8c5abf76241e388c2db3fdc4d732abc1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c5abf76241e388c2db3fdc4d732abc1_JaffaCakes118
Size

602KB
MD5

8c5abf76241e388c2db3fdc4d732abc1
SHA1

5709f70ba35ad2ba2418993dee13b61d7b3ae56e
SHA256

06a1d56dc3e0c70136ba5106ae6c5dceeee09f89d89a1cf0e10a36b40503b5ac
SHA512

ce1295c0c3f36d48f29cf11e34dfe0eb0ed78b67a75feb9f2252be3780af023f28d0f04806c5429e06477a6c6e7746b234cf9c3219031c35582c27c92a34ce06
SSDEEP

6144:9FOxzQK1Ojl3ktzydfY5GJ8hg28qUjDXGjdz4UIQBUUCYtMZ5H6hPLHdMCYtpGaS:2QyOlsTmTNF6hL9MbhOB/Rc7KRFMq

Score

1^/10

Malware Config

Signatures

Files

8c5abf76241e388c2db3fdc4d732abc1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7eeba166496afa789c53f4307f903395

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2015, 00:00

Not After

24/05/2016, 23:59

Subject

CN=Minimus,O=Minimus,POSTALCODE=236022,STREET=ul. Repina\, 46\, 12,L=Kaliningrad,ST=Kaliningrad Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

84:26:29:c9:3a:1a:77:be:a4:9e:ab:d8:66:c1:b4:e9:39:9c:e1:11
Signer

Actual PE Digest

84:26:29:c9:3a:1a:77:be:a4:9e:ab:d8:66:c1:b4:e9:39:9c:e1:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetClipboardFormatNameW
DrawAnimatedRects
EnumThreadWindows
ModifyMenuW
GetAsyncKeyState
MapVirtualKeyExA
SetWindowsHookW
WaitMessage
DefFrameProcW
GetTabbedTextExtentA
DialogBoxIndirectParamA
CharPrevW
GetWindowWord
SendMessageCallbackW
SetUserObjectInformationW
GetMessageA
ShowOwnedPopups
MenuWindowProcW
CharUpperW
SetLastErrorEx
FillRect
GetClipboardData
SetProcessWindowStation
EnumDesktopWindows
LoadCursorW
wsprintfA
GetParent
LoadCursorA
DefDlgProcW
SetForegroundWindow
GetCapture
LockWorkStation
DrawTextW
TileChildWindows
MapWindowPoints
CloseDesktop
GetDlgItem
GetUserObjectSecurity
InflateRect
CallNextHookEx
ValidateRect
RegisterWindowMessageW
GetDCEx
MenuWindowProcA
GetTopWindow
OpenDesktopW
DragDetect
RegisterClipboardFormatW
PeekMessageA
FlashWindow
SetTimer
IsCharUpperA
CreateIconFromResourceEx
DefDlgProcA
CopyIcon
SetThreadDesktop
RegisterDeviceNotificationW
GetMenuInfo
GetWindowTextLengthW
BroadcastSystemMessageExW
GetClassWord
ShowWindow
CreateCursor
GetMenuStringW
LoadImageW
CharNextA
GetWindowDC
DrawMenuBar
GetSystemMetrics
InsertMenuItemW
EndDialog
TabbedTextOutA
CharUpperA
CharToOemBuffW
OpenIcon
TranslateAcceleratorA
CreateMDIWindowW
SetWindowTextA
DestroyWindow
SetMessageExtraInfo
PostMessageA
GetDC
SetLayeredWindowAttributes
GetComboBoxInfo
CharLowerA
EnumDesktopsA
ArrangeIconicWindows
GetFocus
IsCharAlphaNumericW
CreatePopupMenu
CreateDialogParamA
CopyRect
SetRectEmpty
SetDeskWallpaper
GetCaretPos
PrivateExtractIconsA
MenuItemFromPoint
EndMenu
SetRect
IsWindowVisible
OemToCharW
GetWindowInfo
AppendMenuW
DefWindowProcW
CharLowerW
AnyPopup
GetWindowWord
GetWindowTextA
RemovePropA

