465f06f4687b692cebc19578ab0ab7ef_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

465f06f4687b692cebc19578ab0ab7ef_JaffaCakes118
Size

610KB
MD5

465f06f4687b692cebc19578ab0ab7ef
SHA1

ef8b91d63623d5ee0676a2348bfd143f15a9d7ba
SHA256

14e7114625ab14c87c326578f24de2fe76189007f097a04c1d65322d2b87802c
SHA512

3a270678253af9c7561b6bd08b6295f4a91a87bc1e8362912f2804b5e1a19d814f77d1cfaa176167f229396c383c4dd43b732e0ed59ba07f238dd725cc0c0f64
SSDEEP

12288:UtwL11ukJQ1Uc2AMSKHql4tSSpDHE/fXMco:jJ0KAMdESpDHE/fPo

Score

1^/10

Malware Config

Signatures

Files

465f06f4687b692cebc19578ab0ab7ef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fd750bc34f5369cb72ae1ec49035fcd4

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29-05-2015 00:00

Not After

28-05-2016 23:59

Subject

CN=KATANA,O=KATANA,POSTALCODE=156002,STREET=44/7 ul.Ostrovskogo,L=Kostroma,ST=Kostroma region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b7:b2:bd:52:50:6f:4f:d7:d5:ad:b1:49:13:44:cf:36:28:9c:26:41
Signer

Actual PE Digest

b7:b2:bd:52:50:6f:4f:d7:d5:ad:b1:49:13:44:cf:36:28:9c:26:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetTabbedTextExtentW
CharPrevA
DestroyCursor
SetClassWord
PostThreadMessageW
DefDlgProcA
EnumDisplaySettingsExW
MenuWindowProcA
GetWindowTextLengthA
GetDlgItemInt
GetClassLongA
LoadCursorFromFileW
AppendMenuW
GetMenuItemID
SetRectEmpty
MessageBoxTimeoutW
GetWindowRgnBox
LoadCursorW
GetActiveWindow
CreateMenu
GetDC
SetDoubleClickTime
KillTimer
DrawStateW
GetProcessWindowStation
DefDlgProcW
IsCharAlphaA
RealChildWindowFromPoint
SetTimer
GetMenuItemInfoA
GetAltTabInfoA
GetTabbedTextExtentA
SetDlgItemTextW
RegisterWindowMessageW
BroadcastSystemMessageExA
RegisterHotKey
FindWindowW
GetNextDlgGroupItem
ShowWindowAsync
CreateIcon
DispatchMessageA
GetThreadDesktop
ShowStartGlass
RegisterDeviceNotificationW
IsHungAppWindow
PrivateExtractIconsW
WindowFromPoint
OemToCharBuffW
IsWindow
LoadBitmapW
ModifyMenuA
GetMenuContextHelpId
IntersectRect
EnableScrollBar
ChangeDisplaySettingsExW
EnableMenuItem
AdjustWindowRect
FlashWindowEx
EnumDisplayMonitors
GetMonitorInfoW
GrayStringA
CharUpperBuffA
GetWindowInfo
RegisterDeviceNotificationA
LoadStringA
GetMenuStringA
LockWorkStation
SetActiveWindow
WaitMessage
GetDCEx
GetUpdateRect
LoadStringW
DrawTextExA
MenuWindowProcW
InsertMenuItemW
GetMenuItemRect

