281121def24b74d05163c8dbe856ea81_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

281121def24b74d05163c8dbe856ea81_JaffaCakes118
Size

615KB
MD5

281121def24b74d05163c8dbe856ea81
SHA1

fd898cc9900fa13477c5af1a862ba4a25f97075b
SHA256

22ef5ba8f175935fe47f3c56fcb978e2294447aca632bef21b5a6eeb473494e4
SHA512

84a5c8bc0bb4bd2d47a81dbd788f14314996191b060c65c86ff5d85292fd031085b8d8f37300170aa6cc597f81eefd7c9eee77e45fde738c073b6bb35aa23622
SSDEEP

12288:X90RlszFRkBWmvgtL3cRKaQfSIC9wf+laHH6dNTBMo:X93CotLSKaQ6L9wNHad

Score

1^/10

Malware Config

Signatures

Files

281121def24b74d05163c8dbe856ea81_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c8a903397a1f1743b1f21f7e0f4afada

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24-04-2015 00:00

Not After

23-04-2016 23:59

Subject

CN=IMTER,O=IMTER,POSTALCODE=390000,STREET=d.27 ul.Lenina,L=Ryazan,ST=Ryazan region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

82:fd:62:cd:9c:df:da:73:23:a1:e8:45:32:83:aa:05:6a:b8:69:71
Signer

Actual PE Digest

82:fd:62:cd:9c:df:da:73:23:a1:e8:45:32:83:aa:05:6a:b8:69:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

SetMenuContextHelpId
GetTabbedTextExtentW
SetWindowTextA
SetSystemMenu
GetIconInfo
GetListBoxInfo
ExitWindowsEx
RealGetWindowClassA
SetDeskWallpaper
CopyIcon
WindowFromDC
ToAscii
GetRawInputDeviceInfoA
GetClipboardViewer
GetCaretBlinkTime
CreateDialogParamW
SetPropA
GetWindowRgn
CreateMenu
SetInternalWindowPos
MapVirtualKeyW
UnregisterClassW
InflateRect
GetDlgItemTextA
GetWindowContextHelpId
GetUserObjectInformationW
DrawTextW
FrameRect
SetClipboardViewer
SetDlgItemTextW
SetFocus
CallMsgFilterW
FindWindowA
RegisterClassExA
SetClipboardData
UpdateLayeredWindow
GetKeyNameTextA
DrawFrame
GetKeyboardType
DefDlgProcW
LoadCursorFromFileW
ChangeDisplaySettingsA
CharPrevA
GetClassLongW
TranslateMessageEx
GetWindowThreadProcessId
IsWindowUnicode
DestroyAcceleratorTable
TranslateAcceleratorA
RegisterClipboardFormatW
GetUpdateRect
GetMenu
DrawCaptionTempW
TabbedTextOutA
MenuWindowProcA
CopyAcceleratorTableW
SetWindowsHookW
GetGuiResources
SetRectEmpty
SetScrollInfo
GetWindowInfo
DefDlgProcA
CharLowerW
SetCaretPos
GetWindowTextW
SetWindowWord
IsCharAlphaNumericW
GetCursorPos
DrawFrame
IsDialogMessageA
IsCharAlphaNumericA

