6919d035a85ebbbc6eb3ddd4273400f7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6919d035a85ebbbc6eb3ddd4273400f7_JaffaCakes118
Size

815KB
MD5

6919d035a85ebbbc6eb3ddd4273400f7
SHA1

7bdcf16059f2a84359157f8ad3c7ba5c49877068
SHA256

167e52974b6688ce2c92ddf12abcc0815eb010363206517f6c0c8c89e681ea9b
SHA512

296f6d0c62c6a32486742eb284d12a9e6dd60b3ee5b9f8c31a03879da4cd58f3564c71139721e9c5093e7c6fd3f697769799948c8405254ec3e3e62faeb50728
SSDEEP

12288:3Mwy6Vadc8/dYyWU8STNqGC51H5z9jrcUQr8tK+PkYIdpQMJs:3PrVCH/z8GXuRjYeKykYIcH

Score

1^/10

Malware Config

Signatures

Files

6919d035a85ebbbc6eb3ddd4273400f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05a299aa377f270b7587d53b2e4468fe

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:87:17:2e:a4:01:a0:9f:76:2e:fb:31:f4:44:ea:d0
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07-07-2015 00:00

Not After

06-07-2016 23:59

Subject

CN=USPEH,O=USPEH,POSTALCODE=644050,STREET=ul. Pereulok Jenergetikov\, 22\, 1,L=Omsk,ST=Omsk Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

