2abaa8fe4333f13c7aaa4645882087fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2abaa8fe4333f13c7aaa4645882087fe_JaffaCakes118
Size

119KB
MD5

2abaa8fe4333f13c7aaa4645882087fe
SHA1

f7e74d0b60467df106f4420750b06fc0f9a8cfb3
SHA256

22770388a23f9e50aba325a40c2a2add80ded1ab5e42648b4656cf0f49f0238f
SHA512

0cc0bcf234f44274ce3ec83d46ef9e71e383117e1c4afe9c0ef4808ebf4f4bd0fb2b822ad6793c9704cb098dc5e87f087b96de66b485589ecf5eccec03e2e1b7
SSDEEP

1536:3lwU4SN5/NGqmVPNC8v6O0kqkXPXV+lYcBw0sWjcdVswrS8XIjLH5kXaU:3mU/l2NC89XPF+2Vsw28YjLH5kX

Score

1^/10

Malware Config

Signatures

Files

2abaa8fe4333f13c7aaa4645882087fe_JaffaCakes118
.dll windows:5 windows x86 arch:x86

58f88a5ea2865092286dea8f881911e1

Code Sign

b0:56:1f:cc:fc:f4:b0:ef:e3:59:35:95:7a:c7:6e:9b
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/08/2014, 00:00

Not After

19/08/2015, 23:59

Subject

CN=Derzany Network,O=Derzany Network,POSTALCODE=2025,STREET=Dasoupoli Strovolos+STREET=Athinodorou 3,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:70:6d:c7:8f:84:55:01:6b:dd:d7:c6:6d:a4:81:fb:10:9a:70:1f
Signer

Actual PE Digest

8a:70:6d:c7:8f:84:55:01:6b:dd:d7:c6:6d:a4:81:fb:10:9a:70:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
Sleep
LeaveCriticalSection
CreateFileW
ReleaseSemaphore
GetLastError
SetLastError
EnterCriticalSection
GetTickCount
GetFileType
GetModuleFileNameA
CreateMutexA
VirtualProtect
CloseHandle
CreateThread
GetModuleHandleW
InterlockedCompareExchange
OpenThread
PeekNamedPipe
EncodePointer
DecodePointer
HeapFree
HeapAlloc
HeapSize
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
OutputDebugStringW
LoadLibraryW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58f88a5ea2865092286dea8f881911e1

Code Sign

b0:56:1f:cc:fc:f4:b0:ef:e3:59:35:95:7a:c7:6e:9bCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

8a:70:6d:c7:8f:84:55:01:6b:dd:d7:c6:6d:a4:81:fb:10:9a:70:1fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 16KB - Virtual size: 16KB

b0:56:1f:cc:fc:f4:b0:ef:e3:59:35:95:7a:c7:6e:9b
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

8a:70:6d:c7:8f:84:55:01:6b:dd:d7:c6:6d:a4:81:fb:10:9a:70:1f
Signer

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 16KB - Virtual size: 16KB