0131295db290d20ebf61bf73953461ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0131295db290d20ebf61bf73953461ff_JaffaCakes118
Size

2.1MB
MD5

0131295db290d20ebf61bf73953461ff
SHA1

7fa7d73b9bcee4d23f35f02f868436c5b0f43f33
SHA256

13f84a5cc1c1933cf5cb9e0fd446c9b561fcc61ec9049f778add511b635785f1
SHA512

3f96022fbc282a22f69c845ce9d52e1809966a518428a1018183891730f0aa9abd3e313a795917c9a5065cd9e901d0849a2190c3d129ffe4772bb97e0b69edf6
SSDEEP

49152:FKp7M5RASVFDEPlwpAgcCWturpo5ncIvsqyLo8cRYzmPJd:FASV9glwB+tB6dHLiR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RenRenGame/update.exe

Files

0131295db290d20ebf61bf73953461ff_JaffaCakes118
.rar
RenRenGame/crashrept.exe
.exe windows:4 windows x86 arch:x86

e0854b64e474f143f3bd3746f1d6f6d5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:e9:4d:32:a3:a3:7a:25:2f:ba:7b:97:c9:23:f7:2e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

18/05/2012, 23:59

Subject

CN=beijing qianxianghulian kejifazhan youxiangongsi,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=beijing qianxianghulian kejifazhan youxiangongsi,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4d:4b:7d:f2:72:c2:11:83:20:d9:c5:c4:bd:a7:36:9d:95:77:bd:6c
Signer

Actual PE Digest

4d:4b:7d:f2:72:c2:11:83:20:d9:c5:c4:bd:a7:36:9d:95:77:bd:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\w\talk\bin\crashrept.pdb

Imports

wininet

HttpSendRequestW
InternetOpenW
HttpOpenRequestW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetConnectW
InternetReadFile
InternetCrackUrlW
InternetCloseHandle
InternetQueryDataAvailable

comctl32

InitCommonControlsEx

shlwapi

PathAppendW

kernel32

EnumSystemLocalesA
GetExitCodeProcess
lstrcpynW
CreateProcessW
SetFilePointer
ReadFile
CreateFileW
WaitForSingleObject
CloseHandle
Sleep
GetModuleHandleW
GlobalUnlock
LocalFree
FreeLibrary
GlobalFree
FormatMessageW
CreateThread
GetFileAttributesW
GlobalAlloc
GetLastError
CreateDirectoryW
WideCharToMultiByte
GetModuleFileNameW
GetProcAddress
GlobalLock
LoadLibraryW
MoveFileW
MultiByteToWideChar
DeleteFileW
GetSystemTime
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
IsValidLocale
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
LoadLibraryA
GetModuleFileNameA
WriteFile
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetTimeZoneInformation
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
RaiseException
IsValidCodePage
GetLocaleInfoW
SetStdHandle
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetTickCount
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
GetTimeFormatA
GetDateFormatA
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW

user32

DrawTextW
GetDC
SetWindowTextW
IsDlgButtonChecked
GetWindowTextW
CloseClipboard
SetTimer
MoveWindow
ChildWindowFromPoint
GetPropW
RemovePropW
GetClientRect
GetWindowRect
SetFocus
LoadIconW
GetFocus
DialogBoxParamW
IsClipboardFormatAvailable
GetDlgItem
BeginPaint
GetSysColorBrush
SetWindowLongW
MessageBoxW
EndDialog
InvalidateRect
SendDlgItemMessageW
GetSysColor
EndPaint
GetWindowLongW
IsWindowEnabled
GetDlgItemTextW
CheckDlgButton
SetDlgItemTextW
FillRect
SendMessageW
SetPropW
MapWindowPoints
CallWindowProcW
GetClipboardData
PostMessageW
ShowWindow
EnableWindow
OpenClipboard

gdi32

GetTextExtentPoint32W
SetBkMode
SelectObject
SetTextColor
GetStockObject

advapi32

RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RenRenGame/crashrept.ini
RenRenGame/info.ini
RenRenGame/lobby.exe
.exe windows:4 windows x86 arch:x86

de949a69e6a9ca106638980672c632d7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:e9:4d:32:a3:a3:7a:25:2f:ba:7b:97:c9:23:f7:2e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

