11902a17612bc1d25cf3fe61e891f455_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

11902a17612bc1d25cf3fe61e891f455_JaffaCakes118
Size

5.5MB
MD5

11902a17612bc1d25cf3fe61e891f455
SHA1

25827d67878df650038d0db388a3913c9218a3ad
SHA256

73d32b59f3e155e4410a1268951976b3d4cc0d34c7c288c50345c3227332f517
SHA512

1e97dc62f68a60f7bcb45fdf1fe86b59f558a13665cb099c57bef4a8dfa2b767af3b4a296df62a938f2581bffab4a007f706d346e28c323554364ee0d4675739
SSDEEP

98304:TJTQ0rha3ljZ8AhyN4JAoHjzCRDQFQl0uVS:64hsjZLhyN4vjzqQmlS

Score

1^/10

Malware Config

Signatures

Files

11902a17612bc1d25cf3fe61e891f455_JaffaCakes118
.dll windows:4 windows x86 arch:x86

735e93205764ab49aefaed9917868860

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:0f:38:d2:5c:fa:79:61:34:76:0c:c0:05:e7:b6:83:9f:2b:23:08
Signer

Actual PE Digest

68:0f:38:d2:5c:fa:79:61:34:76:0c:c0:05:e7:b6:83:9f:2b:23:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\.jenkins\workspace\cf-universal-rpcs\GameLogic\FPS\CF\output\CF\pub\TenRpcs.pdb

Imports

kernel32

OpenFileMappingA
OpenSemaphoreA
GetModuleFileNameA
GetFileSize
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFilePointer
FreeLibrary
GetVersionExA
lstrcmpA
VirtualQueryEx
GetCurrentProcessId
Module32Next
Module32First
LocalAlloc
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
MultiByteToWideChar
GetSystemTime
QueryPerformanceCounter
GetModuleFileNameW
GetModuleHandleW
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
Thread32Next
Thread32First
WriteProcessMemory
VirtualProtectEx
SuspendThread
OpenThread
GetCurrentThreadId
VirtualProtect
SetThreadContext
GetCurrentThread
WriteFile
OutputDebugStringA
SetEvent
CreateEventA
GetFileTime
GlobalMemoryStatusEx
SystemTimeToFileTime
GetComputerNameW
lstrcmpW
UnlockFileEx
UnlockFile
SetEndOfFile
LockFileEx
LockFile
LoadLibraryW
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetTempPathW
GetTempPathA
VirtualQuery
GetFullPathNameW
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileW
AreFileApisANSI
InterlockedCompareExchange
DeleteCriticalSection
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
GetLocalTime
SystemTimeToTzSpecificLocalTime
CopyFileA
GetTempFileNameA
GetCurrentDirectoryA
GetProcessTimes
DeviceIoControl
DuplicateHandle
CreatePipe
GetStdHandle
GetExitCodeProcess
CreateProcessA
PeekNamedPipe
IsBadWritePtr
TerminateThread
TryEnterCriticalSection
SleepEx
lstrlenA
GetStartupInfoA
InterlockedExchange
FlushInstructionCache
GetThreadContext
InterlockedDecrement
SetLastError
UnhandledExceptionFilter
ExitThread
GetConsoleMode
ReadConsoleA
WriteConsoleA
WaitForMultipleObjectsEx
lstrcpyW
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
SearchPathW
GetEnvironmentStringsW
lstrlenW
GetProcessHeap
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
GetSystemDirectoryA
GetWindowsDirectoryA
OpenMutexA
OpenEventA
ReadProcessMemory
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetTickCount
GetCurrentProcess
GetProcAddress
CreateRemoteThread
ResumeThread
GetSystemInfo
VirtualAlloc
GetLastError
VirtualFree
EnterCriticalSection
LeaveCriticalSection
CreateThread
SetThreadPriority
Sleep
IsBadReadPtr
InitializeCriticalSection
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
LoadLibraryA
GetSystemTimeAsFileTime

user32

MessageBoxA
EnumDisplaySettingsA
EnumDisplayDevicesA
GetParent
ReleaseDC
GetDC
TrackMouseEvent
CallWindowProcA
IsWindowUnicode
EnumWindows
GetDesktopWindow
SetTimer
GetSystemMetrics
GetClassNameA
SetWindowLongW
SetWindowLongA
GetWindowTextA
GetForegroundWindow
GetWindowRect
GetWindowLongA
IsWindowVisible
FindWindowA
GetWindow
GetClassLongA
DestroyIcon
GetIconInfo
GetWindowThreadProcessId
EnumChildWindows
KillTimer

gdi32

CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetDIBits
DeleteDC
SelectObject
BitBlt
GetObjectA

advapi32

RegConnectRegistryW
GetUserNameA
RegQueryInfoKeyA
RegEnumValueA
OpenEventLogW
GetOldestEventLogRecord
ReadEventLogW
CloseEventLog
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegEnumKeyExA
RegQueryValueExW

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

msvcr80

_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
memmove_s
strstr
_stricmp
memcmp
_purecall
free
memmove
??_V@YAXPAX@Z
??_U@YAPAXI@Z
fclose
fprintf
fopen
strrchr
_strlwr
memcpy_s
strncpy_s
strncat_s
strcmp
_vsnprintf
islower
isdigit
isxdigit
strtol
isspace
__CxxFrameHandler3
_mktime64
_wcsicmp
wcslen
wcsrchr
atoi
fread
ftell
fseek
vsprintf_s
_localtime64_s
realloc
strchr
strtoul
isprint
tolower
_snprintf_s
isalnum
swscanf_s
_mbsnbcat
_stat64
_mkdir
_splitpath_s
_mbslwr
_vsnprintf_s
strcat_s
_strnicmp
strcpy_s
abs
acos
sqrt
cos
floor
pow
wcsncpy
rand
srand
_snprintf
strcat
_except_handler3
_local_unwind4
vsprintf
printf
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
malloc
memcpy
strncmp
strncpy
memset
strlen
strncat
_localtime64
_time64

msvcp80

??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?setf@ios_base@std@@QAEHHH@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z

winmm

timeGetDevCaps
timeGetTime
timeKillEvent
timeEndPeriod
timeBeginPeriod
timeSetEvent

ws2_32

WSACleanup
WSAStartup
gethostname
gethostbyname
inet_addr
inet_ntoa

wininet

FindNextUrlCacheEntryA
FindCloseUrlCache
FindFirstUrlCacheEntryA

psapi

GetMappedFileNameA
GetModuleFileNameExA
EnumProcessModules
GetModuleBaseNameA
GetProcessMemoryInfo
GetModuleInformation

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CryptDecodeObject
CryptQueryObject

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

netapi32

Netbios

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 559KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

735e93205764ab49aefaed9917868860

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

68:0f:38:d2:5c:fa:79:61:34:76:0c:c0:05:e7:b6:83:9f:2b:23:08Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

msvcr80

msvcp80

winmm

ws2_32

wininet

psapi

crypt32

version

netapi32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 132KB - Virtual size: 129KB

.data Size: 196KB - Virtual size: 559KB

.rsrc Size: 4KB - Virtual size: 1KB

.tvm0 Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 208KB - Virtual size: 208KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

68:0f:38:d2:5c:fa:79:61:34:76:0c:c0:05:e7:b6:83:9f:2b:23:08
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 132KB - Virtual size: 129KB

.data
Size: 196KB - Virtual size: 559KB

.rsrc
Size: 4KB - Virtual size: 1KB

.tvm0
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 208KB - Virtual size: 208KB