14:74:79:14:4a:7e:f3:c7:b5:3f:ab:48:f5:be:4b:63:6d:74:df:9d
Signer

Actual PE Digest

14:74:79:14:4a:7e:f3:c7:b5:3f:ab:48:f5:be:4b:63:6d:74:df:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetLastError
DelayLoadFailureHook
OpenMutexW
PulseEvent
GlobalHandle
VerifyVersionInfoW
GetEnvironmentStrings
WriteProfileSectionW
FindAtomW
lstrcmp
TerminateThread
AttachConsole
SetStdHandle
FindFirstChangeNotificationW
SetLastConsoleEventActive
ChangeTimerQueueTimer
GetCommConfig
GetDriveTypeA
CommConfigDialogA
SetEndOfFile
SetCommState
EndUpdateResourceW
WriteTapemark
DeleteTimerQueueEx
FindResourceA
GetEnvironmentVariableA
GetCPInfo
BuildCommDCBA
LocalSize
DeleteAtom
IsProcessorFeaturePresent
VerifyConsoleIoHandle
GetUserDefaultLangID
FormatMessageA
TransmitCommChar
WriteConsoleOutputW
InitializeCriticalSection
LCMapStringA
GlobalLock
OpenMutexA
SetProcessPriorityBoost
InterlockedExchange
WaitForSingleObjectEx
GetShortPathNameA
GlobalUnlock
GetExpandedNameW
GetProfileSectionW
QueryMemoryResourceNotification
FreeUserPhysicalPages
QueryActCtxW
GetTimeFormatA
FindNextVolumeW
FindNextFileW
WaitNamedPipeA
GetCurrentActCtx
GetEnvironmentVariableW
RestoreLastError
QueryDosDeviceW
GlobalGetAtomNameW
GetProcessVersion
QueryInformationJobObject
IsBadCodePtr
FoldStringW
CreateJobObjectW
DisableThreadLibraryCalls
CreateSocketHandle
WritePrivateProfileStructA
GetFileAttributesW
CreateFileW
GetConsoleAliasesA
GetTapeStatus
IsProcessInJob
CopyFileExA
lstrcmpi
SetCriticalSectionSpinCount
DeleteVolumeMountPointW
SetTapeParameters
GetCommState
GetLocalTime
FreeLibrary
MoveFileExW
QueryPerformanceCounter
CloseProfileUserMapping
GetTimeZoneInformation
FindResourceW
OutputDebugStringA
GetDiskFreeSpaceExW
GetProcessTimes
GetHandleInformation
SetTimerQueueTimer
GetDateFormatA
AddConsoleAliasA
SetVolumeLabelW
CompareStringA
FindFirstChangeNotificationA
GetVolumePathNamesForVolumeNameW
GetEnvironmentStringsW
HeapLock
BackupRead
MapViewOfFileEx
EnumResourceTypesW
RtlCaptureContext
EnumCalendarInfoW
GetNumberFormatW
SetVolumeMountPointA
IsBadHugeWritePtr
GlobalUnfix
GetCurrentDirectoryW
GetCurrentDirectoryA
OpenSemaphoreA
GetVolumePathNameA
WritePrivateProfileStringW
GetProfileStringW
GetExitCodeProcess
WinExec
FindActCtxSectionGuid
LZCopy
VirtualFreeEx
CreateConsoleScreenBuffer
FindVolumeClose
CreateMailslotW
QueryDosDeviceA
WaitNamedPipeW
VerLanguageNameA
ExitThread
FindNextVolumeMountPointA
GetCalendarInfoA
GetDevicePowerState
UnmapViewOfFile
SetDefaultCommConfigW
GetHandleContext
BackupWrite
WriteProfileSectionA
OpenWaitableTimerW
lstrcpyn
SetLocaleInfoW
ActivateActCtx
DefineDosDeviceA
GetCurrentThread
CreateDirectoryExA
CompareStringW
GlobalAddAtomW
CancelDeviceWakeupRequest
GetFileInformationByHandle
LZStart
GetLocaleInfoW
EnumResourceTypesA
lstrcpy
RemoveVectoredExceptionHandler
GetConsoleKeyboardLayoutNameW
RtlUnwind
UnlockFile
GetConsoleAliasesW
GetShortPathNameW
EnumDateFormatsExA
HeapQueryInformation
GetBinaryTypeW
BeginUpdateResourceA
UnlockFileEx
CreateEventA
AddVectoredExceptionHandler
GetTapeParameters
GlobalGetAtomNameA
ReadConsoleInputW
GetModuleHandleExA
WriteFileGather
GetConsoleTitleW
GetLogicalDriveStringsA
ReadConsoleOutputCharacterA
GetFileSizeEx
FindFirstFileA
ReadConsoleOutputAttribute
GetSystemTime
GlobalWire
GetStartupInfoW
FindVolumeMountPointClose
SearchPathA
MulDiv
VerLanguageNameW
OpenFile
GetProcessAffinityMask
AddConsoleAliasW
SetLocalTime
GetUserGeoID
GetTimeFormatW
MapViewOfFile
CallNamedPipeW
GetCurrencyFormatW
DeleteVolumeMountPointA
GetConsoleCursorMode
SetComPlusPackageInstallStatus
SetFileShortNameW
GetDriveTypeW
GetFileAttributesA
CancelWaitableTimer
ReplaceFile
WaitForMultipleObjectsEx
GetVersion
RtlMoveMemory
EnumDateFormatsA
GetConsoleTitleA
PrivCopyFileExW
SetThreadContext
TlsSetValue
WriteConsoleOutputAttribute
CreatePipe
RtlFillMemory
GetCurrentConsoleFont
GetCommModemStatus
Heap32Next
SetProcessAffinityMask
GetCommProperties
OutputDebugStringW
SetFileApisToOEM
FindNextVolumeA
SetThreadLocale
LZOpenFileW
GetModuleFileNameA
SetComputerNameW
GetSystemDefaultLangID
FindFirstFileW
IsWow64Process
SetFilePointer
GetLongPathNameW
GetGeoInfoW
CloseHandle
GetConsoleHardwareState
ResetEvent
ReadConsoleInputExA
LZCloseFile
DosPathToSessionPathA
GetPriorityClass
FindFirstVolumeMountPointA
GetCalendarInfoW
ReadConsoleOutputW
GetProcessShutdownParameters
GetConsoleWindow
HeapCreate
GetProcessHeaps
EnumCalendarInfoA
HeapWalk
GetConsoleSelectionInfo
LocalHandle
VirtualQueryEx
EraseTape
GlobalMemoryStatus
SetSystemPowerState
MoveFileWithProgressW
GetTempPathA
DosPathToSessionPathW
UpdateResourceA
GetTapePosition
LockFileEx
CreateJobObjectA
LockFile
GetProcessPriorityBoost
CreateFileA
WritePrivateProfileSectionA
EnumDateFormatsExW
GlobalReAlloc
FindNextChangeNotification
UnhandledExceptionFilter
GetDiskFreeSpaceA
ShowConsoleCursor
CreateJobSet
GetNamedPipeHandleStateW
SetProcessWorkingSetSize
ClearCommBreak
WritePrivateProfileStringA
GetCurrentProcess
LocalReAlloc
CopyLZFile
lstrcat
FindActCtxSectionStringW
SetWaitableTimer
IsValidCodePage
FoldStringA
GetConsoleInputExeNameA
SetInformationJobObject
GetProcessHeap
SetEnvironmentVariableA
PeekConsoleInputA
GetPrivateProfileStringA
SetHandleInformation
lstrcmpA
HeapAlloc
IsBadWritePtr
RemoveDirectoryA
GetACP
lstrcmpW
GetVersionExA
GetConsoleMode
DnsHostnameToComputerNameW
DisconnectNamedPipe
GetLocaleInfoA
GetVolumeInformationW
TzSpecificLocalTimeToSystemTime
GetUserDefaultLCID
GetExpandedNameA
HeapSetInformation
CreateActCtxW
FillConsoleOutputCharacterA
WriteConsoleOutputCharacterA
SetUserGeoID
RtlZeroMemory
DosDateTimeToFileTime
WriteConsoleOutputCharacterW
GetGeoInfoA
HeapDestroy
CreateTapePartition
CreateWaitableTimerA
GetDefaultCommConfigA
RemoveDirectoryW
Heap32ListFirst
ProcessIdToSessionId
CreateNamedPipeW
AddAtomW
SetPriorityClass
EnumLanguageGroupLocalesW
GetThreadContext
MoveFileExA
WideCharToMultiByte
FreeResource
CreateSemaphoreW
GetConsoleProcessList
GetCPInfoExW
GetTempPathW
GetOverlappedResult
GlobalCompact
WriteConsoleInputW
SetThreadAffinityMask
lstrcmpiW
LeaveCriticalSection
GetSystemInfo
GetSystemPowerStatus
GetThreadLocale
WriteConsoleInputA
ExpandEnvironmentStringsW
ReadConsoleW
GetConsoleCursorInfo
SetFileShortNameA
BuildCommDCBAndTimeoutsW
WriteConsoleW
LoadResource
ReadConsoleInputA
GetSystemDefaultUILanguage
SetProcessShutdownParameters
LocalUnlock
InterlockedExchangeAdd
GlobalFree
LocalFree
LoadLibraryExA
GetModuleHandleW
LocalAlloc
GlobalAlloc
VirtualUnlock
GetTickCount
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsHungAppWindow
AnyPopup
KillTimer

