290a75dde2fb6f81095146c3d44a4963_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

290a75dde2fb6f81095146c3d44a4963_JaffaCakes118
Size

1.0MB
MD5

290a75dde2fb6f81095146c3d44a4963
SHA1

54656f7aad4d9968877dc7a63e27e048cd9d2ea7
SHA256

111bbb051c5ea65108f57ca439cbab3d9e367e88e28206abdb765a37645125a4
SHA512

179315449c4967d1fc2b2cc6981f24d9b3141efaa957a9aa09a13fb96bbe10cdbf367493a05d586740115414c227158ec38fc2ffe401b8148cde8473a98fb02d
SSDEEP

24576:PFNmF9ULlbuFdxH+Fn1od27fwl5PgU/pSoVTV4:aClqFjWn02pU/pSoVTu

Score

1^/10

Malware Config

Signatures

Files

290a75dde2fb6f81095146c3d44a4963_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4c339000092a2f05db4dcfcf6dbc90f6

Code Sign

d8:15:c7:cd:68:76:94:a6:f4:11:9a:35:35:d3:1d:7a
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/12/2014, 00:00

Not After

16/12/2015, 23:59

Subject

CN=ColoColo Apps (Bright Circle Investments Ltd),O=ColoColo Apps (Bright Circle Investments Ltd),POSTALCODE=2025,STREET=Dasoupoli Strovolos+STREET=Athinodorou 3,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:7a:75:71:f5:e1:36:de:39:ef:fc:05:4a:b0:75:ce:cf:1c:fa:32
Signer

Actual PE Digest

c5:7a:75:71:f5:e1:36:de:39:ef:fc:05:4a:b0:75:ce:cf:1c:fa:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW

wininet

InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle

rpcrt4

UuidCreateSequential

iphlpapi

GetAdaptersInfo

kernel32

MultiByteToWideChar
GetProcAddress
OpenProcess
GetExitCodeProcess
WaitForSingleObject
FindClose
CloseHandle
GetTimeZoneInformation
GetTickCount
GetMailslotInfo
LoadLibraryW
GetModuleHandleW
GetTempPathW
CreateFileW
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetLocaleInfoW
EnumSystemLanguageGroupsW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
InitializeCriticalSection
LoadLibraryA
FreeLibrary
TerminateProcess
Sleep
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
GetModuleHandleA
GetFileSize
GetFileSizeEx
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetSystemTimeAsFileTime
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetFileAttributesW
LocalFree
GetVersion
FindResourceW
OpenMutexW
GlobalHandle
GlobalFree
lstrcmpiW
LoadLibraryExW
GetStdHandle
QueryPerformanceCounter
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
GetDiskFreeSpaceW
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCommandLineW
IsDebuggerPresent
ExitThread
CreateThread
RtlUnwind
GetStringTypeW
EncodePointer
DecodePointer
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
GetModuleFileNameW
lstrcmpW
PeekNamedPipe
MulDiv
GetFileType
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
OpenThread
GetCurrentThreadId
RaiseException
GetCurrentProcess
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
SetStdHandle
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
InterlockedDecrement
InterlockedIncrement
TlsGetValue
FindResourceExW
TlsSetValue
TlsFree
SetFilePointerEx
OutputDebugStringW
WriteConsoleW
SetEnvironmentVariableA
GetStartupInfoW
CreateMutexW

user32

CreateDialogIndirectParamW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
EnumWindows
GetMonitorInfoW
MonitorFromWindow
IsDialogMessageW
MapWindowPoints
GetWindowRect
GetLastInputInfo
PostMessageW
GetKeyboardLayoutList
MapDialogRect
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
GetSysColor
ScreenToClient
GetUserObjectInformationW
GetProcessWindowStation
SetWindowContextHelpId
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
SetTimer
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
SendDlgItemMessageW
GetDlgItem
EndDialog
SetWindowPos
MoveWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
SendMessageW
RegisterWindowMessageW
MessageBoxA
ClientToScreen
UnregisterClassW
FillRect

gdi32

GetObjectW
BitBlt
CreateCompatibleBitmap
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
CreateCompatibleDC
SelectObject

advapi32

LookupAccountSidW
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCreateKeyExW
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteExW

ole32

OleInitialize
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
OleLockRunning
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoTaskMemRealloc
StringFromGUID2

oleaut32

SysStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysFreeString
VarUI4FromStr
SysAllocStringLen
OleCreateFontIndirect
SysAllocString

comctl32

InitCommonControlsEx

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

Sections

.text
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c339000092a2f05db4dcfcf6dbc90f6

Code Sign

d8:15:c7:cd:68:76:94:a6:f4:11:9a:35:35:d3:1d:7aCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

c5:7a:75:71:f5:e1:36:de:39:ef:fc:05:4a:b0:75:ce:cf:1c:fa:32Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

wininet

rpcrt4

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

psapi

Sections

.text Size: 748KB - Virtual size: 748KB

.rdata Size: 265KB - Virtual size: 264KB

.data Size: 25KB - Virtual size: 47KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 2KB

d8:15:c7:cd:68:76:94:a6:f4:11:9a:35:35:d3:1d:7a
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

c5:7a:75:71:f5:e1:36:de:39:ef:fc:05:4a:b0:75:ce:cf:1c:fa:32
Signer

.text
Size: 748KB - Virtual size: 748KB

.rdata
Size: 265KB - Virtual size: 264KB

.data
Size: 25KB - Virtual size: 47KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 2KB