04925814b36032b2175b3ceffa9e261f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04925814b36032b2175b3ceffa9e261f_JaffaCakes118
Size

151KB
MD5

04925814b36032b2175b3ceffa9e261f
SHA1

3e5697aed6b75dca4c6da65f3f56974608deb15c
SHA256

62fd4fe0ee08a0434e50a5288095894dc0a4dddbc08330e0f865d9569c066c6c
SHA512

d4b6a8775c0e21c9a8ab51e69e455ad883dedf18fd98fe8a881f035621ac56ecacdcb2489c155afc46c3dd276fa41c30617c83d5daa0a1ca31c02d8d58279548
SSDEEP

3072:wXgsNlXgicI5no/3609w9+MuEUzhwOor7h1B8Z4MHbW:AXgiz5nU3bbJE/OoDQm

Score

1^/10

Malware Config

Signatures

Files

04925814b36032b2175b3ceffa9e261f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

afffbd7f3151cb03c8621ea727f59cf8

Code Sign

5e:a1:e7:af:b0:a0:3b:e4:6a:ba:b7:4f:00:ad:34:ea
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/05/2011, 00:00

Not After

24/02/2013, 23:59

Subject

CN=Creative Software & Services N.V.,O=Creative Software & Services N.V.,L=Curacao,ST=Curacao,C=AN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:90:e6:92:0f:b5:fd:5a:7a:f6:c9:bb:9a:3b:71:65:2a:9b:2b:e5
Signer

Actual PE Digest

a2:90:e6:92:0f:b5:fd:5a:7a:f6:c9:bb:9a:3b:71:65:2a:9b:2b:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kingsbury

