0534b4681f36a812026794a9076c7c48_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0534b4681f36a812026794a9076c7c48_JaffaCakes118
Size

597KB
MD5

0534b4681f36a812026794a9076c7c48
SHA1

19307be7a82121a1e5de6667530ebabdfadabe16
SHA256

178be013b0efc52b62310e978e98259b537cf68d0bb69e974998eec6c8374680
SHA512

48047c2e2c232895447affe019d91ee4cf6c9d754d0fab67e2167678dda3e7182bb3bd42ceadcf1611d8a7ac2435529e20031e54f22bbe9c95c30701bbf3066f
SSDEEP

12288:J8MH1DywY+gPgkUxLOEzZmh3peNU72gBgzg+bSbduPg:KMH1DywY+gPgkUTUb2gBgzg+bSbdKg

Score

1^/10

Malware Config

Signatures

Files

0534b4681f36a812026794a9076c7c48_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9196a5ecf27dbb993684494f81361bed

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/04/2015, 00:00

Not After

12/04/2016, 23:59

Subject

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:c6:f3:63:41:4d:10:6f:0a:e6:39:cc:38:1c:3e:53:a0:cc:0c:a6
Signer

Actual PE Digest

33:c6:f3:63:41:4d:10:6f:0a:e6:39:cc:38:1c:3e:53:a0:cc:0c:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

CloseWindowStation
TileWindows
GetDlgItemTextW
BeginPaint
RegisterWindowMessageW
SendDlgItemMessageA
GetListBoxInfo
DefWindowProcA
SetCaretBlinkTime
GetMenuItemID
DefWindowProcW
RegisterWindowMessageA
ChangeDisplaySettingsW
SetMenuItemInfoA
SetUserObjectInformationA
CloseClipboard
IsWindow
MenuWindowProcA
UnhookWindowsHook
EditWndProc
HideCaret
ShowScrollBar
CharUpperW
RemoveMenu
MessageBoxExW
GetClassLongW
SetScrollRange
FindWindowW
SetCursor
DestroyIcon
GetMenuContextHelpId
CopyAcceleratorTableW
CharUpperA
DrawIconEx
DrawFrame
SendMessageTimeoutA
MessageBoxExA
SetCursorPos
FlashWindow
DlgDirListA
TabbedTextOutW
TranslateAcceleratorW
LoadCursorW
WinHelpW
GetShellWindow
GetClipboardViewer
CopyImage
SendMessageW
IsWindowEnabled
GetClassNameW
GetDesktopWindow
LoadAcceleratorsW
SetDlgItemInt
RegisterClassW
MessageBoxA
ChangeDisplaySettingsA
EnableMenuItem
MessageBoxIndirectA
OpenClipboard
CallMsgFilterW
GetKeyState
ArrangeIconicWindows
GetClipCursor
WaitMessage
BringWindowToTop
GetClassInfoExA
GetCursorPos
GetMenuInfo
CopyAcceleratorTableA
SetClassLongA
ToAsciiEx
ShowCursor
RemovePropW
SetSysColors
DrawFocusRect
EnumDisplaySettingsW
GetMenuState
DestroyMenu
SetMenuItemBitmaps
CreateDialogParamW
CreateDialogIndirectParamA
SetProcessWindowStation
FindWindowExA
SetWindowsHookA
ChildWindowFromPoint
GetActiveWindow
FrameRect
InflateRect
ShowWindow
OemToCharBuffA
GetCaretPos
GetInputState
GetWindowTextW
CharPrevA
MapDialogRect
SetWindowsHookW
SendMessageCallbackW
GetTabbedTextExtentW
GetWindowTextLengthA
SetMessageExtraInfo
MessageBoxTimeoutW
AppendMenuA
OemToCharBuffW
DefDlgProcW
ShowOwnedPopups
PostMessageW
GetScrollInfo
CreatePopupMenu
GetClassWord
GetKeyNameTextW
GetProgmanWindow
GetFocus
CharLowerBuffA
GetWindowLongA
MonitorFromPoint
LoadStringW
GetDialogBaseUnits
ChildWindowFromPointEx
OpenInputDesktop
EndTask
SetWindowPlacement
RegisterDeviceNotificationA
GetMenuDefaultItem
LockWorkStation
RegisterClassA
CreateAcceleratorTableA
OemKeyScan
GetPropA
UnlockWindowStation
GetClassInfoA
CharPrevW
RegisterClipboardFormatA
CharToOemBuffW
GetNextDlgGroupItem
MoveWindow
IsZoomed
GetMenuItemRect
FindWindowA
GrayStringA
AllowForegroundActivation
GetComboBoxInfo
IsDlgButtonChecked
RedrawWindow
InvalidateRect
OpenDesktopW
CharUpperBuffW
DialogBoxIndirectParamW
RegisterHotKey
RegisterDeviceNotificationW
SetDlgItemTextW
RealGetWindowClassW
WinHelpA
DialogBoxIndirectParamA
EnumDesktopWindows
OpenWindowStationW
SetClassLongW
ChangeDisplaySettingsExA
DeleteMenu
SetKeyboardState
GetClientRect
LoadIconA
SetWindowRgn
GetWindowWord
DrawFrameControl
CopyIcon
GetClipboardOwner
TranslateMessage
SetWindowWord
SetMenuContextHelpId
IsHungAppWindow
GetShellWindow