kernel32

TerminateJobObject
VerLanguageNameW
MapViewOfFileEx
DeleteFileW
GetDevicePowerState
GetLastError
GetProcessPriorityBoost
LoadResource
OpenFileMappingA
OpenJobObjectA
SetHandleCount
SignalObjectAndWait
LockResource
WinExec
RequestDeviceWakeup
LocalAlloc
HeapQueryInformation
LocalLock
UnmapViewOfFile
GetModuleHandleExA
DefineDosDeviceA
BuildCommDCBAndTimeoutsA
EraseTape
SetFileAttributesW
SetCriticalSectionSpinCount
EnumSystemCodePagesA
GetShortPathNameA
GetACP
SetPriorityClass
GetDefaultCommConfigA
GetExitCodeProcess
CreateMailslotA
EnumUILanguagesW
MoveFileWithProgressA
WaitNamedPipeW
FillConsoleOutputCharacterW
FindFirstChangeNotificationW
FindVolumeClose
DefineDosDeviceW
FindFirstFileW
GetFileSizeEx
ReplaceFile
SetMailslotInfo
SetCurrentDirectoryW
GetCurrentConsoleFont
ReadConsoleOutputW
InitAtomTable
SetEnvironmentVariableA
DeleteCriticalSection
Heap32ListNext
GetCommandLineA
SetLastConsoleEventActive
SetErrorMode
GetProcessHeap
GetLastError
GetProcessHeap
TransmitCommChar
GlobalDeleteAtom
VirtualQuery
LoadLibraryA
TlsAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

