89f01841990307c0f88ede55a3cef742_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89f01841990307c0f88ede55a3cef742_JaffaCakes118
Size

912KB
MD5

89f01841990307c0f88ede55a3cef742
SHA1

6eb54de4bb6baea6065af7c3d47addb5ac846a9a
SHA256

e959ab7aab601ee83a697c79a16b1f75b5a13dbc104fdc31512f4349351b3e5d
SHA512

ffda9c03d2b9772d4c46644b9b746335cb7c3e716741c6cc17b840564c92c5e7c8bda1808801566be7bbea1222dc4717c401e3d716f6a6abe5c3fddb9220dd11
SSDEEP

24576:kwaBxRllqbzgiurOYXqgT1/jtYc9S44by1DzcAJY:kV3lyuqy55jCL44bizcAW

Score

1^/10

Malware Config

Signatures

Files

89f01841990307c0f88ede55a3cef742_JaffaCakes118
.exe windows:5 windows x86 arch:x86

09f755796a2f5a0010488f04ecf1dc2a

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:69:a0:bd:85:4b:b5:54
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

08/03/2016, 22:12

Not After

08/03/2017, 22:12

Subject

CN=Zen Bros Media,O=Zen Bros Media,L=SAN FRANCISCO,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:be:3a:9d:61:4d:89:0b:b9:dd:07:a1:51:2d:13:ea:bf:84:10:c8
Signer

Actual PE Digest

92:be:3a:9d:61:4d:89:0b:b9:dd:07:a1:51:2d:13:ea:bf:84:10:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

kernel32

GetModuleFileNameA
FreeLibrary
DeleteFileA
MapViewOfFile
SetEnvironmentVariableA
DuplicateHandle
GetCurrentProcessId
CreateFileMappingA
GetEnvironmentVariableA
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
ResumeThread
CreateProcessA
GetCommandLineA
lstrcmpiA
GetEnvironmentStrings
CreateFileA
LoadLibraryA
FlushFileBuffers
WriteFile
SetCurrentDirectoryA
ExitProcess
GetFileAttributesA
GetTempPathA
GetModuleHandleA
ReadConsoleA
WriteConsoleA
GetStdHandle
GetCurrentDirectoryA
GetFullPathNameA
SetErrorMode
HeapQueryInformation
GetCurrentThread
TlsAlloc
GetProcessPriorityBoost
GetProcessHandleCount
TryEnterCriticalSection
HeapCreate
TerminateJobObject
GetMailslotInfo
ExitThread
ReleaseMutex
GetFileSize
CreateMutexA
MultiByteToWideChar
lstrcpynA
GetVersion
GetCurrentProcess
CloseHandle
GetVersionExA
GetProcAddress
GetLastError
FormatMessageA
LocalFree
CreateDirectoryA
GetSystemTimeAsFileTime
RtlUnwind
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId

gdi32

GetArcDirection
FillPath
AngleArc
IntersectClipRect
CreateFontA
CreateFontIndirectA
CreateBitmap
SelectObject
EnumObjects
DeleteObject
RectVisible

user32

DispatchMessageA
TranslateMessage
PostMessageA
RegisterClassA
AttachThreadInput
BeginPaint
EndPaint
ShowWindow
DrawTextA
GetDC
CreateWindowExA
GetMessageA
SendMessageA
SendMessageW
GetWindowLongA
DrawTextW

msvcrt

rand
??2@YAPAXI@Z
memset
_pgmptr
srand
__argc
__argv
memmove
_ismbblead
__getmainargs
_cexit
_exit
_XcptFilter
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
__CxxFrameHandler
realloc
atoi
_snprintf
??3@YAXPAX@Z
memcpy
free
malloc
_time64

ole32

CoTaskMemFree
CoInitializeEx
OleInitialize
CoCreateInstance

shell32

SHFileOperationA
SHBrowseForFolderA
SHGetPathFromIDListA
SHFreeNameMappings
ShellExecuteExA

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 392KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09f755796a2f5a0010488f04ecf1dc2a

Code Sign

1b:e7:15Certificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

da:69:a0:bd:85:4b:b5:54Certificate

Extended Key Usages

Key Usages

92:be:3a:9d:61:4d:89:0b:b9:dd:07:a1:51:2d:13:ea:bf:84:10:c8Signer

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

kernel32

gdi32

user32

msvcrt

ole32

shell32

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 239KB - Virtual size: 238KB

.data Size: 392KB - Virtual size: 396KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 7KB

1b:e7:15
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

07
Certificate

da:69:a0:bd:85:4b:b5:54
Certificate

92:be:3a:9d:61:4d:89:0b:b9:dd:07:a1:51:2d:13:ea:bf:84:10:c8
Signer

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 239KB - Virtual size: 238KB

.data
Size: 392KB - Virtual size: 396KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 7KB