fbd0a561c431d1bd5a2e7fa064bac509_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbd0a561c431d1bd5a2e7fa064bac509_JaffaCakes118
Size

1.7MB
MD5

fbd0a561c431d1bd5a2e7fa064bac509
SHA1

601a929022f90f48028a54b9aed68179de816382
SHA256

4667ccbfeb18d7a8c5fb98cab7332c03a555f6b0892e40709c68553d2761212d
SHA512

9d4cb671869474168992d5dc4b46ed84d0b86d1dfa1cb0f6f354370fd47be4b93d1d44627e33aa8aa819c33f25237ff06c14cb0971320353eecca06900345ece
SSDEEP

24576:g8mYe7tTzc57rvccWAhJXYjdHMpHruqIAmIEvOfjHxj7J+AD:NmxTNcj0dHMNuqIA0vOf9j7J+AD

Score

1^/10

Malware Config

Signatures

Files

fbd0a561c431d1bd5a2e7fa064bac509_JaffaCakes118
.exe windows:6 windows x86 arch:x86

305fa740d6f5b8d2cf1a9c5c5059efc7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:96:41:06:9c:91:da:66:32:8a:ec:85:6d:9b:78:44
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

17/10/2017, 00:00

Not After

16/10/2020, 23:59

Subject

CN=Plays.tv\, Inc,OU=Engineering,O=Plays.tv\, Inc,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c0:48:2d:a4:5c:e6:9e:15:8d:b2:d8:44:ce:1f:ca:15:db:14:9a:94
Signer

Actual PE Digest

c0:48:2d:a4:5c:e6:9e:15:8d:b2:d8:44:ce:1f:ca:15:db:14:9a:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\GitLab-Runner\builds\d6fd5a5f\0\playstv\ltc-overlay\bin\Release\PlaysTVComm.pdb

Imports

kernel32

DebugBreak
SystemTimeToFileTime
CreateIoCompletionPort
CreateEventA
GetTempFileNameA
TlsFree
GetTempFileNameW
TlsGetValue
SleepEx
WideCharToMultiByte
VerSetConditionMask
DeleteCriticalSection
DecodePointer
QueueUserAPC
CreateThread
RaiseException
Process32Next
DeleteFileA
QueryPerformanceFrequency
TlsAlloc
TerminateThread
SetEvent
GetTempPathA
Sleep
CreateEventW
CreateToolhelp32Snapshot
PostQueuedCompletionStatus
OpenProcess
GetModuleHandleA
DuplicateHandle
K32GetProcessImageFileNameW
GetFileAttributesW
SetThreadErrorMode
FindFirstFileW
SetThreadContext
HeapSize
SetStdHandle
GetProcessHeap
CreateFileW
InitializeCriticalSectionEx
GetQueuedCompletionStatus
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
WriteFile
EnterCriticalSection
SetLastError
VerifyVersionInfoA
TlsSetValue
SetWaitableTimer
Process32First
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
ExitProcess
WriteConsoleW
GetFileType
GetStdHandle
FreeLibraryAndExitThread
ExitThread
RtlUnwind
IsDBCSLeadByteEx
IsValidCodePage
InitializeSListHead
GetStartupInfoW
MoveFileA
CreateDirectoryW
QueryPerformanceCounter
MapViewOfFile
OpenFileMappingA
GetCurrentProcessId
CreateFileMappingA
CloseHandle
OpenMutexA
GetLastError
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCurrentProcess
QueryFullProcessImageNameW
GetModuleFileNameW
GetCurrentDirectoryW
GetFileSizeEx
SetFilePointerEx
MoveFileW
DeleteFileW
SetEndOfFile
FlushFileBuffers
GetLocalTime
GetCurrentThreadId
OutputDebugStringW
CreateMutexW
GetModuleHandleExW
GetCommandLineW
OpenEventA
FindCloseChangeNotification
FindFirstChangeNotificationA
GetFileAttributesExA
CompareFileTime
FindNextChangeNotification
LoadResource
LockResource
SizeofResource
FindResourceW
GetProcAddress
LoadLibraryExW
FreeLibrary
EnumResourceNamesExW
FreeResource
GetVersionExW
ReadFile
Module32Next
GetProcessId
FindClose
Module32First
MultiByteToWideChar
GetModuleHandleExA
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
GlobalAlloc
LocalFree
GetModuleHandleW
VerifyVersionInfoW
RegisterWaitForSingleObject
ResumeThread
GetCommandLineA
GetDiskFreeSpaceExW
GetVersionExA
ResetEvent
CreateProcessW
CreateSymbolicLinkW
FormatMessageA
SetThreadPriority
GlobalFree
GetTickCount
GetCurrentThread
CreateFileA
GetFileSize
LocalAlloc
lstrcmpA
FileTimeToSystemTime
LoadLibraryW
FileTimeToLocalFileTime
lstrcpyW
GetSystemInfo
GlobalMemoryStatusEx
SetDllDirectoryW
GetDllDirectoryW
Process32NextW
Process32FirstW
Module32FirstW
ReadProcessMemory
Module32NextW
VirtualQueryEx
VirtualFree
SuspendThread
GetThreadPriority
VirtualProtectEx
GetThreadContext
FlushInstructionCache
VirtualQuery
OpenThread
DeleteAtom
VirtualProtect
GetStringTypeW
SwitchToThread
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTime

user32

DestroyIcon
GetIconInfo
GetDC
DrawIconEx
ReleaseDC
EnumWindows
GetWindowThreadProcessId
GetWindow
IsWindowVisible
SendMessageTimeoutA
LoadIconA
UnregisterClassA
RegisterClassA
GetForegroundWindow
RegisterWindowMessageA
ShowWindow
GetSystemMetrics
LoadCursorA
AnimateWindow
SetWindowRgn
InvalidateRect
PostQuitMessage
KillTimer
PeekMessageA
TranslateMessage
DefWindowProcA
RegisterHotKey
SetTimer
MsgWaitForMultipleObjects
DestroyWindow
DispatchMessageA
UnregisterHotKey
SendNotifyMessageA
CopyRect
GetMonitorInfoA
EnumDisplayDevicesA
GetDesktopWindow
WindowFromPoint
IsWindow
CreateWindowExA
GetClientRect
FindWindowA

advapi32

RegOpenKeyExW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegDeleteKeyA
RegEnumValueA
OpenProcessToken
RegGetValueW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidA
RegQueryValueExA
AllocateAndInitializeSid
LookupPrivilegeValueA
SetEntriesInAclW
RegCreateKeyExA
RegCreateKeyExW
CopySid
SetSecurityDescriptorSacl
RegSetValueExW
RegSetValueExA
FreeSid
InitializeSecurityDescriptor
RegOpenKeyExA
RegCloseKey
GetTokenInformation
MakeAbsoluteSD
RegQueryValueExW
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoInitialize
PropVariantClear
CoTaskMemAlloc
CoUninitialize

wintrust

WinVerifyTrust

ws2_32

WSASocketW
getaddrinfo
closesocket
connect
select
getsockopt
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
WSASetLastError
WSARecv
WSASend
WSACleanup
WSAStartup

shlwapi

SHCreateStreamOnFileA

crypt32

CryptMsgClose
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CryptHashCertificate
CertFindCertificateInStore
CertGetNameStringA
CryptDecodeObject

psapi

GetModuleFileNameExW

dxgi

CreateDXGIFactory1

gdiplus

GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipFree
GdipImageRotateFlip
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipSaveImageToStream

avifil32

AVIStreamRelease
AVIStreamInfoA
AVIFileOpenW
AVIStreamStart
AVIStreamGetFrameClose
AVIStreamLength
AVIFileInit
AVIFileInfoA
AVIStreamGetFrameOpen
AVIStreamGetFrame
AVIFileRelease
AVIFileGetStream
AVIFileExit