kernel32

MoveFileWithProgressW
SetStdHandle
GetCommConfig
WaitNamedPipeW
GlobalGetAtomNameA
CancelWaitableTimer
CloseHandle
EnumSystemLocalesW
IsBadStringPtrW
GetPrivateProfileSectionW
OutputDebugStringA
UpdateResourceW
CreateFileMappingW
GetSystemInfo
InterlockedIncrement
OpenWaitableTimerA
ExitThread
GetProcessShutdownParameters
GetModuleHandleExW
GetCurrentThreadId
WriteProfileStringA
SetComputerNameA
VirtualUnlock
SetLastConsoleEventActive
GetProfileStringA
WriteProfileStringW
GetModuleFileNameW
GetConsoleCursorInfo
GetCPInfoExW
GetConsoleProcessList
FileTimeToLocalFileTime
CancelIo
LeaveCriticalSection
GetDiskFreeSpaceExA
BuildCommDCBW
SetEvent
CreateEventA
CreatePipe
CopyFileExA
GetDefaultCommConfigW
IsBadWritePtr
WritePrivateProfileStringW
UnlockFile
GetExpandedNameA
ReadConsoleInputA
WriteConsoleInputW
UnmapViewOfFile
SetEndOfFile
SetFilePointer
GetProcessVersion
GlobalMemoryStatusEx
GetPrivateProfileStructA
QueryDosDeviceA
SetVolumeMountPointW
GetDiskFreeSpaceW
InitializeCriticalSection
UpdateResourceA
GetComPlusPackageInstallStatus
CreateJobObjectA
FindActCtxSectionStringA
SetDefaultCommConfigW
EnumResourceNamesA
ScrollConsoleScreenBufferA
PulseEvent
CreateJobSet
GetStringTypeExW
GetConsoleCharType
SetSystemTime
UnregisterWaitEx
EnumTimeFormatsA
ReadConsoleOutputA
GetGeoInfoA
CreateNamedPipeA
CreateFileW
DisconnectNamedPipe
EnumDateFormatsA
ReadConsoleA
GetBinaryTypeA
SetEnvironmentVariableW
GetCurrentDirectoryA
CreateSemaphoreW
GetConsoleFontInfo
GlobalUnfix
GetCurrentProcess
GetCurrentProcess
GetVersion
LoadLibraryA
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

OleDestroyMenuDescriptor
ReadClassStm
IsAccelerator
CoDisconnectObject
CoInstall

winspool.drv

AdvancedDocumentPropertiesA
DEVICECAPABILITIES
OpenPrinterA
DevQueryPrint
SetPrinterDataW
AddPrintProcessorW
ConfigurePortA
EnumJobsA

wtsapi32

WTSVirtualChannelPurgeInput
WTSCloseServer
WTSVirtualChannelQuery
WTSSetUserConfigW

Exports

Exports

^U0��N�8��g`mQ��+��s�kf��]�X��ӗ�E��N��\Eg��Q��!��A��/U/��h��ߦV5.[��{��ŵ��:c�i��R��n��5�Z��Fw�_+��#|��s�-<]�P�j�vC@�y�p�^�7B��uc��s\c�:�Mw��֚�虑$�^Տ��,DKjFS-��M@ �&^~[�U�^�Eb~E��_� K؝,s��/ S�?��ܳ� 5p�yu2�Ӽ�A!,[vIt��أc3C�%y�꽞�Mn��G *d�ڀ��/L�(��!��^u�b��4�D^��D�'Ǐa��nW��e�c��Q<�l<к��M(��l��Yi�U+�� pm0a#@�2�[2�E�o»��i)�#mz��X�bqe ��򚩮1�B�DϚ4Q^��6�\h��g9��ٴ�x��S��lV�O�N��ޅ�Z��ރX�_L��u}�K:�<�TŸ}��z8j��H��>��D�Rp�X��ϵ򉩳ն� �t�E��R&��vH�y��N�� ah�O��ܲ�f��-�_Z�<�[i�DY�O�oå�swU˱fJ��X�0�0�G��'о�nr=L�j�-��h�cٿ��&��G׵=��?p�~�;�� 'PgB��y��Z/�Gh�� t�?P23}��M.�� >�7[�z��)��b%�n܃��'I��у�G�%esJ�aL]1�8��xw6L*��c��/�"u�9��荍㴻I�`-fEx��@mN'O��2��,af`�U�_�r�{^�F��W��cxqt�K�@��b��[�p3l@)��'aw ��5%��n׏B�r�h�!%'r��z��p!]�-�Hm��~�@k�-��!�U9.ٰ��>q#j�� G6��u��}9�� u3!AdU�ăwN�ŽH��%��_#�{ǭs��]3!��?��o� �'��L�"܂0z;��Х�.��KY��J�%/��3��K�챉 N˘tGq��q��:A&�,�XRE �!5+��Q� �(Fo[8�y<��a�G��g%W*��]|8��[�Ёŗ7��1�p� ��u��9,�j��P�J Dn�߃��^ˈqEk��y��ߡ,�aփ�s��I��ỽ]��iVG�8p��W��z��Fǻ�J��D t9��sxc"��pC�[��Z5 O�/�ܚ�]*�L�/R#i�P��1�jԽ��񟓎"qŽ��>n\��ȿ5d/�.��40�_�r��|�m��5&L��v6I��`⟹��G;q6��#)�(��WA ��?��4��K��bB��d�G`$�-��[��ݛ�R2��Ṍ�m�r��'��0$5w5�;Q�� l��|S�3�|�{��6��|[>�Z�#�=��}3�.Zn�? #H�Jw��#5 ��!9��쓯}�qrd��`��f)۞�2�:]��Ӽѝ2��i�p�*�Y�a��g�HE�l��\��%͆C��̏o:��޷��L �œ�)��ZYįsX��g��=Vj�P��j3��Q�=��;KP5�*�o�<o4�)��e8�\:�4s!J�16V�,FÀg��i�I�e�}y?��ؗqN�j��~�[��B/Óz��=��ìW;z��u�'��(��w\Im��L:��Y� &Ҩձ�k�e�kB��5j�ݭ��s�n5{��k�Q�=+�b��i_�.�L��Ҭ�!��)u<�|5A��E�nߏ\�c��0��V��vt�z�ň�� @z�OJ(��$_��>R�n�s$kc]��ሒ�$p��"�lp��96A��?��]8��9�6��-�6RKȉX�kd�hd&��-W�?]�H��>�|�yF��wf�� R�Β��h}��P~^��u2��s ��.`��*��q�s�R $�L��w"@qx(j��V�H&�^��c�'5�\0��6�T�� ^䡵N�r ��⼣eD�J��"p��˜8�"�Z|j�n�7 �?��"{��JjoI4&��V��R��n��4�iT�Ҵ��g�o�`��>&�u/�^|� ��7�û5�S-�d0�k�/�V]�&}��n�ߌZT� �� d��%P�k�=f�U��*Z�b�b�U}q9��T��Q�f�{��"!��hܐ��g�X\��X��^��o��t�)�\��%"�KU�gt�m�)\v�8��Ϯ�X�K��r��:/;�(Q�ol��J��įeV�� ͆h��kv'�b�r6��d�r�m��Lre��s��輁)�0��]�K��gm(̵��ۚQ�'˰��s7eEJ��.�D�Zmi�XX-@��0!�3�RY]�]0v�.^��x��L��It��Һ��K��O��g8��j]��'�E��`) P'h_�J�*��I��d,�*��Y;ތ�K�O��a�<��3p@��%^��`#�Jf��(`+�u�;+*?E.R��3�/��^6��;�-�0W�q�Ԛ� ��q��L`5�2�Z�f�>g�\��h��n�zCn��)�t�9�lu�|�?�Հ��6*�sν3f5*��m.[5�2u�e�tҷ ��,Bݳܥ �,��t��WB c}x� �OY�� ;�ş�0&0ъ�a�%l��n{��ѩ5E��h�`��H��Z�m��*��zk�� ob3��R<�d\ FI� ��)�wt?R�J�p>�~��\�9��,�k�H<�_�lv�KқJ��Z�Ӌ `�-�J��{��>X��`{�H��r��TȡM��t�zaq��c�x6��

Sections

CODE
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 768B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9196a5ecf27dbb993684494f81361bed

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:eaCertificate

Extended Key Usages

Key Usages

33:c6:f3:63:41:4d:10:6f:0a:e6:39:cc:38:1c:3e:53:a0:cc:0c:a6Signer

Headers

File Characteristics

Imports

user32

kernel32

ole32

winspool.drv

wtsapi32

Exports

Exports

Sections

CODE Size: 437KB - Virtual size: 436KB

DATA Size: 24KB - Virtual size: 24KB

BSS Size: - Virtual size: 768B

.idata Size: 6KB - Virtual size: 6KB

.text0 Size: 17KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 64KB - Virtual size: 64KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 35KB - Virtual size: 34KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

33:c6:f3:63:41:4d:10:6f:0a:e6:39:cc:38:1c:3e:53:a0:cc:0c:a6
Signer

CODE
Size: 437KB - Virtual size: 436KB

DATA
Size: 24KB - Virtual size: 24KB

BSS
Size: - Virtual size: 768B

.idata
Size: 6KB - Virtual size: 6KB

.text0
Size: 17KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 64KB - Virtual size: 64KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 35KB - Virtual size: 34KB