?drawTextTarget@CoreEngine@@MAEXHHHHHPBDW4TextAlign@1@H@Z
?drawMessageTarget@CoreEngine@@MAAXHHHHHHPBDW4TextAlign@1@ZZ
?FadeSound@CoreEngine@@MAEXHMH@Z
?deleteSurface@CoreEngine@@MAEXH@Z
?setSpritePaused@CoreEngine@@MAEXH_N@Z
?getMousePosition@CoreEngine@@MAEXPAM0@Z
?drawTargetFx@CoreEngine@@MAEXHHHMMMMM@Z
?drawArray4V@CoreEngine@@MAEXHHHHHHHHHH@Z
?drawArrayFx@CoreEngine@@MAEXHHHHMMMMM@Z
?isFullScreen@CoreEngine@@MAE_NXZ
?fullScreen@CoreEngine@@MAEX_N@Z
?drawArraySegment@CoreEngine@@MAEXHHHHHHHHH@Z
?drawMessage@CoreEngine@@MAAXHHHHHPBDW4TextAlign@1@ZZ
?drawText@CoreEngine@@MAEXHHHHHPBDW4TextAlign@1@@Z
?animateSprite@CoreEngine@@MAEXHHHHH@Z
?stopSound@CoreEngine@@MAEXHH@Z
?playSound@CoreEngine@@MAEXHHH@Z
?elapsedTime@CoreEngine@@MAEKXZ
?soundStatus@CoreEngine@@MAEHH@Z
?spriteStatus@CoreEngine@@MAEHH@Z
?errorTrap@CoreEngine@@MAEXPBD@Z
?processRegionWheel@CoreEngine@@MAEXHH@Z
?processRegionHover@CoreEngine@@MAEXHW4RegionState@1@@Z
?processRegion@CoreEngine@@MAEXHW4MouseButton@1@@Z
?processButtonHover@CoreEngine@@MAEXHW4RegionState@1@@Z
?processButton@CoreEngine@@MAEXHW4MouseButton@1@@Z
?getFPS@CoreEngine@@UAEHXZ
?getTimerValue@CoreEngine@@UAEKH@Z
?resetTimer@CoreEngine@@UAEXH@Z
?addTimer@CoreEngine@@UAEXH@Z
?addFont@CoreEngine@@UAEXPAD@Z
?addSound@CoreEngine@@UAEXPAD@Z
?addGraphicArray@CoreEngine@@UAEXPBD@Z
?addSprite@CoreEngine@@UAEXPBD@Z
?drawArray@CoreEngine@@MAEXHHHHHHHHH@Z
?getStringWidth@CoreEngine@@MAANHPBDW4TextAlign@1@ZZ
?isButtonVisible@CoreEngine@@UAE_NH@Z
?setRegionEnabled@CoreEngine@@UAEXH_N@Z
?setButtonEnabled@CoreEngine@@UAEXH_N@Z
?setButtonVisible@CoreEngine@@UAEXH_N@Z
?addRegion@CoreEngine@@UAEXPBD@Z
?addButton@CoreEngine@@UAEXPBD@Z
?setBackground@CoreEngine@@UAEXPBD@Z
??1CoreEngine@@UAE@XZ
??0CoreEngine@@QAE@HPBD0PAPBD11111_N2HHH@Z
??4XMLNode@@QAEAAU0@ABU0@@Z
??1XMLNode@@QAE@XZ
??0XMLNode@@QAE@ABU0@@Z
?drawArrayFx@HaafEngine@@QAEXHHHHMMMMMHHH@Z
?drawSegment@HaafEngine@@QAEXHHHHHHHH@Z
?startDraw@HaafEngine@@QAEX_N@Z
?drawButtonsOff@HaafEngine@@QAEXHH@Z
?CashierBalance@HaafEngine@@QAE_NXZ
?HaafCloseFiles@HaafEngine@@QAEXXZ
?cashier@HaafEngine@@QAEX_NH@Z
?onlineSupport@HaafEngine@@QAEX_NH@Z
?gameHistory@HaafEngine@@QAEX_NH@Z
?getStringWidthTxt@HaafEngine@@QAENHPADW4TextAlign@CoreEngine@@@Z
?OnTask@GamePlay@@EAE_NXZ
??1GamePlay@@UAE@XZ
??0GamePlay@@QAE@XZ
?OnTask@CThread@@UAE_NPAX@Z
?OnTask@CThread@@UAE_NXZ
?process@GamePlay@@QAEXHPAEW4Mode@1@@Z
?isConnected@GamePlay@@QAE_NXZ
?Engine_Log@CoreEngine@@MAAXPBDZZ
?getKey@CoreEngine@@MAEHXZ
?isButtonEnabled@CoreEngine@@UAE_NH@Z
?getKeyState@CoreEngine@@MAE_NH@Z
?getButtonState@CoreEngine@@MAEHH@Z
?getMessage@CoreEngine@@MAEPBDPBD@Z
?textMessageBox@CoreEngine@@MAEHPBD0@Z
?messageBox@CoreEngine@@MAAHPBD0ZZ
?run@CoreEngine@@MAEXXZ
?startDraw@CoreEngine@@MAEXXZ
?drawAnimations@CoreEngine@@MAEXXZ
?drawButtons@CoreEngine@@MAEXXZ
?endDraw@CoreEngine@@MAEXXZ
?saveSetting@CoreEngine@@MAEXPBD00@Z
?getSetting@CoreEngine@@MAEPBDPBD00@Z
?createSurface@CoreEngine@@MAEHHH@Z
?clearSurface@CoreEngine@@MAEXH@Z
?drawSurface@CoreEngine@@MAEXHHHHHHH@Z
?drawSurface@CoreEngine@@MAEXHHH@Z
?restoreTargets@CoreEngine@@MAEXXZ
??0HaafEngine@@QAE@HPBD0PAPBD11111_N2HHH2@Z
??1HaafEngine@@UAE@XZ
?setBackground@HaafEngine@@UAEXPBD@Z
?addButton@HaafEngine@@UAEXPBD@Z
?addRegion@HaafEngine@@UAEXPBD@Z
?setButtonVisible@HaafEngine@@UAEXH_N@Z
?setButtonEnabled@HaafEngine@@UAEXH_N@Z
?setRegionEnabled@HaafEngine@@UAEXH_N@Z
?isButtonVisible@HaafEngine@@UAE_NH@Z
?isButtonEnabled@HaafEngine@@UAE_NH@Z
?isRegionEnabled@HaafEngine@@UAE_NH@Z
?addSprite@HaafEngine@@UAEXPBD@Z
?addGraphicArray@HaafEngine@@UAEXPBD@Z
?addTimer@HaafEngine@@UAEXH@Z
?resetTimer@HaafEngine@@UAEXH@Z
?getTimerValue@HaafEngine@@UAEKH@Z
?getFPS@HaafEngine@@UAEHXZ
?errorTrap@HaafEngine@@UAEXPBD@Z
?render@HaafEngine@@UAEXXZ
?processButton@HaafEngine@@MAEXHW4MouseButton@CoreEngine@@@Z
?processButtonHover@HaafEngine@@MAEXHW4RegionState@CoreEngine@@@Z
?processRegion@HaafEngine@@MAEXHW4MouseButton@CoreEngine@@@Z
?processRegionHover@HaafEngine@@MAEXHW4RegionState@CoreEngine@@@Z
?processRegionWheel@HaafEngine@@MAEXHH@Z
?spriteStatus@HaafEngine@@UAEHH@Z
?soundStatus@HaafEngine@@UAEHH@Z
?elapsedTime@HaafEngine@@UAEKXZ
?playSound@HaafEngine@@UAEXHHH@Z
?stopSound@HaafEngine@@UAEXHH@Z
?animateSprite@HaafEngine@@UAEXHHHHH@Z
?drawText@HaafEngine@@UAEXHHHHHPBDW4TextAlign@CoreEngine@@@Z
?drawMessage@HaafEngine@@UAAXHHHHHPBDW4TextAlign@CoreEngine@@ZZ
?drawArraySegment@HaafEngine@@UAEXHHHHHHHHH@Z
?fullScreen@HaafEngine@@UAEX_N@Z
?isFullScreen@HaafEngine@@UAE_NXZ
?drawArray4V@HaafEngine@@UAEXHHHHHHHHHH@Z
?drawTargetFx@HaafEngine@@UAEXHHHMMMMM@Z
?getMousePosition@HaafEngine@@UAEXPAM0@Z
?setSpritePaused@HaafEngine@@UAEXH_N@Z
?deleteSurface@HaafEngine@@UAEXH@Z
?FadeSound@HaafEngine@@UAEXHMH@Z
?drawMessageTarget@HaafEngine@@UAAXHHHHHHPBDW4TextAlign@CoreEngine@@ZZ
?drawTextTarget@HaafEngine@@UAEXHHHHHPBDW4TextAlign@CoreEngine@@H@Z
?getStringWidth@HaafEngine@@UAANHPBDW4TextAlign@CoreEngine@@ZZ
?getKeyState@HaafEngine@@UAE_NH@Z
?drawArray@HaafEngine@@UAEXHHHHHHHHH@Z
?getKey@HaafEngine@@UAEHXZ
?getButtonState@HaafEngine@@UAEHH@Z
?Engine_Log@HaafEngine@@UAAXPBDZZ
?getMessage@HaafEngine@@UAEPBDPBD@Z
?textMessageBox@HaafEngine@@UAEHPBD0@Z
?messageBox@HaafEngine@@UAAHPBD0ZZ
?drawAnimations@HaafEngine@@UAEXXZ
?drawButtons@HaafEngine@@UAEXXZ
?endDraw@HaafEngine@@UAEXXZ
?saveSetting@HaafEngine@@UAEXPBD00@Z
?getSetting@HaafEngine@@UAEPBDPBD00@Z
?createSurface@HaafEngine@@UAEHHH@Z
?clearSurface@HaafEngine@@UAEXH@Z
?drawSurface@HaafEngine@@UAEXHHHHHHH@Z
?drawSurface@HaafEngine@@UAEXHHH@Z
?isRegionEnabled@CoreEngine@@UAE_NH@Z
?restoreTargets@HaafEngine@@UAEXXZ