mfplat

MFCreateSample
MFCreateMemoryBuffer
MFCreateMediaType
MFStartup
MFShutdown
MFCreateAttributes

mf

MFEnumDeviceSources

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

setupapi

SetupDiGetClassDevsA
SetupDiEnumDriverInfoA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailA
SetupDiBuildDriverInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsExA
SetupDiOpenDevRegKey

mfreadwrite

MFCreateSourceReaderFromURL

propsys

PropVariantToInt64
PropVariantToUInt32

dxva2

DXVA2CreateVideoService
DXVA2CreateDirect3DDeviceManager9

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetDIBits
DeleteObject
DeleteDC
StretchBlt
SetStretchBltMode
CreateRoundRectRgn
CreateDIBitmap
GetObjectW

shell32

SHCreateItemFromParsingName
ShellExecuteA
ShellExecuteExW
ord727
SHGetFileInfoW
SHGetKnownFolderPath

Exports

Exports

AmdPowerXpressRequestHighPerformance
BuildFileVersionInfo
CancelFadeWidget
CancelTranscode
CheckIntegrity
CheckMediaFileHealth
ConsoleExec
CreateOverlayImage
CreateWidget
DestroyWidget
DiagnoseGVR
DragWidget
ElevateProxy
EnableOverlayHotkey
EnableUI
EnumerateAudioDevices
ExecuteProxyCurrentDirectory
ExtractMultipleVideoSegments
ExtractMultipleVideoSegmentsWithOverlay
ExtractVideoSegment
FadeWidget
FetchThumbnailAsFile
FinalizeMP4Reader
FinalizeMediaReader
GameDVRSaveInstantReplayClip
GameDVRSaveReplayClip
GameDVRStartRecording
GameDVRStopRecording
GetAeroState
GetAvailableDiskSpace
GetBattleNetFriends
GetDiskSpace
GetDuration
GetFrameCount
GetFrameHeight
GetFrameWidth
GetFramerate
GetGVRSupportFlags
GetHardwareEncoderSupportLevelEx
GetInfo
GetMediaFileData
GetOSVersionInfo
GetPartitionSize
GetRecordingTime
GetRevision
GetSteamInfo
GetVideoCardList
GrabFrameByIndex
GrabFrameByTime
HasIntel4IDDriver
InitializeMP4Reader
InitializeMediaReader
IsGameActive
IsSignatureValid
LaunchPlaysDesktopHelper
LaunchUri
LoadGameModule
MuteGameDVR
NotifyGameSaveFinished
NumVideoCaptureDevices
NvOptimusEnablement
QueryFeature
QueryLoLFriendsList
RefreshWidget
RegisterCustomHotkey
RegisterCustomKeybind
ReleaseVideoCardList
SessionQueryFileSize
SetAPIOffsets
SetActiveWidget
SetCallbackAttributeInfo
SetCallbackBattleNetInfo
SetCallbackBitBlt
SetCallbackDwmCompositionChanged
SetCallbackEndSession
SetCallbackFullscreenStateChanged
SetCallbackGameActiveWindow
SetCallbackGameAutoHooked
SetCallbackGameEvent
SetCallbackGameLoad
SetCallbackGameScreenMode
SetCallbackGameScreenSize
SetCallbackGameStateChanged
SetCallbackGameUnloading
SetCallbackGraphicsLibLoaded
SetCallbackHelpLoad
SetCallbackInputActivated
SetCallbackLoginInfo
SetCallbackLtcError
SetCallbackModuleLoaded
SetCallbackNotifyDesktopHelper
SetCallbackNotifyRenderAPI
SetCallbackOpacityChanged
SetCallbackOverlayActivated
SetCallbackPacketInfo
SetCallbackProcessCreated
SetCallbackProcessTerminated
SetCallbackProxyCreated
SetCallbackProxyTerminated
SetCallbackRecorded
SetCallbackRecording
SetCallbackRepaintWidget
SetCallbackScreenshot
SetCallbackWidgetActivated
SetCallbackWidgetMouseLeave
