eb6e5cf99d9f40294fdc2975220b4d0f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb6e5cf99d9f40294fdc2975220b4d0f_JaffaCakes118
Size

11.9MB
MD5

eb6e5cf99d9f40294fdc2975220b4d0f
SHA1

6719145c68c6191457cbfde0157755e980bcde92
SHA256

5626f17ffd1272c8faf2e4f5a9517276b6379b706a9ad107c2d40898a2fc7054
SHA512

e015cb707353c205c6fcbe1b507f152ab5c93ec2e763e34ce8ccf6edbcef3255c60cab71d232e8baea5eef26bf2b93b690586dfdc8120835697d49ac8043599f
SSDEEP

196608:5L1L7cndWfs7CQtOR53cWTC45UG9Z7lJXzSstevFAowkRP3Akqz8gsEo:5FcndWf0CQe53c87ZJXzSsGhwkRP3AkH

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/shumabaobei2/PlayGame.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/安装程序.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

eb6e5cf99d9f40294fdc2975220b4d0f_JaffaCakes118
.rar
shumabaobei2/InstallCfg.config
shumabaobei2/PlayGame.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/08/2013, 00:00

Not After

07/08/2015, 23:59

Subject

CN=Wuhan Weijun Technology Co. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=技术部,O=Wuhan Weijun Technology Co. Ltd.,L=Wuhan,ST=Hubei,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75
Signer

Actual PE Digest

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 406KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
shumabaobei2/flashplayer_11_sa_debug_32bit.exe
.exe windows:5 windows x86 arch:x86

9d935320e17a06db6b40261fb63f7841

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/12/2010, 00:00

Not After

14/12/2012, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Information Systems+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:0b:68:6e:f6:0c:8c:4a:82:58:98:56:c0:d0:44:a9:7f:6e:6a:75
Signer

Actual PE Digest

43:0b:68:6e:f6:0c:8c:4a:82:58:98:56:c0:d0:44:a9:7f:6e:6a:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

FlashPlayer.pdb

Imports

crypt32

CryptDecodeObjectEx
CertNameToStrW
CertVerifyTimeValidity
CertVerifyRevocation
CertFindRDNAttr
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertCreateCertificateContext
CryptGetMessageCertificates
CryptVerifyMessageSignature
CertRDNValueToStrW
CertOpenStore
CryptFindOIDInfo
CertCompareCertificateName
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCompareCertificate
CertCloseStore
CertAddStoreToCollection

urlmon

CopyStgMedium

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

waveInStop
waveOutClose
waveInClose
waveInUnprepareHeader
waveInReset
waveInPrepareHeader
timeSetEvent
waveOutGetPosition
timeGetTime
mixerGetID
waveInGetDevCapsA
waveOutGetDevCapsA
waveOutMessage
waveInMessage
mixerClose
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetDevCapsA
mixerOpen
mixerGetControlDetailsA
waveOutRestart
waveOutPause
waveInGetPosition
mixerSetControlDetails
waveInAddBuffer
waveInStart
waveOutReset
waveOutOpen
waveInGetNumDevs
waveOutGetNumDevs
waveInGetDevCapsW
waveOutGetDevCapsW
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeKillEvent
waveInOpen

oleaut32

SysFreeString

dsound

ord8

kernel32

VerifyVersionInfoW
VerSetConditionMask
CreateFileA
GlobalFree
ReadFile
GetFileSize
CreateThread
LockResource
LoadResource
FindResourceExA
FindResourceExW
SetUnhandledExceptionFilter
GetTempPathW
FindClose
FindNextFileW
FindFirstFileW
InterlockedIncrement
InterlockedDecrement
GetTimeZoneInformation
ReleaseSemaphore
WaitForMultipleObjects
SetEvent
CreateSemaphoreW
GetTempPathA
GetModuleFileNameA
GetModuleFileNameW
GetTempFileNameW
GetSystemDirectoryW
ExpandEnvironmentStringsA
WideCharToMultiByte
CreateProcessW
GetTempFileNameA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
CreateMutexA
SetFilePointerEx
CreateFileW
GetFileAttributesExW
GetFileInformationByHandle
GetVolumeInformationW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
GetVersionExA
CreateDirectoryW
TlsSetValue
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
SetThreadPriority
TerminateThread
lstrcpyA
lstrlenA
CompareFileTime
LocalFree
QueueUserAPC
OpenThread
SleepEx
GetModuleHandleA
SetEndOfFile
SetFileAttributesA
CopyFileA
GetCommandLineW
GetStartupInfoW
GetCommandLineA
SwitchToThread
SetFilePointer
WriteFile
GetUserDefaultUILanguage
GetUserDefaultLangID
VirtualQuery
GetFileAttributesW
DeleteFileW
MoveFileExW
GetModuleHandleW
GetSystemInfo
GlobalAlloc
GlobalSize
GetCurrentProcessId
GlobalLock
GlobalUnlock
CreateProcessA
GetVersionExW
LCMapStringW
CreateEventA
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
InterlockedExchangeAdd
lstrlenW
GetVersion
DeviceIoControl
VirtualAlloc
VirtualFree
CreateSemaphoreA
FormatMessageW
TlsAlloc
TlsFree
FormatMessageA
ConnectNamedPipe
CreateNamedPipeA
FlushFileBuffers
GetNumberFormatW
GetCurrencyFormatW
CompareStringW
GetDateFormatW
GetTimeFormatW
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
GetProcessHeap
HeapFree
HeapSize
VirtualProtect
GetProcessAffinityMask
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlUnwind
ExitProcess
GetStartupInfoA
SetStdHandle
GetFileType
GetSystemTimeAsFileTime
GetStdHandle
TerminateProcess
IsDebuggerPresent
HeapCreate
HeapReAlloc
GetOEMCP
GetTickCount
GetLocaleInfoW
GetEnvironmentVariableW
GetLastError
ResetEvent
WaitForSingleObject
LoadLibraryW
SetLastError
GetCurrentThreadId
FlushInstructionCache
RaiseException
GetCurrentThread
SetThreadAffinityMask
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
CreateEventW
CloseHandle
ExitThread
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
OutputDebugStringA
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetHandleCount
LCMapStringA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
GetFileSizeEx

