4de0a269c62d27fc8c45c7a6e7fe54c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4de0a269c62d27fc8c45c7a6e7fe54c3_JaffaCakes118
Size

344KB
MD5

4de0a269c62d27fc8c45c7a6e7fe54c3
SHA1

89ba13fdde9d7f3f3eacc6666478314215dea33e
SHA256

21b23698832d35bbcd6fdafd078872099182b39295c1e26a1714834a1cbe5fe2
SHA512

bd75ff03dbabd6e7d57ffe2f6fd83abfe33e9dd5fbab872c68e74dfbc3855875a97b2cb4f4834feee50e47444f6b89d147855c534ef9da072cd1929ad7a70f5e
SSDEEP

6144:s8W9R/IQRP5pKfItp2ECypQGFTaQDk6zoDYXjvya++VCBwJa80dGnXCz:7WHtUAt5hpQGDk6zwYzvyaBMwsV0XCz

Score

1^/10

Malware Config

Signatures

Files

4de0a269c62d27fc8c45c7a6e7fe54c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bedb097118949a99a1bea602ce74355f

Code Sign

24
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

24/10/2007, 22:01

Not After

24/10/2017, 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:bb
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/11/2014, 00:09

Not After

31/10/2016, 17:47

Subject

CN=ООО ”БАНДЛ” - Bundle LLC,O=ООО ”БАНДЛ” - Bundle LLC,L=Saint-Petersburg,ST=Saint Petersburg City,C=RU,1.2.840.113549.1.9.1=#0c16696e666f40696e7374616c6c62756e646c652e636f6d,2.5.4.13=#1310345173635459644f79754e45624e586d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:fc:e4:9e:62:92:e8:38:ea:2d:45:e9:43:5e:89:91:48:47:e4:3a
Signer

Actual PE Digest

dc:fc:e4:9e:62:92:e8:38:ea:2d:45:e9:43:5e:89:91:48:47:e4:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetCursor
GetKeyboardLayoutNameA
EnableWindow
PostMessageA
GetClassWord
GetWindowTextLengthA
UnregisterClassA
GetWindowRgn
GetClassNameA
GetDC
GetMenuItemCount
GetWindowThreadProcessId
GetKeyboardType
GetMenuItemID
DrawIcon
SetPropA
SetParent
LoadMenuA
GetPropA
FindWindowA
GetDlgItem
GetKeyboardState
IsWindowUnicode
GetWindowDC
RemovePropA
GetScrollRange
GetWindowRect
IsMenu
ScreenToClient
WindowFromPoint
GetWindowLongA
SetThreadDesktop
GetParent
GetUpdateRgn
GetUpdateRect
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
DestroyWindow
DefWindowProcA

gdi32

GetStockObject

kernel32

LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
VirtualAlloc
HeapFree
GetStringTypeA
HeapCreate
HeapDestroy
ExitProcess
GetVersion
GetStartupInfoA
HeapAlloc
WaitNamedPipeA
GetFileType
CreateFileMappingA
GetFileTime
GetTempPathA
SetFileTime
FileTimeToSystemTime
MoveFileA
GetSystemPowerStatus
OpenMutexA
OpenFileMappingA
GetComputerNameA
GetEnvironmentStrings
GetCurrentProcessId
SetCurrentDirectoryA
VirtualFree
PeekNamedPipe
ReleaseMutex
GetProcAddress
DeleteFileA
GetModuleHandleA
CreateDirectoryA
OpenSemaphoreA
FindResourceA
GetStringTypeW
LoadLibraryA
SetFilePointer
GetTempFileNameA
GetCommandLineA
ReleaseSemaphore
CopyFileA
GetLogicalDriveStringsA
WriteFile
OpenFile

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bedb097118949a99a1bea602ce74355f

Code Sign

24Certificate

Key Usages

10:bbCertificate

Extended Key Usages

Key Usages

dc:fc:e4:9e:62:92:e8:38:ea:2d:45:e9:43:5e:89:91:48:47:e4:3aSigner

Headers

File Characteristics

Imports

user32

gdi32

kernel32

Sections

.text Size: 300KB - Virtual size: 299KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 8KB - Virtual size: 6KB

24
Certificate

10:bb
Certificate

dc:fc:e4:9e:62:92:e8:38:ea:2d:45:e9:43:5e:89:91:48:47:e4:3a
Signer

.text
Size: 300KB - Virtual size: 299KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 8KB - Virtual size: 6KB