Sections

CODE
Size: 445KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05a299aa377f270b7587d53b2e4468fe

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

34:87:17:2e:a4:01:a0:9f:76:2e:fb:31:f4:44:ea:d0Certificate

Extended Key Usages

Key Usages

14:74:79:14:4a:7e:f3:c7:b5:3f:ab:48:f5:be:4b:63:6d:74:df:9dSigner

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: 445KB - Virtual size: 448KB

DATA Size: 18KB - Virtual size: 24KB

.idata Size: 10KB - Virtual size: 12KB

.text0 Size: 51KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 4KB

.text1 Size: 65KB - Virtual size: 68KB

.reloc Size: 8KB - Virtual size: 8KB

.rsrc Size: 211KB - Virtual size: 210KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

34:87:17:2e:a4:01:a0:9f:76:2e:fb:31:f4:44:ea:d0
Certificate

14:74:79:14:4a:7e:f3:c7:b5:3f:ab:48:f5:be:4b:63:6d:74:df:9d
Signer

CODE
Size: 445KB - Virtual size: 448KB

DATA
Size: 18KB - Virtual size: 24KB

.idata
Size: 10KB - Virtual size: 12KB

.text0
Size: 51KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 4KB

.text1
Size: 65KB - Virtual size: 68KB

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 211KB - Virtual size: 210KB