639dc5d5699f08b8ad60e7fbf58a7e4b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

639dc5d5699f08b8ad60e7fbf58a7e4b_JaffaCakes118
Size

650KB
MD5

639dc5d5699f08b8ad60e7fbf58a7e4b
SHA1

4c443a278a864bbf091cd202e60a276e71c720be
SHA256

208b6f255de04111690f37d3a4b91fb3d9c894a137f7324fdae82879bd7c1590
SHA512

d84d213cd42b4310e1bdd86c5eb97e0cebd8f94ac0c2f1b30fb7fc485454e78089477debdcfcc31584134ac7ef24e4012a1c8c089890d55cf0f4006b6da53cb4
SSDEEP

12288:XYDk4/JmRUCAeI5j5hvORbRKnjBTT7FX24SO1JU4o7C4/:X8CAbLviKnjZxX7SOuC4/

Score

1^/10

Malware Config

Signatures

Files

639dc5d5699f08b8ad60e7fbf58a7e4b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cafc3ad88ed0b372d44752fca382b840

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13-04-2015 00:00

Not After

12-04-2016 23:59

Subject

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

34:4c:09:d0:8d:22:46:49:69:52:dd:e4:cd:12:b4:f2:b3:fc:e4:94
Signer

Actual PE Digest

34:4c:09:d0:8d:22:46:49:69:52:dd:e4:cd:12:b4:f2:b3:fc:e4:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ole32

HBITMAP_UserFree
SetDocumentBitStg
CLSIDFromProgIDEx

comdlg32

FindTextA
PrintDlgA
dwLBSubclass
GetOpenFileNameW

kernel32

DeleteTimerQueueEx
EnumDateFormatsExA
QueryPerformanceCounter
CallNamedPipeW
GetModuleHandleExW
HeapUnlock
GlobalMemoryStatusEx
WinExec
GetAtomNameA
GetCommMask
CreateFileMappingA
RtlUnwind
VerifyVersionInfoW
EndUpdateResourceA
ReadFileScatter
FindResourceExW
LocalAlloc
GetNumberFormatW
QueryMemoryResourceNotification
EraseTape
GetConsoleCursorMode
RegisterWowExec
WriteConsoleOutputAttribute
GlobalHandle
MapViewOfFile
WaitCommEvent
GetCPInfoExW
OpenFileMappingW
VerLanguageNameA
EnumSystemCodePagesA
RemoveDirectoryA
GetDiskFreeSpaceW
CancelDeviceWakeupRequest
PrivCopyFileExW
GlobalMemoryStatus
SetThreadContext
ConvertDefaultLocale
GetStartupInfoA
GetStringTypeExW
ReadConsoleA
GetProfileIntW
CompareStringW
CreateJobSet
DeleteFileA
ReadConsoleOutputA
RtlCaptureStackBackTrace
SetFileTime
MulDiv
LZClose
GetComputerNameA
SignalObjectAndWait
CreateFileA
BuildCommDCBAndTimeoutsW
DeleteFileW
InitAtomTable
WaitForMultipleObjects
Heap32First
GetCommState
lstrcmp
EnumResourceLanguagesA
GetNumberOfConsoleFonts
FindActCtxSectionStringW
AddRefActCtx
OpenJobObjectW
GetExpandedNameA
FindFirstChangeNotificationW
EnumSystemLanguageGroupsW
FindVolumeMountPointClose
MapUserPhysicalPages
AddAtomA
CreateNamedPipeA
CopyFileA
BeginUpdateResourceW
CreateActCtxA
FlushConsoleInputBuffer
WriteConsoleOutputA
CreateEventW
TlsGetValue
FindFirstVolumeMountPointW
LocalCompact
GetConsoleKeyboardLayoutNameA
CreateDirectoryExA
OpenEventA
SetThreadUILanguage
TlsFree
IsDBCSLeadByteEx
EnumResourceNamesA
FatalAppExitA
SearchPathW
SetStdHandle
PrivMoveFileIdentityW
FatalAppExitW
UnlockFileEx
TransactNamedPipe
GetPrivateProfileStringA
CreateActCtxW
SetThreadExecutionState
ReplaceFile
GlobalAddAtomA
GetDiskFreeSpaceExW
TlsSetValue
PeekConsoleInputW
GetConsoleTitleA
CreateThread
SetUserGeoID
MoveFileW
GetProcessVersion
GetDateFormatA
LCMapStringA
GetPrivateProfileStructA
SetCriticalSectionSpinCount
SetInformationJobObject
RemoveVectoredExceptionHandler
lstrlenW
CompareStringA
GetGeoInfoA
DisconnectNamedPipe
GetThreadTimes
CloseHandle
GetConsoleMode
IsBadReadPtr
ExpandEnvironmentStringsA
PulseEvent
LocalFree
GetCurrentThread
GetVersion
LoadLibraryExA
VirtualUnlock
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