18/05/2012, 23:59

Subject

CN=beijing qianxianghulian kejifazhan youxiangongsi,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=beijing qianxianghulian kejifazhan youxiangongsi,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:d3:3a:57:98:b0:0d:35:16:75:2e:c5:bd:cc:d4:73:0f:ed:41:38
Signer

Actual PE Digest

b8:d3:3a:57:98:b0:0d:35:16:75:2e:c5:bd:cc:d4:73:0f:ed:41:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\w\talk\bin\lobby.pdb

Imports

secur32

InitializeSecurityContextA
AcquireCredentialsHandleA
CompleteAuthToken
FreeCredentialsHandle
DeleteSecurityContext

ws2_32

accept
WSAStartup
WSACleanup
recvfrom
listen
getsockname
WSAGetLastError
closesocket
WSACloseEvent
WSASetEvent
WSAResetEvent
WSACreateEvent
ioctlsocket
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
setsockopt
socket
bind
sendto
gethostbyname
inet_addr
ntohl
ntohs
htonl
htons
getpeername
WSAIoctl
send
connect
recv

wininet

DeleteUrlCacheEntry
InternetQueryDataAvailable
InternetReadFile
InternetCrackUrlA
InternetOpenA
InternetSetCookieA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA

imm32

ImmAssociateContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

kernel32

GlobalAlloc
GlobalSize
SetThreadPriority
ReleaseSemaphore
CreateSemaphoreA
SetEvent
CreateEventA
FormatMessageA
FreeEnvironmentStringsA
GetEnvironmentStrings
FindClose
GetCurrentDirectoryA
GetTempPathA
GetFullPathNameA
FindFirstFileA
FindNextFileA
MoveFileA
DeleteFileA
CreateFileA
CreateDirectoryA
GetSystemInfo
LoadLibraryA
GetStdHandle
GetFileSize
GetVersionExA
GetUserDefaultLCID
GetLocaleInfoW
EnumSystemLocalesA
IsBadReadPtr
SetUnhandledExceptionFilter
GlobalMemoryStatus
GetCurrentProcess
SetEndOfFile
SetFilePointer
ReadFile
IsDebuggerPresent
FindNextFileW
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
GetLongPathNameW
GetTempPathW
TlsGetValue
TlsSetValue
ResumeThread
GlobalLock
TlsAlloc
GetFileAttributesExW
CopyFileW
GetTempFileNameW
RemoveDirectoryW
DeleteFileW
MoveFileW
SetEnvironmentVariableA
GetWindowsDirectoryW
TerminateProcess
CreateFileW
TerminateThread
LoadLibraryW
SetLastError
FlushFileBuffers
LockFile
LockFileEx
UnlockFile
GetFileAttributesA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetProcAddress
GetVersion
GetLocaleInfoA
Sleep
lstrcmpiA
LoadLibraryExA
GetCurrentThreadId
InitializeCriticalSection
GetModuleHandleA
GetModuleFileNameA
LoadResource
SizeofResource
RaiseException
FindResourceA
DeleteCriticalSection
IsDBCSLeadByte
lstrlenW
lstrlenA
FreeLibrary
GetCurrentProcessId
GetModuleFileNameW
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
GetLocalTime
CreateProcessW
CreateMutexA
GetLastError
CloseHandle
OpenMutexA
WideCharToMultiByte
MultiByteToWideChar
lstrcpynW
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
LeaveCriticalSection
GetTickCount
GlobalUnlock
GlobalFree
WaitForSingleObject
TlsFree
CreateThread
InterlockedExchange
UnhandledExceptionFilter
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
ExitProcess
ExitThread
GetCPInfo
LCMapStringA
LCMapStringW
HeapSize
GetACP
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
GetThreadLocale
WriteFile

