21082afa0fb79f2319084763e39cd903_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21082afa0fb79f2319084763e39cd903_JaffaCakes118
Size

375KB
MD5

21082afa0fb79f2319084763e39cd903
SHA1

8a7a4c414c50cea26f0286f5858d8e51b1022491
SHA256

ea3b4e16e4b5bee038aeea654ac8868a2d0914b539891b2a0d1d3bcc4071b3a1
SHA512

89b4cf74f43dbfe8ebac39c71944f83a6c763467d99422051be1f1b4472370fa4314ee6bd88c4b1071de381fd607f4443b884c4bc2ab129ba7f9c1cdacb89b10
SSDEEP

6144:qv9TNaJti6ceY5EOXqtuwJLbelEugK1hBKSWJ4VCtb4twv//nWnd70WN:qv9TNaziWOatjuOu9BKSyZvHWndw8

Score

1^/10

Malware Config

Signatures

Files

21082afa0fb79f2319084763e39cd903_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ccca1c821d5d7a26158a54ee7251b4ba

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

c2:d0:60:08:f8:20:40:a9:be:d3:58:d6:ce:b5:54:2d
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/07/2014, 00:00

Not After

18/07/2015, 23:59

Subject

CN=Synteris OOO,O=Synteris OOO,POSTALCODE=121596,STREET=12 A ul.Gorbunova,L=Moscow,ST=Moscow province,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a9:49:cb:77:09:7c:2b:56:30:bc:d5:af:04:b3:eb:00:33:3d:73:5c
Signer

Actual PE Digest

a9:49:cb:77:09:7c:2b:56:30:bc:d5:af:04:b3:eb:00:33:3d:73:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
InterlockedDecrement
TlsFree
GetModuleFileNameA
ReadFile
EnterCriticalSection
QueryPerformanceCounter
UnmapViewOfFile
InterlockedExchange
TerminateProcess
GetCurrentThreadId
ResetEvent
ReleaseMutex
LCMapStringW
CompareStringW
GetACP
GetStartupInfoA
GetLastError
CreateFileA
LCMapStringA
CloseHandle
LoadResource
GlobalAlloc
SetUnhandledExceptionFilter
HeapSize
SetCurrentDirectoryA
CreateNamedPipeW
GetStdHandle
InterlockedCompareExchange
GetCurrentProcess
RtlUnwind
DeleteCriticalSection
GetVersionExA
DeleteFileW
IsValidLocale
HeapFree
ExitProcess
lstrcmpiW
Sleep

user32

MessageBoxW
GetClientRect
CheckDlgButton
SubtractRect
FindWindowExA
IsWindowVisible
InvalidateRect
MsgWaitForMultipleObjects
EqualRect
GetWindowLongA
ShowWindow
CheckMenuItem
PostQuitMessage
DialogBoxParamW
GetForegroundWindow
MapWindowPoints

advapi32

SetServiceStatus
RegDeleteKeyW
RegEnumValueA
RegEnumKeyExW
ImpersonateLoggedOnUser
CryptEncrypt
RegCreateKeyExW
RegisterEventSourceW

ole32

CLSIDFromString
CoFreeUnusedLibraries
ReleaseStgMedium
CoReleaseMarshalData
DoDragDrop
CoImpersonateClient
CoCreateGuid
WriteClassStg

rpcrt4

RpcBindingFree
NdrOleFree
RpcStringBindingComposeW
UuidToStringW
RpcServerUnregisterIf
CStdStubBuffer_QueryInterface
RpcRevertToSelf
CStdStubBuffer_Disconnect
NdrClientCall2
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release

Sections

.text
Size: 327KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccca1c821d5d7a26158a54ee7251b4ba

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

c2:d0:60:08:f8:20:40:a9:be:d3:58:d6:ce:b5:54:2dCertificate

Extended Key Usages

Key Usages

a9:49:cb:77:09:7c:2b:56:30:bc:d5:af:04:b3:eb:00:33:3d:73:5cSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

Sections

.text Size: 327KB - Virtual size: 351KB

.rdata Size: 13KB - Virtual size: 12KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 15KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

c2:d0:60:08:f8:20:40:a9:be:d3:58:d6:ce:b5:54:2d
Certificate

a9:49:cb:77:09:7c:2b:56:30:bc:d5:af:04:b3:eb:00:33:3d:73:5c
Signer

.text
Size: 327KB - Virtual size: 351KB

.rdata
Size: 13KB - Virtual size: 12KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB