28c3122c76eced80af6c8b1a55bea57c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28c3122c76eced80af6c8b1a55bea57c_JaffaCakes118
Size

642KB
MD5

28c3122c76eced80af6c8b1a55bea57c
SHA1

515e17f0ed40a49b3031665d1316ca94593a4932
SHA256

235529a0cf57271b3727e5811306c9afb3974bc1fb043b8965f0017ff51a41ae
SHA512

99c14b478ef749c110889acd53b911a28dd92cbb4bf8b9bb56c9c0d9e49fab1014d5d69729c0c532a94ce818f972e88a5aac91f83c337034c03693cae9e63b0e
SSDEEP

12288:kLrHXDWTMcBcNAitRGXgRqJJBMazt5qkyHX7kvYtFgF:kr3DzGQ5t0Y8qptSF

Score

1^/10

Malware Config

Signatures

Files

28c3122c76eced80af6c8b1a55bea57c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3bb3af4f80dab8a6ec6cb74f6f84eabc

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:b9:12:c7:b2:e2:52:f9:f5:7d:ec:fa:ae:e1:52:c5
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/06/2015, 00:00

Not After

04/06/2016, 23:59

Subject

CN=PROSTOR,O=PROSTOR,POSTALCODE=614000,STREET=ul. Ekaterininskaya 96,L=Perm,ST=Perm region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:4d:a9:fb:7d:fc:d6:64:b5:3d:20:e1:5e:f9:ba:2b:50:fd:2c:f1
Signer

Actual PE Digest

92:4d:a9:fb:7d:fc:d6:64:b5:3d:20:e1:5e:f9:ba:2b:50:fd:2c:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

ClipCursor
GetClassNameW
SetWindowRgn
OemToCharBuffA
MessageBoxIndirectA
CloseWindowStation
RegisterClipboardFormatW
TileWindows
SetProcessWindowStation
ModifyMenuA
GetMonitorInfoW
GetWindowTextLengthW
GetMenuContextHelpId
MessageBoxExA
GetCursorInfo
GetLastActivePopup
ExitWindowsEx
GetClassInfoExA
CreateDialogIndirectParamW
AdjustWindowRectEx
DestroyWindow
GetMenuInfo
PostThreadMessageA
EnumClipboardFormats
LoadIconA
SetActiveWindow
GetDialogBaseUnits
OemToCharBuffA
GetWindowTextLengthA
SetKeyboardState
CharNextA
GetAncestor
LoadKeyboardLayoutEx
ChangeDisplaySettingsW
LoadCursorFromFileA
CreateDialogParamW
TrackPopupMenu
SetWindowTextW
GetKeyboardState
CreateAcceleratorTableA
SetForegroundWindow
IsWindowVisible
IsCharAlphaA
GetMenuStringW
GetMenuStringA
DestroyAcceleratorTable
TranslateAcceleratorW
GetSystemMetrics
GetClassNameW
CharUpperBuffA
wvsprintfW
IsMenu
LoadImageA
IsDlgButtonChecked
UnionRect
CharUpperW
ModifyMenuW
DrawTextW
GetShellWindow
EnumPropsExA
ShowCaret
InvalidateRect
CloseWindow
GetDesktopWindow
TabbedTextOutA
DefWindowProcW
UnhookWindowsHook
DrawFrame
GetDlgItemTextA
UnregisterDeviceNotification
GetUserObjectInformationW
GetSubMenu
DispatchMessageW
CharUpperA
SendMessageA
ShowWindow
AppendMenuW
CreateMDIWindowW
BroadcastSystemMessageExW
GetWindowRect
FlashWindowEx
OemToCharW
PaintDesktop
GetKeyNameTextW
PrivateExtractIconsW
DefWindowProcA
CascadeChildWindows
SetScrollRange
LoadCursorFromFileW
GetCapture
SetWindowsHookW
ToUnicode
GetForegroundWindow
GetWindowTextW
GetTabbedTextExtentA
MessageBoxTimeoutA
GetWindowLongW
SetMenuItemInfoW
SendDlgItemMessageW
SetWindowsHookExA
CreateMDIWindowA
GetKeyboardLayoutNameW
SetClipboardViewer
GetTopWindow
DrawCaptionTempW
ReleaseCapture
AdjustWindowRect
SystemParametersInfoW
GetInternalWindowPos
SetMenuItemInfoA
FindWindowExA
SetRectEmpty
SendMessageTimeoutA
FrameRect
LockWindowUpdate
DrawMenuBar
RegisterClassA
DrawIcon
GetWindowThreadProcessId
CopyIcon
PeekMessageW
BringWindowToTop
DlgDirSelectExA
BroadcastSystemMessageExA
wvsprintfA
wsprintfW
SetScrollPos
GetMenuDefaultItem
SetMenuInfo
CloseWindowStation
GetDlgItemInt
GetClipCursor
SetSysColors
CheckMenuRadioItem
SetMenuContextHelpId
GetAsyncKeyState
LoadStringW
EnumThreadWindows
GetKeyboardType
UnregisterClassW
SetPropW
MessageBoxTimeoutW
GetMenuItemRect
GetUserObjectInformationA
SetMenuItemBitmaps
EndMenu
GetWindowTextA
RealGetWindowClassW
InflateRect
SendNotifyMessageW
GetMonitorInfoW
OpenWindowStationW
DialogBoxIndirectParamW
OpenInputDesktop
CreatePopupMenu
GetSystemMenu
CreateIconFromResource
RegisterHotKey
TranslateAcceleratorA
IsChild
FindWindowA
TileChildWindows
GetPropA
SetDebugErrorLevel
GetKeyboardLayoutNameA
GetWindowDC
ScrollWindowEx
GetMenuItemCount