user32

LoadMenuW
DeleteMenu
GetWindowTextW
IsIconic
GetMenu
ShowWindowAsync
GetWindow
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
IsZoomed
GetSystemMenu
SetMenu
EnumDisplaySettingsW
FlashWindowEx
GetActiveWindow
MapWindowPoints
SetCaretPos
DestroyCaret
ShowCaret
EnumDisplayDevicesW
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
RegisterClipboardFormatW
IsWindow
TrackMouseEvent
GetCapture
EnumWindows
GetCursorPos
GetWindowThreadProcessId
AttachThreadInput
MessageBoxW
LoadStringA
GetWindowInfo
CopyRect
GetFocus
UnregisterClassA
CheckMenuItem
GetQueueStatus
RemoveMenu
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
DrawMenuBar
SetMenuInfo
MapVirtualKeyW
GetKeyState
GetForegroundWindow
WaitForInputIdle
CreatePopupMenu
CreateMenu
ShowWindow
GetSubMenu
TrackPopupMenu
ReleaseCapture
KillTimer
SetCapture
SetTimer
UpdateWindow
BeginPaint
EndPaint
InvalidateRect
DestroyMenu
MessageBoxA
EnableWindow
GetWindowTextLengthW
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamW
GetDlgItemTextW
SetDlgItemTextW
GetWindowTextA
InsertMenuA
InsertMenuW
GetWindowTextLengthA
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
GetMenuStringA
GetMenuStringW
EnableMenuItem
MoveWindow
ScreenToClient
SetWindowTextA
GetClientRect
LoadStringW
RedrawWindow
DialogBoxIndirectParamW
EndDialog
GetDesktopWindow
SetWindowPos
LoadIconW
GetDlgItem
SetWindowTextW
GetParent
SendMessageTimeoutW
SendMessageW
CreateIconIndirect
SetFocus
FillRect
PostMessageW
SetRectEmpty
DestroyWindow
SetCursor
GetCursor
DestroyIcon
GetPropW
SetPropW
GetMonitorInfoW
SystemParametersInfoW
GetClipboardFormatNameA
RegisterClipboardFormatA
GetDC
ReleaseDC
DdeInitializeW
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
ClientToScreen
SendInput
GetKeyboardLayout
GetWindowRect
UpdateLayeredWindow
EnumDisplayDevicesA
GetSystemMetrics
SetRect
OffsetRect
MonitorFromWindow
CreateWindowExW
RegisterClassExW
GetWindowLongW
CallWindowProcW
DefWindowProcW
PostQuitMessage
LoadCursorW
GetClassInfoExW
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
GetDoubleClickTime
PostMessageA
RegisterWindowMessageA
IsWindowEnabled
CreateCaret

gdi32

GetTextAlign
GetBkMode
GetTextColor
SelectClipRgn
CreateRectRgn
SetTextCharacterExtra
CreatePen
GetTextExtentPoint32W
SetBkMode
GetClipRgn
GetDeviceCaps
GetTextExtentPoint32A
GetTextCharacterExtra
SetWorldTransform
SetGraphicsMode
SelectObject
ExtTextOutW
GetCurrentObject
SetTextAlign
GetWorldTransform
CreatePalette
GetSystemPaletteEntries
RealizePalette
SelectPalette
LPtoDP
StartDocW
EndDoc
CreateSolidBrush
StrokePath
ExtCreatePen
FillPath
StretchDIBits
GetClipBox
IntersectClipRect
CreateFontIndirectA
BitBlt
CreateDIBSection
GetFontData
EnumFontFamiliesExW
GetObjectW
GdiFlush
DeleteDC
CreateCompatibleDC
RestoreDC
SelectClipPath
PolyBezierTo
DPtoLP
LineTo
MoveToEx
StartPage
EndPage
SetPolyFillMode
ExtTextOutA
SaveDC
BeginPath
GetBkColor
EndPath
EnumFontFamiliesA
GetTextMetricsW
CreateFontIndirectW
CreateBitmap
SetPixel
GetStockObject
CreateDCA
GetICMProfileA
EnumFontFamiliesW
DeleteObject
GetStretchBltMode
SetStretchBltMode
StretchBlt
SetBkColor
SetTextColor