kernel32

FindNextVolumeA
GetCurrentThread
CreateEventW
LockResource
EnumSystemCodePagesW
CreateTimerQueueTimer
FlushViewOfFile
FreeEnvironmentStringsA
Heap32Next
DeactivateActCtx
SetCommMask
lstrcpy
LZRead
DeleteTimerQueue
QueryDosDeviceW
FindFirstVolumeMountPointA
GetProcessHeaps
WinExec
GlobalAddAtomA
OpenJobObjectW
GetSystemDefaultLCID
TryEnterCriticalSection
FindFirstVolumeW
HeapWalk
SetThreadPriority
lstrcatA
QueryInformationJobObject
HeapCreate
SetHandleCount
EnumLanguageGroupLocalesA
GlobalFix
GetExitCodeThread
GetProcessShutdownParameters
SetSystemTime
FindActCtxSectionGuid
CompareFileTime
RtlUnwind
CommConfigDialogA
LocalFlags
InterlockedIncrement
GlobalAlloc
AllocateUserPhysicalPages
ReadConsoleInputExA
CopyFileExA
ExitThread
GetVolumeInformationW
ReleaseSemaphore
GetPriorityClass
IsValidLocale
SetCommState
WriteFileGather
ReplaceFileA
EnterCriticalSection
GetDiskFreeSpaceExA
HeapCompact
CreateJobObjectA
SetEvent
CreatePipe
SetSystemPowerState
BeginUpdateResourceW
EnumDateFormatsW
RequestDeviceWakeup
GetDiskFreeSpaceW
GetCommModemStatus
GetFileType
GetLongPathNameW
FindAtomA
Heap32First
GetLastError
FreeResource
GetUserDefaultLangID
GetLargestConsoleWindowSize
WaitCommEvent
GetPrivateProfileIntW
GlobalDeleteAtom
VirtualQuery
LoadLibraryA
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

