5ccc2df1543c493024b59bbb36c992bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ccc2df1543c493024b59bbb36c992bf_JaffaCakes118
Size

1.2MB
MD5

5ccc2df1543c493024b59bbb36c992bf
SHA1

5f9ac0ad03bc9a0753ec5104deb61f9ef0821184
SHA256

d7241e516905fabb5f97402dc5c63f24cb967974e9cc539cf9cde95d313f79d4
SHA512

ba380d55573fc71c00e5a77393149ac0d91b467c142497ac9be5c5e8b0bca94a20280f2d8d73b458273720205d7d89609b19e8c0f46e6a22a48aeb871ef10892
SSDEEP

24576:Pbxu/QWK9RfnL0o4JRZtm+01LAnRmWr8eJe+K5m/BxaTM:PbvF4HY1Onr8eQ+7xaQ

Score

1^/10

Malware Config

Signatures

Files

5ccc2df1543c493024b59bbb36c992bf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d43566b83f719f74d7cc886f82458aa1

Code Sign

03:3d:f7:55:e2:9d:8c:3b:b8:b5:89:6a:e9:e2:b8:54
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/09/2019, 00:00

Not After

22/09/2020, 12:00

Subject

CN=上海广乐网络科技有限公司,OU=运营部,O=上海广乐网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:4f:f3:c6:27:4b:bb:34:b8:8d:9c:05:58:46:97:94
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/09/2019, 00:00

Not After

22/09/2020, 12:00

Subject

CN=上海广乐网络科技有限公司,OU=运营部,O=上海广乐网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:4b:73:05:32:f1:82:0a:6a:cd:00:8d:c3:99:03:4c:0f:b8:0a:21:bc:cb:cf:89:23:83:0b:47:52:37:92:a6
Signer

Actual PE Digest

b9:4b:73:05:32:f1:82:0a:6a:cd:00:8d:c3:99:03:4c:0f:b8:0a:21:bc:cb:cf:89:23:83:0b:47:52:37:92:a6

Digest Algorithm

sha256

PE Digest Matches

true

29:a7:a7:c9:64:dc:52:c8:c0:c4:df:63:c7:b6:e5:1c:f6:19:cc:6f
Signer

Actual PE Digest

29:a7:a7:c9:64:dc:52:c8:c0:c4:df:63:c7:b6:e5:1c:f6:19:cc:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

x:\gamebox\_out\windows_x86_release\gamebox.exe.pdb

Imports

gdiplus

GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipDrawImageI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePaletteSize
GdipBitmapUnlockBits
GdipAlloc

advapi32

SystemFunction036
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
SetViewportOrgEx
GetStockObject
CreateFontIndirectW
CreateSolidBrush
RestoreDC
SaveDC
SetBkMode
StretchBlt
SetTextColor
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
GetObjectW
OffsetViewportOrgEx

kernel32

GetCommandLineW
LocalFree
SetLastError
WriteFile
GetModuleFileNameW
CreateFileW
GetLastError
DeleteFileW
CloseHandle
GetCurrentProcessId
FormatMessageA
GetTickCount
GetUserDefaultLangID
CreateDirectoryW
ReadFile
GetLongPathNameW
GetCurrentProcess
RemoveDirectoryW
GetTempPathW
GetFileAttributesW
UnmapViewOfFile
SetFileAttributesW
GetFileAttributesExW
GetCurrentDirectoryW
MoveFileExW
CopyFileW
GetTempFileNameW
CreateFileMappingW
MapViewOfFile
TerminateProcess
WaitForSingleObject
DuplicateHandle
OpenProcess
GetStdHandle
AssignProcessToJobObject
ResumeThread
CreateProcessW
IsDebuggerPresent
SetThreadPriority
GetCurrentThreadId
Sleep
GetCurrentThread
GetThreadPriority
RaiseException
CreateThread
SetFileTime
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
QueryPerformanceFrequency
ExitProcess
GetModuleHandleW
GetSystemTimeAsFileTime
QueryPerformanceCounter
FindFirstFileW
FindFirstFileExW
FindNextFileW
FindClose
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
GetVersionExW
GetNativeSystemInfo
GetModuleHandleExW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleA
CreateEventW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LoadLibraryW
SetEvent
ResetEvent
GetSystemInfo
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetSystemDirectoryW
GetWindowsDirectoryW
FreeLibrary
ReleaseMutex
CreateMutexW
LoadLibraryExW
GetProcAddress
SetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
SetEnvironmentVariableA
SetEnvironmentVariableW
SizeofResource
LockResource
IsValidCodePage
GetDriveTypeW
WriteConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetACP
VirtualQuery
VirtualProtect
VirtualAlloc
GetFileType
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
MultiByteToWideChar
WideCharToMultiByte
LoadResource
FindResourceW
GetEnvironmentVariableW
SetFilePointer
InitializeCriticalSection
CreateFileA
LoadLibraryExA

msimg32

TransparentBlt
AlphaBlend

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
OleInitialize
OleUninitialize

psapi

GetMappedFileNameW

shlwapi

ord12

user32

EnumThreadWindows
SendMessageTimeoutW
AllowSetForegroundWindow
GetKeyState
FindWindowExW
ScreenToClient
TrackMouseEvent
GetMessageTime
DestroyWindow
ShowWindow
SetLayeredWindowAttributes
CloseWindow
IsWindowVisible
GetCapture
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetCursorPos
InvalidateRect
LoadImageW
LoadStringW
SetForegroundWindow
SendInput
UnregisterHotKey
RegisterHotKey
GetMessageW
SystemParametersInfoW
FrameRect
FillRect
DrawTextW
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
GetWindowThreadProcessId
SetWindowLongW
GetWindowLongW
IsRectEmpty
MapWindowPoints
GetWindowRect
GetDesktopWindow
SetWindowPos
IsWindow
GetClassInfoExW
DefWindowProcW
PostMessageW
CreateWindowExW
UnregisterClassW
WaitMessage
RegisterClassExW
DispatchMessageW
SetTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
TranslateMessage
KillTimer
PostQuitMessage
GetActiveWindow
CharUpperW
MessageBoxW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest

imm32

ImmDisableTextFrameService

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d43566b83f719f74d7cc886f82458aa1

Code Sign

03:3d:f7:55:e2:9d:8c:3b:b8:b5:89:6a:e9:e2:b8:54Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

06:4f:f3:c6:27:4b:bb:34:b8:8d:9c:05:58:46:97:94Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

b9:4b:73:05:32:f1:82:0a:6a:cd:00:8d:c3:99:03:4c:0f:b8:0a:21:bc:cb:cf:89:23:83:0b:47:52:37:92:a6Signer

29:a7:a7:c9:64:dc:52:c8:c0:c4:df:63:c7:b6:e5:1c:f6:19:cc:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

advapi32

gdi32

kernel32

msimg32

ole32

psapi

shlwapi

user32

version

winmm

winhttp

imm32

userenv

Sections

.text Size: 612KB - Virtual size: 612KB

.rdata Size: 364KB - Virtual size: 364KB

.data Size: 4KB - Virtual size: 33KB

.gfids Size: 1024B - Virtual size: 580B

.tls Size: 512B - Virtual size: 2B

_RDATA Size: 512B - Virtual size: 288B

.rsrc Size: 256KB - Virtual size: 256KB

.reloc Size: 22KB - Virtual size: 22KB

03:3d:f7:55:e2:9d:8c:3b:b8:b5:89:6a:e9:e2:b8:54
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

06:4f:f3:c6:27:4b:bb:34:b8:8d:9c:05:58:46:97:94
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

b9:4b:73:05:32:f1:82:0a:6a:cd:00:8d:c3:99:03:4c:0f:b8:0a:21:bc:cb:cf:89:23:83:0b:47:52:37:92:a6
Signer

29:a7:a7:c9:64:dc:52:c8:c0:c4:df:63:c7:b6:e5:1c:f6:19:cc:6f
Signer

.text
Size: 612KB - Virtual size: 612KB

.rdata
Size: 364KB - Virtual size: 364KB

.data
Size: 4KB - Virtual size: 33KB

.gfids
Size: 1024B - Virtual size: 580B

.tls
Size: 512B - Virtual size: 2B

_RDATA
Size: 512B - Virtual size: 288B

.rsrc
Size: 256KB - Virtual size: 256KB

.reloc
Size: 22KB - Virtual size: 22KB