7134299c38eef0797a7cf18f83b990ad_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7134299c38eef0797a7cf18f83b990ad_JaffaCakes118
Size

814KB
MD5

7134299c38eef0797a7cf18f83b990ad
SHA1

b3fe69b8b0f7000bc37bba828729308dd19ad3dc
SHA256

99ed38dbaf36fac93f51546bf493e7e1d0a153ae749c54ae209cceb477009016
SHA512

b00ab5fddab5897e2c2229b8055bcd4d6f6b4002170faca8d055f864416384250712da3b909a27bedb3aecd56e331f683a2b79c566018976e36c408242bc8ce9
SSDEEP

12288:tL9mecuR60/prXGUU+sz725tNckt4jeviFiyylKTFvEAK7jD0Z/YHW29c:tL9medN/9pU+smzq4lKT5Bkj6/8Z9c

Score

1^/10

Malware Config

Signatures

Files

7134299c38eef0797a7cf18f83b990ad_JaffaCakes118
.exe windows:5 windows x86 arch:x86

88cb4e57f82496c6d5f1eaa76f2e84d3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11-10-2016 00:00

Not After

11-10-2019 23:59

Subject

CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

82:e9:e3:35:8c:f1:f9:b1:47:de:1d:45:34:ce:32:f2:af:cf:aa:17
Signer

Actual PE Digest

82:e9:e3:35:8c:f1:f9:b1:47:de:1d:45:34:ce:32:f2:af:cf:aa:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teamcity-agent\work\Trunk2017\build.msvc\Win32\Installer-Release\BootstrapperQTStudio\RobloxStudioLauncherBeta.pdb

Imports

kernel32

DeleteCriticalSection
RaiseException
DecodePointer
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
OpenEventW
CreateEventW
OpenMutexW
CreateMutexW
lstrcmpW
CloseHandle
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
HeapSize
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetStdHandle
ExitProcess
SetFilePointerEx
GetFileType
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
EncodePointer
OutputDebugStringW
IsDebuggerPresent
HeapDestroy
GetProcAddress
LocalFree
FormatMessageA
LockResource
FreeLibrary
LoadResource
SizeofResource
LoadLibraryW
FindResourceW
FindResourceExW
CreateDirectoryW
CreateFileW
GetFileAttributesW
GetVersionExW
GetCurrentThreadId
FindClose
FormatMessageW
DeleteFileW
FindFirstFileW
FindNextFileW
VerSetConditionMask
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
OpenProcess
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
Sleep
GetSystemTime
GetLocalTime
CompareFileTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
lstrlenW
CreateFileMappingW
GetModuleFileNameW
CreateProcessW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
VerifyVersionInfoW
GetGeoInfoW
GetUserGeoID
GetSystemTimeAsFileTime
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
InterlockedExchangeAdd
InterlockedCompareExchange
TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
QueueUserAPC
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SleepEx
SetWaitableTimer
GetShortPathNameW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
OpenEventA
WaitForMultipleObjectsEx
GetCurrentProcessId
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerW
GetFileSizeEx
GetFileAttributesExW
GetTempPathW
FileTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
WriteFile
GetFileTime
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcmpiW
lstrcpyW
lstrcatW

user32

GetParent
GetWindowLongW
GetWindowRect
InvalidateRect
ShowWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
SendMessageW
MessageBoxA
SetWindowLongW
GetWindowTextW
SetForegroundWindow
IsWindowVisible
PostMessageW
LoadBitmapW
LoadIconW
FillRect
EndPaint
BeginPaint
ReleaseDC
GetDC
GetSystemMetrics
EnableWindow
KillTimer
SetTimer
GetDlgItem
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
SetWindowPos
CharUpperW
CharNextW
SetFocus
LoadAcceleratorsW
TranslateAcceleratorW
SetWindowTextW
MessageBoxW
EnumWindows
GetWindowThreadProcessId
PostQuitMessage
RegisterClassW

gdi32

Rectangle
GetStockObject
GetDeviceCaps
SetBkMode
CreateSolidBrush
DeleteObject
CreateFontW
CreatePen
SetTextColor
SelectObject

advapi32

RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
CryptAcquireContextW
RegCreateKeyExW
RegQueryValueExW
DuplicateToken
OpenProcessToken
OpenThreadToken
IsValidSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
RegDeleteKeyW
GetUserNameW
CheckTokenMembership
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext

shell32

SHGetFolderPathAndSubDirW
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoCreateGuid

oleaut32

RegisterTypeLi

shlwapi

StrCpyW
PathFileExistsW
StrCmpNW
SHDeleteKeyW
StrCmpW
StrStrW
PathAddBackslashW
StrRChrW
StrDupW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

ws2_32

freeaddrinfo
getaddrinfo
WSASocketW
WSASend
WSARecv
WSAGetLastError
WSASetLastError
WSAStartup
setsockopt
socket
htons
select
getsockopt
ioctlsocket
connect
closesocket
send
WSACleanup
sendto

wininet

HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestW
InternetWriteFile
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetQueryDataAvailable

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdipFree
GdipAlloc
GdiplusStartup

psapi

GetProcessImageFileNameW
EnumProcesses

winmm

timeSetEvent
timeGetDevCaps
timeBeginPeriod
timeGetTime

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88cb4e57f82496c6d5f1eaa76f2e84d3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6Certificate

Extended Key Usages

Key Usages

82:e9:e3:35:8c:f1:f9:b1:47:de:1d:45:34:ce:32:f2:af:cf:aa:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

sensapi

userenv

ws2_32

wininet

comctl32

gdiplus

psapi

winmm

iphlpapi

Sections

.text Size: 458KB - Virtual size: 458KB

.rdata Size: 171KB - Virtual size: 170KB

.data Size: 14KB - Virtual size: 339KB

.gfids Size: 512B - Virtual size: 364B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 132KB - Virtual size: 132KB

.reloc Size: 30KB - Virtual size: 30KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

82:e9:e3:35:8c:f1:f9:b1:47:de:1d:45:34:ce:32:f2:af:cf:aa:17
Signer

.text
Size: 458KB - Virtual size: 458KB

.rdata
Size: 171KB - Virtual size: 170KB

.data
Size: 14KB - Virtual size: 339KB

.gfids
Size: 512B - Virtual size: 364B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 132KB - Virtual size: 132KB

.reloc
Size: 30KB - Virtual size: 30KB