiskFreeSpaceA
SetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSize
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpA
CreateEventA
SuspendThread
ResumeThread
SetEvent
LocalFree
FindNextFileA
GlobalFree
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
DuplicateHandle

user32

DestroyIcon
PostThreadMessageA
RemoveMenu
RegisterClipboardFormatA
BringWindowToTop
InvalidateRect
UnpackDDElParam
ReuseDDElParam
SetMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
GetMenuStringA
DeleteMenu
InsertMenuA
WindowFromPoint
GetWindowThreadProcessId
WaitMessage
ReleaseCapture
SetCapture
InflateRect
GetDialogBaseUnits
GetSysColorBrush
LoadCursorA
GetDesktopWindow
PtInRect
GetClassNameA
UnregisterClassA
DestroyMenu
LoadStringA
wvsprintfA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
LoadBitmapA
ExitWindowsEx
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
GetWindow
SetWindowContextHelpId
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
SetCursor
ShowOwnedPopups
PostQuitMessage
CopyRect
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
MessageBoxA
PostMessageA
wsprintfA
SetWindowPos
GetSystemMetrics
DrawIcon
AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
SetTimer
KillTimer
EnableWindow
LoadIconA
OemToCharBuffA
CharToOemBuffA
ScreenToClient
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CharToOemA
OemToCharA
CharUpperA
SetFocus
IsWindow
GetMessageA
TranslateMessage
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
UnhookWindowsHookEx
GetParent
GetFocus
IsWindowEnabled
EqualRect

gdi32

ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
DeleteObject
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
SelectClipRgn
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
CreateRectRgnIndirect
CreateBitmap
GetDCOrgEx
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
GetTextColor
GetBkColor
LPtoDP
CopyMetaFileA
CreateDCA
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
CreateDIBitmap
GetObjectA
CreateBrushIndirect
CreateCompatibleDC
BitBlt
DeleteDC
StartDocA
SaveDC
RestoreDC
GetWindowExtEx
GetTextExtentPointA
SelectObject

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteKeyA
LookupPrivilegeValueA
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueA
AdjustTokenPrivileges
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA

shell32

ExtractIconA
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify

comctl32

ord13
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Merge
ImageList_Read
ImageList_Write
ord17

oledlg

ord8

ole32

StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
CoFreeUnusedLibraries
OleUninitialize
CoTreatAsClass
CoDisconnectObject
OleRun
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CreateStreamOnHGlobal
ReleaseStgMedium
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

olepro32

ord253
ord251

oleaut32

VariantChangeType
SysReAllocStringLen
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
SafeArrayRedim
SysAllocStringByteLen
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysStringLen
LoadTypeLi
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SafeArrayCreate

msvcrt

??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
fgetwc
ungetwc
setvbuf
fsetpos
fseek
fgetpos
fgetc
fputc
fwrite
free
calloc
ungetc

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

e34355cdbe43d33887e0b3a17055a310

Code Sign

6b:26:74:95:b2:3f:12:e5:8f:a9:15:53:98:d8:c1:faCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1d:d2:51:73:d4:f0:c9:71:8a:6a:7b:7a:06:00:44:95:5a:b0:f4:24Signer

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

msvcrt

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 32KB - Virtual size: 48KB

.rsrc Size: 5.0MB - Virtual size: 5.0MB

6b:26:74:95:b2:3f:12:e5:8f:a9:15:53:98:d8:c1:fa
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1d:d2:51:73:d4:f0:c9:71:8a:6a:7b:7a:06:00:44:95:5a:b0:f4:24
Signer

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 32KB - Virtual size: 48KB

.rsrc
Size: 5.0MB - Virtual size: 5.0MB