145ec37d81a521348d196d409e44723e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

145ec37d81a521348d196d409e44723e_JaffaCakes118
Size

604KB
MD5

145ec37d81a521348d196d409e44723e
SHA1

60a68513fb9797d7a2b0b9989a093848ee79bc8c
SHA256

afff0ba756bd0d811cb196f10a48e6566b0d492f91a658c5a686067f96431964
SHA512

19ccc3cae3883e061b0fbf7e20a20eb9c9ca1e087bc4d42e29e1abb1169f9accbcea514a099016ac983b9cb7d52d38eaefbc46e9bb4bbb2680b1d33259f2a8c0
SSDEEP

12288:iTg4TPiK+1IS8MkcqfQRE9rXwfZY/BwTDKlI/cQ/4M66C:iTg4LfCBkcqjwfZYpwTDKlI/csy

Score

1^/10

Malware Config

Signatures

Files

145ec37d81a521348d196d409e44723e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50204e196d0e253e09ec8471a1e9ed69

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/04/2015, 00:00

Not After

28/04/2016, 23:59

Subject

CN=RTPK,O=RTPK,POSTALCODE=214000,STREET=UL. KONENKOVA\, 4\, 68,L=SMOLENSK,ST=SMOLENSK REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e6:c8:33:2f:20:b3:78:a6:c4:11:55:88:b1:a3:00:b8:d8:66:cd:c9
Signer

Actual PE Digest

e6:c8:33:2f:20:b3:78:a6:c4:11:55:88:b1:a3:00:b8:d8:66:cd:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

SetUserObjectInformationW
PrivateExtractIconExW
IsCharAlphaW
SendInput
GetWindowTextLengthW
ToAscii
SetMenuInfo
SetSystemMenu
GetMenuItemInfoA
CharUpperBuffW
IsDlgButtonChecked
GetNextDlgTabItem
GetScrollPos
GetSystemMetrics
EnableWindow
GetWindowRgn
IsCharUpperW
DlgDirSelectExA
DialogBoxParamW
SetClassLongW
IsIconic
LoadIconA
SendMessageCallbackA
PostThreadMessageA
SendMessageTimeoutW
PostMessageA
OffsetRect
IsMenu
GetScrollRange
GetKeyboardLayoutNameA
UnregisterDeviceNotification
UnregisterHotKey
SetWindowTextA
CheckMenuRadioItem
SetForegroundWindow
DialogBoxIndirectParamW
SetLayeredWindowAttributes
CharLowerBuffW
ChangeMenuW
PrivateExtractIconsA
GetIconInfo
EnumPropsA
FrameRect
SystemParametersInfoW
GetWindowPlacement
GetLastActivePopup
LoadKeyboardLayoutA
EndTask
WaitForInputIdle
GetDC
CreateMDIWindowA
GetClassInfoA
DrawAnimatedRects
GetWindow
UnlockWindowStation
MessageBoxExW
FindWindowW
SetLastErrorEx
GetMenuBarInfo
GetWindowWord
EndDialog
SetDoubleClickTime
IsCharLowerW
RegisterHotKey
SetMenuDefaultItem
RegisterClipboardFormatA
SetWindowWord
GetWindowTextA
SetCaretPos
SetCaretBlinkTime
PeekMessageA

