2bc35523db3e74ebba1e8aef1cd25a9d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2bc35523db3e74ebba1e8aef1cd25a9d_JaffaCakes118
Size

603KB
MD5

2bc35523db3e74ebba1e8aef1cd25a9d
SHA1

edc5d49286b486831670d09f4cb518d9cc9a45c6
SHA256

1173d58753c4db7ec18d97876f0b724e2d69e0a4daf8d2b1aa886a5c1b66273f
SHA512

abe62606448fb2fe4066703493ec1ea62b6748b59ac2d991a971ab4bae26148305ae0fedbec2d1201e52c2e78a81c96ddbda19626412499ae480e20b4285e179
SSDEEP

12288:LNpyXxklemUrKVWMi4OwU5gcZ5dtOrfzRZ7WvT5KcMN:LNoBKmeM72Zrfab5Kh

Score

1^/10

Malware Config

Signatures

Files

2bc35523db3e74ebba1e8aef1cd25a9d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fd8220152c5e62d715a4555f899ebc38

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13-04-2015 00:00

Not After

12-04-2016 23:59

Subject

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a1:a7:02:fc:eb:4a:c1:29:96:b9:dc:89:d4:43:44:f2:28:f5:5b:d0
Signer

Actual PE Digest

a1:a7:02:fc:eb:4a:c1:29:96:b9:dc:89:d4:43:44:f2:28:f5:5b:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

MenuWindowProcW
CharLowerA
CreateDialogParamA
MapVirtualKeyA
PtInRect
GetKeyNameTextW
LoadStringW
IsCharLowerW
ScreenToClient
DispatchMessageA
GetGUIThreadInfo
SetWindowWord
SetClassLongW
MapVirtualKeyExA
InvalidateRgn
SetCaretPos
CreateDialogParamW
IsHungAppWindow
UnregisterClassW
GetWindowTextLengthA
SetMenuItemInfoA
LoadAcceleratorsW
GetLastActivePopup
SetClipboardData
GetWindowTextA
DrawMenuBarTemp
LoadMenuA
GetWindowRgn
CharToOemBuffW
SetDebugErrorLevel
wsprintfW
MessageBoxIndirectW
SetFocus
BroadcastSystemMessageW
FrameRect
GetSubMenu
SetPropW
LoadKeyboardLayoutA
GetThreadDesktop
LoadCursorFromFileW
IsDialogMessageA
SetDeskWallpaper
CloseDesktop
SetUserObjectInformationW
DialogBoxIndirectParamA
UnregisterHotKey
GetDC
GetMessageA
GetUpdateRgn
GetInputDesktop
GetMonitorInfoA
CascadeWindows
GetCapture
EnumDisplaySettingsExA
PrivateExtractIconsA
IsWindowVisible
GetFocus
DrawFocusRect
BeginPaint
GetMenuItemRect
FlashWindow
GetWindowDC
CharToOemBuffA
TabbedTextOutA
GetUpdateRect
GetClassLongW
AppendMenuA
ModifyMenuW
SendNotifyMessageW
EnableWindow
ShowWindowAsync
EnumWindowStationsA
EnumDisplayMonitors
GetMenuItemInfoW
RealGetWindowClassW
ToAscii
SendMessageTimeoutA
PrivateExtractIconExW
DefFrameProcW
SetDlgItemTextA
RemoveMenu
EndPaint
GetMenu
DrawIcon
GetClipboardFormatNameA
GetMenuBarInfo
ReleaseCapture
CharNextA
AllowForegroundActivation
ArrangeIconicWindows
IsCharAlphaA
EnableMenuItem
PrintWindow
wvsprintfA
SwitchDesktop
ValidateRgn
GetSystemMetrics
MessageBeep
CharNextW
SetCaretPos
IsHungAppWindow
GetWindowTextA
EnumPropsExA