oleaut32

SafeArrayGetRecordInfo
VarBoolFromCy
VarUI1FromR8
GetVarConversionLocaleSetting
VarI1FromI2
SafeArrayGetUBound

shell32

RealShellExecuteW
SHGetPathFromIDListW

advapi32

LookupPrivilegeDisplayNameW

gdi32

GetRgnBox
GdiPrinterThunk
SetPixelFormat
GetStretchBltMode
EngGradientFill

wtsapi32

WTSSendMessageA
WTSWaitSystemEvent
WTSEnumerateSessionsW
WTSSendMessageW

Exports

Exports

t�먺��.��Oߡ��0M�yDD��_��,p~��%�kXg��mjUM�I=j��)��~��p�=gI��<%@@ �R RǬ��f�xuE�q��<��(��eT<�z�/��Z^^��ZT�#3�� hb獣8E��2��Y�^v��D�'��s��J莙�O�hz2��(\�-��ʑ� �'�U�P%G.�8�u�e�{bǐ�dV3��[�lD��4��~�)Lp��#�6 �"�byl�>̼j`�7�ί��u*n� uRpj�L�MN��(n�_j�[��)8GT��pX[�&~� ��|W砌��&s�;_�dݭ��?G�� zN>�N��U{�L��z[�x[��oG�� ^F�CY,Ⱦ�i�@�ƴ�p��z&Qq�m�?� eé5��&�c�q��[��4��_�� #��3H'��+tWOC��"�b8��}:�'"��iH0=�&�� S��7��(��P!O�3aR|��r�*� �>{��M�-��+uvB��$J�1c��8��XWRjoYu|�ƍ��2$��ŝ+��i��&#,�F��/k*(��2��M��\�J;!�� k�)��:D]��.��hTXONI��'��uP�2��5C�.%/Ӟ�� H֪��hICVU�>g߮��{��UG"�6<��H�v��<��c�w0��2�C��(�'N�@�G��[��(� �~�D��]� n<�E��]z�&,k�۰�=|�I��0��J�*&�7?�t�;0 Ad�OQ{��F��a�!�8��/��8WV�V�9��V'��@��T�.c�l ��锪&�r�3 ��[{f쎲QZt�3�5ɽH��^�''�� LT�8��*K�m�%��Ҿ�Tc�5��K[�i�}y��5,�~��Ԛ�� /��l#�,��x<0��V�?w�I�u��!A�G��`,[ �X�f�H�݂�z=� ��"�j��7g�p��b��o�7�ybW~��[�'��v�H�X�)d�S��.�*��">��-��րQy��e�5��|G�C-`s�)�"��d��8L�x�(��3��qD��V��r4�U��K��B�u*��Ҏo0��E�Ifv� �fWU"M��q��X�SR#��`�e��U-vplޥ|�fF��g|:x�Py��)]�΅�nK�w+��Ǽd�:r�Oqḉ�n�dsb�9��3�m uP��93^W��gn>��ր��!��%3��R�'f��"�� X�~b�i\�5�$5�X�;`ޕ�8a��k��GۅP[��|�Q��Iq��\$�\��\��9�t%��7�]kʸ$ �Qr��tP��S��{m�Ċ��C��4��י4Z�Ɗh�,�+��. L��c��I�!<%gr}_�b�\�4��̻*Uʄ��S�0�#w ��*%އr��plx�H�:cu�ѓ��s�4��Ǆ��X&F��G�?8�H�g��6�Y��0NH%W̕HY��D��@�T��}m��j�:k<��d��`~�.��i�1�tE͞Ȩס�^H�^��X�<��Y�d�f�`XIR��7�ȶO�m��Y�X Y�M�]�ׯ~V��ԖμZ��r��-=cr��"��nͅF��,��|BX�*��@�aN�4�7��p��(tC�6��!+��fQW��S��;Փ�xiw �T0w�O��d �]B�4��gmEV²�<��l��4�Xy��Kv(��'��%ף4��CI�q�_�U��v��Y[�NU�v��t�\s��%9��wI��X��3�n�j�P1�x�㒥�Xf��@��g�Oe�� ᐯ[�v;~�9l��'��r��C�"��$@|3;�&�Vs��(�;�Ўl"��q}&�E^ �c�Ww}7:0� &�£P��d�`̰p�^�n �eό]T+ h��8 ��BO�֬XHn�%��$��7Ɓ�f� �l:DI�l7C�9��'.