79d064ea9e32bf83257208a37ad2e738_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

79d064ea9e32bf83257208a37ad2e738_JaffaCakes118
Size

854KB
MD5

79d064ea9e32bf83257208a37ad2e738
SHA1

788a4fd84dd510f8805ee9c6fb9d8843aff41c9b
SHA256

04f748056d50edadeab5d1f5b09f658d06d316015039049d96d538d051f4dd6c
SHA512

0dda7e3764f9ceac443f5ecee70d56e673d51eaad8656c0de5a59792b92d8a57c04399cb1475d24653643216da3ade149feb27b17cd13ca7818d332e46a3f07c
SSDEEP

24576:/DrP62FvXVtoqJ/2kaYMShyp4h9RKbwtXZaiCb4:7D668opop4h9REwtpX

Score

1^/10

Malware Config

Signatures

Files

79d064ea9e32bf83257208a37ad2e738_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ebf32d11a5fa13eaad5eebd397adc57

Code Sign

a6:11:f3:8a:63:65:5c:60:51:a5:0c:37:bc:04:b5:0f
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04/02/2015, 00:00

Not After

04/02/2016, 23:59

Subject

CN=Consortium Group ltd.,O=Consortium Group ltd.,POSTALCODE=00152,STREET=CORNER OF GR.MARLBOROUGH UN GR.GEORGE STR+STREET=3RD FLOOR\, C&h TOWERS,L=ROSEAU,ST=ROSEAU,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:81:1b:b5:b4:9c:93:58:5d:70:be:ec:90:16:1f:64:33:ee:86:47
Signer

Actual PE Digest

64:81:1b:b5:b4:9c:93:58:5d:70:be:ec:90:16:1f:64:33:ee:86:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DragShowNolock
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetDragImage
ImageList_DrawEx
ImageList_Create
ImageList_Read
ImageList_Write
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Remove
ord17

kernel32

GetSystemInfo
GetStringTypeExA
FreeResource
InterlockedIncrement
FreeLibrary
FindResourceA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
CreateEventA
CompareStringA
GetStringTypeA
MultiByteToWideChar
GetTempPathA
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
GetModuleHandleA
CloseHandle
ReadFile
GetCommandLineW
VirtualAlloc
SetFilePointer
ExitProcess
WriteFile
GetVersion
GetVersionExA
GetProcAddress
GetStartupInfoA
lstrcmpiA
GetCommandLineA
GetTickCount
QueryPerformanceCounter
CreateThread
GetCurrentProcessId
GetSystemTimeAsFileTime
SetErrorMode
GetLastError
CreateFileA
GetCurrentThreadId
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
LoadLibraryA

user32

SetMenuItemInfoA
SetMenu
RemovePropA
PtInRect
MessageBoxA
GetScrollPos
CreateWindowExA
GetSystemMetrics
GetKeyboardType
LoadStringA
CharNextA
SetPropA
SetRect
SetScrollInfo
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
WindowFromPoint
CharNextW

gdi32

SetBkColor
SetBkMode
SetBrushOrgEx
SelectPalette
SetEnhMetaFileBits
SetPixel
SetROP2
StretchBlt
UnrealizeObject
Rectangle
GetClipBox
TextOutW
OffsetWindowOrgEx
DeleteMetaFile
GetLogColorSpaceW
SetAbortProc
DeleteEnhMetaFile
CreateFontIndirectA
ExcludeClipRect
DeleteObject
CreatePen
SetDIBColorTable
CreatePenIndirect

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextW
ChooseFontA
ReplaceTextW

advapi32

RegCreateKeyExA
AllocateAndInitializeSid

shell32

ShellExecuteA
StrStrIA

oleaut32

VariantInit
VarDecRound
VarRound
VarNumFromParseNum
SafeArrayRedim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayPutElement
VariantChangeType
SafeArrayCreate

Sections

.text
Size: 700KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ebf32d11a5fa13eaad5eebd397adc57

Code Sign

a6:11:f3:8a:63:65:5c:60:51:a5:0c:37:bc:04:b5:0fCertificate

Extended Key Usages

Key Usages

64:81:1b:b5:b4:9c:93:58:5d:70:be:ec:90:16:1f:64:33:ee:86:47Signer

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

Sections

.text Size: 700KB - Virtual size: 696KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 92KB - Virtual size: 98KB

.rsrc Size: 48KB - Virtual size: 45KB

a6:11:f3:8a:63:65:5c:60:51:a5:0c:37:bc:04:b5:0f
Certificate

64:81:1b:b5:b4:9c:93:58:5d:70:be:ec:90:16:1f:64:33:ee:86:47
Signer

.text
Size: 700KB - Virtual size: 696KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 92KB - Virtual size: 98KB

.rsrc
Size: 48KB - Virtual size: 45KB