197d69943ef7b2abb583dc882a9331ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

197d69943ef7b2abb583dc882a9331ed_JaffaCakes118
Size

3.1MB
MD5

197d69943ef7b2abb583dc882a9331ed
SHA1

50414131656b46c93ff96a685af42ee6d6a4255f
SHA256

d1090bb7386e98846f6775ed4e768cd18cda06e6dbd190a0e1d2643e2241fb0a
SHA512

4800ce94b276ec36edf3c6d33003f3fdcdca3573a068b7294eaece8a2bdcd6ccc2f2f4d59756308c225eeeca9f00bb836c37550d9f408b02f3881071322c08ec
SSDEEP

49152:DelD1PM1ByuOiTL5EzTfbSXPuFsIP4MEGz4VGbjDIDCqod0d+Bt6xRSVWO:DaD10PJ2AueHMEGkVGHcN1EkYVWO

Score

1^/10

Malware Config

Signatures

Files

197d69943ef7b2abb583dc882a9331ed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6b9322fe3181a355c350b9c74cba5865

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/02/2009, 00:00

Not After

15/02/2010, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tencent,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

80:62:b9:a1:10:ca:6d:2c:7a:56:13:59:7f:63:ef:63:83:3c:6d:9a
Signer

Actual PE Digest

80:62:b9:a1:10:ca:6d:2c:7a:56:13:59:7f:63:ef:63:83:3c:6d:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DNF\Launcher_China\China_Release\NeopleLauncher.pdb

Imports

ws2_32

sendto
recvfrom
WSAResetEvent
WSAGetLastError
WSACloseEvent
htonl
ntohs
select
closesocket
inet_addr
WSACleanup
htons
WSAStartup
gethostbyname
inet_ntoa
socket
setsockopt
connect
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recv
gethostname
bind
ioctlsocket
send

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

kernel32

WaitForSingleObject
DeleteFileA
IsDBCSLeadByte
OutputDebugStringA
GetModuleFileNameA
OpenProcess
GetTickCount
WriteFile
CreateFileA
SetCurrentDirectoryA
GlobalFree
GlobalAlloc
MultiByteToWideChar
WideCharToMultiByte
ReleaseSemaphore
GetDiskFreeSpaceExA
CreateSemaphoreA
GetProcAddress
lstrlenA
WritePrivateProfileStringA
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetVersionExA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
HeapSize
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
VirtualAlloc
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCPInfo
GetPrivateProfileStringA
LCMapStringA
SetEnvironmentVariableA
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetCommandLineA
MoveFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
RemoveDirectoryA
GetSystemTimeAsFileTime
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
SetFilePointer
SetLastError
SetThreadPriority
ResumeThread
LeaveCriticalSection
EnterCriticalSection
CreateMutexA
GetLastError
CloseHandle
RaiseException
DeleteCriticalSection
InitializeCriticalSection
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
CreateThread
Sleep
TerminateThread
GetModuleHandleA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeLibrary
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
WaitForMultipleObjects
GetFullPathNameA
CreateProcessA
GetFileSize
ReadFile
CompareStringA
CompareStringW
GetStringTypeA
GetCurrentThreadId
GetWindowsDirectoryA
GetFileAttributesA
SetFileAttributesA
CopyFileA
GetCurrentDirectoryA
GetStringTypeW
GetLocaleInfoA
LCMapStringW
LocalAlloc
VirtualFree

user32

ReleaseCapture
SetCapture
SystemParametersInfoA
EndDialog
MessageBoxA
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA
TranslateMessage
DispatchMessageA
PeekMessageA
PostQuitMessage
SetWindowLongA
GetWindowLongA
GetMessageA
DestroyWindow
EndPaint
BeginPaint
UpdateWindow
ShowWindow
SetWindowTextA
CreateDialogParamA
DefWindowProcA
CheckRadioButton
SetPropA
RemovePropA
FillRect
TrackMouseEvent
GetPropA
GetDesktopWindow
ClientToScreen
GetWindowRect
GetWindowTextA
CallWindowProcA
DrawTextA
LoadBitmapA
GetParent
SetWindowPos
GetClassInfoExA
SetWindowRgn
IsWindow
TranslateAcceleratorA
SetTimer
LoadIconA
RegisterClassExA
SetCursor
GetSystemMetrics
SendMessageA
GetClientRect
GetDC
ReleaseDC
SetRect
PostMessageA
GetDlgItem
MoveWindow
LoadCursorA
CreateWindowExA
InvalidateRect

gdi32

CreateICA
ExtCreateRegion
CreateSolidBrush
CreateFontA
SetTextColor
CreateRectRgn
DeleteObject
SetBkMode
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
DeleteDC
GetDIBits

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
CoFreeLibrary
CoCreateInstance
CoUninitialize
CoLoadLibrary
OleCreate
OleSetContainedObject
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

shlwapi

PathIsDirectoryA

msimg32

TransparentBlt

bugtrap

BT_SetLogSizeInEntries
BT_GetLogFileName
BT_ClearLog
BT_AppLogEntry
BT_AddLogFile
BT_OpenLogFile
BT_SetAppName
BT_SetFlags
BT_SetActivityType
BT_CallCppFilter
BT_CloseLogFile
BT_SetLogFlags
BT_InstallSehFilter
BT_SetSupportServer

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b9322fe3181a355c350b9c74cba5865

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20Certificate

Extended Key Usages

Key Usages

80:62:b9:a1:10:ca:6d:2c:7a:56:13:59:7f:63:ef:63:83:3c:6d:9aSigner

Headers

File Characteristics

PDB Paths

Imports

ws2_32

wininet

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

bugtrap

version

Sections

.text Size: 528KB - Virtual size: 527KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 15KB - Virtual size: 25KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

80:62:b9:a1:10:ca:6d:2c:7a:56:13:59:7f:63:ef:63:83:3c:6d:9a
Signer

.text
Size: 528KB - Virtual size: 527KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 15KB - Virtual size: 25KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB