General

Malware Config

Signatures

Files

• 01b3f6b2bca082287830f076cc113fda_JaffaCakes118

  .exe windows:6 windows x86 arch:x86

  e71f628c5e485d244428c8cec73b3013

  
  

  Code Sign

  0e:21:a7:5f:74:d4:98:4f:3e:60:fb:42:36:95:29:5f

  Certificate

  Issuer

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  26-03-2018 00:00

  Not After

  31-03-2021 12:00

  Subject

  SERIALNUMBER=5128862,CN=Discord Inc.,O=Discord Inc.,L=San Francisco,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-04-2012 12:00

  Not After

  18-04-2027 12:00

  Subject

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  fb:f1:f8:06:ff:51:22:aa:bb:53:e2:b0:45:80:cf:f9:94:e5:10:b2

  Signer

  Actual PE Digest

  fb:f1:f8:06:ff:51:22:aa:bb:53:e2:b0:45:80:cf:f9:94:e5:10:b2

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  b:\b\discord_desktop\build\x86_mt\DiscordHookHelper.exe.pdb

  Imports

  kernel32

  Thread32First

  Thread32Next

  CreateEventW

  GetFileAttributesA

  GetFileAttributesW

  MoveFileExW

  GetCurrentProcessId

  ProcessIdToSessionId

  OpenProcess

  LocalFree

  VirtualAlloc

  VirtualFree

  VirtualQuery

  HeapCreate

  HeapDestroy

  HeapAlloc

  HeapReAlloc

  HeapFree

  Sleep

  GetCurrentThreadId

  OpenThread

  SuspendThread

  ResumeThread

  GetThreadContext

  SetThreadContext

  FlushInstructionCache

  VirtualProtect

  GetSystemInfo

  GetNativeSystemInfo

  VirtualQueryEx

  ReadProcessMemory

  IsWow64Process

  GetSystemTimeAsFileTime

  lstrcmpiW

  QueryFullProcessImageNameW

  Process32FirstW

  Process32NextW

  RtlCaptureStackBackTrace

  WriteConsoleW

  ReadConsoleW

  ReadFile

  HeapSize

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  SetStdHandle

  GetProcessHeap

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetProcessId

  GetExitCodeThread

  GetProcessTimes

  SetLastError

  OpenFileMappingA

  LoadLibraryW

  GetModuleHandleA

  UnmapViewOfFile

  MapViewOfFile

  GetSystemDirectoryW

  Module32NextW

  Module32FirstW

  CreateToolhelp32Snapshot

  GetModuleHandleW

  GetModuleFileNameW

  GetCurrentProcess

  WaitForSingleObject

  GetLastError

  GetOEMCP

  GetACP

  IsValidCodePage

  FindNextFileW

  FindFirstFileExW

  FindClose

  GetTimeZoneInformation

  SetFilePointerEx

  GetFileSizeEx

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetTimeFormatW

  GetDateFormatW

  CloseHandle

  GetFinalPathNameByHandleW

  GetProcAddress

  CreateFileW

  OutputDebugStringA

  GetCommandLineW

  VerifyVersionInfoW

  VerSetConditionMask

  GetModuleHandleExW

  SetConsoleCtrlHandler

  GetFileType

  WriteFile

  GetStdHandle

  ExitProcess

  ExitThread

  RtlUnwind

  RaiseException

  QueryPerformanceCounter

  QueryPerformanceFrequency

  DuplicateHandle

  WaitForSingleObjectEx

  SwitchToThread

  GetCurrentThread

  WideCharToMultiByte

  MultiByteToWideChar

  GetStringTypeW

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetTickCount

  EnterCriticalSection

  LeaveCriticalSection

  TryEnterCriticalSection

  DeleteCriticalSection

  EncodePointer

  DecodePointer

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetCPInfo

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  InitializeSListHead

  CreateTimerQueue

  SetEvent

  SignalObjectAndWait

  CreateThread

  SetThreadPriority

  GetThreadPriority

  GetLogicalProcessorInformation

  CreateTimerQueueTimer

  ChangeTimerQueueTimer

  DeleteTimerQueueTimer

  GetNumaHighestNodeNumber

  GetProcessAffinityMask

  SetThreadAffinityMask

  RegisterWaitForSingleObject

  UnregisterWait

  OutputDebugStringW

  GetThreadTimes

  FreeLibrary

  FreeLibraryAndExitThread

  LoadLibraryExW

  GetVersionExW

  SetProcessAffinityMask

  ReleaseSemaphore

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  InterlockedFlushSList

  QueryDepthSList

  UnregisterWaitEx

  WaitForMultipleObjectsEx

  FormatMessageW

  user32

  CreateWindowExA

  UnhookWindowsHookEx

  PostThreadMessageW

  EnumThreadWindows

  RegisterClassA

  DefWindowProcA

  IsWindowVisible

  GetWindow

  GetWindowThreadProcessId

  EnumWindows

  EnumChildWindows

  GetWindowLongW

  advapi32

  SetEntriesInAclW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  GetTokenInformation

  ConvertSidToStringSidA

  RegCloseKey

  RegEnumKeyExW

  RegOpenKeyExW

  RegQueryInfoKeyW

  SetSecurityInfo

  SetNamedSecurityInfoW

  GetSecurityInfo

  GetNamedSecurityInfoW

  OpenProcessToken

  FreeSid

  AllocateAndInitializeSid

  RegGetValueW

  shell32

  CommandLineToArgvW

  ole32

  CoTaskMemFree

  CoUninitialize

  CoSetProxyBlanket

  CoCreateInstance

  CoInitializeEx

  oleaut32

  VariantClear

  shlwapi

  PathRemoveFileSpecW

  PathFindFileNameW

  wnsprintfW

  crypt32

  CryptMsgClose

  CryptMsgGetParam

  CertFindCertificateInStore

  CertFreeCertificateContext

  CryptHashPublicKeyInfo

  CertGetNameStringW

  CryptQueryObject

  CertCloseStore

  psapi

  QueryWorkingSet

  EnumProcesses

  GetModuleInformation

  EnumProcessModulesEx

  GetModuleFileNameExW

  wintrust

  WinVerifyTrust

  Sections

  .text

  Size: 1011KB - Virtual size: 1011KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 145KB - Virtual size: 144KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 16KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 8KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .00cfg

  Size: 512B - Virtual size: 260B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 35KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