kernel32

ReplaceFileA
SetFileAttributesW
GlobalGetAtomNameA
SetInformationJobObject
GetNumberOfConsoleMouseButtons
WritePrivateProfileStringA
OpenFileMappingW
GetVersionExW
PrivMoveFileIdentityW
Heap32First
OutputDebugStringW
CancelTimerQueueTimer
RemoveDirectoryW
SetComputerNameA
GetModuleFileNameW
WritePrivateProfileStructA
SetCommBreak
ScrollConsoleScreenBufferW
lstrcat
GetEnvironmentVariableW
GetVolumePathNameW
SetThreadPriorityBoost
MapUserPhysicalPages
GlobalUnWire
GlobalFindAtomA
GetTimeZoneInformation
WriteConsoleOutputCharacterA
GlobalMemoryStatusEx
GetPrivateProfileIntW
RtlMoveMemory
IsProcessInJob
MapViewOfFile
WritePrivateProfileSectionW
LZCopy
GetConsoleAliasesW
SetFileApisToOEM
EraseTape
CreateTimerQueue
RaiseException
GetProfileIntA
InterlockedCompareExchange
lstrlen
HeapCompact
WriteConsoleOutputCharacterW
CommConfigDialogW
OpenFile
GetDateFormatA
CreateProcessA
FlushInstructionCache
EnumCalendarInfoW
EnumSystemCodePagesA
TlsGetValue
GetConsoleInputExeNameA
RegisterWowExec
GlobalUnfix
SearchPathW
RequestDeviceWakeup
LZCloseFile
GetProfileIntW
GetConsoleOutputCP
HeapAlloc
WaitNamedPipeW
VerifyVersionInfoA
GetConsoleProcessList
GetConsoleMode
FindNextChangeNotification
MultiByteToWideChar
UnhandledExceptionFilter
GetProcessWorkingSetSize
UnlockFile
ShowConsoleCursor
ConvertDefaultLocale
GetLastError
GetProcessHeap
VirtualQuery
LoadLibraryA
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