kernel32

GetProcessVersion
TransmitCommChar
DisableThreadLibraryCalls
AddVectoredExceptionHandler
GetUserGeoID
EnumResourceLanguagesA
SetVolumeLabelW
CreateHardLinkA
ResetWriteWatch
ReplaceFileA
GetPrivateProfileSectionW
WriteProfileSectionW
SystemTimeToTzSpecificLocalTime
IsProcessorFeaturePresent
LZStart
GetCommModemStatus
ReplaceFileW
GetVolumePathNameW
GetCalendarInfoA
UpdateResourceA
ClearCommBreak
GetDiskFreeSpaceExA
GetModuleHandleExA
SetCriticalSectionSpinCount
GetPrivateProfileStringW
EnumSystemLanguageGroupsA
WriteFileEx
WaitForSingleObject
HeapLock
IsValidLocale
GetFileSize
MoveFileExA
MoveFileWithProgressA
GetDefaultCommConfigW
LZCreateFileW
ActivateActCtx
SetVolumeMountPointA
CancelWaitableTimer
VerifyVersionInfoW
RtlMoveMemory
FindResourceA
DefineDosDeviceA
CopyFileW
MoveFileW
IsWow64Process
GetConsoleWindow
EnumCalendarInfoA
EnumCalendarInfoExW
FindAtomW
ReplaceFile
SuspendThread
MapViewOfFile
SetEndOfFile
CreateFileMappingW
RequestDeviceWakeup
Heap32ListFirst
SetComPlusPackageInstallStatus
ExpandEnvironmentStringsA
ConnectNamedPipe
ScrollConsoleScreenBufferA
VirtualQueryEx
SetCommMask
GetCurrentProcessId
DeleteVolumeMountPointA
GetUserDefaultUILanguage
GlobalAddAtomA
LocalFileTimeToFileTime
GetGeoInfoW
FreeUserPhysicalPages
GetACP
SetThreadAffinityMask
lstrcpynA
FindVolumeMountPointClose
SetLastConsoleEventActive
GetNamedPipeHandleStateW
GetTapePosition
GetLastError
ConvertDefaultLocale
GetProcessHeap
GetVersion
WriteConsoleOutputW
MoveFileExA
VirtualQuery
LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