kernel32

HeapSetInformation
GetSystemInfo
DosPathToSessionPathA
GetLocalTime
UnlockFileEx
FindNextFileW
EnumResourceTypesW
IsProcessInJob
GetStartupInfoA
QueryDosDeviceA
EndUpdateResourceW
GlobalFree
GetConsoleTitleA
EnumCalendarInfoExA
GetTapeParameters
WritePrivateProfileStructA
GetProfileIntA
GetTimeFormatA
DeleteCriticalSection
VirtualQueryEx
SetCalendarInfoW
BuildCommDCBW
ExitProcess
FindFirstVolumeA
WritePrivateProfileStringW
GlobalDeleteAtom
SetFileAttributesA
GlobalLock
CommConfigDialogW
GetPrivateProfileSectionNamesA
SetFileShortNameW
SetThreadLocale
GetModuleFileNameW
QueryPerformanceFrequency
Sleep
AssignProcessToJobObject
SetThreadUILanguage
GetPrivateProfileStructW
SetCommState
DeleteVolumeMountPointA
GetTempPathA
VirtualFreeEx
GetHandleContext
WinExec
CreateDirectoryExA
CreateMailslotW
LocalFileTimeToFileTime
LockFileEx
LZStart
CreateDirectoryA
ResetWriteWatch
GetDiskFreeSpaceA
GetConsoleInputWaitHandle
WaitNamedPipeW
GetStartupInfoW
EnumResourceTypesA
GetProfileSectionW
DeleteFileA
EnumCalendarInfoW
DnsHostnameToComputerNameA
GetLogicalDriveStringsW
RegisterWaitForInputIdle
GetLastError
ClearCommError
TransmitCommChar
GetLogicalDrives
GetAtomNameW
DeleteAtom
CompareStringW
LocalUnlock
GetCurrencyFormatA
InitAtomTable
PeekConsoleInputW
ReadConsoleInputA
GetProcessShutdownParameters
GlobalMemoryStatusEx
EnumResourceLanguagesA
GetProcessHeap
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

UrlCompareA

ole32

StgOpenAsyncDocfileOnIFillLockBytes
HPALETTE_UserMarshal
ReleaseStgMedium
CreateBindCtx

comdlg32

dwOKSubclass
GetOpenFileNameA

oleaut32

VarI2FromUI4
VarUI2FromI1

shell32

StrRChrW

winspool.drv

EnumPrinterKeyW
EnumPrinterDataExA
EnumPrintProcessorsA

advapi32

RegisterServiceCtrlHandlerExA
LsaGetSystemAccessAccount
LsaSetInformationPolicy
RegisterTraceGuidsA

gdi32

GetCharWidthA
GetDCOrgEx
GetDCPenColor
SetMiterLimit

version

VerQueryValueA

wtsapi32

WTSDisconnectSession
WTSSetSessionInformationW

ws2_32

WSASetServiceW
select
WSALookupServiceBeginA

comctl32

CreatePropertySheetPageA
ImageList_Copy
CreateMappedBitmap

Exports

Exports

ډ�-S��J'��s��?3*=6f�ZJz��-Tfx�WC6�3�~�^�ne��#�_�l�Y��C=��Y��Po�,�Td`��2��Xռ��f�렍N�Uc,[8jk}��/x�["��;4x�Sl�9N��r}p%�J��W#j&��1t��,L�� p�=٬�C9��P�'�'��`��h��ag+��\� �l�mZ/��qj�**��UΛ�xQ��2�O�W�<aٲ�MDߟ,'�|�.{�}��t��|��Z��F��S�j��,�Iоz��gt�|��67� p"|��|f�� <G�$]U��a��@.��ؔ�L�CS|>��v�C��Uv[��Y5��3]�o�5��Jc^uq)��v�2��x|�]��ro�[x��t��n�֟�A��C2'_� +$��JIS1��lBi��t��m��sޠ�ʍ�̓Eyv�//��h;��݂/��O�<��X�bjt�fy^�W�Z�=&ӿS��'�!��82��P�j]��F~J *�{�}�vb��y�&��!�V��t%��au��Cd��Q�~|��J<mt�2��>%��l#�?��V�Zj�W��Ov��Y��KBu:�\��͒��4R��rp��N��n�� p�cc�� T��B��X��J�q��if.��ǎ]��B(��Fn��oZ+VH�uL�7��Gv�N��^��N��p�� I��b)? ��C�l�l=�-<;bU�j"3��`��8hu��͹`�/8��vT5oP��7�]�D�J��@�� IHVO�uuKK��q~v�� -R}��i@-��ѡ��Q��"��~Mqdd+��X+|�a;��r��W��dQ��]q��jD<%�V��T ��^�ԌY�!U��Y��'��H[̎�(u�,��u��Lz��mO��~4%ZM�T�H��0��`�6��d��>5��0��3�mF^��[P��C�V��R��`Ȏ� ��I7tmW�\wU<õGq�]�n��W�r_>I�q��kz�t�3��w?�O�/�ƃ�= �sث��"�ͫ��zYL�Y��-M�VE�i�A��M��b��ά�IM��ư�|cs��"[��!��1�'p�J.c��&��8�=�/�l.If5�R��DS��쮵�lK�1Z�i�.U��Y�'��{Ҵ5��I��q��⼉��N|h<��J�#Ɵ��Q(�QD��|Ǘ�o��xń��Zr0V߿pOnD�r�u5FOq��~�-��fЉ ��rj�,��s�o}��{� �i�:v��kN<ݶ�X�I��V�9��u�з�G�̷4��x��AC�VO��J��a�I��\��f�J�jkL�n��\��E2Y�zj�m�ŀK��l�Rύh�<�U�D�`�v�[ύ��@�0�R��_*=MHÈ�߽y��A�2��G�0��S"��9e��-�/3��h9S��A:Z6�&w|�s�vI��l�!\s5+�q\3�+�=�#*p{7{��$v��}�2K@��Ev��`��q^�t{u�|Q��>�➫0��L{=��o�l��Ɇ�$߉��F�v�۴��zF��Bn~��Ŋ̲��ko�ݘZF��L��HGu #G �pA�.F�� J��8huSM��Yv=��rZ=��iaL׍��@E;��IT�<��>�z�=��H�@��V3��"_˲��Y��d�6��Z��4��ck��&��}�%<��=>��P92��$�� @�9�t�N��kJ��(��/��{��Kb/�Շmyע�Tx�┋�Q��a�2g�+:�pq��>��_@,�(�ǣ��x��[��5�D}kp��[��K�@B�4c�v�g�,ȚT#��]W�RcBX��ZYdr��1��b�2]�r�W4.��55 M�]?ΏJ*�*+^��˶c:��~��>i�oMq�P��%/�MaƆY(<nVrτ ~*�8��q�}B��d�fE�?Ot�N*#��Jz��n@<�z�ZȔ��i��9��Q�ģ/֓ t��k�w��eç��ϖ��p��!�8L,do�� }U��D�.��pU��/ ��jO�s��A$M��͙��ڤ�:GY��@�� yx��>�I�\7�q !^��i:��#�/�u�hj{�#F�ϔ��ab��y�� 5הk��kn|�=�5��L��e�/�$Է�MA�e�b��C�$�y�@�!%��g��<��cVԂ�:fMV�]��Kރ��e��=��W)OH�9�2��|3��m@;X��8�\��e֙9�\U��I{ԃ!�m��vyI-��$�6�q��a�^��vz�|��@�<��9��|N$�]�w"�C�}��O��IHP�(�_#N��)X/�3�dU�(�%��b��1�� <q��z)��C�5�OeNGk�$i��d�v<��q�T �<��@��It.Y�!p*��?�E�R[�b2/��04U��!/�X��]��!�:�6EurlI�L�'�� p��.��&�D��Q�˫�v�h>��pSF��k-j}�9��K�[j%��8��D��p��߁Q�B�r��튽��훓��F�))R�8ψ}�˴&�pn p��.{m@�t�NU��Zt�1㝟�.��I2��<�^�ǔE��HʘK1y� ��, 8�]�{{�T��79�u��\W�{�06[ �IR�AXJ��ݟ�WZvg�|)��yp��m�ς��vN��yUv��ؿ�D>�Yd�{��~�n�Q�z��dr�^N~��ln��7@�Z��6|ދR��2�ѼM�5��M|�$

Sections

CODE
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 929B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd8220152c5e62d715a4555f899ebc38

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:eaCertificate

Extended Key Usages

Key Usages

a1:a7:02:fc:eb:4a:c1:29:96:b9:dc:89:d4:43:44:f2:28:f5:5b:d0Signer

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

ole32

comdlg32

oleaut32

shell32

winspool.drv

advapi32

gdi32

version

wtsapi32

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 438KB - Virtual size: 437KB

DATA Size: 14KB - Virtual size: 13KB

BSS Size: - Virtual size: 929B

.idata Size: 5KB - Virtual size: 5KB

.text0 Size: 13KB - Virtual size: 13KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 66KB - Virtual size: 66KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

a1:a7:02:fc:eb:4a:c1:29:96:b9:dc:89:d4:43:44:f2:28:f5:5b:d0
Signer

CODE
Size: 438KB - Virtual size: 437KB

DATA
Size: 14KB - Virtual size: 13KB

BSS
Size: - Virtual size: 929B

.idata
Size: 5KB - Virtual size: 5KB

.text0
Size: 13KB - Virtual size: 13KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 66KB - Virtual size: 66KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB