f3ef3b7add2c144c95c73b9d9e152fa1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f3ef3b7add2c144c95c73b9d9e152fa1_JaffaCakes118
Size

793KB
MD5

f3ef3b7add2c144c95c73b9d9e152fa1
SHA1

df587a2e03097a44e32365a1a6ed659bc046b3b4
SHA256

023129859f01fffa64c623b8cee78e704b7f82cb00f71ba38e2e1fd6586517b2
SHA512

f78fe952dad951d6b8478631ab0bda9555efd10cb289653ea34b53df9179648d5751871c87c5bec33f6c4c87d3fb22f518aa704e8e68ec9d74756cb4ff39cbba
SSDEEP

24576:XDHxcrwgxrCOqMqK/QYM32FSwFTyInlu9:XjxcrwZ3MqK/QV29FTJny

Score

1^/10

Malware Config

Signatures

Files

f3ef3b7add2c144c95c73b9d9e152fa1_JaffaCakes118
.7z
common.dll
.dll windows:5 windows x86 arch:x86

84cc66d15014dbaea2caafa3607d1756

Code Sign

fc:d6:14:3b:83:9a:13:60:1c:87:73:34:1c:e4:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27-10-2010 00:00

Not After

26-10-2012 23:59

Subject

CN=Playtech Software Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Playtech Software Limited,L=Douglas,ST=Douglas,C=IM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:f1:4b:a1:78:dc:9a:b9:11:00:22:e4:26:a1:ed:a3:a1:8c:19:36
Signer

Actual PE Digest

69:f1:4b:a1:78:dc:9a:b9:11:00:22:e4:26:a1:ed:a3:a1:8c:19:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\PokerBuilder11.1.8\winclient\game\compiled\release\common.pdb

Imports

wsock32

WSASetLastError
send
gethostbyaddr
listen
setsockopt
accept
inet_ntoa
WSACancelBlockingCall
shutdown
ntohl
select
recv
bind
socket
__WSAFDIsSet
closesocket
getsockopt
connect
inet_addr
WSAStartup
ioctlsocket
htonl
WSAGetLastError
htons
ntohs
getservbyport
WSACleanup
getservbyname
gethostbyname

kernel32

FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
SetHandleCount
ExitProcess
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleCP
WriteFile
FreeLibrary
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GlobalMemoryStatus
GetVersionExW
GetSystemInfo
GetDiskFreeSpaceExW
Sleep
CreateMutexW
WaitForSingleObject
GetTickCount
ReleaseMutex
CloseHandle
GetSystemTime
GetEnvironmentVariableW
GetLocaleInfoW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
GetFileAttributesW
CreateDirectoryW
FindClose
GetModuleFileNameW
GetEnvironmentStringsW
GetWindowsDirectoryW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindResourceW
SizeofResource
LoadResource
LockResource
GetFullPathNameW
DeleteFileW
SetLastError
GetCurrentThreadId
GetLastError
GetVersion
GetFileType
GetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GetVersionExA
FlushConsoleInputBuffer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapSize
LCMapStringW
ReadFile
SetFilePointer
SetStdHandle
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
CreateFileW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
SetEndOfFile
GetProcessHeap
GetCPInfo
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
MulDiv
CreateFileA
VirtualFree
GetWindowsDirectoryA
GetVolumeInformationA
VirtualAlloc
DeviceIoControl
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
HeapFree
DecodePointer
EncodePointer
HeapAlloc
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
ExitThread
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
RtlUnwind

user32

GetProcessWindowStation
GetDC
MessageBoxA
GetDesktopWindow
ReleaseDC
GetUserObjectInformationW
MessageBoxW

gdi32

TranslateCharsetInfo
GetDeviceCaps

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
SHChangeNotify
SHGetSpecialFolderLocation
SHFileOperationW
SHGetPathFromIDListW

ole32

CoCreateInstance
CoInitialize

netapi32

Netbios

Exports

Exports

??0CGSConnection@@QAE@ABV0@@Z
??0CGSConnection@@QAE@XZ
??0CProtocolMessenger@prcl_core@@QAE@ABV01@@Z
??0CProtocolMessenger@prcl_core@@QAE@PAVCPackageMapperAbstract@1@PAVIGeneratorVersionMap@1@@Z
??0IGSConnection@@QAE@ABV0@@Z
??0IGSConnection@@QAE@XZ
??1CGSConnection@@UAE@XZ
??1CProtocolMessenger@prcl_core@@QAE@XZ
??1IGSConnection@@UAE@XZ
??4CGSConnection@@QAEAAV0@ABV0@@Z
??4CProtocolMessenger@prcl_core@@QAEAAV01@ABV01@@Z
??4IGSConnection@@QAEAAV0@ABV0@@Z
??_7CGSConnection@@6B@
??_7IGSConnection@@6B@
?ClearStatus@CGSConnection@@UAEXXZ
?Connect@CGSConnection@@UAE_NPBDJ@Z
?ConnectSSL@CGSConnection@@UAE_NPBDJ0PAPBDH0@Z
?ConnectTCP@CGSConnection@@UAE_NPBDJ@Z
?DecodeCompressed@CGSConnection@@AAE_NABV?$vector@DV?$allocator@D@std@@@std@@@Z
?Disconnect@CGSConnection@@UAE_NXZ
?EncodeCompressed@CGSConnection@@AAE_NAAV?$vector@DV?$allocator@D@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?Flush@CGSConnection@@UAE_NXZ
?In@CProtocolMessenger@prcl_core@@QAEPAVCMessageInputStream@2@H@Z
?InitClient@CProtocolMessenger@prcl_core@@QAEXJAAVCInputOutputStream@2@_N1@Z
?InitClientEx@CProtocolMessenger@prcl_core@@QAEXJAAVCInputOutputStream@2@ABV?$set@PAVCIdVersion@prcl_core@@U?$less@PAVCIdVersion@prcl_core@@@std@@V?$allocator@PAVCIdVersion@prcl_core@@@4@@std@@_N22@Z
?IsConnected@CGSConnection@@UBE_NXZ
?Out@CProtocolMessenger@prcl_core@@QAEPAVCMessageOutputStream@2@H@Z
?PackageRecognizer@CGSConnection@@AAE_NXZ
?ReadBinaryPacket@CGSConnection@@AAE_NAAVCGSPacket@@@Z
?ReadField@CGSConnection@@AAE_NAAIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z
?ReadFromSocket@CGSConnection@@AAE_NH@Z
?ReadStringPacket@CGSConnection@@AAE_NAAVCGSPacket@@@Z
?Recv@CGSConnection@@UAE_NAAVCGSPacket@@@Z
?RecvCompressed@CGSConnection@@AAE_NXZ
?RecvUncompressed@CGSConnection@@AAE_NXZ
?ResetConnectionState@CGSConnection@@MAEXXZ
?Send@CGSConnection@@UAE_NABVCGSPacket@@@Z
?SendCompressed@CGSConnection@@UAE_NABV?$list@VCGSPacket@@V?$allocator@VCGSPacket@@@std@@@std@@@Z
?SetPublisherFlag@CGSConnection@@EAE_N_N@Z
?SetPublisherFlag@IGSConnection@@UAE_N_N@Z
?SetSessionGalaxyID@CGSConnection@@QAEXH@Z
?Status@CGSConnection@@UBEHXZ
?VerifyCertificate@CGSConnection@@IBE_NABVX509_certificate@socklib@@ABVX509_publickey@3@@Z
?WriteBinaryPacket@CGSConnection@@AAE_NABVCGSPacket@@@Z
?WriteField@CGSConnection@@AAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?WritePacket@CGSConnection@@AAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVCGSPacket@@@Z
?addInputOutputStream@CProtocolMessenger@prcl_core@@QAEXAAVCInputOutputStream@2@J_N1@Z
?removeInputOutputStream@CProtocolMessenger@prcl_core@@QAEXH@Z
HubServices
Initialize

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84cc66d15014dbaea2caafa3607d1756

Code Sign

fc:d6:14:3b:83:9a:13:60:1c:87:73:34:1c:e4:70Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

69:f1:4b:a1:78:dc:9a:b9:11:00:22:e4:26:a1:ed:a3:a1:8c:19:36Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

netapi32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 436KB - Virtual size: 436KB

.data Size: 111KB - Virtual size: 127KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 167KB - Virtual size: 166KB

fc:d6:14:3b:83:9a:13:60:1c:87:73:34:1c:e4:70
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

69:f1:4b:a1:78:dc:9a:b9:11:00:22:e4:26:a1:ed:a3:a1:8c:19:36
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 436KB - Virtual size: 436KB

.data
Size: 111KB - Virtual size: 127KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 167KB - Virtual size: 166KB