GetOpenFileNameW
LoadAlterBitmap
GetFileTitleW

oleaut32

VarI4FromUI4
SafeArrayCreateEx
SafeArrayGetUBound
RevokeActiveObject

gdi32

GdiReleaseDC
CreateScalableFontResourceW

comctl32

GetMUILanguage

Exports

Exports

��R��Q��"�'3hϗ]�$y��%F�"��`��#��aߨ��E�]��B:P� �a�w�!U�ɠs"��Uz��no6��'?��e��5V��oW��s��-�!�L@mD�$9ș(��γ&vm�K��@�h��a�D]#�n��GE�6c4��::�Y�1xj��t�81$�;fP��S��+�{w��a�?�a�W�ۺ��L]�{��ǎ��hg�dOk�?b v��}��g��F�q'V+��4G#V#-�ͅ��s� ��Y0,�#}yP�CPA,�9sD�2�2w��X�:c��N��l>bL�r��tE��b��5�4�*G�d(��d��v��سs5�3��h6NH�p'5�$Qz�(��>�b�j3!^J��1�Q�c�?�~�[�f#�:��47�բ�?iܘ�\��7��}$Ҥ�I�^��(�=~�$5��F��ၷC�̇ޒ��u-��N��c�Mɹ�ҴH��8��% Kz��E��*TqÂ�� ÿ1W�.M{�1��V�R(��ʊGx�\�t�0u ��ً �+˗�ඐ(��զ�ӈ�5��)��L0N�k��Hc��TE��>��s�6�yQ��l�� V��(.�gR��<#�I�h��N�߬�$�h�t��!5�@%"Ff炭��f��Z|J<��c��<��6�]/�"�U��{�5v3t�{"W��\��Q<�'�re��?,Q��n<�3W��.F��V>�`Lp��b�COx�%�_�汼��=yiǣA��L��q|�9��<�(4��f�$��*[efϖ;k��f{?ZO� �Ȃ��o�s}��̤�� m��t^|��`��`B�\��l� � p�X� G}$��(�x��\G�MKs/��A>��8�R�7��8��t�� u��vtg��p�b�5(��6��zwb5�p�;W�Z�̀��o��yK�-��cQ��S��D`�AmG��A-�c)#ڿ�VL�R�#~f��.�$2�j4��W,YG%ܑ�A�]R�d9��Bb��&�-g?��'�/ �m�8��v�&p��S��DM��G�ղ#��R�)��=6��1��.�p=��oU��Ƥ-�P ��]�M >En��߯�hxvfc?_m��YJP5Uز7�j,��e��w|�C�_)��6��(Y9��'�:�{!�b�9�� &S��wגٓE�lr�l��T�c^=-��?� ��f�) ��[8��+[4$�؝x��P��ӧ۞�@�� O9�W<8��oB��+�p��3�2N��t�*��#_��srk)��n ��_ V}V��B�6��A-d)V8)�Ҡ�QX0b�"�J 3��gcL�4��]C��mx�Hf�5P��p$L�u��3�"��Hʕ�%p��]�Ju`@a;�,P�~��b!,��řC�� _mNN��47�� |��YV5�z~/ ��K �[�l�ě�9�2�\��%C�MYQW��x� ��q�g� o��cCm7�o�['��r�~솾Ag� ��4 ��'Z��ە�XJ�]�{k��e��YmT��򅋊荫=ka�_��|50�#�`7/��>��ˑ͐�T��Cq߲� �Bhw��c��z��`�H_Pg�QIe�7:��~P��o��t��Aեȡ� ]ߊ��h_JT��l��Jaߝ��1�N�a Xu6�E��I5#�Py8p-��k0��k��L�F�� z��1��+8�<7�h��ArS��A��9-hg�3em��;��P�jϴNf��p�7�\��x�/K`I\�a|;�"�RJ�;��Ÿ��Z��GY�DE2a(#ڥ1��"|N�VΈ+�X��H�L��Qia?)�d'�Fk��:�\�o'��-�BQ4�y��C�/��e��,�$x�{9-�$��i�,PmA��ДT��v'��W(��1F<�)�/��5'��k�{��k�>��@��=�0��-"��X*��5"&��)+�=�t�\��(8G\3u�Ex�H��j'��At�>=J�[0��~I�X#��y�< W��p��m�A��k($�F��oh��L $T��:~��'#G=A�t�p��6 �k}��.��ɉ[B<��C3�Hd��Wj��.��n ) z��!a l��4�0~g�q��I$�]�Y�Ԟ��lR��T'`�A�tp��o3.�5�Ԡ̈c�a�T��騭��S�Uz�+{1;�!��+�� Ħ߳��/9��-ZR��ٕ�B4EC��&_�-/��a븣E[��ʿ� X��k�>�v�u�}��L��P}�� G(L��>��75h�$aakm�R�;��z�#34��a� �N!*� Bt�?�:R�/ack��Q~#��7�l�?,n��ொ^��"<��F�́��/��0�2�j�t��@�?�nJI��8��'N�^g��H�1��-��)+�K Z�f��+��5��G�)D�u8��?��#�'jF.{�6�ԫ�,d� ש�� :$��5��I��xRHU��M&�v(\�8+��-��+��8��[�}�� @e��U��ФM�_W��)"Ը��0��smS�ŏ O��/(��>��C��<)��m(�b�_�.+jZű��5�1��Ŋ�c_S܆�V��~��W�U��R��>��f9�PrA+|n��N�#�v]�L��)�z݂K(��$,�o�M��,A۸AXj1�/�יzi,��T��N៝CԚ�j��N�R��:4�cþ��=�)e,�<y7g#�k�kWUn[�ڑ;A`

Sections

CODE
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50204e196d0e253e09ec8471a1e9ed69

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:deCertificate

Extended Key Usages

Key Usages

e6:c8:33:2f:20:b3:78:a6:c4:11:55:88:b1:a3:00:b8:d8:66:cd:c9Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

gdi32

comctl32

Exports

Exports

Sections

CODE Size: 438KB - Virtual size: 438KB

DATA Size: 20KB - Virtual size: 19KB

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.text0 Size: 15KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 59KB - Virtual size: 59KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

e6:c8:33:2f:20:b3:78:a6:c4:11:55:88:b1:a3:00:b8:d8:66:cd:c9
Signer

CODE
Size: 438KB - Virtual size: 438KB

DATA
Size: 20KB - Virtual size: 19KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.text0
Size: 15KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 59KB - Virtual size: 59KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB