General

Malware Config

Signatures

Files

• 659207bf817436dcdd520b561895c017_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  188dd1da406bc7f88b3d5bd9f13934a1

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  3c:12:85:bd:a7:2d:82:29:37:e7:54:57:67:9a:29:bd

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  17-08-2012 00:00

  Not After

  09-09-2015 23:59

  Subject

  CN=ROBLOX Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ROBLOX Corporation,L=Menlo Park,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  3a:44:89:b0:48:72:8d:17:c4:50:a3:f3:bd:d0:6b:62:25:bb:58:5a

  Signer

  Actual PE Digest

  3a:44:89:b0:48:72:8d:17:c4:50:a3:f3:bd:d0:6b:62:25:bb:58:5a

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  d:\BuildAgent\work\Trunk2012\Client\Installer\BootstrapperQTStudio\bin\Release\RobloxStudioLauncherBeta.pdb

  Imports

  kernel32

  GetModuleHandleW

  FindResourceExW

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  CreateProcessW

  GetVersionExW

  GetExitCodeProcess

  LocalFree

  FormatMessageW

  GetSystemTime

  MultiByteToWideChar

  lstrlenA

  WideCharToMultiByte

  lstrlenW

  WaitForSingleObject

  SetEvent

  ResetEvent

  SetEndOfFile

  CreateFileA

  SetStdHandle

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  GetLocaleInfoW

  GetModuleHandleA

  GetStringTypeW

  GetStringTypeA

  IsValidLocale

  EnumSystemLocalesA

  GetLocaleInfoA

  GetUserDefaultLCID

  FlushFileBuffers

  ReadFile

  SetFilePointer

  GetConsoleMode

  GetConsoleCP

  LoadLibraryA

  QueryPerformanceCounter

  GetStartupInfoA

  GetFileType

  SetHandleCount

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  IsValidCodePage

  GetOEMCP

  GetACP

  GetModuleFileNameA

  GetStdHandle

  VirtualAlloc

  OpenEventW

  CreateEventW

  GetLastError

  VirtualFree

  HeapCreate

  CloseHandle

  CreateEventA

  FormatMessageA

  CreateSemaphoreA

  HeapAlloc

  GetProcessHeap

  HeapFree

  GetSystemTimeAsFileTime

  InitializeCriticalSection

  DeleteCriticalSection

  CreateMutexW

  ReleaseMutex

  ReleaseSemaphore

  InterlockedIncrement

  InterlockedDecrement

  GetCurrentThreadId

  GetCurrentProcess

  GetCurrentThread

  GetModuleFileNameW

  DuplicateHandle

  LoadLibraryW

  GetProcAddress

  FreeLibrary

  RaiseException

  TerminateProcess

  GetTickCount

  GetUserGeoID

  GetGeoInfoW

  CompareFileTime

  FindFirstFileW

  FindNextFileW

  FindClose

  Sleep

  GetLocalTime

  OpenProcess

  CreateDirectoryW

  VerSetConditionMask

  VerifyVersionInfoW

  GetDiskFreeSpaceExW

  SetFileAttributesW

  DeleteFileW

  RemoveDirectoryW

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  GetTempPathW

  CreateFileW

  GetFileAttributesW

  InitializeCriticalSectionAndSpinCount

  EnterCriticalSection

  LeaveCriticalSection

  TlsAlloc

  InterlockedExchange

  InterlockedExchangeAdd

  WaitForMultipleObjects

  TerminateThread

  QueueUserAPC

  SleepEx

  PostQueuedCompletionStatus

  CreateIoCompletionPort

  SetWaitableTimer

  GetQueuedCompletionStatus

  InterlockedCompareExchange

  SetLastError

  TlsGetValue

  TlsSetValue

  TlsFree

  MulDiv

  SystemTimeToFileTime

  OpenEventA

  GetCurrentProcessId

  CreateWaitableTimerW

  ResumeThread

  GetShortPathNameW

  GetFileAttributesExW

  GetFileSizeEx

  lstrcpyW

  lstrcatW

  WriteFile

  GetFileTime

  DosDateTimeToFileTime

  LocalFileTimeToFileTime

  SetFileTime