user32

FillRect
SendMessageTimeoutA
SetRect
GetWindowRgn
SetWindowRgn
CreateIconIndirect
LoadImageA
LoadIconA
GetIconInfo
GetDoubleClickTime
GetSysColor
GetClipboardFormatNameA
IsClipboardFormatAvailable
GetClipboardData
RegisterClipboardFormatA
EmptyClipboard
OpenClipboard
CloseClipboard
SetClipboardData
AdjustWindowRect
SendMessageA
SetWindowTextW
SetWindowTextA
DestroyIcon
IsZoomed
CreateWindowExW
LoadCursorA
RegisterClassW
GetUpdateRgn
HideCaret
ValidateRect
GetActiveWindow
UnregisterClassA
ScrollWindow
GetWindowRect
GetClientRect
ClientToScreen
CreateCaret
SetCaretPos
ShowCaret
ReleaseCapture
MsgWaitForMultipleObjects
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PostQuitMessage
GetCursorPos
GetCapture
SetCapture
GetForegroundWindow
GetParent
SystemParametersInfoA
SetWindowLongA
UpdateWindow
DestroyCaret
GetWindow
SetTimer
DestroyWindow
PeekMessageA
PeekMessageW
BeginPaint
EndPaint
SetCursor
GetFocus
DefWindowProcW
DefWindowProcA
SetFocus
MessageBeep
GetWindowPlacement
GetWindowLongA
AdjustWindowRectEx
GetKeyboardLayout
GetDC
ReleaseDC
InvalidateRect
MessageBoxA
CharNextA
SetWindowPos
GetSystemMetrics
UnregisterHotKey
RegisterHotKey
IsWindow
SetForegroundWindow
IsIconic
ShowWindow
GetKeyState
RegisterWindowMessageA
DestroyCursor
IsWindowUnicode
PostMessageA

gdi32

CreateRectRgnIndirect
PatBlt
GetClipBox
GetViewportOrgEx
SetBkColor
SetTextColor
CreatePatternBrush
SetWindowOrgEx
CreatePalette
LPtoDP
GetDeviceCaps
SetTextAlign
SetBkMode
CreateICA
GetNearestColor
GetStockObject
CreatePen
PolyPolygon
Polygon
Arc
Ellipse
ExtSelectClipRgn
RectVisible
LineTo
DeleteDC
PolyPolyline
Polyline
SetROP2
GetTextColor
GetBkColor
BitBlt
GetROP2
GetClipRgn
GetTextExtentPoint32W
SetDIBitsToDevice
CreateDIBSection
ExtTextOutW
GetCharWidthW
GetCharABCWidthsA
GetCharABCWidthsW
CreateFontIndirectA
EnumFontFamiliesA
GetKerningPairsA
GetTextMetricsA
CreateFontA
DeleteEnhMetaFile
GetEnhMetaFileHeader
SetEnhMetaFileBits
GetEnhMetaFileBits
PlayEnhMetaFile
CreateCompatibleBitmap
ExtCreateRegion
CreateCompatibleDC
SelectObject
CreateDCA
StretchDIBits
CreateRectRgn
SelectClipRgn
DeleteObject
SelectPalette
RealizePalette
GetCurrentObject
CreateBitmap
CreateSolidBrush
CreateDIBitmap
GetObjectA
MoveToEx
GdiFlush
GetDIBits

advapi32

RegCreateKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
GetUserNameA
RegQueryValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExW

shell32

SHFileOperationW
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathA

ole32

CoCreateGuid
DoDragDrop
ReleaseStgMedium
RevokeDragDrop
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
RegisterDragDrop

oleaut32

VarUI4FromStr

iphlpapi

GetAdaptersInfo

shlwapi

PathFileExistsW

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RenRenGame/rrbrowser.exe
.exe windows:4 windows x86 arch:x86

6d68de74cc187a501e0eb8d3c9dc4b86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:e9:4d:32:a3:a3:7a:25:2f:ba:7b:97:c9:23:f7:2e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

18/05/2012, 23:59

Subject

CN=beijing qianxianghulian kejifazhan youxiangongsi,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=beijing qianxianghulian kejifazhan youxiangongsi,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:c3:76:7a:98:0d:de:98:86:96:b0:31:b0:e6:58:7e:40:84:04:2e
Signer

Actual PE Digest

b8:c3:76:7a:98:0d:de:98:86:96:b0:31:b0:e6:58:7e:40:84:04:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\w\talk\bsm\lobby\rrbrowser.pdb