UrlGetLocationA

comdlg32

ChooseFontW

oleaut32

VarI8FromDisp
VarCyFromUI8
VarCyAbs

shell32

StrRStrA
SHEnumerateUnreadMailAccountsW
CheckEscapesW

winspool.drv

EnumMonitorsA

gdi32

EngStrokePath
CreateMetaFileA

version

VerFindFileW
VerInstallFileW

wtsapi32

WTSShutdownSystem
WTSWaitSystemEvent
WTSQueryUserToken

ws2_32

WSACancelBlockingCall
WSASetEvent
WSACloseEvent
WSAAsyncGetServByPort

comctl32

FlatSB_GetScrollRange
ImageList_Copy

Exports

Exports

��^��6�X��έǤް�� A�j�HZ��e5F�~y�Q��嘕=�N�ɋ#�$3�i&N�˾��z��X��X��/��+��<�Ǣ��O��]�N��"�J ��b{�:5�W��}r��M��8��R�ޝ�b ��-��c�D�8�A1*�z�Z�~��3E/�K��v�� /��t׆��k�^��m��C@*��e�f��kX��<�04؞%��>f.�/k��* ڝ��kHlCiѪ�U̽q�j�{̹�!��tv��6⢗E<.�q�/��>e�w�>��m��U��萓�3�lˈ�@B��j� V;6�B7}O0N��Б�en��O��`��D6�Ү��֔3�*�п��ӻѸL[1:Ԭk��&P/Ӳ�E~ ��B��;�o�.�\O/�5��m��u�\*��7-7@��~��R��k�+��u�H\@oU��s��ӵJ��>�� hщ �n�6��{e�>��o��5��O$�O��;9H�ƥ+�� xV[ Q��) g �\3��C��&�@Vj�?N�&��Q�*��BQw�y��z-�Ep A��+��YN#߼��G3�!��-�b��,R��דS��J�a�|�ml�Љ/:��m��W!)*��Нp_�r�_��e�c��fJ�=�y�5�6M�z�֯�+��z�i߸RՒ}@/A��pPv�zg��,_{�oa d��V�0i~�oP�EO`��!��hϒ~��DM^�J��\��K��gOB/�޷��1��g�Ӎ��lAj�ig��8��^�y��B�-�5�ůJ��͹3�g9q�v�65f�0��j��g}T� ��fx��~<T��R�4*��+��m}?縜�I��X�A�i�ܿ��G�!�<} J�G%=]�\�ͧ.�M�o��/7�tg|ec�F]�2Mg��]��7"�$�YS~ہ��`4"�!&�:%y��!R7xU�a��$��_�:�g�(��em�pȉ�7��ت�� k0�iQzx�7 <��٣�$D��.�5��=�)�,&q� Ub�}VO�� h��#�_-�f{�<�0" �Zz*�8qFf��Ci4�ʱ!|I��Ӑ:��M�A�qt��8o��cA�C�K9�1��2�$�|^/��t�� L,�e+�o��:�5�R��,[�͐��@�^6��z��!=��}�iw�UQ'��8��T�/��<��D��ƿNw�F��DEl "�UJ�=��]�H`��}�~�O̼��zĝ�ˀ�r^jQ��A�&��x/'8%�KV��f�C(�t.Gt�u��tw96�D��ON��;��Q�$��V��N�~Z�OE��F̢E��ze��R�˝��[C��i�9V+%=J O��N��KS:W� +�́HBY��L��;e�&W؃ޫX�`l�Dcк�kqt��X:�H��T;�4�Pr$ȞSc;5$r)��}�=r��Ho��as�JvUgZ��F�,V��}k��˩~p�D�1NE�X&6(�n~��GI��V ~��O��cr�V 0�j�mKM�M�5�>�;<QG��mN��H��7�X��ȓRV��PI}�i��q��M�/��՛2��rOL��H�f�&^�T)�&q!�3�� W��P�HSi��:�U��+/FK��r��ل�ٕ��bM��w�.��Z�`a\��ǖ��l��J;ZA�~��|�)�(&f�F��n�M�W��3L��0��׶��X;�a�~7Do��|?+ӉZ<�e��){j��㌰��?7��|��y�K/HqL��4��n&�K��=`C<��T��R�|D*��K;��ݨn\��n��a��Xt+�G��~F�� N��8�'3��KdI2HXKO+ӫ#�� (�K򂰭ӭ�MP��4�b��[�{2�9XަD�J/��q��0֜W��c�[�}̐8C��E��A�?x��lZW�$~��k�#(WV<pW��t��nZk��4U�]*%:��CpW��K~�S�r �S��DL��&>��w�Qֲ��S��(<�� #m�C��= B]ЃoUOZ��n��١*[�.�;�5�+�l�b�M*K�:J�v�<�NN�V��m9J��H�נs��Ϟ��cm��(y��B��9��Z5O �X�m�Y��PV�Cl�A=�d.ٌ�Mz��<�t��~v�O��s��1&ar�͉-��p��.�<3|!� ��̟V�j��-�?��TDw,LN.�"��S��@��;<��Aq�ƢO4q_�8gC��UL��WG�C��WPM�K�&��g�b��z�T��p��E�h�0��K�z8��;��p��Յ�A �HB��z�ҭ�傠�KP B�[3�y��_�O�A��W��ތ��xg�c��ټy��#{��r�YvB$�Nr��:��Y��W��`�W�f��[��N�ǿ�5�u'ЅR��<��~>�l� ��l3H{A�O7$�F� ]��Y=�I��弿VT�iw��<q��ה)��A��ҙ*B��i�~̸x9�7�~��L�p`��P�b0R��bycݶP�m~ӄbq��S��BC-3�C��@��k�� B˓ő ǚ�%>%�� d?�@��LXjTk#ߡ�C�B�d��>�Š|��ŉ��{��MLԴ��6.��|��i�� A�t�-�#෼��s�e#�:=��XŨ�#j��$u�x�U�K0\�#��B�HW�ˎ��<݇v|��*9�j��D

Sections

CODE
Size: 440KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7eeba166496afa789c53f4307f903395

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23Certificate

Extended Key Usages

Key Usages

84:26:29:c9:3a:1a:77:be:a4:9e:ab:d8:66:c1:b4:e9:39:9c:e1:11Signer

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

comdlg32

oleaut32

shell32

winspool.drv

gdi32

version

wtsapi32

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 440KB - Virtual size: 444KB

DATA Size: 18KB - Virtual size: 24KB

.idata Size: 5KB - Virtual size: 8KB

.text0 Size: 14KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.text1 Size: 62KB - Virtual size: 64KB

.reloc Size: 5KB - Virtual size: 8KB

.rsrc Size: 53KB - Virtual size: 53KB

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

84:26:29:c9:3a:1a:77:be:a4:9e:ab:d8:66:c1:b4:e9:39:9c:e1:11
Signer

CODE
Size: 440KB - Virtual size: 444KB

DATA
Size: 18KB - Virtual size: 24KB

.idata
Size: 5KB - Virtual size: 8KB

.text0
Size: 14KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.text1
Size: 62KB - Virtual size: 64KB

.reloc
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 53KB - Virtual size: 53KB