=́z�gyM_�n�. �PFV��W��a�� 6&\Ш�C�.�+(��Ǽ��O�QN��Ӧ}��V�i˜�>�S�)�.��e'��-\��l!�/��K^�X"��ᵉ�� *4Jć0A�Օ�U��P#K`��ԁ��W�5O�̫A��|!"�o�F�,j}OQ�;2�=�",�֍�k��BŬ��)-�P��n��?�T��v��k�NYͼ�&+�.�xAP��W��,�š��U�Il�<��4V��϶KEs��^�Z2F|�,޽TBJ`7L�/R ��0�^X��D 1Q�Ju�{lvÌ��V2�$�UL��~��EE#�On~:�ت� h�4;~t��'!�/cIt�c��i�Nc��E��K�&�J�pK҇`��W��Wڃvx;�̟w�l�!3d��1�i��m��T��5�ّM��}A�cI3��tk��am�D��߀�Қw}$W�e<n��d��g}��R�`:(�<�\��r�_(�=u��껀uWL�U�-ԸR�ͼ��,��w�u��jن%�9�(D��kfa��=vo?Sx\>��Tf�)J�,��WHJ��eը�JUL��ac5+sR��?�u0��hr��0�q[�6%Mp��d��~ٶXZ�"�/��`��5Ӌ��bw�`0S1Ewt��$o��no߇ϵR�li9)g��nV�,*��m��s�ʒ[�C?�\ܬaj-��>��&6�[Y�H"��|��`Da�J�m�Ua�I��v<@�A��k��h�%ϴn��V� wh�q��,u; � 0uH�6n�_y��lF=��p6��,�(�[��y��I

Sections

CODE
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cafc3ad88ed0b372d44752fca382b840

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:eaCertificate

Extended Key Usages

Key Usages

34:4c:09:d0:8d:22:46:49:69:52:dd:e4:cd:12:b4:f2:b3:fc:e4:94Signer

Headers

File Characteristics

Imports

ole32

comdlg32

kernel32

oleaut32

shell32

advapi32

gdi32

wtsapi32

Exports

Exports

Sections

CODE Size: 440KB - Virtual size: 440KB

DATA Size: 10KB - Virtual size: 9KB

BSS Size: - Virtual size: 1KB

.idata Size: 9KB - Virtual size: 8KB

.text0 Size: 17KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 71KB - Virtual size: 70KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 89KB - Virtual size: 89KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

34:4c:09:d0:8d:22:46:49:69:52:dd:e4:cd:12:b4:f2:b3:fc:e4:94
Signer

CODE
Size: 440KB - Virtual size: 440KB

DATA
Size: 10KB - Virtual size: 9KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 9KB - Virtual size: 8KB

.text0
Size: 17KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 71KB - Virtual size: 70KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 89KB - Virtual size: 89KB