147ccc4ce13dfb78e06d41000c134445_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

147ccc4ce13dfb78e06d41000c134445_JaffaCakes118
Size

148KB
MD5

147ccc4ce13dfb78e06d41000c134445
SHA1

288a34a2772320089bffc421347a272408a85a39
SHA256

2816173a9c7a019b1e173c796eeffd6fb3c881c2fb4eb4635ad2720d3858a008
SHA512

3c9765a40f03478a4943c489ea631f9a1658cce106df8736472ecf041b38463e235861e5d43da3c9bef92ba29a3e4965344ff36226b8926757d63106c6013900
SSDEEP

3072:ytk3bG2NHilNOYMIaXBRBfxKJQ6KZZvsiHJFXnyPtRS9WJy:+KbG2AlN9iRBfxKJQ/ZlzXny3k

Score

1^/10

Malware Config

Signatures

Files

147ccc4ce13dfb78e06d41000c134445_JaffaCakes118
.exe windows:4 windows x86 arch:x86

01d799e4dafc9157059b39538a147928

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:67:1b:9c:9c:88:b9:69:99:d2:12:24:77:66:a5:d4:04
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/12/2013, 17:49

Not After

01/03/2017, 12:33

Subject

CN=Biz Secure Labs Pvt. Ltd.,O=Biz Secure Labs Pvt. Ltd.,L=Pune,ST=Maharashfra,C=IN,1.2.840.113549.1.9.1=#0c1a737570706f727440696e646961616e746976697275732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

66:0a:a4:71:40:ea:45:c8:a7:2d:64:36:14:9f:92:79:b5:9a:05:82
Signer

Actual PE Digest

66:0a:a4:71:40:ea:45:c8:a7:2d:64:36:14:9f:92:79:b5:9a:05:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionA
PathFileExistsA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

psapi

GetProcessImageFileNameA

advapi32

RegCreateKeyA
LookupAccountNameA
GetFileSecurityA
GetSecurityDescriptorDacl
GetAclInformation
AddAce
GetAce
RegCloseKey
RegQueryValueExA
RegOpenKeyA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
DuplicateTokenEx
CreateProcessAsUserA
RegSetValueExA
RegSetValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService
QueryServiceStatus
ControlService
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
StartServiceA
SetFileSecurityA
EqualSid

kernel32

LocalFree
WriteFile
GetStdHandle
HeapFree
HeapAlloc
GetProcessHeap
LocalAlloc
lstrlenA
CreateEventA
SetEvent
GetFileAttributesA
DeleteFileA
GetCurrentDirectoryA
GetVersion
GetLogicalDrives
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
lstrcpynA
lstrcmpA
TlsAlloc
GlobalUnlock
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetCurrentThreadId
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
lstrcatA
GetProcessVersion
GlobalFlags
GetCPInfo
GetOEMCP
FlushFileBuffers
SetEndOfFile
RtlUnwind
HeapReAlloc
GetCommandLineA
ExitProcess
GetTimeZoneInformation
GetACP
RaiseException
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocalTime
WinExec
GetVersionExA
CopyFileA
MultiByteToWideChar
CreateIoCompletionPort
CreateThread
WaitForMultipleObjects
CreateProcessA
GetQueuedCompletionStatus
EnterCriticalSection
CreateMutexA
WaitForSingleObject
ReleaseMutex
LeaveCriticalSection
QueryDosDeviceA
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
Sleep
GetShortPathNameA
CreateFileMappingA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
IsBadReadPtr
SetFilePointer
GetLastError
Process32First
Process32Next
TerminateProcess
OpenThread
CreateToolhelp32Snapshot
OpenProcess
Thread32First
TerminateThread
SuspendThread
Thread32Next
GetModuleHandleA
GetCurrentProcess
SetLastError
GetWindowsDirectoryA
GetSystemDirectoryA
GetPrivateProfileStringA
CreateDirectoryA
CreateFileA
GetFileSize
CloseHandle
ReadFile
GetModuleFileNameA
GetProcAddress
LoadLibraryA
FreeLibrary
GlobalFree

user32

GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
DispatchMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
MessageBoxA
EnableWindow
UnhookWindowsHookEx
LoadStringA
wsprintfA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID

gdi32

RectVisible
Escape
PtVisible
ExtTextOutA
TextOutA
GetClipBox
SetTextColor
SetBkColor
GetObjectA
GetDeviceCaps
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateBitmap

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

shell32

SHGetSpecialFolderPathA

comctl32

ord17

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01d799e4dafc9157059b39538a147928

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

11:21:67:1b:9c:9c:88:b9:69:99:d2:12:24:77:66:a5:d4:04Certificate

Extended Key Usages

Key Usages

66:0a:a4:71:40:ea:45:c8:a7:2d:64:36:14:9f:92:79:b5:9a:05:82Signer

Headers

File Characteristics

Imports

shlwapi

version

psapi

advapi32

kernel32

user32

gdi32

winspool.drv

shell32

comctl32

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 300KB

.rsrc Size: 4KB - Virtual size: 1KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

11:21:67:1b:9c:9c:88:b9:69:99:d2:12:24:77:66:a5:d4:04
Certificate

66:0a:a4:71:40:ea:45:c8:a7:2d:64:36:14:9f:92:79:b5:9a:05:82
Signer

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 300KB

.rsrc
Size: 4KB - Virtual size: 1KB