5bc4347b9bfda69e16f9eed249879f94_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bc4347b9bfda69e16f9eed249879f94_JaffaCakes118
Size

1.4MB
MD5

5bc4347b9bfda69e16f9eed249879f94
SHA1

0f2bc06620985689a43d7cc2f13560812c85c81a
SHA256

dd2fc470206de0b81098f3483562823b40958416f567617dfb3e9aca5f7a3d50
SHA512

998790bb005c7799836421352e22adfa0ce0a569cf34dcb3526c84bc3d490c9c14e5d41ba9814db80b08dbb0ed5435ce77787bae5c0c5a55b83b37e100beaf45
SSDEEP

24576:uXlOD7i2Xj5XJdpIkQtaNVfFhKKXBAVE7x7f45Tjd+I2cpbgOS:wkQtmFhKuSVEd45T4N2S

Score

1^/10

Malware Config

Signatures

Files

5bc4347b9bfda69e16f9eed249879f94_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d7a0eb38f84a955ac9e4608a1093cd8f

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

87:35:84:0c:52:3f:d6:c7:38:fc:d3:5f:37:d4:4c:5b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/11/2017, 00:00

Not After

11/10/2018, 23:59

Subject

CN=ELEMENTS BROWSER (Info Software lp),OU=Elements Browser,O=ELEMENTS BROWSER (Info Software lp),POSTALCODE=EH3 6SW,STREET=Suite 2\, 5 St. Vincent street,L=Edinburgh,ST=Scotland,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:35:84:0c:52:3f:d6:c7:38:fc:d3:5f:37:d4:4c:5b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/11/2017, 00:00

Not After

11/10/2018, 23:59

Subject

CN=ELEMENTS BROWSER (Info Software lp),OU=Elements Browser,O=ELEMENTS BROWSER (Info Software lp),POSTALCODE=EH3 6SW,STREET=Suite 2\, 5 St. Vincent street,L=Edinburgh,ST=Scotland,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

78:74:bb:7c:21:cc:e7:4e:7d:00:0b:71:05:22:3e:fe:8c:15:de:8a:8a:21:6b:05:74:ea:06:9e:21:db:f7:e4
Signer

Actual PE Digest

78:74:bb:7c:21:cc:e7:4e:7d:00:0b:71:05:22:3e:fe:8c:15:de:8a:8a:21:6b:05:74:ea:06:9e:21:db:f7:e4

Digest Algorithm

sha256

PE Digest Matches

true

0a:48:5c:63:ea:53:44:49:e0:ed:65:13:b0:e7:53:66:f9:f0:f1:85
Signer

Actual PE Digest

0a:48:5c:63:ea:53:44:49:e0:ed:65:13:b0:e7:53:66:f9:f0:f1:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

elementsbrowser_elf

GetInstallDetailsPayload
SignalChromeElf
SignalInitializeCrashReporting

advapi32

ImpersonateNamedPipeClient
SetEntriesInAclW
GetSecurityInfo
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
CreateProcessAsUserW
EventRegister
EventUnregister
EventWrite
SystemFunction036
RevertToSelf
RegDisablePredefinedCache
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
GetKernelObjectSecurity
GetAce
SetKernelObjectSecurity
DuplicateTokenEx
SetThreadToken
CreateRestrictedToken
DuplicateToken
EqualSid
LookupPrivilegeValueW
CopySid
CreateWellKnownSid

kernel32

GetVersion
SleepEx
GetModuleFileNameW
CreateEventW
GetLastError
SetLastError
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
GetProcessId
WaitForSingleObject
SetCurrentDirectoryW
LoadLibraryExW
GetProcAddress
SetProcessShutdownParameters
VirtualAlloc
VirtualFree
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
GetCommandLineW
LocalFree
GetThreadId
GetModuleHandleA
IsDebuggerPresent
GetCurrentProcessId
OpenProcess
CloseHandle
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetCurrentThread
GetUserDefaultLangID
FindNextFileW
FindClose
FindFirstFileExW
GetFileAttributesW
GetModuleHandleW
VirtualQuery
VirtualProtect
GetModuleHandleExW
SetEnvironmentVariableW
GetEnvironmentVariableW
LoadLibraryW
GetLocaleInfoW
FreeLibrary
UnregisterWaitEx
RegisterWaitForSingleObject
ExpandEnvironmentStringsW
Sleep
GetTickCount
GetVersionExW
GetNativeSystemInfo
GetSystemDirectoryW
GetWindowsDirectoryW
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
IsWow64Process
RaiseException
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
QueryPerformanceFrequency
QueryPerformanceCounter
QueryThreadCycleTime
GetThreadPriority
SetThreadPriority
FlushViewOfFile
TerminateProcess
GetExitCodeProcess
CreateProcessW
AssignProcessToJobObject
ResumeThread
SetHandleInformation
SetInformationJobObject
GetStdHandle
ReadFile
HeapSetInformation
GetProcessTimes
GetSystemInfo
VirtualQueryEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
ResetEvent
CreateNamedPipeW
CreateFileW
ConnectNamedPipe
WriteFile
PeekNamedPipe
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
MoveFileExW
MoveFileW
ReplaceFileW
CreateDirectoryW
CopyFileW
GetTempPathW
QueryDosDeviceW
GetCurrentDirectoryW
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
FlushFileBuffers
GetLocalTime
FormatMessageA
OutputDebugStringA
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
TlsGetValue
CreateThread
TlsSetValue
TlsAlloc
TlsFree
InitializeCriticalSectionAndSpinCount
DecodePointer
CreateSemaphoreW
ReleaseSemaphore
InitOnceExecuteOnce
GetTimeZoneInformation
OutputDebugStringW
GetComputerNameExW
LockFileEx
UnlockFileEx
GetFileType
SetConsoleCtrlHandler
VirtualAllocEx
TerminateJobObject
GetUserDefaultLCID
ProcessIdToSessionId
WriteProcessMemory
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
VirtualProtectEx
ReadProcessMemory
VirtualFreeEx
CreateRemoteThread
CreateJobObjectW
CreateMutexW
SearchPathW
lstrlenW
DebugBreak
LoadLibraryExA
GetThreadTimes
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
GetACP
GetConsoleMode
GetConsoleCP
GetFullPathNameW
SetStdHandle
GetDriveTypeW
RtlUnwind
GetCPInfo
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
GetLongPathNameW
DisconnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
TransactNamedPipe
SuspendThread
GetThreadContext
GetThreadLocale
GetSystemDefaultLCID
GetFileInformationByHandleEx

