78f171f62d5f886dde30b09fa2c4d371_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

78f171f62d5f886dde30b09fa2c4d371_JaffaCakes118
Size

172KB
MD5

78f171f62d5f886dde30b09fa2c4d371
SHA1

064d4739d10d351ef3fb50263e8e5d1eeb34055a
SHA256

c04702a87c6cfd41c348911773e15bf45a7ed357faad1decfcc5f07c43f406bd
SHA512

6b31c50000da18c5f809fd882dd040037bbe73432de43613409ed0c9ddcf817a87b48e5c7541660b39bd8a6b8f9ef16b672766a1edc8ae6537645e1864d18dc6
SSDEEP

3072:XaDySGVvkpxRDwBNzautfK/DrHtBXwSSL+kDv:XFk3RcQnXwSi

Score

1^/10

Malware Config

Signatures

Files

78f171f62d5f886dde30b09fa2c4d371_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99f38132882b40323891213bc2ea46e2

Code Sign

b5:95:2e:ca:10:91:fb:fa:66:e7:60:06:b4:2d:99:26
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/11/2016, 00:00

Not After

01/11/2017, 23:59

Subject

CN=FOR AI STUDIO,O=FOR AI STUDIO,POSTALCODE=105082,STREET=per. Perevedenovski\, d. 21 str. 1,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:76:70:6b:10:c2:9b:7d:4c:a9:f4:f5:86:83:32:1a:ac:38:b4:4a
Signer

Actual PE Digest

02:76:70:6b:10:c2:9b:7d:4c:a9:f4:f5:86:83:32:1a:ac:38:b4:4a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\endswith \?Reverse\won.pd

Imports

kernel32

GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
LCMapStringW
WideCharToMultiByte
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
LoadLibraryA
GetSystemTimeAsFileTime
GetProcAddress
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameA
GetStdHandle
WriteFile
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetProcessHeap
GetVersionExA
HeapFree
GetCommandLineA
HeapAlloc
ExitProcess
RtlUnwind
RaiseException
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetLastError
GetModuleHandleA
GetCurrentProcess
LocalFree
CloseHandle
GetSystemDirectoryW
LoadLibraryW
GetLocalTime
SystemTimeToFileTime
CreateFileA
ReadFile
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetUserDefaultLangID
EnumTimeFormatsA
FindResourceExW
LoadResource
EnterCriticalSection
GetCommandLineW

user32

PostQuitMessage
LoadStringA
GetScrollRange
wsprintfA
GetDC
SetScrollPos
PostMessageA
GetWindowDC
GetScrollPos
CopyImage
GetClientRect
ScrollWindow
GetDialogBaseUnits
SetFocus
EnableWindow
FindWindowW
GetFocus
ChildWindowFromPointEx
DestroyMenu
TrackPopupMenu
SetMenuDefaultItem
EnableMenuItem
GetSubMenu
LoadMenuA
GetCursorPos
MapWindowPoints
InvalidateRect
GetDlgItem
SetWindowPos
SetForegroundWindow
BringWindowToTop
IsIconic
CallWindowProcA
EndPaint
GetSysColor
BeginPaint
KillTimer
SetTimer
MessageBoxA
DefWindowProcA
RegisterClassA
HideCaret
SetCursor
SetWindowTextA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
SendMessageA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassExW
GetWindowRect
CreateWindowExW
SetWindowRgn
ShowWindow
UpdateWindow
MoveWindow
FillRect
GetForegroundWindow
GetWindowLongA
SetActiveWindow
SetWindowLongA
GetWindowTextW

gdi32

CreatePolygonRgn
CreateRectRgn
CombineRgn
TextOutA
CreateFontA
GetObjectA
DeleteObject
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
SelectObject
SetDIBitsToDevice
DeleteDC
SetTextColor
SetBkColor
SetTextAlign
ExtTextOutW
GetPixel
BitBlt
GetStockObject

advapi32

OpenProcessToken
SetNamedSecurityInfoA
SetEntriesInAclA
AllocateAndInitializeSid
FreeSid

shell32

SHGetDataFromIDListA
SHParseDisplayName
ShellExecuteA
CommandLineToArgvW

ole32

CoInitialize
CoInitializeEx
StgCreateDocfile

wininet

FtpSetCurrentDirectoryA

ws2_32

WSAGetLastError
socket
WSAStartup
htonl
htons
bind
WSACleanup
listen
WSAAsyncSelect

netapi32

NetApiBufferFree
NetServerEnum

msacm32

acmDriverOpen

msimg32

GradientFill

winmm

timeGetTime
SendDriverMessage

cryptui

CryptUIDlgViewCertificateA
CryptUIDlgSelectCertificateFromStore

shlwapi

StrFromTimeIntervalA

comctl32

InitCommonControlsEx
ImageList_Create

pdh

PdhGetFormattedCounterValue

wintrust

CryptCATGetAttrInfo
CryptCATGetCatAttrInfo

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

gdiplus

GdipCloneBrush
GdipCreateFont
GdipDrawString
GdipFillPath
GdipDrawPath
GdipCreateFromHDC
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipAlloc
GdipFree
GdipDeleteBrush

setupapi

SetupDiGetClassDevsA

powrprof

GetPwrDiskSpindownRange

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99f38132882b40323891213bc2ea46e2

Code Sign

b5:95:2e:ca:10:91:fb:fa:66:e7:60:06:b4:2d:99:26Certificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

02:76:70:6b:10:c2:9b:7d:4c:a9:f4:f5:86:83:32:1a:ac:38:b4:4aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

wininet

ws2_32

netapi32

msacm32

msimg32

winmm

cryptui

shlwapi

comctl32

pdh

wintrust

rpcrt4

gdiplus

setupapi

powrprof

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 8KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 52KB - Virtual size: 51KB

b5:95:2e:ca:10:91:fb:fa:66:e7:60:06:b4:2d:99:26
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

02:76:70:6b:10:c2:9b:7d:4c:a9:f4:f5:86:83:32:1a:ac:38:b4:4a
Signer

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 8KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 52KB - Virtual size: 51KB