4fc8c1c500da7d750f4a08f0f3cf1a7b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4fc8c1c500da7d750f4a08f0f3cf1a7b_JaffaCakes118
Size

403KB
MD5

4fc8c1c500da7d750f4a08f0f3cf1a7b
SHA1

211ef19068003887123afcbbb726aea168d240d4
SHA256

20c4f30871d2d09eb231f4075d10fa0bea776dd3225eb05d2b190fe584e88fd7
SHA512

750665578ee9e12640434bc5847aa49761be0b9939d9c1db923f1ddcfe8a209475242d77a9f5e5bb3682a0194a2a072343fde5adc69cd4e557c45909b8119db1
SSDEEP

6144:a7e5PzxVKniWyXAaZQGY7e3kZhioufDiiUMMR7BzUxW0pA+U+NT:a7EPzxVKn8X5QGKe0ZoouRUMM8W0LJT

Score

1^/10

Malware Config

Signatures

Files

4fc8c1c500da7d750f4a08f0f3cf1a7b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

59501ef5ae2fe4976fdef70d74913195

Code Sign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ef:eb:a7:75:b6:9c:37:17:98:03:99:c9:6e:53:23:ec
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14/07/2014, 00:00

Not After

14/07/2015, 23:59

Subject

CN=Fileprotected,O=Fileprotected,POSTALCODE=64112,STREET=4600 Madison Ave FL 10,L=Kansas City,ST=Missouri,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d3:39:da:b0:2f:81:6a:91:60:88:9e:5c:a0:eb:49:fe:8e:f5:d8:e4
Signer

Actual PE Digest

d3:39:da:b0:2f:81:6a:91:60:88:9e:5c:a0:eb:49:fe:8e:f5:d8:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetOptionW

kernel32

TlsFree
SetEnvironmentVariableA
GetModuleFileNameA
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
LoadLibraryW
GetProcAddress
CloseHandle
GetLastError
CreateProcessW
GetStartupInfoW
GetTempPathW
WideCharToMultiByte
lstrlenW
GetTickCount
CompareStringW
CompareStringA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
SetEndOfFile
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleHandleA
GetFileAttributesA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
ReadFile
SetFilePointer
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
GetLocaleInfoW

Sections

.text
Size: 182KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59501ef5ae2fe4976fdef70d74913195

Code Sign

01Certificate

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

ef:eb:a7:75:b6:9c:37:17:98:03:99:c9:6e:53:23:ecCertificate

Extended Key Usages

Key Usages

d3:39:da:b0:2f:81:6a:91:60:88:9e:5c:a0:eb:49:fe:8e:f5:d8:e4Signer

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

Sections

.text Size: 182KB - Virtual size: 184KB

.rdata Size: 35KB - Virtual size: 36KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 173KB - Virtual size: 173KB

01
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

ef:eb:a7:75:b6:9c:37:17:98:03:99:c9:6e:53:23:ec
Certificate

d3:39:da:b0:2f:81:6a:91:60:88:9e:5c:a0:eb:49:fe:8e:f5:d8:e4
Signer

.text
Size: 182KB - Virtual size: 184KB

.rdata
Size: 35KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 173KB - Virtual size: 173KB