Imports

kernel32

lstrlenW
GetModuleFileNameA
GetCurrentThreadId
InterlockedDecrement
RaiseException
FlushInstructionCache
GetCurrentProcess
MulDiv
lstrcmpA
GlobalLock
GlobalAlloc
LoadLibraryA
SetLastError
GlobalUnlock
IsBadReadPtr
WriteFile
TerminateProcess
CloseHandle
CreateProcessW
GetModuleFileNameW
CreateFileW
GetTempPathW
CreateThread
SetUnhandledExceptionFilter
lstrcmpiA
GetProcAddress
WaitForSingleObject
LoadLibraryW
GetCurrentProcessId
ReleaseSemaphore
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoA
Sleep
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
SetEnvironmentVariableA
CreateDirectoryA
LoadLibraryExA
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
DeleteCriticalSection
LoadResource
GetLastError
LeaveCriticalSection
InterlockedIncrement
SizeofResource
lstrlenA
FreeLibrary
EnterCriticalSection
InitializeCriticalSection
GetTickCount
CreateSemaphoreA
FindResourceA

user32

RegisterWindowMessageA
SendMessageTimeoutA
GetClassInfoExA
GetWindowRect
IsChild
SetWindowTextA
ScreenToClient
DestroyWindow
SetWindowLongA
CallWindowProcA
DestroyAcceleratorTable
GetKeyState
CreateAcceleratorTableA
GetDlgItem
ReleaseCapture
EndPaint
SetCapture
UpdateWindow
ShowWindow
SetTimer
PostQuitMessage
GetWindow
GetDC
GetClientRect
GetFocus
UnregisterClassA
GetMessageA
DispatchMessageA
TranslateMessage
CharNextA
GetWindowTextA
GetParent
FillRect
LoadCursorA
RedrawWindow
SendMessageA
CreateWindowExA
GetDesktopWindow
InvalidateRect
GetSysColor
ClientToScreen
IsWindow
RegisterClassExA
FindWindowExA
SetWindowPos
GetWindowLongA
SetFocus
InvalidateRgn
GetWindowTextLengthA
PostMessageA
BeginPaint
DefWindowProcA
MoveWindow
GetClassNameA
ReleaseDC

gdi32

GetObjectA
SelectObject
GetStockObject
CreateCompatibleDC
DeleteDC
CreateCompatibleBitmap
CreateSolidBrush
BitBlt
DeleteObject
GetDeviceCaps

advapi32

RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegCloseKey
RegCreateKeyExA

shell32

SHGetFolderPathA

ole32

CreateStreamOnHGlobal
CLSIDFromString
OleLockRunning
StringFromGUID2
CLSIDFromProgID
CoGetClassObject
OleUninitialize
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoInitialize
OleInitialize

oleaut32

SysAllocString
VariantClear
SysAllocStringLen
SysStringLen
SysStringByteLen
LoadTypeLi
VariantInit
LoadRegTypeLi
SysFreeString
VarUI4FromStr
OleCreateFontIndirect
DispCallFunc

msvcp80

??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@PBD1@Z
?copy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPA_WII@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?destroy@?$allocator@D@std@@QAEXPAD@Z
?construct@?$allocator@D@std@@QAEXPADABD@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@1@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

msvcr80

??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
__CxxFrameHandler3
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
?terminate@@YAXXZ
memset
strchr
_set_purecall_handler
exit
_snwprintf_s
swprintf_s
_set_invalid_parameter_handler
getenv
_time64
wcsrchr
_i64toa
memmove_s
strncmp
strstr
_beginthreadex
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
calloc
_stricmp
sprintf_s
??_V@YAXPAX@Z
memcpy_s
free
_recalloc
_resetstkoflw
memcpy
??0bad_cast@std@@QAE@ABV01@@Z
malloc
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
_mbsnbcpy_s
atoi
??2@YAPAXI@Z
??3@YAXPAX@Z

wininet

InternetSetCookieA

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RenRenGame/update.exe
.exe windows:4 windows x86 arch:x86

2163b671b7a1ff6410ea0b5ebab33743

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\w\talk\bin\updater.pdb

Imports

comctl32

InitCommonControlsEx

ws2_32

ntohl

kernel32

WaitForSingleObject
GetProcAddress
OpenProcess
GetModuleHandleA
CopyFileW
CreateProcessW
FreeEnvironmentStringsW
CloseHandle
GetEnvironmentStringsW
GetLocaleInfoA
GetModuleFileNameW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
GetPrivateProfileStringW
GetModuleHandleW
CompareStringA
CompareStringW
HeapSize
RaiseException
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
HeapAlloc
DeleteFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetFileType
CreateFileA
CreateDirectoryA
ExitProcess
GetFileInformationByHandle
PeekNamedPipe
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesA
DeleteFileW
MultiByteToWideChar
ExitThread
GetCurrentThreadId
CreateThread
GetVersionExA
GetProcessHeap
GetStartupInfoW
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoA
SetFilePointer
GetFullPathNameA
GetCurrentDirectoryA
RtlUnwind
ReadFile
SetEndOfFile
SetStdHandle
GetModuleFileNameA
FlushFileBuffers
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LoadLibraryA
InitializeCriticalSection
CreateFileW
SetEnvironmentVariableA
SetFileAttributesA

user32

FindWindowA
GetWindowThreadProcessId
LoadIconW
GetWindowPlacement
OffsetRect
GetWindowTextW
SystemParametersInfoW
ReleaseDC
GetDlgItem
EndDialog
SendDlgItemMessageW
SetWindowPos
SetTimer
GetWindowRect
SendMessageW
DrawTextW
SetWindowTextW
DialogBoxParamW
CopyRect
GetClientRect
GetDC
GetDesktopWindow

gdi32

DeleteObject
SelectObject
CreateFontIndirectW

advapi32

DuplicateTokenEx
OpenProcessToken

shell32

ShellExecuteW

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RenRenGame/updater.ini

Sharing

General

Malware Config

Signatures

Files

e0854b64e474f143f3bd3746f1d6f6d5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

5c:e9:4d:32:a3:a3:7a:25:2f:ba:7b:97:c9:23:f7:2eCertificate

Extended Key Usages

Key Usages

4d:4b:7d:f2:72:c2:11:83:20:d9:c5:c4:bd:a7:36:9d:95:77:bd:6cSigner

Headers

File Characteristics

PDB Paths

Imports

wininet

comctl32

shlwapi

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 208KB - Virtual size: 207KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 96KB - Virtual size: 95KB

de949a69e6a9ca106638980672c632d7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

5c:e9:4d:32:a3:a3:7a:25:2f:ba:7b:97:c9:23:f7:2eCertificate

Extended Key Usages

Key Usages

b8:d3:3a:57:98:b0:0d:35:16:75:2e:c5:bd:cc:d4:73:0f:ed:41:38Signer

Headers

File Characteristics

PDB Paths

Imports

secur32

ws2_32

wininet

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

shlwapi

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 200KB - Virtual size: 273KB

.rsrc Size: 68KB - Virtual size: 67KB

6d68de74cc187a501e0eb8d3c9dc4b86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5c:e9:4d:32:a3:a3:7a:25:2f:ba:7b:97:c9:23:f7:2e
Certificate

4d:4b:7d:f2:72:c2:11:83:20:d9:c5:c4:bd:a7:36:9d:95:77:bd:6c
Signer

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 96KB - Virtual size: 95KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5c:e9:4d:32:a3:a3:7a:25:2f:ba:7b:97:c9:23:f7:2e
Certificate

b8:d3:3a:57:98:b0:0d:35:16:75:2e:c5:bd:cc:d4:73:0f:ed:41:38
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 200KB - Virtual size: 273KB

.rsrc
Size: 68KB - Virtual size: 67KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5c:e9:4d:32:a3:a3:7a:25:2f:ba:7b:97:c9:23:f7:2e
Certificate

b8:c3:76:7a:98:0d:de:98:86:96:b0:31:b0:e6:58:7e:40:84:04:2e
Signer

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 120KB - Virtual size: 116KB

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 92KB - Virtual size: 90KB