0adbe1727c744ca78e17e7181ce98512_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0adbe1727c744ca78e17e7181ce98512_JaffaCakes118
Size

787KB
MD5

0adbe1727c744ca78e17e7181ce98512
SHA1

5c2bb89f40b6b6724d703220da0b11e8ca744c9a
SHA256

5ad10559d8cb0d1c6f64a6e96faca70b742ef69f92edf404632345041f4544a0
SHA512

4b870292e55f6c3fa11d55e270f43017cfbb8844e8b18c6236c2d150fa984954eedd091ab2dc4ef7dd733caabc1c47f6bfa16f8fb7593d60ad96e509265bea8d
SSDEEP

12288:dRZbWSMidLEpB54HUHrerCFGBvALlvhpmTWTF7yGb50GMDfvLtV:1bhMG4p56BOlvhoTWTlVd0VDfxV

Score

1^/10

Malware Config

Signatures

Files

0adbe1727c744ca78e17e7181ce98512_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8d5ac8f377882a6fb40a837c248facb2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:14:f2:cf:6d:87:1e:01:9a:b0:8d:5c:a4:85:46:57
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/10/2016, 00:00

Not After

25/10/2019, 23:59

Subject

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130953616e204d6174656f,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:54:f6:8b:63:a8:d7:61:3e:28:b8:da:75:8d:4f:e9:4b:ea:38:53
Signer

Actual PE Digest

5f:54:f6:8b:63:a8:d7:61:3e:28:b8:da:75:8d:4f:e9:4b:ea:38:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\work\Trunk2017\build.msvc\Win32\Installer-Release\BootstrapperClient\RobloxPlayerLauncher.pdb

Imports

kernel32

DeleteCriticalSection
RaiseException
DecodePointer
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
GetModuleHandleW
OpenEventW
CreateEventW
CreateMutexW
lstrcmpW
CloseHandle
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
HeapSize
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetStdHandle
ExitProcess
SetFilePointerEx
GetFileType
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
LoadLibraryExW
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
EncodePointer
OutputDebugStringW
IsDebuggerPresent
lstrcatW
lstrcpyW
HeapDestroy
GetProcAddress
LocalFree
FormatMessageA
LockResource
FreeLibrary
LoadResource
SizeofResource
LoadLibraryW
FindResourceW
FindResourceExW
CreateDirectoryW
CreateFileW
GetFileAttributesW
GetVersionExW
GetCurrentThreadId
FindClose
FormatMessageW
FindFirstFileW
FindNextFileW
CopyFileW
GetSystemTime
GetTempPathW
WaitForSingleObjectEx
VerSetConditionMask
InterlockedIncrement
InterlockedDecrement
OpenProcess
GetCurrentProcess
TerminateProcess
GetCurrentThread
Sleep
GetLocalTime
CompareFileTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
lstrlenW
CreateFileMappingW
GetModuleFileNameW
CreateProcessW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
VerifyVersionInfoW
GetGeoInfoW
GetUserGeoID
GetSystemTimeAsFileTime
CreateSemaphoreA
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
InterlockedExchange
InterlockedExchangeAdd
InterlockedCompareExchange
TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
QueueUserAPC
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SleepEx
SetWaitableTimer
GetShortPathNameW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SystemTimeToFileTime
FileTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
OpenEventA
WaitForMultipleObjectsEx
GetCurrentProcessId
ResumeThread
CreateWaitableTimerW
GetFileSizeEx
GetFileAttributesExW
GetExitCodeProcess
WriteFile
GetFileTime
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcmpiW

user32

GetParent
SetWindowLongW
GetWindowLongW
GetWindowRect
InvalidateRect
ShowWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
SendMessageW
MessageBoxA
AllowSetForegroundWindow
CharNextW
CharUpperW
GetWindowTextW
SetForegroundWindow
IsWindowVisible
PostMessageW
LoadBitmapW
LoadIconW
FillRect
EndPaint
BeginPaint
ReleaseDC
GetDC
GetSystemMetrics
EnableWindow
KillTimer
SetTimer
GetDlgItem
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
SetWindowPos
SetFocus
LoadAcceleratorsW
TranslateAcceleratorW
SetWindowTextW
MessageBoxW
EnumWindows
GetWindowThreadProcessId
PostQuitMessage
RegisterClassW

gdi32

SelectObject
CreatePen
CreateFontW
SetTextColor
SetBkMode
GetDeviceCaps
Rectangle
DeleteObject
CreateSolidBrush
GetStockObject

advapi32

GetLengthSid
CopySid
GetUserNameW
CheckTokenMembership
RegDeleteKeyW
RegEnumKeyExW
RegFlushKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
DuplicateToken
OpenProcessToken
OpenThreadToken
IsValidSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
RegCloseKey
RegSetValueExW
RegOpenKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash

shell32

ShellExecuteExW
SHGetFolderPathAndSubDirW
ShellExecuteW

oleaut32

RegisterTypeLi

shlwapi

StrCpyW
StrRChrW
StrDupW
PathFileExistsW
StrCmpNW
PathAddBackslashW
StrCmpW
StrStrW
SHDeleteKeyW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

ws2_32

socket
gethostbyname
send
htons
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
WSARecv
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
setsockopt
select
getsockopt
ioctlsocket
connect
closesocket
sendto

wininet

HttpEndRequestW
HttpSendRequestExW
HttpQueryInfoW
InternetWriteFile
InternetReadFile
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
InternetQueryDataAvailable
InternetConnectW
InternetSetOptionW
InternetOpenW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdipFree
GdipAlloc

winmm

timeBeginPeriod
timeGetDevCaps
timeSetEvent
timeGetTime

psapi

EnumProcesses
GetProcessImageFileNameW

iphlpapi

GetAdaptersInfo

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
StringFromGUID2

Sections

.text
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d5ac8f377882a6fb40a837c248facb2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

07:14:f2:cf:6d:87:1e:01:9a:b0:8d:5c:a4:85:46:57Certificate

Extended Key Usages

Key Usages

5f:54:f6:8b:63:a8:d7:61:3e:28:b8:da:75:8d:4f:e9:4b:ea:38:53Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

shlwapi

version

sensapi

userenv

ws2_32

wininet

comctl32

gdiplus

winmm

psapi

iphlpapi

ole32

Sections

.text Size: 442KB - Virtual size: 441KB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 14KB - Virtual size: 339KB

.gfids Size: 512B - Virtual size: 336B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 128KB - Virtual size: 127KB

.reloc Size: 29KB - Virtual size: 29KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

07:14:f2:cf:6d:87:1e:01:9a:b0:8d:5c:a4:85:46:57
Certificate

5f:54:f6:8b:63:a8:d7:61:3e:28:b8:da:75:8d:4f:e9:4b:ea:38:53
Signer

.text
Size: 442KB - Virtual size: 441KB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 14KB - Virtual size: 339KB

.gfids
Size: 512B - Virtual size: 336B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 128KB - Virtual size: 127KB

.reloc
Size: 29KB - Virtual size: 29KB