4a70a9e1ce6cf4bcade6c9977985da95_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a70a9e1ce6cf4bcade6c9977985da95_JaffaCakes118
Size

389KB
MD5

4a70a9e1ce6cf4bcade6c9977985da95
SHA1

68e1e223a25799546dc6c3d0690386aa3a9db27d
SHA256

e756fb3b06f3784ffc78d50cb5df691a0e2805a03e7cc2905519c75782de5796
SHA512

0b711315200508096c3754202886b00e26644172ef4d3456b1b35295fb86011e9f52a953e4a5eba24db5e97d583146e40782384193fa8293329ced7546941c59
SSDEEP

6144:egmTvKGmR/zQ/ZL9qCHWzBi4RD0Tjrjzc6r6IFLpjZ4R7fNro7:egdGm9Q/B9qCHWzBi4RUTc6rDL74R71y

Score

1^/10

Malware Config

Signatures

Files

4a70a9e1ce6cf4bcade6c9977985da95_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d5788e27ea82b499dbb1a38cba109d39

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:c6:8b:39:d8:c6:b1:e4:cd:f9:a8:cb:eb:59:02:76:e1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

08/02/2012, 20:39

Not After

08/02/2015, 20:39

Subject

CN=Bleeping Computer\, LLC.,O=Bleeping Computer\, LLC.,ST=New York,C=US,1.2.840.113549.1.9.1=#0c196365727440626c656570696e67636f6d70757465722e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e9:b8:6e:2f:7e:b4:cf:ef:d5:2c:69:82:a6:3b:30:f8:64:6d:a5:38
Signer

Actual PE Digest

e9:b8:6e:2f:7e:b4:cf:ef:d5:2c:69:82:a6:3b:30:f8:64:6d:a5:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

unhide.pdb

Imports

kernel32

Sleep
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
CopyFileW
GetVersionExW
TerminateProcess
GetLastError
GetShortPathNameW
SetEndOfFile
CloseHandle
GetLogicalDriveStringsW
GetDriveTypeW
GetCurrentProcess
GetTickCount
InitializeCriticalSection
InterlockedCompareExchange
SetEnvironmentVariableA
CreateFileW
IsValidLocale
HeapFree
InterlockedDecrement
GetCPInfo
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetTimeFormatW
GetDateFormatW
HeapAlloc
GetCommandLineW
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
IsProcessorFeaturePresent
EncodePointer
InterlockedIncrement
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
RaiseException
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
GetLocaleInfoW
GetTimeZoneInformation
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
SetStdHandle
LoadLibraryW
WriteFile
GetModuleFileNameW
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
QueryPerformanceCounter
GetCurrentProcessId
RtlUnwind
HeapSize
HeapReAlloc
CompareStringW
SetEnvironmentVariableW
WriteConsoleW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
GetProcessHeap

user32

MessageBoxW

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
AdjustTokenPrivileges

shell32

ShellExecuteW

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5788e27ea82b499dbb1a38cba109d39

Code Sign

04:7a:55Certificate

Extended Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:c6:8b:39:d8:c6:b1:e4:cd:f9:a8:cb:eb:59:02:76:e1Certificate

Extended Key Usages

Key Usages

e9:b8:6e:2f:7e:b4:cf:ef:d5:2c:69:82:a6:3b:30:f8:64:6d:a5:38Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 139KB - Virtual size: 139KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 194KB - Virtual size: 193KB

.reloc Size: 10KB - Virtual size: 10KB

04:7a:55
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:c6:8b:39:d8:c6:b1:e4:cd:f9:a8:cb:eb:59:02:76:e1
Certificate

e9:b8:6e:2f:7e:b4:cf:ef:d5:2c:69:82:a6:3b:30:f8:64:6d:a5:38
Signer

.text
Size: 139KB - Virtual size: 139KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 194KB - Virtual size: 193KB

.reloc
Size: 10KB - Virtual size: 10KB