da450e30080fe9c8c02f5dfe2d59f27e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da450e30080fe9c8c02f5dfe2d59f27e_JaffaCakes118
Size

2.0MB
MD5

da450e30080fe9c8c02f5dfe2d59f27e
SHA1

9362d09d2bb1804c1d5ac6de9e29a7cd2229d719
SHA256

22960045e0a7dacd5a4048c276920db053a29e165e34aec5acd261f544a38d24
SHA512

18f2d2f4bf43e9876ffa3d75517702c688a1e970adeafe38a90dc075a4bf3bb8a26e4ffc053bae9d55f2fa76fb9d55fa682c10347bf09803973be26cc2e02074
SSDEEP

24576:gXnbAPf2V1TIfAY2MjfFgdaWE4LrKMrGK3Ew3oguZaUJYt3VOT6dC8TfE2m6WSD:g0fwTw7TqnLu4ErnA3VOT6dC8TM2pA

Score

1^/10

Malware Config

Signatures

Files

da450e30080fe9c8c02f5dfe2d59f27e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7976573fea412fe7eb8a4e2283a1d89c

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5a:0d:5b:8c:d2:1f:7e:32:5a:e3:6d:08:aa:bb:de:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/10/2014, 00:00

Not After

12/10/2017, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT dept.,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:e2:9d:e0:f6:59:b3:21:42:9e:5d:c7:72:53:69:9a:1c:f8:19:d4
Signer

Actual PE Digest

2b:e2:9d:e0:f6:59:b3:21:42:9e:5d:c7:72:53:69:9a:1c:f8:19:d4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Company\PCProject\ShuRuFa\程序\Trunk\WanNengWB\9.4.1.0430\Temp\Release\MainExe.pdb

Imports

kernel32

CreateFileMappingW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
LockResource
FreeResource
SizeofResource
LoadResource
FindResourceW
GlobalReAlloc
lstrcatW
FileTimeToSystemTime
LCMapStringW
ReleaseMutex
CreateMutexW
FindClose
FindNextFileW
GetSystemTime
FormatMessageA
GetFullPathNameW
GetFullPathNameA
GetTempPathA
GetFileAttributesW
DeleteFileA
GetFileAttributesA
UnlockFile
LockFileEx
LockFile
AreFileApisANSI
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LoadLibraryA
HeapSize
FlushFileBuffers
HeapReAlloc
VirtualAlloc
VirtualFree
FindFirstFileW
HeapDestroy
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
WriteFile
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringA
RaiseException
RtlUnwind
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
MoveFileW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
FindResourceExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
CreateThread
ReadFile
GetFileSize
CreateFileW
GetTempPathW
MoveFileExW
CopyFileW
DeleteFileW
GlobalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetWindowsDirectoryW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableW
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateDirectoryW
QueryPerformanceCounter
GetModuleFileNameW
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
GetVersionExW
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
GetPrivateProfileStringW
Sleep
GetLocalTime
WritePrivateProfileStringW
GetPrivateProfileIntW
HeapCreate

user32

CharNextW
LoadIconW
ReleaseDC
GetDC
DrawTextW
TrackPopupMenu
ModifyMenuW
InsertMenuW
SetMenuInfo
DestroyMenu
DeleteMenu
CreatePopupMenu
CreateMenu
LoadImageW
LoadBitmapW
FillRect
ScreenToClient
WindowFromPoint
KillTimer
SetTimer
SetWindowRgn
EndPaint
BeginPaint
SetLayeredWindowAttributes
SetCapture
GetWindowRgn
OffsetRect
SetRect
MessageBeep
ReleaseCapture
GetAsyncKeyState
GetDlgItemInt
SetDlgItemInt
MessageBoxW
CallWindowProcW
GetDlgItemTextW
SendMessageW
SetFocus
SetCursor
GetDlgItem
EndDialog
SetDlgItemTextW
SetWindowTextW
DialogBoxParamW
PtInRect
SystemParametersInfoW
EnumDisplayMonitors
GetMonitorInfoW
GetDesktopWindow
GetClientRect
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
BringWindowToTop
keybd_event
DestroyWindow
InvalidateRect
ShowWindow
MoveWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
IsWindow
FindWindowW
GetCursorPos
DefWindowProcW
PostQuitMessage
SetWindowLongW
SetWindowPos
GetWindowLongW
PostMessageW
GetWindowTextW
UnregisterClassA
ClientToScreen
GetCaretPos
GetFocus
GetWindowThreadProcessId
GetForegroundWindow
AttachThreadInput
GetWindowRect
GetParent
GetGUIThreadInfo
GetKeyState
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
IsWindowVisible

gdi32

CreateICW
SetPixel
LineTo
MoveToEx
GetBkMode
CreateRectRgnIndirect
CreateCompatibleBitmap
GetPixel
PtInRegion
CreateRectRgn
CombineRgn
EnumFontsW
CreateDIBSection
GetObjectW
TextOutW
GetTextExtentPoint32W
CreateFontW
StretchBlt
BitBlt
CreateCompatibleDC
CreateSolidBrush
DeleteDC
SelectObject
DeleteObject
SetTextColor
SetBkMode
GetStockObject
GetTextExtentPointW
CreatePen
ExtCreateRegion
RestoreDC
SetDIBitsToDevice
SetStretchBltMode
ExtSelectClipRgn
GetClipBox
SaveDC

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

CLSIDFromString

shlwapi

StrRStrIW
PathFileExistsW

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7976573fea412fe7eb8a4e2283a1d89c

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

5a:0d:5b:8c:d2:1f:7e:32:5a:e3:6d:08:aa:bb:de:f6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2b:e2:9d:e0:f6:59:b3:21:42:9e:5d:c7:72:53:69:9a:1c:f8:19:d4Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

msimg32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 236KB - Virtual size: 232KB

.data Size: 44KB - Virtual size: 55KB

.rsrc Size: 299KB - Virtual size: 299KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

5a:0d:5b:8c:d2:1f:7e:32:5a:e3:6d:08:aa:bb:de:f6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2b:e2:9d:e0:f6:59:b3:21:42:9e:5d:c7:72:53:69:9a:1c:f8:19:d4
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 236KB - Virtual size: 232KB

.data
Size: 44KB - Virtual size: 55KB

.rsrc
Size: 299KB - Virtual size: 299KB