comdlg32

CommDlgExtendedError
GetSaveFileNameW
PrintDlgW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW

advapi32

CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
CryptAcquireContextW
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

DragQueryFileA
DragAcceptFiles
SHGetDiskFreeSpaceExW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetFolderPathA
SHBrowseForFolderW
SHGetPathFromIDListW
DragQueryFileW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateBindCtx
ReleaseStgMedium
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleGetClipboard
OleInitialize
CoInitialize
CoUninitialize
PropVariantClear

ws2_32

socket
bind
listen
WSASetLastError
getservbyport
ntohs
gethostbyaddr
htons
getservbyname
htonl
recv
gethostbyname
WSAGetLastError
inet_addr
send
closesocket
WSACleanup
WSAStartup
select
WSAAsyncSelect
WSAIoctl
WSASocketW
setsockopt
getsockname
WSACloseEvent
recvfrom
sendto
WSAAddressToStringA
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
ioctlsocket
connect
gethostname
ntohl
accept
inet_ntoa

mscms

TranslateBitmapBits
CloseColorProfile
CreateColorTransformW
OpenColorProfileW
DeleteColorTransform

opengl32

wglGetProcAddress

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 243KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 581KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shumabaobei2/flashplayer_11_sa_debug_32bit.ico
shumabaobei2/rungame.ini
shumabaobei2/数码宝贝2.swf
shumabaobei2/游戏说明.txt
安装程序.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/08/2013, 00:00

Not After

07/08/2015, 23:59

Subject

CN=Wuhan Weijun Technology Co. Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=技术部,O=Wuhan Weijun Technology Co. Ltd.,L=Wuhan,ST=Hubei,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:4e:36:4e:65:9d:9a:2c:f2:9b:10:16:a7:55:08:28:f5:90:ad:19
Signer

Actual PE Digest

ae:4e:36:4e:65:9d:9a:2c:f2:9b:10:16:a7:55:08:28:f5:90:ad:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 632KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 400KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75Signer

Headers

File Characteristics

Sections

CODE Size: 406KB - Virtual size: 1.0MB

DATA Size: 6KB - Virtual size: 16KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 76KB

.rsrc Size: 1.9MB - Virtual size: 2.3MB

.aspack Size: 97KB - Virtual size: 100KB

.adata Size: - Virtual size: 4KB

9d935320e17a06db6b40261fb63f7841

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

43:0b:68:6e:f6:0c:8c:4a:82:58:98:56:c0:d0:44:a9:7f:6e:6a:75Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

urlmon

version

winmm

oleaut32

dsound

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

mscms

opengl32

Sections

.text Size: 6.0MB - Virtual size: 6.0MB

.rodata Size: 4KB - Virtual size: 4KB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 243KB - Virtual size: 1.3MB

.rodata Size: 1KB - Virtual size: 1KB

.rsrc Size: 581KB - Virtual size: 580KB

.reloc Size: 316KB - Virtual size: 316KB

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

30:6d:20:74:43:60:3f:cd:67:fb:f3:5f:d5:9f:80:fe:86:09:4b:75
Signer

CODE
Size: 406KB - Virtual size: 1.0MB

DATA
Size: 6KB - Virtual size: 16KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 76KB

.rsrc
Size: 1.9MB - Virtual size: 2.3MB

.aspack
Size: 97KB - Virtual size: 100KB

.adata
Size: - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

43:0b:68:6e:f6:0c:8c:4a:82:58:98:56:c0:d0:44:a9:7f:6e:6a:75
Signer

.text
Size: 6.0MB - Virtual size: 6.0MB

.rodata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 243KB - Virtual size: 1.3MB

.rodata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 581KB - Virtual size: 580KB

.reloc
Size: 316KB - Virtual size: 316KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6d:b1:93:a7:41:09:c3:69:9c:ec:1a:a4:ea:94:38:33
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ae:4e:36:4e:65:9d:9a:2c:f2:9b:10:16:a7:55:08:28:f5:90:ad:19
Signer

UPX0
Size: - Virtual size: 632KB

UPX1
Size: 135KB - Virtual size: 136KB

.rsrc
Size: 400KB - Virtual size: 404KB

.text
Size: 274KB - Virtual size: 274KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 399KB - Virtual size: 399KB

.reloc
Size: 16KB - Virtual size: 16KB