kernel32

SizeofResource
GetExpandedNameA
IsBadReadPtr
IsBadWritePtr
LocalFree
ShowConsoleCursor
GetCurrentThread
FindFirstFileExW
PeekConsoleInputA
GetNumberOfConsoleInputEvents
SetCalendarInfoW
GetCompressedFileSizeA
GetDiskFreeSpaceExW
ShowConsoleCursor
FindFirstVolumeW
GetUserDefaultLangID
WaitNamedPipeA
SetFileApisToANSI
ActivateActCtx
CopyFileExA
GetNumberOfConsoleMouseButtons
InitializeCriticalSection
CreateProcessInternalA
GetPrivateProfileSectionW
GetNativeSystemInfo
lstrcmpA
InterlockedExchangeAdd
GetLocaleInfoW
ReadConsoleOutputA
CreateMailslotW
EnumDateFormatsA
Heap32ListNext
GetCommProperties
BackupRead
ReadConsoleW
GlobalReAlloc
WaitForMultipleObjectsEx
SignalObjectAndWait
HeapDestroy
FindAtomA
SetFileValidData
CreateDirectoryExA
FreeEnvironmentStringsW
FormatMessageA
GetHandleInformation
lstrlen
SetNamedPipeHandleState
SetStdHandle
Beep
SetInformationJobObject
GetConsoleAliasesA
SetThreadPriority
GetLongPathNameA
DeleteFileW
EnumSystemLanguageGroupsA
EnumDateFormatsExA
GetBinaryTypeA
GetTapeStatus
EnumSystemLocalesW
LZOpenFileA
FileTimeToDosDateTime
FindFirstFileExA
FoldStringA
GetSystemDefaultLCID
GetDiskFreeSpaceA
IsDBCSLeadByte
MoveFileW
SetTapeParameters
HeapAlloc
CopyLZFile
CancelDeviceWakeupRequest
GetCurrentThread
UnlockFileEx
VirtualQueryEx
OpenMutexW
CompareStringW
LoadModule
DefineDosDeviceA
LCMapStringW
GetConsoleTitleW
GetVersion
GetConsoleCP
LoadLibraryExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

SNB_UserMarshal
CoGetMarshalSizeMax
PropSysAllocString
OleMetafilePictFromIconAndLabel
CoPushServiceDomain
CoRetireServer
CoSwitchCallContext
CoGetTreatAsClass
CreatePointerMoniker
CoGetDefaultContext
CoDisableCallCancellation
HBRUSH_UserUnmarshal
OleRun
CoWaitForMultipleHandles
CoCopyProxy
OleCreateMenuDescriptor
OleConvertOLESTREAMToIStorageEx
StgIsStorageFile
CoGetCallerTID
HBRUSH_UserSize

comdlg32

ChooseFontW
PageSetupDlgA
GetSaveFileNameW
FindTextW
PrintDlgW
PrintDlgExA
GetOpenFileNameA
ChooseFontA
GetSaveFileNameA
ReplaceTextW
ChooseColorW
PageSetupDlgW
dwOKSubclass

oleaut32

VarDecFromUI8
BstrFromVector
SafeArrayUnaccessData
SysReAllocString
VarUI4FromStr
VarCyMul
VarBoolFromR8
VarUI4FromI8
VarDecSub

advapi32

RegisterServiceCtrlHandlerA
WmiNotificationRegistrationA
ReportEventW
EncryptedFileKeyInfo

comctl32

ImageList_Draw
CreatePropertySheetPage
ImageList_LoadImageA
FlatSB_SetScrollInfo
ImageList_DragShowNolock
ImageList_AddIcon
ImageList_GetFlags
ImageList_GetBkColor
FlatSB_GetScrollPos
ImageList_SetOverlayImage
CreateMappedBitmap
ImageList_Create
ImageList_Destroy

Sections

CODE
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bb3af4f80dab8a6ec6cb74f6f84eabc

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

81:b9:12:c7:b2:e2:52:f9:f5:7d:ec:fa:ae:e1:52:c5Certificate

Extended Key Usages

Key Usages

92:4d:a9:fb:7d:fc:d6:64:b5:3d:20:e1:5e:f9:ba:2b:50:fd:2c:f1Signer

Headers

File Characteristics

Imports

user32

kernel32

ole32

comdlg32

oleaut32

advapi32

comctl32

Sections

CODE Size: 440KB - Virtual size: 440KB

DATA Size: 26KB - Virtual size: 25KB

BSS Size: - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 7KB

.text0 Size: 17KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 73KB - Virtual size: 73KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 64KB - Virtual size: 64KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

81:b9:12:c7:b2:e2:52:f9:f5:7d:ec:fa:ae:e1:52:c5
Certificate

92:4d:a9:fb:7d:fc:d6:64:b5:3d:20:e1:5e:f9:ba:2b:50:fd:2c:f1
Signer

CODE
Size: 440KB - Virtual size: 440KB

DATA
Size: 26KB - Virtual size: 25KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 7KB

.text0
Size: 17KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 73KB - Virtual size: 73KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 64KB - Virtual size: 64KB