fea5a788faaf267094dd0c6154f2cf15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fea5a788faaf267094dd0c6154f2cf15_JaffaCakes118
Size

563KB
MD5

fea5a788faaf267094dd0c6154f2cf15
SHA1

b6aec35650719322fc176dc9b815ed5d033de543
SHA256

0679ffda32b0cd5d90989adfa47dc4a94f3f80405603ca1eafd4f844a8ea4e85
SHA512

b32883a9c7dd67fa43ef2408807faac050815e688813aab455b77578bbf7b98569c7bfa3da72d89d37368851edb9b4de761fd66dc85b4ddef24409d4cb663297
SSDEEP

6144:GvGOFUHzB7JZTO7cGtmWcLCbYxjguRbRq8LER0u+GIIIIIIIhIIIIIIIIIIIIIIk:KGOFUTB1bxjcm5

Score

1^/10

Malware Config

Signatures

Files

fea5a788faaf267094dd0c6154f2cf15_JaffaCakes118
.exe windows:5 windows x64 arch:x64

881c04a434bcf10e9343eb48dd126ce7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2012, 00:00

Not After

23/11/2015, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:bf:f5:a3:43:15:10:c7:9c:2f:6c:0c:34:7c:da:e2:61:cd:20:86
Signer

Actual PE Digest

1a:bf:f5:a3:43:15:10:c7:9c:2f:6c:0c:34:7c:da:e2:61:cd:20:86

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\buildslave\steam_rel_client_win64\build\src\steamerrorreporter\win64\Release\steamerrorreporter64.pdb

Imports

kernel32

VirtualQuery
HeapAlloc
GetProcessHeap
GetCurrentThreadId
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
Sleep
CloseHandle
GetTickCount
CreateEventA
GetModuleFileNameW
OutputDebugStringW
SetEnvironmentVariableA
HeapFree
WriteConsoleW
ReadConsoleW
SetStdHandle
GetStringTypeW
LoadLibraryExW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeZoneInformation
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
ReadFile
WriteFile
DuplicateHandle
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseMutex
CreateMutexW
CreateEventW
GetCurrentProcess
GetCurrentProcessId
UnregisterWaitEx
RegisterWaitForSingleObject
UnregisterWait
GetProcessTimes
OpenProcess
GetSystemTimeAsFileTime
ReadProcessMemory
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemTime
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
FindClose
GetFileTime
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetCommandLineA
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc

tier0_s64

?ClaimArrayMemory@CValidator@@QEAAXPEAX@Z
??1CThreadMutex@@QEAA@XZ
??0CThreadMutex@@QEAA@XZ
g_dwDllEntryThreadId
g_pMemAllocSteam
WriteMiniDump
AssertMsgImplementation
Plat_IsInDebugSession
Plat_ExitProcess
?Push@CValidator@@QEAAXPEBDPEAX0@Z
?Pop@CValidator@@QEAAXXZ

vstdlib_s64

V_snprintf
V_vsnwprintf
V_strncat
V_UTF8ToUTF16
V_UTF16ToUTF8
V_StripTrailingSlash
V_StripLastDir
V_FixSlashes
V_strncpy
V_MakeAbsolutePath
V_FixDoubleSlashes

psapi

GetModuleBaseNameW
EnumProcessModules

wininet

HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetOptionW
InternetQueryDataAvailable
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

5j
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

881c04a434bcf10e9343eb48dd126ce7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1a:bf:f5:a3:43:15:10:c7:9c:2f:6c:0c:34:7c:da:e2:61:cd:20:86Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

tier0_s64

vstdlib_s64

psapi

wininet

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 17KB - Virtual size: 27KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 295KB - Virtual size: 294KB

5j Size: 3KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1a:bf:f5:a3:43:15:10:c7:9c:2f:6c:0c:34:7c:da:e2:61:cd:20:86
Signer

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 17KB - Virtual size: 27KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 295KB - Virtual size: 294KB

5j
Size: 3KB - Virtual size: 2KB