28f68da6cedad495cddedc60ea06ea09_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28f68da6cedad495cddedc60ea06ea09_JaffaCakes118
Size

709KB
MD5

28f68da6cedad495cddedc60ea06ea09
SHA1

dc351538f260c9be4d108401334057f4b74eac16
SHA256

cb1cf26685e6089f47140e450c9b2bd944bb13cdb885d4f3553fccee41eb4ebe
SHA512

f53dd6853fbb5aa49976f267cef1872710bc554c90f2bed505b886f326c690c6a07db2f43d36dda21093b0b7ef16beb50cca8fc3eea12a5af0fdac103ba6fc9d
SSDEEP

12288:hAS4gMJCqjPoXLAmAzeu1pEilgRAxZwNLmrL7whv2Ww31OE4XEFqRQVCk:hvtMJqkKimNLOwFxw3IE4QKk

Score

1^/10

Malware Config

Signatures

Files

28f68da6cedad495cddedc60ea06ea09_JaffaCakes118
.exe windows:5 windows x86 arch:x86

04b3ecf153e73239c5e59b08ac005a2a

Code Sign

3f:42:15:1c:ca:d6:e8:c6:10:94:6e:e4:40:21:da:f5
Certificate

Issuer

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

24/06/2014, 09:42

Not After

24/06/2015, 09:42

Subject

CN=Oleh Aleksyuk,O=Oleh Aleksyuk,C=RU,1.2.840.113549.1.9.1=#0c196f6c65682e616c656b7379756b40686f746d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

20/09/2011, 11:04

Not After

20/09/2026, 23:59

Subject

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:42:4b:8e:c6:6a:15:b4:1b:65:5b:cc:f2:6a:08:73:68:ac:f4:7f
Signer

Actual PE Digest

8f:42:4b:8e:c6:6a:15:b4:1b:65:5b:cc:f2:6a:08:73:68:ac:f4:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
RemoveDirectoryA
CreateFileA
CloseHandle
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
LoadLibraryA
GetProcAddress
SetCurrentDirectoryA
GetCurrentThreadId
WaitForSingleObject
FreeLibrary
DeleteCriticalSection
GetCommandLineW
GetTickCount
CreateEventA
Sleep
SetEvent
GetCurrentProcessId
GetTempPathA
GetModuleFileNameW
VirtualFree
SizeofResource
LoadResource
GetModuleHandleA
VirtualAlloc
FindResourceW
GetLastError
HeapFree
ReadFile
GetCommandLineA
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
IsDebuggerPresent
IsProcessorFeaturePresent
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
RtlUnwind
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetStdHandle
FlushFileBuffers
GetConsoleCP
CreateFileW
GetFileAttributesExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
OutputDebugStringW
LoadLibraryW
WriteConsoleW
SetEndOfFile
GetStringTypeW
LCMapStringW
HeapSize

advapi32

AddAccessAllowedAceEx
AccessCheckByType
CryptAcquireContextA

comctl32

ImageList_Replace
ImageList_DragEnter
CreatePropertySheetPageW

Sections

.text
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bjbvf
Size: 558KB - Virtual size: 560KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04b3ecf153e73239c5e59b08ac005a2a

Code Sign

3f:42:15:1c:ca:d6:e8:c6:10:94:6e:e4:40:21:da:f5Certificate

Extended Key Usages

Key Usages

04:44:c0Certificate

Key Usages

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5Certificate

Extended Key Usages

Key Usages

8f:42:4b:8e:c6:6a:15:b4:1b:65:5b:cc:f2:6a:08:73:68:ac:f4:7fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

comctl32

Sections

.text Size: 106KB - Virtual size: 108KB

.rdata Size: 19KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 16KB

.rsrc Size: 10KB - Virtual size: 12KB

.reloc Size: 6KB - Virtual size: 8KB

.bjbvf Size: 558KB - Virtual size: 560KB

3f:42:15:1c:ca:d6:e8:c6:10:94:6e:e4:40:21:da:f5
Certificate

04:44:c0
Certificate

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

8f:42:4b:8e:c6:6a:15:b4:1b:65:5b:cc:f2:6a:08:73:68:ac:f4:7f
Signer

.text
Size: 106KB - Virtual size: 108KB

.rdata
Size: 19KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 16KB

.rsrc
Size: 10KB - Virtual size: 12KB

.reloc
Size: 6KB - Virtual size: 8KB

.bjbvf
Size: 558KB - Virtual size: 560KB