668b01ced9728d859752484165bb87bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

668b01ced9728d859752484165bb87bc_JaffaCakes118
Size

1.0MB
MD5

668b01ced9728d859752484165bb87bc
SHA1

6770b3e014f3e3d111d7cfd6c49c01445b96b10c
SHA256

4f08c87c543d342b3799ae1597e9777118b6b9f713d943bd68aeefe0ae2cf781
SHA512

7515e4055b6442a13ab3b196d8adbfef920c451bd7f0c6380c316deef7888089ef29806289c376f4429a6dae939d580ef19e24b2e4ce7c33aa8532f3417ec768
SSDEEP

12288:a21yfES8Y7WsxL/HQGfqn5ngkddy558TGkvOCCVuWTPueMDCS+hjktI:lcf1B7jzqRZO8TGkvOPbTGeMDx+hjcI

Score

1^/10

Malware Config

Signatures

Files

668b01ced9728d859752484165bb87bc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

68a4f41fee4de66293880f9085c143f1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1b:81:59:fa:f8:22:8b:39:ab:c0:0e:31:bb:ad:43:09
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/09/2015, 00:00

Not After

10/10/2016, 23:59

Subject

CN=ROBLOX Corporation,O=ROBLOX Corporation,L=San Mateo,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:71:cd:80:09:00:84:a7:e0:4e:bb:22:46:52:e3:d1:93:dc:6d:95
Signer

Actual PE Digest

49:71:cd:80:09:00:84:a7:e0:4e:bb:22:46:52:e3:d1:93:dc:6d:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\BuildAgent\work\6365bb6ad1674518\Client\Installer\BootstrapperClient\bin\Release\RobloxPlayerLauncher.pdb

Imports

kernel32

GetModuleHandleW
GetTempPathW
DeleteFileW
GetVersionExW
GetSystemTime
lstrcmpW
GetModuleFileNameW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
InterlockedDecrement
WaitForSingleObject
ReleaseMutex
CreateMutexW
SetEvent
ResetEvent
SetEndOfFile
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetModuleHandleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LoadLibraryA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
ReadFile
SetFilePointer
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
VirtualAlloc
VirtualFree
HeapCreate
OpenEventW
CreateEventW
GetLastError
GetCPInfo
LCMapStringW
LCMapStringA
CloseHandle
CreateEventA
FormatMessageA
LocalFree
CreateSemaphoreA
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
InitializeCriticalSection
DeleteCriticalSection
ReleaseSemaphore
InterlockedIncrement
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
DuplicateHandle
LoadLibraryW
GetProcAddress
FreeLibrary
CreateProcessW
RaiseException
TerminateProcess
GetTickCount
GetUserGeoID
GetGeoInfoW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
Sleep
GetLocalTime
OpenProcess
CreateDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetDiskFreeSpaceExW
SetFileAttributesW
RemoveDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetShortPathNameW
FormatMessageW
CreateFileW
GetFileAttributesW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
InterlockedExchange
InterlockedExchangeAdd
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
InterlockedCompareExchange
SetLastError
TlsGetValue
TlsSetValue
TlsFree
GetFileAttributesExW
GetFileSizeEx
MulDiv
SystemTimeToFileTime
OpenEventA
GetCurrentProcessId
CreateWaitableTimerW
ResumeThread
GetExitCodeProcess
lstrcpyW
lstrcatW
WriteFile
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
HeapDestroy
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetStartupInfoW
ExitProcess
ExitThread
CreateThread

user32

InvalidateRect
ShowWindow
SetWindowLongW
CreateWindowExW
LoadBitmapW
DefWindowProcW
CallWindowProcW
GetParent
GetWindowRect
SendMessageW
GetWindowLongW
AllowSetForegroundWindow
SetWindowTextW
CharNextW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
SetFocus
SetWindowPos
MessageBoxW
PostThreadMessageW
GetWindowThreadProcessId
EnumWindows
GetDlgItem
PostQuitMessage
BeginPaint
CharUpperW
EndPaint
LoadIconW
RegisterClassW
GetSystemMetrics
GetDC
ReleaseDC
SetTimer
FillRect
DestroyWindow
EnableWindow
IsWindowVisible
SetForegroundWindow
PostMessageW
GetWindowTextW
MessageBoxA
LoadAcceleratorsW
KillTimer

gdi32

Rectangle
SelectObject
CreatePen
GetStockObject
SetTextColor
CreateFontW
DeleteObject
GetDeviceCaps
SetBkMode
CreateSolidBrush

advapi32

GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
GetSidSubAuthority
CheckTokenMembership
DuplicateToken
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
IsValidSid
GetLengthSid
CopySid
OpenProcessToken
OpenThreadToken
GetSidLengthRequired
InitializeSid
RegSetValueExW
RegCreateKeyExW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegFlushKey

shell32

ShellExecuteW
SHGetFolderPathAndSubDirW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CoCreateGuid
CoInitialize
StringFromGUID2

oleaut32

VariantClear
VariantInit
RegisterTypeLi
SysAllocString
SysFreeString

shlwapi

SHDeleteKeyW
StrCmpW
PathAddBackslashW
StrRChrW
StrCpyW
StrCmpNW
PathFileExistsW
StrDupW
StrStrW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

ws2_32

select
ioctlsocket
WSASend
WSASocketW
setsockopt
WSAGetLastError
getaddrinfo
freeaddrinfo
connect
getsockopt
WSARecv
WSASetLastError
WSAStartup
closesocket
WSACleanup

wininet

InternetSetOptionW
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetCloseHandle
InternetConnectW
InternetWriteFile
HttpSendRequestExW
InternetReadFile
InternetQueryDataAvailable
InternetOpenW

comctl32

_TrackMouseEvent
InitCommonControlsEx

psapi

GetProcessImageFileNameW
EnumProcesses

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68a4f41fee4de66293880f9085c143f1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1b:81:59:fa:f8:22:8b:39:ab:c0:0e:31:bb:ad:43:09Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

49:71:cd:80:09:00:84:a7:e0:4e:bb:22:46:52:e3:d1:93:dc:6d:95Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

sensapi

userenv

ws2_32

wininet

comctl32

psapi

iphlpapi

Sections

.text Size: 424KB - Virtual size: 423KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 39KB - Virtual size: 47KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 388KB - Virtual size: 388KB

.reloc Size: 35KB - Virtual size: 35KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1b:81:59:fa:f8:22:8b:39:ab:c0:0e:31:bb:ad:43:09
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

49:71:cd:80:09:00:84:a7:e0:4e:bb:22:46:52:e3:d1:93:dc:6d:95
Signer

.text
Size: 424KB - Virtual size: 423KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 39KB - Virtual size: 47KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 388KB - Virtual size: 388KB

.reloc
Size: 35KB - Virtual size: 35KB