  HeapDestroy

  HeapReAlloc

  HeapSize

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetStartupInfoW

  ExitProcess

  RtlUnwind

  ExitThread

  CreateThread

  LCMapStringA

  LCMapStringW

  GetCPInfo

  user32

  SetWindowLongW

  CreateWindowExW

  ShowWindow

  InvalidateRect

  LoadBitmapW

  DefWindowProcW

  CallWindowProcW

  GetParent

  GetWindowRect

  SetWindowTextW

  LoadAcceleratorsW

  GetMessageW

  TranslateAcceleratorW

  SendMessageW

  DispatchMessageW

  SetFocus

  SetWindowPos

  MessageBoxW

  CharUpperW

  CharNextW

  PostThreadMessageW

  GetWindowThreadProcessId

  EnumWindows

  GetDlgItem

  PostQuitMessage

  BeginPaint

  FillRect

  GetWindowLongW

  LoadIconW

  RegisterClassW

  GetSystemMetrics

  GetDC

  ReleaseDC

  SetTimer

  KillTimer

  EndPaint

  EnableWindow

  IsWindowVisible

  SetForegroundWindow

  PostMessageW

  GetWindowTextW

  LoadStringW

  TranslateMessage

  DestroyWindow

  gdi32

  Rectangle

  SelectObject

  CreatePen

  GetStockObject

  CreateSolidBrush

  DeleteObject

  SetTextColor

  GetDeviceCaps

  CreateFontW

  SetBkMode

  advapi32

  GetLengthSid

  RegQueryValueExW

  RegOpenKeyExW

  RegDeleteValueW

  RegSetValueExW

  RegCloseKey

  RegCreateKeyExW

  GetUserNameW

  RegDeleteKeyW

  RegEnumKeyExW

  RegFlushKey

  GetTokenInformation

  IsValidSid

  CryptAcquireContextW

  CopySid

  OpenProcessToken

  OpenThreadToken

  GetSidLengthRequired

  InitializeSid

  GetSidSubAuthority

  CheckTokenMembership

  DuplicateToken

  CryptGetHashParam

  CryptHashData

  CryptDestroyHash

  CryptReleaseContext

  CryptCreateHash

  shell32

  ShellExecuteW

  SHGetFolderPathAndSubDirW

  ShellExecuteExW

  ole32

  CoCreateInstance

  CoUninitialize

  CoCreateGuid

  CoTaskMemFree

  ProgIDFromCLSID

  CoInitialize

  StringFromGUID2

  oleaut32

  SysAllocString

  SetErrorInfo

  RegisterTypeLi

  SysFreeString

  CreateErrorInfo

  shlwapi

  PathAddBackslashW

  StrRChrW

  StrCpyW

  StrCmpW

  StrStrW

  SHDeleteKeyW

  StrCmpNW

  PathFileExistsW

  StrDupW

  version

  VerQueryValueW

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  sensapi

  IsNetworkAlive

  userenv

  UnloadUserProfile

  ws2_32

  ioctlsocket

  select

  closesocket

  WSASend

  WSASocketW

  setsockopt

  WSAGetLastError

  getaddrinfo

  freeaddrinfo

  connect

  getsockopt

  WSARecv

  WSASetLastError

  WSAStartup

  WSACleanup

  wininet

  HttpSendRequestW

  InternetSetOptionW

  HttpAddRequestHeadersW

  HttpOpenRequestW

  InternetCloseHandle

  HttpEndRequestW

  InternetWriteFile

  HttpSendRequestExW

  InternetConnectW

  InternetReadFile

  InternetQueryDataAvailable

  HttpQueryInfoW

  InternetOpenW

  comctl32

  InitCommonControlsEx

  _TrackMouseEvent

  psapi

  GetProcessImageFileNameW

  EnumProcesses

  iphlpapi

  GetAdaptersInfo

  Exports

  Exports

  ?StartGame@SharedLauncher@@YAJAAV?$simple_logger@_W@@PA_W11ABU_GUID@@_N131W4LaunchMode@1@@Z

  Sections

  .text

  Size: 439KB - Virtual size: 438KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 133KB - Virtual size: 133KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 39KB - Virtual size: 47KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 2B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 302KB - Virtual size: 302KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 35KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