2b85d1db4b0e7934e98a7c24e2725115_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b85d1db4b0e7934e98a7c24e2725115_JaffaCakes118
Size

824KB
MD5

2b85d1db4b0e7934e98a7c24e2725115
SHA1

adb17e3003296e3b12a40f5ecd30477e766aa3e3
SHA256

748e4be93f057559be9b452d8b5b3edf6eb9cba76c92d208d63cb16b26128165
SHA512

b5b15910b10afe282c5484cf4e8a74dd7806acc658d606acdad2372c0cdfacbd631de89aaf812fff9c597a53c42915f94ab32c80a2ef8118f351e8bf2117ef37
SSDEEP

12288:sqOFXJTo6yx3F4Fvw9DVtcT5Rx6Z5moD6Q47d07Qjrr:POZan3UGDwT5Rw7moWQ5Srr

Score

1^/10

Malware Config

Signatures

Files

2b85d1db4b0e7934e98a7c24e2725115_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a44bdcb360d4ce55950db7ed5eb7106f

Code Sign

70:42:72:8f:b1:44:cd:df:5d:11:85:ca:79:0b:88:dd
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14/12/2016, 00:00

Not After

11/07/2017, 23:59

Subject

CN=Dragon Service,O=Dragon Service,POSTALCODE=125475,STREET=street of Zelenograd\, 39,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:a0:07:a4:63:98:79:b4:fb:3c:18:d2:c3:61:18:b4:39:93:b9:39:99:d4:86:14:95:16:81:25:11:17:36:4b
Signer

Actual PE Digest

45:a0:07:a4:63:98:79:b4:fb:3c:18:d2:c3:61:18:b4:39:93:b9:39:99:d4:86:14:95:16:81:25:11:17:36:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
VirtualAlloc
Sleep
FindClose
SuspendThread
LoadLibraryA
DeleteFileA
InterlockedExchange
SetFileAttributesW
GetLongPathNameW
OpenEventA
GetWindowsDirectoryW
InterlockedIncrement
GetThreadPriority
SetThreadPriority
RemoveDirectoryW
SetThreadPriorityBoost
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetProcessHeap
OpenEventW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapReAlloc
HeapAlloc
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
GetStringTypeW

user32

ReleaseDC
ShowWindow
SwitchDesktop

gdi32

SelectObject

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 792KB - Virtual size: 791KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a44bdcb360d4ce55950db7ed5eb7106f

Code Sign

70:42:72:8f:b1:44:cd:df:5d:11:85:ca:79:0b:88:ddCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

45:a0:07:a4:63:98:79:b4:fb:3c:18:d2:c3:61:18:b4:39:93:b9:39:99:d4:86:14:95:16:81:25:11:17:36:4bSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 792KB - Virtual size: 791KB

.rsrc Size: 4KB - Virtual size: 1KB

70:42:72:8f:b1:44:cd:df:5d:11:85:ca:79:0b:88:dd
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

45:a0:07:a4:63:98:79:b4:fb:3c:18:d2:c3:61:18:b4:39:93:b9:39:99:d4:86:14:95:16:81:25:11:17:36:4b
Signer

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 792KB - Virtual size: 791KB

.rsrc
Size: 4KB - Virtual size: 1KB