kernel32

GetCurrentThreadId
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep

user32

MessageBoxA

msvcp90

?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z

msvcr90

_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
??2@YAPAXI@Z
memset
_time64
atoi
atof
exit
??3@YAXPAX@Z
sprintf
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_invoke_watson
_controlfp_s
getenv
__CxxFrameHandler3
_exit
memcpy
floor

Exports

Exports

??0CThread@@QAE@ABV0@@Z
??0CoreEngine@@QAE@ABV0@@Z
??0GamePlay@@QAE@ABV0@@Z
??0HaafEngine@@QAE@ABV0@@Z
??0ToXMLStringTool@@QAE@XZ
??0XMLNode@@QAE@XZ
??0XMLParserBase64Tool@@QAE@XZ
??4CEventClass@@QAEAAV0@ABV0@@Z
??4CMutexClass@@QAEAAV0@ABV0@@Z
??4CThread@@QAEAAV0@ABV0@@Z
??4CoreEngine@@QAEAAV0@ABV0@@Z
??4GamePlay@@QAEAAV0@ABV0@@Z
??4HaafEngine@@QAEAAV0@ABV0@@Z
??4ToXMLStringTool@@QAEAAU0@ABU0@@Z
??4XMLParserBase64Tool@@QAEAAU0@ABU0@@Z
??_7CThread@@6B@
??_7CoreEngine@@6B@
??_7GamePlay@@6B@
??_7HaafEngine@@6B@
??_FCoreEngine@@QAEXXZ
??_FHaafEngine@@QAEXXZ
?GetErrorFlags@CThread@@QAEKXZ
?GetId@CThread@@QAEXPAK@Z
?ThreadId@CThread@@SAKXZ
?ThreadIdsEqual@CThread@@SA_NPAK0@Z
?processKeyPress@HaafEngine@@MAEXHH@Z
?redrawSuraces@HaafEngine@@MAEXXZ
?run@HaafEngine@@MAEXXZ
?start@HaafEngine@@QAEXXZ

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afffbd7f3151cb03c8621ea727f59cf8

Code Sign

5e:a1:e7:af:b0:a0:3b:e4:6a:ba:b7:4f:00:ad:34:eaCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

a2:90:e6:92:0f:b5:fd:5a:7a:f6:c9:bb:9a:3b:71:65:2a:9b:2b:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kingsbury

kernel32

user32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 30KB - Virtual size: 40KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 13KB - Virtual size: 12KB

5e:a1:e7:af:b0:a0:3b:e4:6a:ba:b7:4f:00:ad:34:ea
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

a2:90:e6:92:0f:b5:fd:5a:7a:f6:c9:bb:9a:3b:71:65:2a:9b:2b:e5
Signer

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 30KB - Virtual size: 40KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 13KB - Virtual size: 12KB