5df7313b869a878aa8395c3ed5c43e95_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5df7313b869a878aa8395c3ed5c43e95_JaffaCakes118
Size

4.4MB
MD5

5df7313b869a878aa8395c3ed5c43e95
SHA1

d17f4fe2c3594e552ca1f7d2bbd0916bfed7c7ff
SHA256

8abd256b01119d6a5fa5ea71b7007e5e5e51693753d0b8f2431ce5a82beb35d7
SHA512

76037c2b38892502195f4ba0f4c1de05de996cb1dcd10092c38ef30c4441133df224ea6bff36942277630dc738ddff10b9d7f7ab717d3440f5c0f3b597e19ed1
SSDEEP

98304:4hOx/3z85tCuMSL4+BqAgMYQYikxzeR6b/r6w16/6qZV8Nlwbv2r:4hOx/3z8Dq5hxBufyqSOG

Score

1^/10

Malware Config

Signatures

Files

5df7313b869a878aa8395c3ed5c43e95_JaffaCakes118
.exe windows:5 windows x86 arch:x86

82bc8ef44f4fcba5c073f4942a3ba4da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-09-2018 00:00

Not After

01-02-2020 23:59

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-09-2018 00:00

Not After

01-02-2020 23:59

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14-06-2018 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:f7:87:4d:f8:2e:8a:ec:ae:bc:4a:d1:d3:82:4e:f3:39:62:94:9d:41:0d:0c:cf:35:bd:bd:f1:ca:5b:48:30
Signer

Actual PE Digest

f6:f7:87:4d:f8:2e:8a:ec:ae:bc:4a:d1:d3:82:4e:f3:39:62:94:9d:41:0d:0c:cf:35:bd:bd:f1:ca:5b:48:30

Digest Algorithm

sha256

PE Digest Matches

true

f4:2b:05:9b:80:76:c9:9f:58:bc:2d:1b:c6:25:cf:f5:fa:8e:f4:0a
Signer

Actual PE Digest

f4:2b:05:9b:80:76:c9:9f:58:bc:2d:1b:c6:25:cf:f5:fa:8e:f4:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\pcgame\GameDownloader\Release\GameDownloader.pdb

Imports

kernel32

SetPriorityClass
VerifyVersionInfoW
GetTimeFormatA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameA
lstrcmpA
lstrcmpiA
WriteFile
GetFileTime
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetLocalTime
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
CreateMutexW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetTempPathW
GlobalReAlloc
SetLastError
InitializeCriticalSection
MulDiv
lstrcmpW
GetDiskFreeSpaceA
GetSystemDirectoryW
GetSystemInfo
IsDebuggerPresent
EncodePointer
FindResourceW
CreateProcessW
GetFileSize
Sleep
LeaveCriticalSection
EnterCriticalSection
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
GlobalMemoryStatusEx
FreeLibrary
InterlockedExchange
VerSetConditionMask
GetVolumeInformationW
MoveFileExW
CopyFileW
FindNextFileW
FindFirstFileW
DeleteFileW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
GetDiskFreeSpaceExW
GetDriveTypeW
OutputDebugStringW
GetModuleHandleW
GetModuleFileNameW
GetLogicalDriveStringsW
GetTickCount
FindClose
WriteConsoleW
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
SetConsoleCtrlHandler
FlushFileBuffers
SetStdHandle
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
ResumeThread
ExitThread
GetACP
GetStdHandle
PeekNamedPipe
GetFileType
VirtualQuery
VirtualProtect
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetFileAttributesExW
DeviceIoControl
ReadFile
WaitForMultipleObjects
WaitForSingleObject
SuspendThread
TerminateThread
CreateThread
TerminateProcess
GetCurrentProcessId
GetLongPathNameW
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
LoadLibraryW
lstrcmpiW
CloseHandle
SizeofResource
LoadResource
GetCurrentProcess
OpenProcess
GetProcAddress
LockResource
lstrlenW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
FindResourceExW
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwind
CreateSemaphoreW
ReleaseSemaphore
GetExitCodeThread
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetVersion
GetPrivateProfileStringW
GetNativeSystemInfo
LocalFree
ReleaseMutex
OpenThread
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
SystemTimeToFileTime
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
DecodePointer

user32

GetWindowTextLengthW
GetLastActivePopup
CreateWindowExW
CreateDialogIndirectParamW
EnumDisplaySettingsExW
EnumDisplayDevicesW
LoadStringW
SetWindowLongW
GetWindowTextW
UnregisterClassW
SetForegroundWindow
UpdateWindow
SetTimer
MessageBoxW
IsWindow
GetDesktopWindow
FindWindowExW
GetWindowThreadProcessId
RegisterClassW
FindWindowW
PostQuitMessage
GetCapture
IsIconic
IsWindowVisible
ShowWindow
SendMessageW
ExitWindowsEx
GetParent
GetWindowRect
GetSystemMetrics
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetForegroundWindow
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
DefWindowProcW
DestroyWindow
CharNextW
UpdateLayeredWindow
GetKeyState
AdjustWindowRectEx
IsWindowUnicode
GetMonitorInfoW
MonitorFromWindow
GetClassLongW
MapWindowPoints
DialogBoxIndirectParamW
IsZoomed
GetIconInfo
GetDlgItemTextW
SetCursor
GetCursorPos
DestroyCursor
SystemParametersInfoW
DestroyIcon
LoadImageW
SetWindowPos
RegisterWindowMessageW
CallWindowProcW
LoadIconW
EndDialog
IsDialogMessageW
LoadCursorW
GetWindow
GetClassNameW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetClientRect
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
GetDlgItem
MoveWindow
IsChild
GetClassInfoExW
RegisterClassExW
CreateIconIndirect

gdi32

CreateCompatibleBitmap
BitBlt
GetStockObject
CreateFontIndirectW
GetObjectW
SetDIBColorTable
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateBitmap
CreateDIBitmap
GetDIBits
CreateDCW
CreateICW
CreatePen
CreateRectRgn
GetDeviceCaps
Ellipse
GetClipBox
GetClipRgn
GetTextExtentPointW
GetViewportOrgEx
LineTo
PatBlt
RectVisible
RoundRect
OffsetViewportOrgEx
ExtSelectClipRgn
SetBkMode
SetTextColor
SetTextAlign
MoveToEx
ExtTextOutW
DPtoLP
LPtoDP
SetWindowOrgEx
ExcludeClipRect
SetViewportOrgEx
CreateSolidBrush
CreateRectRgnIndirect
SelectClipRgn

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteKeyW
RegQueryInfoKeyW
OpenThreadToken
ImpersonateSelf
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExA
RegCreateKeyExW
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueW
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken

shell32

SHBrowseForFolderW
ord165
SHGetPathFromIDListW
ShellExecuteW
SHFileOperationW
ord680
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoSetProxyBlanket
CoInitialize

oleaut32

DispCallFunc
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
VarUI4FromStr
OleCreateFontIndirect
SysAllocString
VariantClear
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysStringByteLen
VarBstrCmp
SysFreeString
SysAllocStringByteLen

shlwapi

PathMatchSpecW
PathFileExistsW
UrlUnescapeW
SHGetValueW
StrCmpNIW
StrStrW
StrStrIW
StrCmpIW
PathAddBackslashW
PathAppendW
PathBuildRootW
PathCanonicalizeW
PathCombineW
PathFindExtensionW
PathGetDriveNumberW
PathIsDirectoryW
PathIsRootW
SHSetValueW
PathRemoveExtensionW
PathRemoveFileSpecW
PathRemoveFileSpecA
PathIsUNCW
PathIsNetworkPathW
StrToIntExW
SHGetValueA

wininet

InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetOpenUrlW
InternetConnectW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetQueryDataAvailable
InternetSetFilePointer
InternetReadFile
InternetCloseHandle

comctl32

InitCommonControlsEx

gdiplus

GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipSaveImageToFile
GdipBitmapGetPixel
GdipAlloc
GdipFree
GdipGetImageEncodersSize
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipDrawImageI
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipGetImageEncoders
GdipDeleteGraphics
GdipBitmapUnlockBits

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

rpcrt4

RpcStringFreeW
UuidToStringW

urlmon

CoInternetSetFeatureEnabled
UrlMkGetSessionOption
CoInternetIsFeatureEnabled

netapi32

Netbios

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82bc8ef44f4fcba5c073f4942a3ba4da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:daCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dcCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

f6:f7:87:4d:f8:2e:8a:ec:ae:bc:4a:d1:d3:82:4e:f3:39:62:94:9d:41:0d:0c:cf:35:bd:bd:f1:ca:5b:48:30Signer

f4:2b:05:9b:80:76:c9:9f:58:bc:2d:1b:c6:25:cf:f5:fa:8e:f4:0aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

comctl32

gdiplus

version

psapi

rpcrt4

urlmon

netapi32

wintrust

crypt32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 300KB - Virtual size: 300KB

.data Size: 36KB - Virtual size: 59KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 80KB - Virtual size: 79KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:da
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dc
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

f6:f7:87:4d:f8:2e:8a:ec:ae:bc:4a:d1:d3:82:4e:f3:39:62:94:9d:41:0d:0c:cf:35:bd:bd:f1:ca:5b:48:30
Signer

f4:2b:05:9b:80:76:c9:9f:58:bc:2d:1b:c6:25:cf:f5:fa:8e:f4:0a
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 300KB - Virtual size: 300KB

.data
Size: 36KB - Virtual size: 59KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 80KB - Virtual size: 79KB