1239384b54f98af2590b4dc7aa099ed8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1239384b54f98af2590b4dc7aa099ed8_JaffaCakes118
Size

650KB
MD5

1239384b54f98af2590b4dc7aa099ed8
SHA1

c054d80e6dc34e49ac40841d4e12497e468d77de
SHA256

7c049b6312e039396a6c31266522b351825169db1108612cb16577e12ba48e98
SHA512

6881340c69f936366919508d139e7fd4efcdc1e13950e44706926b23083a8919a1719ea87738ec5671ea30325e2e9a82e76df3e009e96a6934ca30659e865188
SSDEEP

12288:u5hdwrP3CHScZQBhtWTT7FX24SY1JU4o7C4n:uxwrP3CH3QfQxX7SYuC4n

Score

1^/10

Malware Config

Signatures

Files

1239384b54f98af2590b4dc7aa099ed8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cafc3ad88ed0b372d44752fca382b840

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13-04-2015 00:00

Not After

12-04-2016 23:59

Subject

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:47:aa:22:07:37:4c:b2:3d:90:ea:af:c1:40:35:99:9d:ea:e1:2c
Signer

Actual PE Digest

25:47:aa:22:07:37:4c:b2:3d:90:ea:af:c1:40:35:99:9d:ea:e1:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ole32

HBITMAP_UserFree
SetDocumentBitStg
CLSIDFromProgIDEx

comdlg32

FindTextA
PrintDlgA
dwLBSubclass
GetOpenFileNameW

kernel32

DeleteTimerQueueEx
EnumDateFormatsExA
QueryPerformanceCounter
CallNamedPipeW
GetModuleHandleExW
HeapUnlock
GlobalMemoryStatusEx
WinExec
GetAtomNameA
GetCommMask
CreateFileMappingA
RtlUnwind
VerifyVersionInfoW
EndUpdateResourceA
ReadFileScatter
FindResourceExW
LocalAlloc
GetNumberFormatW
QueryMemoryResourceNotification
EraseTape
GetConsoleCursorMode
RegisterWowExec
WriteConsoleOutputAttribute
GlobalHandle
MapViewOfFile
WaitCommEvent
GetCPInfoExW
OpenFileMappingW
VerLanguageNameA
EnumSystemCodePagesA
RemoveDirectoryA
GetDiskFreeSpaceW
CancelDeviceWakeupRequest
PrivCopyFileExW
GlobalMemoryStatus
SetThreadContext
ConvertDefaultLocale
GetStartupInfoA
GetStringTypeExW
ReadConsoleA
GetProfileIntW
CompareStringW
CreateJobSet
DeleteFileA
ReadConsoleOutputA
RtlCaptureStackBackTrace
SetFileTime
MulDiv
LZClose
GetComputerNameA
SignalObjectAndWait
CreateFileA
BuildCommDCBAndTimeoutsW
DeleteFileW
InitAtomTable
WaitForMultipleObjects
Heap32First
GetCommState
lstrcmp
EnumResourceLanguagesA
GetNumberOfConsoleFonts
FindActCtxSectionStringW
AddRefActCtx
OpenJobObjectW
GetExpandedNameA
FindFirstChangeNotificationW
EnumSystemLanguageGroupsW
FindVolumeMountPointClose
MapUserPhysicalPages
AddAtomA
CreateNamedPipeA
CopyFileA
BeginUpdateResourceW
CreateActCtxA
FlushConsoleInputBuffer
WriteConsoleOutputA
CreateEventW
TlsGetValue
FindFirstVolumeMountPointW
LocalCompact
GetConsoleKeyboardLayoutNameA
CreateDirectoryExA
OpenEventA
SetThreadUILanguage
TlsFree
IsDBCSLeadByteEx
EnumResourceNamesA
FatalAppExitA
SearchPathW
SetStdHandle
PrivMoveFileIdentityW
FatalAppExitW
UnlockFileEx
TransactNamedPipe
GetPrivateProfileStringA
CreateActCtxW
SetThreadExecutionState
ReplaceFile
GlobalAddAtomA
GetDiskFreeSpaceExW
TlsSetValue
PeekConsoleInputW
GetConsoleTitleA
CreateThread
SetUserGeoID
MoveFileW
GetProcessVersion
GetDateFormatA
LCMapStringA
GetPrivateProfileStructA
SetCriticalSectionSpinCount
SetInformationJobObject
RemoveVectoredExceptionHandler
lstrlenW
CompareStringA
GetGeoInfoA
DisconnectNamedPipe
GetThreadTimes
CloseHandle
GetConsoleMode
IsBadReadPtr
ExpandEnvironmentStringsA
PulseEvent
LocalFree
GetCurrentThread
GetVersion
LoadLibraryExA
VirtualUnlock
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

oleaut32

SafeArrayGetRecordInfo
VarBoolFromCy
VarUI1FromR8
GetVarConversionLocaleSetting
VarI1FromI2
SafeArrayGetUBound

shell32

RealShellExecuteW
SHGetPathFromIDListW

advapi32

LookupPrivilegeDisplayNameW

gdi32

GetRgnBox
GdiPrinterThunk
SetPixelFormat
GetStretchBltMode
EngGradientFill

wtsapi32

WTSSendMessageA
WTSWaitSystemEvent
WTSEnumerateSessionsW
WTSSendMessageW

Exports

Exports

t�먺��.��Oߡ��0M�yDD��_��,p~��%�kXg��mjUM�I=j��)��~��p�=gI��<%@@ �R RǬ��f�xuE�q��<��(��eT<�z�/��Z^^��ZT�#3�� hb獣8E��2��Y�^v��D�'��s��J莙�O�hz2��(\�-��ʑ� �'�U�P%G.�8�u�e�{bǐ�dV3��[�lD��4��~�)Lp��#�6 �"�byl�>̼j`�7�ί��u*n� uRpj�L�MN��(n�_j�[��)8GT��pX[�&~� ��|W砌��&s�;_�dݭ��?G�� zN>�N��U{�L��z[�x[��oG�� ^F�CY,Ⱦ�i�@�ƴ�p��z&Qq�m�?� eé5��&�c�q��[��4��_�� #��3H'��+tWOC��"�b8��}:�'"��iH0=�&�� S��7��(��P!O�3aR|��r�*� �>{��M�-��+uvB��$J�1c��8��XWRjoYu|�ƍ��2$��ŝ+��i��&#,�F��/k*(��2��M��\�J;!�� k�)��:D]��.��hTXONI��'��uP�2��5C�.%/Ӟ�� H֪��hICVU�>g߮��{��UG"�6<��H�v��<��c�w0��2�C��(�'N�@�G��[��(� �~�D��]� n<�E��]z�&,k�۰�=|�I��0��J�*&�7?�t�;0 Ad�OQ{��F��a�!�8��/��8WV�V�9��V'��@��T�.c�l ��锪&�r�3 ��[{f쎲QZt�3�5ɽH��^�''�� LT�8��*K�m�%��Ҿ�Tc�5��K[�i�}y��5,�~��Ԛ�� /��l#�,��x<0��V�?w�I�u��!A�G��`,[ �X�f�H�݂�z=� ��"�j��7g�p��b��o�7�ybW~��[�'��v�H�X�)d�S��.�*��">��-��րQy��e�5��|G�C-`s�)�"��d��8L�x�(��3��qD��V��r4�U��K��B�u*��Ҏo0��E�Ifv� �fWU"M��q��X�SR#��`�e��U-vplޥ|�fF��g|:x�Py��)]�΅�nK�w+��Ǽd�:r�Oqḉ�n�dsb�9��3�m uP��93^W��gn>��ր��!��%3��R�'f��"�� X�~b�i\�5�$5�X�;`ޕ�8a��k��GۅP[��|�Q��Iq��\$�\��\��9�t%��7�]kʸ$ �Qr��tP��S��{m�Ċ��C��4��י4Z�Ɗh�,�+��. L��c��I�!<%gr}_�b�\�4��̻*Uʄ��S�0�#w ��*%އr��plx�H�:cu�ѓ��s�4��Ǆ��X&F��G�?8�H�g��6�Y��0NH%W̕HY��D��@�T��}m��j�:k<��d��`~�.��i�1�tE͞Ȩס�^H�^��X�<��Y�d�f�`XIR��7�ȶO�m��Y�X Y�M�]�ׯ~V��ԖμZ��r��-=cr��"��nͅF��,��|BX�*��@�aN�4�7��p��(tC�6��!+��fQW��S��;Փ�xiw �T0w�O��d �]B�4��gmEV²�<��l��4�Xy��Kv(��'��%ף4��CI�q�_�U��v��Y[�NU�v��t�\s��%9��wI��X��3�n�j�P1�x�㒥�Xf��@��g�Oe�� ᐯ[�v;~�9l��'��r��C�"��$@|3;�&�Vs��(�;�Ўl"��q}&�E^ �c�Ww}7:0� &�£P��d�`̰p�^�n �eό]T+ h��8 ��BO�֬XHn�%��$��7Ɓ�f� �l:DI�l7C�9��'.