psapi

GetProcessMemoryInfo
GetPerformanceInfo
QueryWorkingSetEx

shell32

SHGetFolderPathW
SHGetKnownFolderPath
CommandLineToArgvW

shlwapi

PathMatchSpecW

user32

SetProcessWindowStation
GetThreadDesktop
CreateWindowStationW
RegisterClassW
CloseWindowStation
CloseDesktop
wsprintfW
GetUserObjectInformationW
GetMessageW
GetProcessWindowStation
IsWindow
SendMessageTimeoutW
AllowSetForegroundWindow
TranslateMessage
PostQuitMessage
MsgWaitForMultipleObjectsEx
GetQueueStatus
SetTimer
PostMessageW
KillTimer
UnregisterClassW
SetProcessDPIAware
GetWindowThreadProcessId
DispatchMessageW
PeekMessageW
DefWindowProcW
SetWindowLongW
GetWindowLongW
FindWindowExW
CreateWindowExW
DestroyWindow
RegisterClassExW
CreateDesktopW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

winhttp

WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReadData
WinHttpCrackUrl

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 913KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_text32
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7a0eb38f84a955ac9e4608a1093cd8f

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

87:35:84:0c:52:3f:d6:c7:38:fc:d3:5f:37:d4:4c:5bCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

87:35:84:0c:52:3f:d6:c7:38:fc:d3:5f:37:d4:4c:5bCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

78:74:bb:7c:21:cc:e7:4e:7d:00:0b:71:05:22:3e:fe:8c:15:de:8a:8a:21:6b:05:74:ea:06:9e:21:db:f7:e4Signer

0a:48:5c:63:ea:53:44:49:e0:ed:65:13:b0:e7:53:66:f9:f0:f1:85Signer

Headers

DLL Characteristics

File Characteristics

Imports

elementsbrowser_elf

advapi32

kernel32

psapi

shell32

shlwapi

user32

version

winmm

winhttp

Exports

Exports

Sections

.text Size: 913KB - Virtual size: 912KB

_text32 Size: 64KB - Virtual size: 63KB

.rdata Size: 289KB - Virtual size: 289KB

.data Size: 6KB - Virtual size: 19KB

.didat Size: 512B - Virtual size: 32B

CPADinfo Size: 512B - Virtual size: 40B

.rsrc Size: 132KB - Virtual size: 132KB

.reloc Size: 37KB - Virtual size: 36KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

87:35:84:0c:52:3f:d6:c7:38:fc:d3:5f:37:d4:4c:5b
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

87:35:84:0c:52:3f:d6:c7:38:fc:d3:5f:37:d4:4c:5b
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

78:74:bb:7c:21:cc:e7:4e:7d:00:0b:71:05:22:3e:fe:8c:15:de:8a:8a:21:6b:05:74:ea:06:9e:21:db:f7:e4
Signer

0a:48:5c:63:ea:53:44:49:e0:ed:65:13:b0:e7:53:66:f9:f0:f1:85
Signer

.text
Size: 913KB - Virtual size: 912KB

_text32
Size: 64KB - Virtual size: 63KB

.rdata
Size: 289KB - Virtual size: 289KB

.data
Size: 6KB - Virtual size: 19KB

.didat
Size: 512B - Virtual size: 32B

CPADinfo
Size: 512B - Virtual size: 40B

.rsrc
Size: 132KB - Virtual size: 132KB

.reloc
Size: 37KB - Virtual size: 36KB