102c02c860e08c43bcee40a2f045ab34_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

102c02c860e08c43bcee40a2f045ab34_JaffaCakes118
Size

721KB
MD5

102c02c860e08c43bcee40a2f045ab34
SHA1

0438c797a1a6e734ba8f820dd757c01ec4f7f6c8
SHA256

d641c10f01473d13f54d2e60a4e776008be0ccefb58650438a5e0527636f324c
SHA512

c2c95b1e151496b073f756ffbba2b5961c1afbbcca965b333c71fbfc2591883c2b0871515aec4a6b6deca20e55bc9da9a86c9af95e0aa8c497bf16d9a61e663e
SSDEEP

12288:bsAAQVg0YHl73Wj56UZ6KFj0oqw9h97TF0WmWEXZY5uZ/p2IB1l+J:bsAA+g0Yh32Fj5qMh97T5BK/p28/g

Score

1^/10

Malware Config

Signatures

Files

102c02c860e08c43bcee40a2f045ab34_JaffaCakes118
.exe windows:5 windows x86 arch:x86

74b2526a33904cc602f181d674900fdc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/10/2016, 00:00

Not After

11/10/2019, 23:59

Subject

CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:89:1f:08:0c:c8:ab:72:f3:4e:06:d3:05:4c:13:c5:8c:d3:da:5b
Signer

Actual PE Digest

11:89:1f:08:0c:c8:ab:72:f3:4e:06:d3:05:4c:13:c5:8c:d3:da:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teamcity-agent\work\2cdd6a239545233d\build.msvc\Win32\Installer-Release\BootstrapperQTStudio\RobloxStudioLauncherBeta.pdb

Imports

kernel32

DeleteCriticalSection
RaiseException
DecodePointer
CreateEventA
GetModuleHandleW
OpenEventW
CreateEventW
OpenMutexW
CreateMutexW
lstrcmpW
CloseHandle
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
HeapSize
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetStdHandle
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
SetFilePointerEx
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
GetProcAddress
LocalFree
FormatMessageA
LockResource
FreeLibrary
LoadResource
SizeofResource
LoadLibraryW
FindResourceW
FindResourceExW
CreateDirectoryW
CreateFileW
GetFileAttributesW
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
FindClose
FormatMessageW
DeleteFileW
FindFirstFileW
FindNextFileW
VerSetConditionMask
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
OpenProcess
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
Sleep
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
lstrlenW
CreateFileMappingW
GetModuleFileNameW
CreateProcessW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
VerifyVersionInfoW
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
GetSystemTimeAsFileTime
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
SetLastError
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsFree
CreateSemaphoreW
GetShortPathNameW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
OpenEventA
WaitForMultipleObjectsEx
GetCurrentProcessId
ResumeThread
TlsGetValue
TlsSetValue
CreateWaitableTimerW
SetWaitableTimer
GetFileSizeEx
SetFileTime
GetFileAttributesExW
GetTempPathW
FileTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileSize
WriteFile
ReadFile
SetFilePointer
GetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcmpiW
lstrcpyW
lstrcatW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo

user32

GetParent
GetWindowLongW
GetWindowRect
InvalidateRect
ShowWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
SendMessageW
MessageBoxA
SetWindowLongW
GetWindowTextW
SetForegroundWindow
IsWindowVisible
PostMessageW
LoadBitmapW
LoadIconW
FillRect
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
SetWindowPos
CharUpperW
CharNextW
SetFocus
LoadAcceleratorsW
TranslateAcceleratorW
SetWindowTextW
MessageBoxW
EnumWindows
GetWindowThreadProcessId
PostQuitMessage
RegisterClassW
DestroyWindow
GetDlgItem
GetDlgCtrlID
SetTimer
KillTimer
EnableWindow
GetSystemMetrics
DrawTextW
GetDC
ReleaseDC
BeginPaint
EndPaint
MessageBoxExW

gdi32

SetDCBrushColor
SelectObject
CreateSolidBrush
DeleteObject
SetDCPenColor
Rectangle
GetStockObject
GetDeviceCaps
CreatePen
CreateFontW
SetBkMode
SetTextColor
RoundRect

advapi32

RegCreateKeyExW
CopySid
GetUserNameW
CheckTokenMembership
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegQueryValueExW
DuplicateToken
OpenProcessToken
OpenThreadToken
IsValidSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
GetLengthSid

shell32

SHGetFolderPathAndSubDirW
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoCreateGuid

oleaut32

RegisterTypeLi

shlwapi

StrCpyW
PathFileExistsW
StrCmpNW
SHDeleteKeyW
StrCmpW
StrStrW
PathAddBackslashW
StrRChrW
StrDupW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

ws2_32

freeaddrinfo
connect
htons
getaddrinfo
WSAStartup
WSACleanup
WSAGetLastError
socket
send
sendto
closesocket

wininet

InternetSetOptionW
HttpQueryInfoW
InternetWriteFile
InternetQueryDataAvailable
HttpSendRequestExW
InternetReadFile
HttpSendRequestW
InternetQueryOptionA
InternetQueryOptionW
HttpEndRequestW
HttpAddRequestHeadersW
InternetOpenW
InternetCloseHandle
InternetConnectW
HttpOpenRequestW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdiplusShutdown
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdipFree
GdipAlloc
GdipDisposeImage

psapi

GetProcessImageFileNameW
EnumProcesses

winmm

timeSetEvent
timeGetDevCaps
timeBeginPeriod
timeGetTime

Sections

.text
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74b2526a33904cc602f181d674900fdc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6Certificate

Extended Key Usages

Key Usages

11:89:1f:08:0c:c8:ab:72:f3:4e:06:d3:05:4c:13:c5:8c:d3:da:5bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

sensapi

userenv

ws2_32

wininet

comctl32

gdiplus

psapi

winmm

Sections

.text Size: 428KB - Virtual size: 428KB

.rdata Size: 171KB - Virtual size: 171KB

.data Size: 12KB - Virtual size: 338KB

.gfids Size: 512B - Virtual size: 392B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 29KB - Virtual size: 29KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

11:89:1f:08:0c:c8:ab:72:f3:4e:06:d3:05:4c:13:c5:8c:d3:da:5b
Signer

.text
Size: 428KB - Virtual size: 428KB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 12KB - Virtual size: 338KB

.gfids
Size: 512B - Virtual size: 392B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 29KB - Virtual size: 29KB