854d862ed4d6c23758d0fe39606d003d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

854d862ed4d6c23758d0fe39606d003d_JaffaCakes118
Size

157KB
MD5

854d862ed4d6c23758d0fe39606d003d
SHA1

ec4502445e0382ed038beef6d8f9898573fd6b80
SHA256

139a62a56535395af1db2c5dc4af0e066ecbd08841dd688cf733a17867c46033
SHA512

865476f2b65e4b4408a52638253b8108ee9d09fca9bdbcda79078f7f0d6b5e0ea02056dde7dd1e4a83ad870430ee4a0481ea1e0fd71b000d4ae647c00bb6119b
SSDEEP

3072:uiYpUcJ+T3Did3eAo8DE7Audl+tV2Q30z4RmB6:85ATzK4oE7FjC30an

Score

1^/10

Malware Config

Signatures

Files

854d862ed4d6c23758d0fe39606d003d_JaffaCakes118
.dll windows:5 windows x64 arch:x64

e9deef78d2b2af3bd1785396571d8493

Code Sign

f7:cd:27:d4:19:d6:d6:eb:ee:e6:1f:75:94:1d:1d:a4
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/10/2014, 00:00

Not After

20/10/2015, 23:59

Subject

CN=Space Battleship Creative,O=Space Battleship Creative,POSTALCODE=2025,STREET=Dasoupoli Strovolos+STREET=Athinodorou 3,L=Nicosia,ST=Cyprus,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:90:53:a7:86:86:a5:1b:77:2d:8d:3c:c6:13:a8:c4:61:93:fb:2f
Signer

Actual PE Digest

eb:90:53:a7:86:86:a5:1b:77:2d:8d:3c:c6:13:a8:c4:61:93:fb:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
InitializeCriticalSection
LoadLibraryW
Sleep
LeaveCriticalSection
GetMailslotInfo
GetTimeZoneInformation
CreateFileW
ReleaseSemaphore
GetLastError
GetModuleHandleW
GetProcAddress
EnterCriticalSection
GetDiskFreeSpaceW
OpenThread
GetFileType
GetModuleFileNameA
FindNextFileW
CloseHandle
CreateThread
SetLastError
PeekNamedPipe
EncodePointer
DecodePointer
HeapFree
HeapAlloc
HeapSize
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
OutputDebugStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

advapi32

RegCloseKey

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9deef78d2b2af3bd1785396571d8493

Code Sign

f7:cd:27:d4:19:d6:d6:eb:ee:e6:1f:75:94:1d:1d:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

eb:90:53:a7:86:86:a5:1b:77:2d:8d:3c:c6:13:a8:c4:61:93:fb:2fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 5KB - Virtual size: 5KB

f7:cd:27:d4:19:d6:d6:eb:ee:e6:1f:75:94:1d:1d:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

eb:90:53:a7:86:86:a5:1b:77:2d:8d:3c:c6:13:a8:c4:61:93:fb:2f
Signer

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 5KB - Virtual size: 5KB