7e4c0819c39fb501248cd3053f83114d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7e4c0819c39fb501248cd3053f83114d_JaffaCakes118
Size

145KB
MD5

7e4c0819c39fb501248cd3053f83114d
SHA1

0f53d350d496ae10b54dc17f9fa55b7a1d628d4d
SHA256

c0a5ad04f32a1208685630bbdb95df231298c09e8d902a35d0b594beea7856c7
SHA512

be7923d60af8a0a2eefe48845ca8a8b3b30153fa420661539acd7a2afd28bc568d342ba723234d1a2b1212de566b6bcc4750e94b1f8c78eca9237cd20e0bc6a9
SSDEEP

3072:oE6guz6yAND2QzUuQ70zOPw5m1KVtCDN85OfmPcJyT7hPG6Rx4N:o3guzhos5Pw+KVtCDutPiaY6EN

Score

1^/10

Malware Config

Signatures

Files

7e4c0819c39fb501248cd3053f83114d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53469692e59edcf66dd3353829088f85

Code Sign

23:db:3e:48:84:b9:59:66:54:bd:b5:c1:86:35:03:1c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/11/2016, 00:00

Not After

27/11/2017, 23:59

Subject

CN=Northcat Ltd,O=Northcat Ltd,POSTALCODE=CW9 6PX,STREET=10 Pheasant Drive\, Wincham,L=Northwich,ST=Cheshire,C=GB,2.5.4.18=#130743573920365058

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

50:e7:e9:5b:1d:44:8c:92:5b:6b:b6:82:f9:fa:f5:56:0b:75:0d:07:5d:27:ac:a6:a9:0e:e0:b3:12:70:01:39
Signer

Actual PE Digest

50:e7:e9:5b:1d:44:8c:92:5b:6b:b6:82:f9:fa:f5:56:0b:75:0d:07:5d:27:ac:a6:a9:0e:e0:b3:12:70:01:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegReplaceKeyW
RegCreateKeyExA
LogonUserW
RegSaveKeyW
OpenEventLogA
RegOpenKeyA
RegEnumKeyA
RegUnLoadKeyW
OpenServiceA
RegDeleteValueA

cmpbk32

PhoneBookEnumNumbers
PhoneBookFreeFilter
PhoneBookLoad
PhoneBookCopyFilter
PhoneBookEnumCountries

dsprop

CrackName
CheckADsError

untfs

Format
FormatEx
Recover

shlwapi

UrlUnescapeA
UrlHashW
UrlCombineW
UrlUnescapeA
UrlGetLocationW
UrlIsA
UrlIsNoHistoryW
UrlCompareA
UrlCanonicalizeW
UrlGetPartA
PathCompactPathW
PathCommonPrefixW

crypt32

CertCompareCertificate
CertRemoveStoreFromCollection
CertOpenStore
CertSaveStore
CertAlgIdToOID
CertGetNameStringA
CertDeleteCRLFromStore
CertFindChainInStore
CertFindCRLInStore
CertNameToStrA
CertDuplicateCRLContext
CryptEnumOIDInfo

clusapi

ClusterEnum
CloseClusterNode
CloseCluster
CloseClusterGroup

kernel32

FindNextFileA
GetModuleHandleA
FindClose
WriteConsoleA
lstrcmp
GetProcAddress
CreateProcessW
GetFileAttributesA
FindFirstFileW
CreateJobObjectA
GetConsoleTitleW
lstrcpy
CreateDirectoryA
OpenProcess
OpenThread
GetLogicalDriveStringsW
lstrcmpiA
WaitForSingleObject
DeleteFileA
GetCommandLineA
GetEnvironmentVariableA
GetPriorityClass
GetTempFileNameA
LoadLibraryA
CreateFileMappingW
FileTimeToSystemTime

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lock
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53469692e59edcf66dd3353829088f85

Code Sign

23:db:3e:48:84:b9:59:66:54:bd:b5:c1:86:35:03:1cCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

50:e7:e9:5b:1d:44:8c:92:5b:6b:b6:82:f9:fa:f5:56:0b:75:0d:07:5d:27:ac:a6:a9:0e:e0:b3:12:70:01:39Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cmpbk32

dsprop

untfs

shlwapi

crypt32

clusapi

kernel32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 21KB - Virtual size: 20KB

.lock Size: 73KB - Virtual size: 73KB

.rsrc Size: 2KB - Virtual size: 1KB

23:db:3e:48:84:b9:59:66:54:bd:b5:c1:86:35:03:1c
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

50:e7:e9:5b:1d:44:8c:92:5b:6b:b6:82:f9:fa:f5:56:0b:75:0d:07:5d:27:ac:a6:a9:0e:e0:b3:12:70:01:39
Signer

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 21KB - Virtual size: 20KB

.lock
Size: 73KB - Virtual size: 73KB

.rsrc
Size: 2KB - Virtual size: 1KB