PageSetupDlgW
FindTextW
ChooseFontA

oleaut32

VarI1FromUI1

gdi32

GetWorldTransform
SelectFontLocal

version

VerFindFileA
VerQueryValueW
GetFileVersionInfoW
VerInstallFileA

comctl32

CreatePropertySheetPageA
MenuHelp

Exports

Exports

;�%�Oy=>�!�`��ytS��FT��:G"U��6�W�!�F��i��X=��Sgߪ�D�H��Ǜ��f�j��T؈�3��1z"Ϡ��w~��y�\~�Zv ��J�U�O�;:��T�6jf�\.bBCe��-#q��&H��/g)i��%��S�[�St��,��p^�wh��3�P��bUf��G�醋��>s_��O�p�p�mW��P/�r��z�zp��֝#��AY��4��䦵�4Ƚ�9��M�+j�9w��IZ��t�� G5��[�I5�J:��u�U��i�҈�~�&0d��E܊�3h��E+ ��4 �'�D�-@�| 1�jc��5F��hQVF�M��{v��j,�3�c/Ν��E��&K��S?��GP�n��]<�/��if�>zE0A�}�0K��L+M�VUð$��y��ə��blY��4`��+ਖ��\�= 8Z*D6W6��e�e�H7��=�䭫��l�3�S~g��_�8b�ʠ�YK06:t<⠹T�L��z�^R�Z�8��E�h�v��4�Z��5��ZVD�J�1�_i.LJ��(ќ��|i��f�ܟ&��a�ܒOig�ִgjLs��L��Zç}�q0&�e�Z��ܙXJ7��V��;�{��/t��}�p��j@��\i�ge#I�@~�Y�B��/��`�x�g�:>��;˓��T~��Hur�w��`�á� �sF��yW|��3��h�ow�ǵ��,Y]Ln�)��~1��b��v�'�S }��[��0fpM=w��]�Gk��'.�I��*��L��BT��J��r�mLW�<=��ث��!tо&jkHvW��[Y��о�E�1�2��'{�B70�� m��%�k��9��g�(<ۘ8޶*��BH3��u,R��Rh� �M�)�-!��bOsA�VI9k�ec�D;s�P�!�){�� `9e3�I�3��o��ā��B��c�M�-I9��(�� ]3]�t��g��;p?�&��Sk��f:ٖ��w,��B'��vq'�\��3;��տLR �캗F�"�a��ˁBR�ߝ�vf�o��-�ϵO��$u��;}�s��2�Ą��c3zS��快�f�1�>N�=�_��=��|��1�Vy��Sd�-��˯j�{��H�o}��B4�6[��?P��G��B��T؜=}�v��]��Bt7Vz?T�h��[F�,?a�T��KXS>�U�*�^��ocp�@�1�N�f��ػ�f�Vs��8��anǗ�̳g4��m:��q�.&�A}� ��w�c��e�F��r6� ��4F��b��Y �3��OS��q r �Z�G��gF�C��a�ACBܤYV}|Rd�K��܏�-��@�?�\�� s͵��K��-5^��oj�,�u��(��R��!+��3;�G`��]*؇�;Fw��o�E�b�G'�b��CԷM�*��3��M�':��x��:D?�̨��I�� 1d�@f5��,|7�X��(��9t&��<y"��> � �)��\��Io�-�]/e��t��<��W��>+M;R'�q�^�T<��$��ֵL�~�j�$��'�Y�>��`�r��x�1c�� av��Z��H�s_5��{ �k;��d�k[�M2��D`ήqM��MX�k� 8o$��G e<q��"w�"��E�`�1,Јl�-8� �v�c��(��p)�O��0��o��m�:�IL:qܚM�X�/��K�(��I8y��,^S9�q��R�b�9��8꛱u�[��#e�<��=%'څd٧��C&ffuā�Tg�C�0��=-��S��8bJ��l*�ÉQ�{��V�5�)D0�9Zt+��/v y�{��Ǐ��R�e�h.��#��d�,�\��/�x2h�ӫ�tE��1U�/��?�q��W,,�m��Te;�"j ��+70�I�iF�nLF�}:�I��p�d>o(��)��׳T��!��Uu��?��QFm�L.�{��cP��Y�Hk��2 ��?�..Y}��~��P�0P'}<��I�hxH��AЎW�jb2�A��{N%�vw|� ;�i�Y.��J�Yl��;-��Z�_}S��$��*c�yTtuO7��-�܋E k1>ܐ�uE��A�v��P{h��2��ي�+P�7$��?��E=c�=�8��7�gz'�s�F� ��y��k9j(�0<PB#�{1� ��vCS�Ջ�;xmG�&_�qO�"��k�y0E�7�<�*4Fq��r{�V�6�t��`v��p�h;ũ�>��,��m�V��M$��Ш:L�H�9i��x��[��j_4��IЖ��1U��W��۫Bf�3��-9�� @t�Ⳁ�Q��/�kD��76*,C�[0Z��,�\�PEKrG��Bo��ST��i��`�"iĬ�bt��QT$��M�6"0�43|��# 9ŗ��A��hG� @�Xv��l�~��,bIu��Eߺ9{wῴ�5�s�w��y�)f#��9vT`��1��v� ��C��Q��iz�t�r7�@�w�4Ce�dB��3�׮�r[��q��l,�"��B;$c� ��=�hى��[|��;��-Rd#��tF �_ň=�y)Ij��L�y��D1��h��nV,�ye,Hk_w�Z��w��?<=�D�MC��P껂��Ç�:�12�>�v��7��w�H�g;ˠ�C�s�w�JU��l��<>�ņ;9{�L�v/��y13'�pB��+]2Ait ��L_��#�[Y ��$^�z�*�r$�R��

Sections

CODE
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext0
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext1
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8a903397a1f1743b1f21f7e0f4afada

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62Certificate

Extended Key Usages

Key Usages

82:fd:62:cd:9c:df:da:73:23:a1:e8:45:32:83:aa:05:6a:b8:69:71Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

gdi32

version

comctl32

Exports

Exports

Sections

CODE Size: 439KB - Virtual size: 438KB

DATA Size: 22KB - Virtual size: 22KB

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.itext0 Size: 17KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 24B

.itext1 Size: 66KB - Virtual size: 66KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62
Certificate

82:fd:62:cd:9c:df:da:73:23:a1:e8:45:32:83:aa:05:6a:b8:69:71
Signer

CODE
Size: 439KB - Virtual size: 438KB

DATA
Size: 22KB - Virtual size: 22KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.itext0
Size: 17KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 24B

.itext1
Size: 66KB - Virtual size: 66KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 53KB - Virtual size: 53KB