8220263e72cf86e4f56bc15ade4dc756_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8220263e72cf86e4f56bc15ade4dc756_JaffaCakes118
Size

293KB
MD5

8220263e72cf86e4f56bc15ade4dc756
SHA1

f1aff49c4216ea62101b567248dc1a4eb1004bc7
SHA256

184758c424c82bd6cd1b1127c995254a92007eb8b0db5b1c4815ce3e6486848c
SHA512

5dfb28566e0c55b39e0d0c7884adf3780f8bd72da5359c57ba26db7f4d54625f7985cd5f3dd44ef8eae9d8f89052b26ab61fb1bfb0e3c5b65c98d16dc8a4603e
SSDEEP

3072:cpezcWr30c+XIihn+1R944FB6S3popgLMpg3qPuJj1j7NABFp0qrIJXiN2TuznWm:Sswh+39lFB/opSMO6PG5jpABxdFWfdZC

Score

1^/10

Malware Config

Signatures

Files

8220263e72cf86e4f56bc15ade4dc756_JaffaCakes118
.exe windows:5 windows x86 arch:x86

28db35e4ebbc468f79ad33a782019b54

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:29:0c:24:b8:9e:d3:d6
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

08/03/2016, 22:13

Not After

08/03/2017, 22:13

Subject

CN=Smash Brothers Media,O=Smash Brothers Media,L=SAN FRANCISCO,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:32:55:45:b1:87:88:e2:0e:83:69:25:7e:fc:db:11:98:ad:18:e4
Signer

Actual PE Digest

40:32:55:45:b1:87:88:e2:0e:83:69:25:7e:fc:db:11:98:ad:18:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrcmpA
LocalAlloc
LocalFree
GetLastError
Sleep
ExitProcess
SetErrorMode
GetCommandLineW
GetModuleHandleW
RaiseException
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DecodePointer
SetEvent
MultiByteToWideChar
WideCharToMultiByte
VirtualFree
GetTickCount
GetCurrentProcess
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
VirtualQuery
LCMapStringW
CompareStringW
GetTimeFormatW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThread
LoadLibraryExW
RtlUnwind
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
FatalAppExitA
SetConsoleCtrlHandler
FreeLibrary
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
CloseHandle

user32

PostThreadMessageW
UnregisterClassW

ole32

CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess

oleaut32

SysFreeString

wininet

InternetCrackUrlW

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28db35e4ebbc468f79ad33a782019b54

Code Sign

1b:e7:15Certificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

ee:29:0c:24:b8:9e:d3:d6Certificate

Extended Key Usages

Key Usages

40:32:55:45:b1:87:88:e2:0e:83:69:25:7e:fc:db:11:98:ad:18:e4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

wininet

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 17KB - Virtual size: 25KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 9KB - Virtual size: 9KB

1b:e7:15
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

07
Certificate

ee:29:0c:24:b8:9e:d3:d6
Certificate

40:32:55:45:b1:87:88:e2:0e:83:69:25:7e:fc:db:11:98:ad:18:e4
Signer

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 17KB - Virtual size: 25KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 9KB - Virtual size: 9KB