6c0942a2b8efa0584c6ee9e411a01eba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6c0942a2b8efa0584c6ee9e411a01eba_JaffaCakes118
Size

816KB
MD5

6c0942a2b8efa0584c6ee9e411a01eba
SHA1

cbf434d6e67010f957e2510a7b507e8a7167f52e
SHA256

a365ff794cd2e024e60471ca540a6ebada1dd111278ceb0f2c34e76055e72d6a
SHA512

b374447c89b3d9dc18d5c588113024ea84375743d5ef838ae688f34405f473f46eb4588dc1a105e03a65726275131a87687d605c83c6617f923345ed149d3ea3
SSDEEP

12288:0SFiwvzQpHtZBBtdDrqQhUspJERAS/TGdZvkokx/j:0SMwv8pHtZBBtFxPTox/Trjxr

Score

1^/10

Malware Config

Signatures

Files

6c0942a2b8efa0584c6ee9e411a01eba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a083865cdc397608a3df07cd51c1a545

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/10/2016, 00:00

Not After

11/10/2019, 23:59

Subject

CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

28:be:54:6c:b2:82:c6:a8:57:1e:35:6c:c1:ff:48:32:75:f7:9c:15
Signer

Actual PE Digest

28:be:54:6c:b2:82:c6:a8:57:1e:35:6c:c1:ff:48:32:75:f7:9c:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\e9b1557ebfdd84fc\build.msvc\Win32\Installer-Release\BootstrapperClient\RobloxPlayerLauncher.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
DeleteFileW
GetTempPathW
GetModuleHandleW
OpenEventW
CreateEventW
CreateMutexW
lstrcmpW
GetSystemTime
CloseHandle
WaitForSingleObject
ReleaseMutex
ResetEvent
WriteConsoleW
OutputDebugStringW
SetStdHandle
SetFilePointer
ReadConsoleW
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
SetFilePointerEx
IsProcessorFeaturePresent
IsDebuggerPresent
ReadFile
LoadLibraryExW
ExitThread
CreateThread
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCommandLineW
SetEvent
GetLastError
GetProcAddress
RtlUnwind
GetStringTypeW
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
QueryPerformanceCounter
DebugBreak
GetExitCodeProcess
CreateWaitableTimerW
SystemTimeToFileTime
ResumeThread
GetCurrentProcessId
SetEndOfFile
InterlockedDecrement
LocalFree
FormatMessageA
LockResource
FreeLibrary
LoadResource
SizeofResource
LoadLibraryW
FindResourceW
FindResourceExW
CreateDirectoryW
CreateFileW
GetFileAttributesW
FindClose
FormatMessageW
lstrlenW
FindFirstFileW
FindNextFileW
GetFileSizeEx
GetFileAttributesExW
VerSetConditionMask
InterlockedIncrement
OpenProcess
GetCurrentProcess
TerminateProcess
RaiseException
GetCurrentThread
GetCurrentThreadId
DeleteCriticalSection
Sleep
GetLocalTime
CompareFileTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetModuleFileNameW
CreateProcessW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
VerifyVersionInfoW
GetGeoInfoW
GetUserGeoID
GetSystemTimeAsFileTime
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
GetProcessHeap
HeapAlloc
HeapFree
InterlockedExchange
InterlockedExchangeAdd
InterlockedCompareExchange
TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
QueueUserAPC
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SleepEx
SetWaitableTimer
GetShortPathNameW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WriteFile
GetFileTime
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcmpiW
lstrcpyW
lstrcatW
OpenEventA
WaitForMultipleObjectsEx

user32

SetWindowLongW
GetWindowLongW
GetWindowRect
InvalidateRect
ShowWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
SendMessageW
MessageBoxA
AllowSetForegroundWindow
GetParent
SetForegroundWindow
IsWindowVisible
PostMessageW
LoadBitmapW
LoadIconW
FillRect
EndPaint
BeginPaint
ReleaseDC
GetDC
GetSystemMetrics
GetWindowTextW
EnableWindow
KillTimer
SetTimer
GetDlgItem
CharNextW
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
SetWindowPos
SetFocus
LoadAcceleratorsW
TranslateAcceleratorW
SetWindowTextW
MessageBoxW
EnumWindows
GetWindowThreadProcessId
PostQuitMessage
RegisterClassW
DestroyWindow

gdi32

Rectangle
GetStockObject
GetDeviceCaps
SelectObject
DeleteObject
CreatePen
CreateFontW
SetBkMode
CreateSolidBrush
SetTextColor

advapi32

CryptDestroyHash
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetUserNameW
CopySid
CheckTokenMembership
RegDeleteKeyW
RegEnumKeyExW
RegFlushKey
RegDeleteValueW
RegQueryValueExW
DuplicateToken
OpenProcessToken
OpenThreadToken
IsValidSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetTokenInformation
GetLengthSid
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

shell32

ShellExecuteExW
SHGetFolderPathAndSubDirW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
StringFromGUID2
CoCreateGuid
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

RegisterTypeLi
VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

StrCmpW
StrCpyW
PathAddBackslashW
PathFileExistsW
StrCmpNW
StrDupW
StrRChrW
StrStrW
SHDeleteKeyW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

ws2_32

gethostbyname
socket
sendto
closesocket
connect
htons
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
WSARecv
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
setsockopt
select
ioctlsocket
getsockopt

wininet

InternetCloseHandle
InternetConnectW
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
InternetQueryDataAvailable
InternetWriteFile
InternetReadFile
HttpSendRequestW
HttpAddRequestHeadersW
InternetOpenW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipAlloc
GdipFree
GdipCreateHBITMAPFromBitmap

psapi

GetProcessImageFileNameW
EnumProcesses

iphlpapi

GetAdaptersInfo

Exports

Exports

?FastLog@FLog@@YAXEPBDPBX1111@Z
?FastLog@FLog@@YAXEPBDPBX11@Z
?FastLog@FLog@@YAXEPBDPBX@Z
?FastLogF@FLog@@YAXEPBDMMMM@Z
?FastLogFormatted@FLog@@YAXEPBDZZ
?FastLogS@FLog@@YAXEPBD0@Z
?FastLogS@FLog@@YAXEPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ForEachVariable@FLog@@YAXP6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PAX@Z1W4FastVarType@@@Z
?GetFastLogCounter@FLog@@YAHE@Z
?GetNumSynchronizedVariable@FLog@@YAGXZ
?GetValue@FLog@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@_N@Z
?Init@FLog@@YAXP6ANXZ@Z
?NowFast@FLog@@YANXZ
?RegisterFlag@FLog@@YAHPBDPA_NPAPA_NW4FastVarType@@@Z
?RegisterInt@FLog@@YAHPBDPAHPAPA_NW4FastVarType@@@Z
?RegisterLogGroup@FLog@@YAHPBDPAEPAPA_NW4FastVarType@@@Z
?RegisterString@FLog@@YAHPBDPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAPA_NW4FastVarType@@@Z
?ResetSynchronizedVariablesState@FLog@@YAXXZ
?SetExternalLogFunc@FLog@@YAXP6AXEPBD@Z@Z
?SetValue@FLog@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4FastVarType@@_N@Z
?SetValueFromServer@FLog@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?WriteFastLogDump@FLog@@YAXPBDH@Z

Sections

.text
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a083865cdc397608a3df07cd51c1a545

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6Certificate

Extended Key Usages

Key Usages

28:be:54:6c:b2:82:c6:a8:57:1e:35:6c:c1:ff:48:32:75:f7:9c:15Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

sensapi

userenv

ws2_32

wininet

comctl32

gdiplus

psapi

iphlpapi

Exports

Exports

Sections

.text Size: 458KB - Virtual size: 458KB

.rdata Size: 157KB - Virtual size: 157KB

.data Size: 40KB - Virtual size: 370KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 108KB - Virtual size: 108KB

.reloc Size: 44KB - Virtual size: 43KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

28:be:54:6c:b2:82:c6:a8:57:1e:35:6c:c1:ff:48:32:75:f7:9c:15
Signer

.text
Size: 458KB - Virtual size: 458KB

.rdata
Size: 157KB - Virtual size: 157KB

.data
Size: 40KB - Virtual size: 370KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 108KB - Virtual size: 108KB

.reloc
Size: 44KB - Virtual size: 43KB