4d1050c4aedde4a85cb5c0417ca4bfc4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4d1050c4aedde4a85cb5c0417ca4bfc4_JaffaCakes118
Size

591KB
MD5

4d1050c4aedde4a85cb5c0417ca4bfc4
SHA1

e019d91f31840e5d6da30f15ea91b5ee4be64316
SHA256

0c2a0c737759c8584bcde7376ef946f7015c10a2cbfbbf738bd5468dc9b1acb4
SHA512

8f7ee6cf2ac6d3137e1a2cb5fb498cbabba7661364fe9fe6200fb2c33d22108980ea1df63cfaaaadeb8e6c2bc073191368551fa722b1e62b26820bdab8e5fbd6
SSDEEP

12288:nctB/q4yxjvd6RvTqrk7kYbifjnKuHHUET:n+BCFJvdAv+YPoX0o

Score

1^/10

Malware Config

Signatures

Files

4d1050c4aedde4a85cb5c0417ca4bfc4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a6269398fe2257bacc88b3cfa3a5cb2a

Code Sign

fa:66:7e:e6:62:28:1a:2b:ba:f5:3d:fa:0f:a2:85:f1
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/07/2018, 00:00

Not After

02/07/2019, 23:59

Subject

CN=MC EXCEL LIMITED,O=MC EXCEL LIMITED,POSTALCODE=EC1R 4UJ,STREET=Apartment 2\, 173 Rosebery Ave,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2c:17:c4:bd:f5:7c:f2:c9:7d:8e:62:17:26:9b:d3:e0:16:16:ca:47:54:08:c7:76:7e:86:af:44:19:f1:e1:ee
Signer

Actual PE Digest

2c:17:c4:bd:f5:7c:f2:c9:7d:8e:62:17:26:9b:d3:e0:16:16:ca:47:54:08:c7:76:7e:86:af:44:19:f1:e1:ee

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushInstructionCache
lstrlenW
GetCurrentDirectoryA
LeaveCriticalSection
GetVersionExA
MapViewOfFile
GetFileAttributesA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
LoadLibraryExA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
ExitProcess
GetFileType
WriteConsoleW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
EnterCriticalSection
MulDiv
FindResourceA
GetConsoleScreenBufferInfo
CreateFileMappingA
VirtualAlloc
lstrcmpiA
MultiByteToWideChar
InterlockedDecrement
LoadResource
WriteFile
GlobalAlloc
GetProcessWorkingSetSize
SizeofResource
FileTimeToSystemTime
CreateFileA
GetStdHandle
GetModuleFileNameA
SetLastError
InterlockedIncrement
GetLastError
lstrlenA
LockResource
SetConsoleTitleA
CloseHandle
HeapFree
InterlockedCompareExchange
GetCurrentThreadId
CreateEventA
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
FreeLibrary
DeleteCriticalSection
WaitForSingleObject
IsDBCSLeadByte
GetFileAttributesExA
RaiseException
InitializeCriticalSection
GetModuleHandleA
WideCharToMultiByte
UnmapViewOfFile
HeapDestroy

user32

SetScrollPos
DestroyWindow
DrawIcon
EnumDisplayMonitors
GetSysColor
GetCapture
EndDialog
wsprintfA
RemovePropA
CreateWindowExA
IsWindowEnabled
GetWindowRect
ReleaseDC
GetSystemMetrics
ScreenToClient
DefWindowProcA
CharNextA
GetWindowTextA
SystemParametersInfoA
GetMonitorInfoA
DialogBoxParamA
PostMessageA
LoadCursorA
ClientToScreen
DestroyIcon
IsWindow
LoadImageA
MapWindowPoints
TrackPopupMenu
BeginPaint
SetWindowLongA
SetWindowPos
EndPaint
SetWindowWord
SetFocus
LoadIconA
GetFocus
CopyRect
GetIconInfo
EnableWindow
GetParent
FillRect
GetActiveWindow
RegisterWindowMessageA
GetWindow
OffsetRect
DrawFocusRect
MessageBoxW
GetKeyState
TrackPopupMenuEx
DrawIconEx
GetDC
RegisterClipboardFormatA
LoadStringA
GetClientRect
GetWindowLongA
GetWindowTextLengthA
MoveWindow
SetRect
GetSysColorBrush
CallWindowProcA
SendMessageA
GetCursorPos
SendDlgItemMessageA
GetComboBoxInfo
InflateRect
GetDlgItem
UnregisterClassA

gdi32

GetTextExtentPoint32A
CreateRectRgnIndirect
PatBlt
GetCurrentObject
CreateFontIndirectA
CreatePen
CreateDIBSection
SetTextJustification
DeleteDC
GetTextExtentExPointA
CreateSolidBrush
Rectangle
DeleteObject
SelectObject
SetTextAlign
GetObjectA
SetBkColor
TextOutA
ExcludeClipRect
SetTextColor
SetBkMode
CreateCompatibleDC
GetTextCharsetInfo

comdlg32

GetOpenFileNameA
FindTextA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ord727
SHGetFileInfoA
ord3
SHGetFileInfoW
SHGetDesktopFolder
SHParseDisplayName

ole32

CoTaskMemRealloc
GetRunningObjectTable
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
StringFromCLSID

oleaut32

VarUI4FromStr

odbc32

ord176
ord117

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx

wininet

FtpSetCurrentDirectoryA

avifil32

AVIFileRelease

winmm

mmioAscend
mmioDescend
mmioClose

pdh

PdhOpenQueryA

powrprof

ReadGlobalPwrPolicy

traffic

TcQueryInterface

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6269398fe2257bacc88b3cfa3a5cb2a

Code Sign

fa:66:7e:e6:62:28:1a:2b:ba:f5:3d:fa:0f:a2:85:f1Certificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

2c:17:c4:bd:f5:7c:f2:c9:7d:8e:62:17:26:9b:d3:e0:16:16:ca:47:54:08:c7:76:7e:86:af:44:19:f1:e1:eeSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

shlwapi

comctl32

wininet

avifil32

winmm

pdh

powrprof

traffic

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 380KB - Virtual size: 377KB

fa:66:7e:e6:62:28:1a:2b:ba:f5:3d:fa:0f:a2:85:f1
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

2c:17:c4:bd:f5:7c:f2:c9:7d:8e:62:17:26:9b:d3:e0:16:16:ca:47:54:08:c7:76:7e:86:af:44:19:f1:e1:ee
Signer

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 380KB - Virtual size: 377KB