=́z�gyM_�n�. �PFV��W��a�� 6&\Ш�C�.�+(��Ǽ��O�QN��Ӧ}��V�i˜�>�S�)�.��e'��-\��l!�/��K^�X"��ᵉ�� *4Jć0A�Օ�U��P#K`��ԁ��W�5O�̫A��|!"�o�F�,j}OQ�;2�=�",�֍�k��BŬ��)-�P��n��?�T��v��k�NYͼ�&+�.�xAP��W��,�š��U�Il�<��4V��϶KEs��^�Z2F|�,޽TBJ`7L�/R ��0�^X��D 1Q�Ju�{lvÌ��V2�$�UL��~��EE#�On~:�ت� h�4;~t��'!�/cIt�c��i�Nc��E��K�&�J�pK҇`��W��Wڃvx;�̟w�l�!3d��1�i��m��T��5�ّM��}A�cI3��tk��am�D��߀�Қw}$W�e<n��d��g}��R�`:(�<�\��r�_(�=u��껀uWL�U�-ԸR�ͼ��,��w�u��jن%�9�(D��kfa��=vo?Sx\>��Tf�)J�,��WHJ��eը�JUL��ac5+sR��?�u0��hr��0�q[�6%Mp��d��~ٶXZ�"�/��`��5Ӌ��bw�`0S1Ewt��$o��no߇ϵR�li9)g��nV�,*��m��s�ʒ[�C?�\ܬaj-��>��&6�[Y�H"��|��`Da�J�m�Ua�I��v<@�A��k��h�%ϴn��V� wh�q��,u; � 0uH�6n�_y��lF=��p6��,�(�[��y��I

Sections

CODE
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cafc3ad88ed0b372d44752fca382b840

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:eaCertificate

Extended Key Usages

Key Usages

25:47:aa:22:07:37:4c:b2:3d:90:ea:af:c1:40:35:99:9d:ea:e1:2cSigner

Headers

File Characteristics

Imports

ole32

comdlg32

kernel32

oleaut32

shell32

advapi32

gdi32

wtsapi32

Exports

Exports

Sections

CODE Size: 440KB - Virtual size: 440KB

DATA Size: 10KB - Virtual size: 9KB

BSS Size: - Virtual size: 1KB

.idata Size: 9KB - Virtual size: 8KB

.text0 Size: 17KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 71KB - Virtual size: 70KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 89KB - Virtual size: 89KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

25:47:aa:22:07:37:4c:b2:3d:90:ea:af:c1:40:35:99:9d:ea:e1:2c
Signer

CODE
Size: 440KB - Virtual size: 440KB

DATA
Size: 10KB - Virtual size: 9KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 9KB - Virtual size: 8KB

.text0
Size: 17KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 71KB - Virtual size: 70KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 89KB - Virtual size: 89KB