240d62f5a105184d3907e88c228ce091_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

240d62f5a105184d3907e88c228ce091_JaffaCakes118
Size

1.1MB
MD5

240d62f5a105184d3907e88c228ce091
SHA1

d63c0b2526ead4a04f36e90e700c6e981dda8a71
SHA256

16d768150834be77434f413b99576d4ba31071555d40e169243bb3bc5d7ac7c2
SHA512

e58121846c583051121d0721a9198801f86dfa4334dc9d05da2b4e5a6c15308b5bebc4278759c22f4a20d08f8dea6245541a507b46b89448939297568bd585f2
SSDEEP

24576:EEanyRC+SH4MwRKOBuWiitWSVeTpfTeZIgQ4T:BanCC+SyzEJykTpfTFgQ4T

Score

1^/10

Malware Config

Signatures

Files

240d62f5a105184d3907e88c228ce091_JaffaCakes118
.exe windows:5 windows x86 arch:x86

df35f540807eaf51660cfb27bbd70339

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/10/2016, 00:00

Not After

11/10/2019, 23:59

Subject

CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

29:d2:48:4d:1a:3a:e9:0c:ef:6a:6c:87:d8:03:fb:ca:19:e0:0d:d0
Signer

Actual PE Digest

29:d2:48:4d:1a:3a:e9:0c:ef:6a:6c:87:d8:03:fb:ca:19:e0:0d:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teamcity-agent\work\Trunk2017\build.msvc\Win32\Installer-Release\BootstrapperClient\RobloxPlayerLauncher.pdb

Imports

kernel32

GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryW
GetFullPathNameW
DeleteCriticalSection
RaiseException
DecodePointer
MulDiv
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
GetModuleHandleW
OpenEventW
CreateEventW
CreateMutexW
lstrcmpW
CloseHandle
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
HeapSize
SwitchToThread
ConnectNamedPipe
CreateIoCompletionPort
UnregisterWaitEx
DisconnectNamedPipe
GetQueuedCompletionStatus
RegisterWaitForSingleObject
InitializeCriticalSection
VirtualQueryEx
WaitNamedPipeW
TransactNamedPipe
CreateNamedPipeW
SetNamedPipeHandleState
GetThreadLocale
GetSystemDefaultLCID
GetProcessTimes
ReadProcessMemory
HeapFree
HeapReAlloc
HeapAlloc
GetThreadContext
SuspendThread
GetProcessId
SetProcessShutdownParameters
LockFileEx
UnlockFileEx
SleepEx
GetExitCodeThread
GetVersion
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetConsoleCP
HeapDestroy
GetProcAddress
LocalFree
FormatMessageA
LockResource
FreeLibrary
LoadResource
SizeofResource
LoadLibraryW
FindResourceW
FindResourceExW
CreateDirectoryW
CreateFileW
GetFileAttributesW
GetVersionExW
GetCurrentThreadId
FindClose
FormatMessageW
GetTempPathW
FindFirstFileW
FindNextFileW
VerSetConditionMask
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
OpenProcess
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
Sleep
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
lstrlenW
CreateFileMappingW
GetModuleFileNameW
CreateProcessW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
VerifyVersionInfoW
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
GetSystemTimeAsFileTime
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
SetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsFree
CreateSemaphoreW
GetShortPathNameW
GetCurrentProcessId
IsDebuggerPresent
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
OpenEventA
GetSystemInfo
WaitForMultipleObjectsEx
ResumeThread
TlsGetValue
TlsSetValue
CreateWaitableTimerW
SetWaitableTimer
GetFileSizeEx
SetFileTime
GetFileAttributesExW
IsWow64Process
FileTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileSize
WriteFile
ReadFile
SetFilePointer
GetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcmpiW
lstrcpyW
lstrcatW
OutputDebugStringW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
LoadLibraryExW
GetCommandLineA
GetCommandLineW
SetConsoleCtrlHandler
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileType
SetFilePointerEx
ExitProcess
GetStdHandle
GetACP
GetConsoleMode
ReadConsoleW