FindTextA

oleaut32

VarCyNeg

gdi32

GetMetaRgn
GetLogColorSpaceW
GetLogColorSpaceA

version

VerQueryValueA
VerFindFileW
GetFileVersionInfoSizeA

ws2_32

WSANtohl

comctl32

FlatSB_SetScrollInfo
UninitializeFlatSB

Exports

Exports

��~��0�k�QTF�3P �ܫC+�!2.VD0�-��Q�>��OA��%��O��t=O��m^`A��^��t�K��P��^k��NjZ�\�j��6:�_v��+W��Tyb�fV-5-��n!�$��"�e�~��,;�p�H��9j��ޛ�T)��7�� O�u7�9�FE��2-��a7��A�~e�(y�(�R$ |[VV��5m�B��j3�5�ސ�F��pגv��Z_�3>w��J\ԆM��rm��g�(�o�?L��i<�?*�͊~dt��]~+<��Ux��te��T�(LL ��V�z~:�qs��x�!��E�0 ��ۏ�ﺐ�~'�'<ڡ�<R`؄��]�r�LF��k�\��յ��#r��;�h�� ΏH��Q�ͦ��8Ƶ�n:��uw�ef�щ��)�� c�O��A�s��K�H��d#ṃ{��m-��zd��_I�Eob�� Q\��7l��:%v�R$4��?i�ʬ��M��'�Ɨ$22ч�B�B�C3G��֠�Q(�e��=E�#!.�O�q��3�/��<��Z��,՝r��n��qDFp�-�~�s�b�Ö�)��s,`/��eAu��l�RC�s�P�+�GǏ��1�/V�3m'��Q�/�O>��_�(��3�(bڻ�"� �2�2I��J.Ն�3��T�e�\��Gh9Ѣ�22��~�`@�H<=`�X��iM�&$q�w��U_��D�EX+��k��qJ�H�S;�T�V BȊ�1 q3 ш/�I`iE�{I�yԮ�wM��O{0�T��'�ȶl*�� w�P��y�G��8R�^�H ��W#7� 3��%�dN`:�qV��x]��Ku��P��e2�%�p;�� ROr��w�b�C�# �EH�Q�I!�q ��r��T�vl|@zQy�� }|�Fo,�*��Qнa��IW��@(-S��o��4IK��Gg�?�ð��5�ہ1��Kfr�@��є��n"3�7��i&�?J�Np� ��{�(��e��Xpg��/��d�U��33D Ky]x��<�BJ�*r��=*��W�8�4��oc _7y��v/� ��^�P��ʳ�c��c��E��f��S��Ȇ�;�1�h�]%M�@BV��(��l��C��X< ��4"�X�Jm�i�Q[p{��7�?�J�X40��X5�|'�p��:�`N��8P-��hFf�k��s�1�y�D�Z�u��r0�-s�ә��|��]��1�Qd�ħ_Jm��Ův� ��16�G��@_��|?N��(�¸��{�ph�M3�Ln�#F��>!Cڒ��~֊"�v pL�1xvX��sV�3w��F��V�ꑆRe2�Ê��;U�_��m�u�P�Y��"��g�v1��7�;�@��Ex,��[O�J+�^�Ґ�F��V�ݨ�ֶ��3��8]�[��6�b�S�g�)�h�*�:��}�j��u��#�^u0�0��F� �PO<�N\��X��g�%9��oĒr�2+Bl�*��g6w��,Y{eZ��j��*6��7t��(h��m )�tR~�jw��۱�~�⋮^� �Ն�F`�s,��v��9�|C��͚��2.�\��.��7�(J��v��O \U=�d2��s�٨�װ�|�+l��M��G<Z��)B�X�vG��,��w��`��c0&�q�3�i��_�I��,`J��0ڳW��o�3�p�^v&�a�ݙy2�u�)�� h, ?�=��L2�_fQ�t�&��36o��ܭ"�8� �a&$'S�O��͠��F��C�U�rեF��#s�c�.V��sR��l��f�_�6��&�-�:�L�ߍj_*x��d�Ig"R�# ��㊀ ?��R̯{!��Ze$��q�mr�)؀A+|щ�9�3_J�@Z�>�"�zP~[|�ܘ;��b�U��NEK�Z�j�~�䩣e�+\-k��'��ؙy$�w:j��2Щ�f��̥�3"��W�;�D��2��O�zu�p��._��4�5�6�ط��,�& �Rר�˳��mZ�Zn�z��Դ��\��=��W"��ߦ�8�� E�Hk]O��4�қ`|�Ή��]��c�yB�{�ZFT&햶��G�x+-�qZfhW޹%Ń�@[[��M�#�-F��d�41�z�Q��#��߅�&\ L��0'�ʊ9��)�g��A��^v��?�@��f�q\�e��A��HU��r��#��׽A?l "L�k_ڃZ��R�Q4rBt_�Q*�ΰr�RJ��c8��5)�48�r��2dU�SR[��l��vNڊ�Fo��\�ܮ��P;�2�n�Ͱ��>� �;]��!��H��6��Mz��[<�)%�""O.Ch��x�N`k&�+�R�u��d��cOT�� Ҹ\7p��ךV��24 �5G��i��W�͙��UV 0��X�K:��:��Z8I�"?YQ��m��(6m��"�MS=�5܃�(14A@�Ֆ<=��l3�[H� x��M��7;q�?j�;4�� + s�-�� L��|��L {�4�!r��^C�ITLxlߏ��t��|�ˈSe��XYsd��ТY4�j�ޮ_n��]��w�[��~�m��qre�� v�(��@W��d�z��Н=�h�*Nwc�PI��X��L ��>��>�<��i%@�ζ�dKYq��m#K�+τ0N��ys=�w(�4G�&�G�A�[�XX�4o�BI�m�� ed<��z�s0]��j-��"�PՀ/�o��b��#A�+�y�}D��g,��;ڶ@��7��M��U��S�O

Sections

CODE
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd750bc34f5369cb72ae1ec49035fcd4

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57Certificate

Extended Key Usages

Key Usages

b7:b2:bd:52:50:6f:4f:d7:d5:ad:b1:49:13:44:cf:36:28:9c:26:41Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

gdi32

version

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 440KB - Virtual size: 440KB

DATA Size: 16KB - Virtual size: 24KB

.idata Size: 4KB - Virtual size: 4KB

.text0 Size: 17KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 4KB

.text1 Size: 68KB - Virtual size: 68KB

.reloc Size: 5KB - Virtual size: 8KB

.rsrc Size: 52KB - Virtual size: 51KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57
Certificate

b7:b2:bd:52:50:6f:4f:d7:d5:ad:b1:49:13:44:cf:36:28:9c:26:41
Signer

CODE
Size: 440KB - Virtual size: 440KB

DATA
Size: 16KB - Virtual size: 24KB

.idata
Size: 4KB - Virtual size: 4KB

.text0
Size: 17KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 4KB

.text1
Size: 68KB - Virtual size: 68KB

.reloc
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 52KB - Virtual size: 51KB