3d385a043ddfd99f3ace8b257cdb605d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3d385a043ddfd99f3ace8b257cdb605d_JaffaCakes118
Size

5.6MB
MD5

3d385a043ddfd99f3ace8b257cdb605d
SHA1

0e2bb05c92ef53e33c9518b5dc88d8c31d852ba7
SHA256

9e4e27726644f9c55726843a554cbecb792e1aec81aa01fc731ac1c7d088796d
SHA512

a63ffdd4f5945602432216189a100eff25f9a04e4b4ed91cef441de26c53d1a04f22ab8b10041ed0999019003afbbc9e6f6acc53c00927050443313fa72f8db5
SSDEEP

98304:YFMfyHc47Uorfs2wDulM7DvuYE915qNOjZuHOjVFZDOZAs1warcAsXos:YdtQyfs2aWM7il15qqZuHORFxOZIaroV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Launcher.exe

Files

3d385a043ddfd99f3ace8b257cdb605d_JaffaCakes118
.zip
Launcher.exe
.exe windows:4 windows x86 arch:x86

af22b1de44200557e11a97e89f5d490d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\MercurialWorks\RappelzUnifiedLauncher\release\UnifiedLauncher.pdb

Imports

wininet

FtpOpenFileA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
HttpQueryInfoA
InternetQueryDataAvailable
InternetCanonicalizeUrlA
HttpOpenRequestA
InternetReadFile
InternetOpenA

kernel32

InterlockedIncrement
GlobalFlags
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetDriveTypeA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetStartupInfoA
ExitThread
CreateThread
RtlUnwind
HeapSize
GetStdHandle
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
MulDiv
GetModuleFileNameW
RaiseException
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FileTimeToSystemTime
GetThreadLocale
GlobalAddAtomA
FreeResource
GetCurrentProcessId
SetLastError
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapFree
GetCurrentDirectoryA
LocalFree
WriteFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
CreateFileMappingA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
Sleep
GetTickCount
GetVersion
lstrlenA
InterlockedExchange
CompareStringW
CompareStringA
GetCurrentThreadId
MoveFileA
GlobalUnlock
DeleteFileA
GlobalFree
GlobalLock
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
GetFileAttributesA
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
CloseHandle
ReadFile
CreateFileA
InterlockedDecrement
OutputDebugStringA
GetModuleFileNameA
WideCharToMultiByte
GetPrivateProfileIntA
GetVersionExA
WaitForSingleObject
GetLastError
CreateDirectoryA
CopyFileA
FindResourceA
GetCommandLineA
FormatMessageA
LoadResource
WritePrivateProfileStringA
SetFileAttributesA
LockResource
SizeofResource
CreateMutexA
VirtualProtect

user32

MapDialogRect
SetWindowContextHelpId
UnregisterClassA
RegisterClipboardFormatA
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetForegroundWindow
CharNextA
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetWindowTextA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
DestroyMenu
GetWindowThreadProcessId
GetParent
ReleaseCapture
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
CharUpperA
SetWindowsHookExA
GetKeyState
KillTimer
UnhookWindowsHookEx
GetCursorPos
GetActiveWindow
PostMessageA
GetWindowRect
EnableWindow
GetClientRect
SendMessageA
MessageBoxA
IsIconic
GetSystemMetrics
SetTimer
LoadIconA
PostQuitMessage
RegisterClassA
RegisterWindowMessageA

gdi32

ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
SetViewportExtEx
GetDeviceCaps
SetWindowExtEx
CreateRectRgnIndirect
GetRgnBox
GetBkColor
GetTextColor
GetMapMode
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA
ShellExecuteExA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SafeArrayGetDim
OleCreateFontIndirect
LoadRegTypeLi
DispCallFunc
SysAllocStringByteLen
SafeArrayGetElemsize
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysFreeString
VariantClear
VariantChangeType
VariantInit

ws2_32

inet_ntoa
send
select
recv
connect
socket
closesocket
ntohs
htons
__WSAFDIsSet
gethostbyname
inet_addr

Sections

.text
Size: 364KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ReadMe.txt
SFrame.exe
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cb:f2:71:65:73:d8:32:0c:45:23:e4:55:08:08:37
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25-08-2010 00:00

Not After

24-08-2012 23:59

Subject

CN=Gala Lab,OU=Tech Support Headquarters,O=Gala Lab,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:03:cf:ed:52:5d:08:39:c6:43:ad:2e:0e:72:12:8d:23:89:00:b3
Signer

Actual PE Digest

6c:03:cf:ed:52:5d:08:39:c6:43:ad:2e:0e:72:12:8d:23:89:00:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 3.8MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 976KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tbesaejz
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

guwrofip
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af22b1de44200557e11a97e89f5d490d

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 364KB - Virtual size: 361KB

.rdata Size: 88KB - Virtual size: 86KB

.data Size: 16KB - Virtual size: 28KB

.tls Size: 4KB - Virtual size: 289B

.rsrc Size: 292KB - Virtual size: 291KB

baa93d47220682c04d92f7797d9224ce

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

69:cb:f2:71:65:73:d8:32:0c:45:23:e4:55:08:08:37Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

6c:03:cf:ed:52:5d:08:39:c6:43:ad:2e:0e:72:12:8d:23:89:00:b3Signer

Headers

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 3.8MB - Virtual size: 9.1MB

.rsrc Size: 312KB - Virtual size: 684KB

.idata Size: 4KB - Virtual size: 4KB

Size: 4KB - Virtual size: 976KB

tbesaejz Size: 1.4MB - Virtual size: 1.4MB

guwrofip Size: 4KB - Virtual size: 4KB

.text
Size: 364KB - Virtual size: 361KB

.rdata
Size: 88KB - Virtual size: 86KB

.data
Size: 16KB - Virtual size: 28KB

.tls
Size: 4KB - Virtual size: 289B

.rsrc
Size: 292KB - Virtual size: 291KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

69:cb:f2:71:65:73:d8:32:0c:45:23:e4:55:08:08:37
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

6c:03:cf:ed:52:5d:08:39:c6:43:ad:2e:0e:72:12:8d:23:89:00:b3
Signer

.rsrc
Size: 312KB - Virtual size: 684KB

.idata
Size: 4KB - Virtual size: 4KB

tbesaejz
Size: 1.4MB - Virtual size: 1.4MB

guwrofip
Size: 4KB - Virtual size: 4KB