659207bf817436dcdd520b561895c017_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

659207bf817436dcdd520b561895c017_JaffaCakes118
Size

956KB
MD5

659207bf817436dcdd520b561895c017
SHA1

b8325100e8a0eb0c8d805c6564bcbc3994566aef
SHA256

7801bba52470698f00cefa50e4a1697ce6e8c5f248ba75946349bb031779d74a
SHA512

085aca4f77f40d9060e23f71c6851f90388215dc85cbe46ce68f1da9672763874efa7746c42a848d345f5c8cb61e2c597c2907413d3646603e724a75d77b0455
SSDEEP

12288:JKT1g/Pbyrr7hTaawgTdtyRV0LesJoUKaXLpD2TvWTmwXnF5Kl8:JKTGXw7NxpOtUtXNyaT3XbKl8

Score

1^/10

Malware Config

Signatures

Files

659207bf817436dcdd520b561895c017_JaffaCakes118
.exe windows:5 windows x86 arch:x86

188dd1da406bc7f88b3d5bd9f13934a1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3c:12:85:bd:a7:2d:82:29:37:e7:54:57:67:9a:29:bd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-08-2012 00:00

Not After

09-09-2015 23:59

Subject

CN=ROBLOX Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ROBLOX Corporation,L=Menlo Park,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:44:89:b0:48:72:8d:17:c4:50:a3:f3:bd:d0:6b:62:25:bb:58:5a
Signer

Actual PE Digest

3a:44:89:b0:48:72:8d:17:c4:50:a3:f3:bd:d0:6b:62:25:bb:58:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\BuildAgent\work\Trunk2012\Client\Installer\BootstrapperQTStudio\bin\Release\RobloxStudioLauncherBeta.pdb

Imports

kernel32

GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateProcessW
GetVersionExW
GetExitCodeProcess
LocalFree
FormatMessageW
GetSystemTime
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
WaitForSingleObject
SetEvent
ResetEvent
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetModuleHandleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
ReadFile
SetFilePointer
GetConsoleMode
GetConsoleCP
LoadLibraryA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
VirtualAlloc
OpenEventW
CreateEventW
GetLastError
VirtualFree
HeapCreate
CloseHandle
CreateEventA
FormatMessageA
CreateSemaphoreA
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
InitializeCriticalSection
DeleteCriticalSection
CreateMutexW
ReleaseMutex
ReleaseSemaphore
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
GetModuleFileNameW
DuplicateHandle
LoadLibraryW
GetProcAddress
FreeLibrary
RaiseException
TerminateProcess
GetTickCount
GetUserGeoID
GetGeoInfoW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
Sleep
GetLocalTime
OpenProcess
CreateDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTempPathW
CreateFileW
GetFileAttributesW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
InterlockedExchange
InterlockedExchangeAdd
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
InterlockedCompareExchange
SetLastError
TlsGetValue
TlsSetValue
TlsFree
MulDiv
SystemTimeToFileTime
OpenEventA
GetCurrentProcessId
CreateWaitableTimerW
ResumeThread
GetShortPathNameW
GetFileAttributesExW
GetFileSizeEx
lstrcpyW
lstrcatW
WriteFile
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
HeapDestroy
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
ExitProcess
RtlUnwind
ExitThread
CreateThread
LCMapStringA
LCMapStringW
GetCPInfo

user32

SetWindowLongW
CreateWindowExW
ShowWindow
InvalidateRect
LoadBitmapW
DefWindowProcW
CallWindowProcW
GetParent
GetWindowRect
SetWindowTextW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
SendMessageW
DispatchMessageW
SetFocus
SetWindowPos
MessageBoxW
CharUpperW
CharNextW
PostThreadMessageW
GetWindowThreadProcessId
EnumWindows
GetDlgItem
PostQuitMessage
BeginPaint
FillRect
GetWindowLongW
LoadIconW
RegisterClassW
GetSystemMetrics
GetDC
ReleaseDC
SetTimer
KillTimer
EndPaint
EnableWindow
IsWindowVisible
SetForegroundWindow
PostMessageW
GetWindowTextW
LoadStringW
TranslateMessage
DestroyWindow

gdi32

Rectangle
SelectObject
CreatePen
GetStockObject
CreateSolidBrush
DeleteObject
SetTextColor
GetDeviceCaps
CreateFontW
SetBkMode

advapi32

GetLengthSid
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
GetUserNameW
RegDeleteKeyW
RegEnumKeyExW
RegFlushKey
GetTokenInformation
IsValidSid
CryptAcquireContextW
CopySid
OpenProcessToken
OpenThreadToken
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CheckTokenMembership
DuplicateToken
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptCreateHash

shell32

ShellExecuteW
SHGetFolderPathAndSubDirW
ShellExecuteExW

ole32

CoCreateInstance
CoUninitialize
CoCreateGuid
CoTaskMemFree
ProgIDFromCLSID
CoInitialize
StringFromGUID2

oleaut32

SysAllocString
SetErrorInfo
RegisterTypeLi
SysFreeString
CreateErrorInfo

shlwapi

PathAddBackslashW
StrRChrW
StrCpyW
StrCmpW
StrStrW
SHDeleteKeyW
StrCmpNW
PathFileExistsW
StrDupW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

ws2_32

ioctlsocket
select
closesocket
WSASend
WSASocketW
setsockopt
WSAGetLastError
getaddrinfo
freeaddrinfo
connect
getsockopt
WSARecv
WSASetLastError
WSAStartup
WSACleanup

wininet

HttpSendRequestW
InternetSetOptionW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenW

comctl32

InitCommonControlsEx
_TrackMouseEvent

psapi

GetProcessImageFileNameW
EnumProcesses

iphlpapi

GetAdaptersInfo

Exports

Exports

?StartGame@SharedLauncher@@YAJAAV?$simple_logger@_W@@PA_W11ABU_GUID@@_N131W4LaunchMode@1@@Z

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

188dd1da406bc7f88b3d5bd9f13934a1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3c:12:85:bd:a7:2d:82:29:37:e7:54:57:67:9a:29:bdCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

3a:44:89:b0:48:72:8d:17:c4:50:a3:f3:bd:d0:6b:62:25:bb:58:5aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

sensapi

userenv

ws2_32

wininet

comctl32

psapi

iphlpapi

Exports

Exports

Sections

.text Size: 439KB - Virtual size: 438KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 39KB - Virtual size: 47KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 302KB - Virtual size: 302KB

.reloc Size: 35KB - Virtual size: 34KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3c:12:85:bd:a7:2d:82:29:37:e7:54:57:67:9a:29:bd
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3a:44:89:b0:48:72:8d:17:c4:50:a3:f3:bd:d0:6b:62:25:bb:58:5a
Signer

.text
Size: 439KB - Virtual size: 438KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 39KB - Virtual size: 47KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 302KB - Virtual size: 302KB

.reloc
Size: 35KB - Virtual size: 34KB