user32

GetWindowLongW
SetWindowLongW
GetParent
UnregisterClassW
GetWindowRect
InvalidateRect
GetDC
ShowWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
SendMessageW
MessageBoxA
AllowSetForegroundWindow
CharNextW
CharUpperW
MessageBoxW
ReleaseDC
GetWindowTextW
SetForegroundWindow
IsWindowVisible
PostMessageW
LoadBitmapW
LoadIconW
FillRect
MessageBoxExW
EndPaint
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
SetWindowPos
SetFocus
LoadAcceleratorsW
TranslateAcceleratorW
SetWindowTextW
EnumWindows
GetWindowThreadProcessId
PostQuitMessage
RegisterClassW
DestroyWindow
GetDlgItem
GetDlgCtrlID
SetTimer
KillTimer
EnableWindow
BeginPaint
DrawTextW
GetSystemMetrics

gdi32

SetDCBrushColor
SelectObject
RoundRect
Rectangle
GetStockObject
CreatePen
SetDCPenColor
CreateFontW
CreateSolidBrush
DeleteObject
GetDeviceCaps
SetBkMode
SetTextColor

advapi32

OpenProcessToken
RegSetValueExW
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
GetTokenInformation
ImpersonateNamedPipeClient
RevertToSelf
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
DuplicateToken
SystemFunction036
OpenThreadToken
IsValidSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
GetUserNameW
CheckTokenMembership
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW

shell32

CommandLineToArgvW
SHGetFolderPathAndSubDirW
ShellExecuteW
ShellExecuteExW

shlwapi

SHDeleteKeyW
StrCmpNW
PathFileExistsW
StrCmpW
StrStrW
PathAddBackslashW
StrDupW
StrRChrW
StrCpyW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

ws2_32

freeaddrinfo
getaddrinfo
socket
WSAStartup
sendto
send
htons
connect
closesocket
WSACleanup
WSAGetLastError

wininet

InternetQueryDataAvailable
InternetQueryOptionA
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetWriteFile
InternetQueryOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetSetOptionW
InternetOpenW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream

psapi

EnumProcesses
GetProcessImageFileNameW

winmm

timeSetEvent
timeGetDevCaps
timeBeginPeriod
timeGetTime

winhttp

WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpWriteData
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpOpen

powrprof

CallNtPowerInformation

iphlpapi

GetAdaptersInfo

ole32

CoUninitialize
CoInitialize
StringFromGUID2
CoCreateGuid
CoCreateInstance
CreateStreamOnHGlobal

Sections

.text
Size: 786KB - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df35f540807eaf51660cfb27bbd70339

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6Certificate

Extended Key Usages

Key Usages

29:d2:48:4d:1a:3a:e9:0c:ef:6a:6c:87:d8:03:fb:ca:19:e0:0d:d0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

version

sensapi

userenv

ws2_32

wininet

comctl32

gdiplus

psapi

winmm

winhttp

powrprof

iphlpapi

ole32

Sections

.text Size: 786KB - Virtual size: 786KB

.rdata Size: 224KB - Virtual size: 223KB

.data Size: 18KB - Virtual size: 344KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 512B - Virtual size: 392B

CPADinfo Size: 512B - Virtual size: 40B

.rsrc Size: 66KB - Virtual size: 66KB

.reloc Size: 41KB - Virtual size: 40KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

29:d2:48:4d:1a:3a:e9:0c:ef:6a:6c:87:d8:03:fb:ca:19:e0:0d:d0
Signer

.text
Size: 786KB - Virtual size: 786KB

.rdata
Size: 224KB - Virtual size: 223KB

.data
Size: 18KB - Virtual size: 344KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 512B - Virtual size: 392B

CPADinfo
Size: 512B - Virtual size: 40B

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 41KB - Virtual size: 40KB