SetCallbackWidgetMoved
SetCallbackWidgetOpacityChanged
SetCallbackWidgetResized
SetCallbackWindowTextChanged
SetCaptureEngine
SetCaptureMode
SetCircularBufferLength
SetCustomCursor
SetDebugPrivileges
SetDebugStatus
SetDefaultDragRgn
SetGameAPIOffsets
SetGameAppHostProcessId
SetGameAudioDevice
SetGameDVRBufferDirectory
SetGameDVRBufferErrorCB
SetGameDVRCaptureEngine
SetGameDVRCaptureReadyCB
SetGameDVRDiskspaceWarningCB
SetGameDVRErrorCB
SetGameDVRFeatureSet
SetGameDVRQuality
SetGameDVRRecordStateChangedCB
SetGameDVRRecordingStartedCB
SetGameDVRRecordingStoppedCB
SetGameDVRReplayLength
SetGameDVRSaveDirectory
SetGameDVRSaveErrorCB
SetGameDVRSaveFinishedCB
SetGameDVRSaveProgressCB
SetGameDVRSaveStartedCB
SetGameDVRVolume
SetGameName
SetGameStrings
SetHardwareEncoderSupportLevel
SetIngameHUDState
SetLogFileHandle
SetLoggingDebugLevel
SetMediaReaderForDeletion
SetMicAudioDevice
SetMinimumFrameBufferSize
SetOpacity
SetOverlayHotkey
SetOverlayKeybind
SetPowerStateChangedCallback
SetPushToTalkFeature
SetPushToTalkHotkey
SetRecorderTargetFramerate
SetResizeThumbSize
SetScreenshotDirectory
SetScreenshotHotkey
SetScreenshotKeybind
SetScreenshotOptions
SetSessionQueryFileSizeCB
SetVideoFilenamePattern
SetWatermarkOverlay
SetWatermarkOverlayDisplayCorner
SetWatermarkOverlayFromFile
SetWidgetDragAxis
SetWidgetDragRgn
SetWidgetFillAlpha
SetWidgetForced
SetWidgetIgnoreScreenBounds
SetWidgetMoveable
SetWidgetOpacity
SetWidgetPosition
SetWidgetResizable
SetWidgetScaleMultiplier
SetWidgetTopMost
SetWidgetVisible
ShowDragDropCursor
ShowOverlayImage
Shutdown
SmoothWindowCorners
StartAutoHookedGame
StartFrameCapture
StartGraphLibScan
Startup
StopFrameCapture
TakeScreenshot
ToasterRollOff
ToasterRollOn
TurnDebugOn
UnloadGameModule
UnregisterCustomHotkey
UnregisterCustomKeybind
UpdateWidgetContents
UseElevationProxy
WatchForWidgetUpdates

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

305fa740d6f5b8d2cf1a9c5c5059efc7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3a:96:41:06:9c:91:da:66:32:8a:ec:85:6d:9b:78:44Certificate

Extended Key Usages

Key Usages

c0:48:2d:a4:5c:e6:9e:15:8d:b2:d8:44:ce:1f:ca:15:db:14:9a:94Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

wintrust

ws2_32

shlwapi

crypt32

psapi

dxgi

gdiplus

avifil32

mfplat

mf

version

setupapi

mfreadwrite

propsys

dxva2

gdi32

shell32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 270KB - Virtual size: 269KB

.data Size: 172KB - Virtual size: 247KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 113KB - Virtual size: 113KB

.reloc Size: 65KB - Virtual size: 65KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3a:96:41:06:9c:91:da:66:32:8a:ec:85:6d:9b:78:44
Certificate

c0:48:2d:a4:5c:e6:9e:15:8d:b2:d8:44:ce:1f:ca:15:db:14:9a:94
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 270KB - Virtual size: 269KB

.data
Size: 172KB - Virtual size: 247KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 113KB - Virtual size: 113KB

.reloc
Size: 65KB - Virtual size: 65KB