07be0219a6152498447bc8ea17d24947_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

07be0219a6152498447bc8ea17d24947_JaffaCakes118
Size

318KB
MD5

07be0219a6152498447bc8ea17d24947
SHA1

c701a2dfa9ce2010ec3b0c07b6b4938e0709f930
SHA256

11ff9a2fa4594ebad071a73a317c0cccbd14bf2ef48987d1d6553760d7c62a1a
SHA512

aeb176dd378eedfefdecd578d3445645479df29276fa777bf8132790a692c1f4edbd22ba99c4dcc71f161339bc05e48058965efffc9af27ae2f987297b319964
SSDEEP

3072:qqGSSJH3543InnnnnWOyjWeLLU7NLTi/zoxn8UfN11gvsTlvFB18L7ymzm95gGjJ:W03eH71P82N11DxdT8L7yshfN+lDP97R

Score

1^/10

Malware Config

Signatures

Files

07be0219a6152498447bc8ea17d24947_JaffaCakes118
.exe windows:4 windows x86 arch:x86

44adc69a25271dc40ef73c3730bde0f6

Code Sign

12:a7:a4:98:01:69:6d:40:66:b1:e8:e6:ca:2a:3e:89
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07-11-2014 00:00

Not After

07-11-2015 23:59

Subject

CN=Consortium Group ltd.,O=Consortium Group ltd.,POSTALCODE=00152,STREET=CORNER OF GR.MARLBOROUGH UN GR.GEORGE STR. ROSEAU\,DOMINICA\, 00152+STREET=3RD FLOOR\, C&h TOWERS,L=ROSEAU,ST=ROSEAU,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

63:ee:21:84:03:e8:4a:52:4a:75:19:54:8f:e4:e5:3f:3e:63:5d:05
Signer

Actual PE Digest

63:ee:21:84:03:e8:4a:52:4a:75:19:54:8f:e4:e5:3f:3e:63:5d:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
InterlockedDecrement
FreeLibrary
FindResourceA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
CreateEventA
CompareStringA
CreateFileMappingA
DeleteFileW
CreateDirectoryW
GetUserDefaultLangID
SetStdHandle
SetFilePointer
LCMapStringW
LCMapStringA
GetStringTypeW
SetCurrentDirectoryW
MultiByteToWideChar
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
HeapAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetStartupInfoA
GetModuleHandleA
ReadFile
GetCommandLineW
GetModuleHandleW
VirtualAlloc
ExitProcess
GetCommandLineA
WriteFile
GetVersion
GetProcAddress
GetVersionExA
GetLastError
TlsGetValue
SetErrorMode
QueryPerformanceCounter
CloseHandle
CreateThread
CreateFileA
GetTempPathW
GetStringTypeA
FlushFileBuffers

user32

MessageBoxA
CreateWindowExA
LoadStringA
GetSystemMetrics
GetWindowThreadProcessId
GetKeyboardType
GetScrollPos
PtInRect
RemovePropA
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
GetWindowPlacement
GetWindowRect
GetWindowTextA
CharNextA
IntersectRect
IsWindowEnabled
IsWindowVisible
IsZoomed
WindowFromPoint
GetCapture
GetClassInfoA
GetClassNameA
GetSystemMenu
GetWindowLongA
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
CharNextW
RegisterClassExA

gdi32

SetAbortProc
DeleteMetaFile
GetLogColorSpaceW
Rectangle
SetDIBColorTable
GetClipBox
TextOutW
OffsetWindowOrgEx
SetBkMode
SetBkColor
SelectPalette
DeleteEnhMetaFile
CreateFontIndirectA
ExcludeClipRect
DeleteObject
CreatePen
CreatePenIndirect
SetBrushOrgEx

comdlg32

ChooseFontA
GetSaveFileNameA
FindTextW
ReplaceTextW
GetOpenFileNameA

advapi32

RegCloseKey
RegCreateKeyExA
AllocateAndInitializeSid

shell32

ShellExecuteA
StrStrIA

ole32

CoTaskMemAlloc

oleaut32

VariantInit
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
VarRound

Sections

.text
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44adc69a25271dc40ef73c3730bde0f6

Code Sign

12:a7:a4:98:01:69:6d:40:66:b1:e8:e6:ca:2a:3e:89Certificate

Extended Key Usages

Key Usages

63:ee:21:84:03:e8:4a:52:4a:75:19:54:8f:e4:e5:3f:3e:63:5d:05Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 264KB - Virtual size: 261KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 28KB - Virtual size: 24KB

12:a7:a4:98:01:69:6d:40:66:b1:e8:e6:ca:2a:3e:89
Certificate

63:ee:21:84:03:e8:4a:52:4a:75:19:54:8f:e4:e5:3f:3e:63:5d:05
Signer

.text
Size: 264KB - Virtual size: 261KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 28KB - Virtual size: 24KB