91627ab0217a2a57fa786a7a2be78e41_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

91627ab0217a2a57fa786a7a2be78e41_JaffaCakes118
Size

611KB
MD5

91627ab0217a2a57fa786a7a2be78e41
SHA1

d2d29f4e7227c83d035effd6bc83b2e17eb30709
SHA256

2063c368fffa62b29dc96cbad803bd36c28c11c1611ec49c3efaec959a9aeeb5
SHA512

6a93640d914b5a4aa99db2f3f53059f375a6abb380b075314dc255707adb35a01f75bf5c34ff0c22a84906e71a8eb428afb83d3cbfc9b6ce3d5000c783f0e421
SSDEEP

12288:NnrRLTlQVH2j9u+xAfHhXCa409Z7qGJGzc3yiMr9:5rR3uVaAP4PS7vJy9p9

Score

1^/10

Malware Config

Signatures

Files

91627ab0217a2a57fa786a7a2be78e41_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a689be7a342046f8fbc925779af7a057

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/04/2015, 00:00

Not After

23/04/2016, 23:59

Subject

CN=IMTER,O=IMTER,POSTALCODE=390000,STREET=d.27 ul.Lenina,L=Ryazan,ST=Ryazan region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

34:6a:78:f9:30:e1:c6:66:7a:4f:3f:4e:af:9a:e3:7d:fc:e6:8e:c2
Signer

Actual PE Digest

34:6a:78:f9:30:e1:c6:66:7a:4f:3f:4e:af:9a:e3:7d:fc:e6:8e:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetSysColorBrush
GetMenuInfo
RealChildWindowFromPoint
GetMenuItemInfoA
SetSystemMenu
CharLowerBuffA
EndDialog
SendDlgItemMessageW
SetMenuContextHelpId
SetForegroundWindow
GetMouseMovePointsEx
DrawAnimatedRects
GetProcessWindowStation
OemToCharA
DrawStateA
RealGetWindowClassW
GetPropW
GetScrollInfo
DefWindowProcW
LoadKeyboardLayoutEx
GetKeyState
BroadcastSystemMessageExW
GetAltTabInfoW
CreateDialogIndirectParamW
GetWindowTextLengthA
ShowWindowAsync
GetClassNameW
PaintDesktop
CheckMenuItem
IsDlgButtonChecked
GetWindowInfo
LoadAcceleratorsW
CreateMDIWindowA
GetScrollRange
IsWindowUnicode
wvsprintfW
GetClassInfoW
SetThreadDesktop
SetSystemCursor
GetClassLongW
ChangeDisplaySettingsW
CharUpperW
TrackPopupMenu
DefDlgProcA
OemKeyScan
IsDialogMessage
SendMessageTimeoutA
SetParent
CharToOemW
DrawFrameControl
AppendMenuW
PrivateExtractIconsA
ChangeDisplaySettingsA
CreateIconIndirect
LoadStringA
MonitorFromRect
SetPropA
CloseDesktop
SetUserObjectInformationA
CharToOemBuffW
UnionRect
GetUserObjectSecurity
ScreenToClient
GetIconInfo
OffsetRect
AppendMenuA
ModifyMenuW
DrawTextA
CreateDialogParamW
wvsprintfA
SendInput
EnumClipboardFormats
RedrawWindow
RemovePropA
SetWindowPlacement
FlashWindow
GetUpdateRect
DefDlgProcW
IsCharAlphaNumericW
OpenDesktopW
SetClassWord
BlockInput
RegisterClassExA
GetWindowTextW
SetCaretPos
SetWindowWord

kernel32

ReadConsoleInputExW
CreateFileMappingA
GetSystemDefaultUILanguage
FindFirstFileExA
GetFileAttributesExA
SetTapeParameters
CreateTapePartition
GetCurrencyFormatW
VerifyVersionInfoA
SystemTimeToTzSpecificLocalTime
ReadConsoleOutputAttribute
GetTimeZoneInformation
GetMailslotInfo
GetACP
WaitForMultipleObjects
HeapCompact
FindNextVolumeMountPointA
BuildCommDCBA
EnumSystemCodePagesA
SetLocalTime
VirtualQueryEx
GlobalCompact
DeleteTimerQueueEx
GetSystemTimeAsFileTime
GetTapeParameters
SearchPathA
TerminateProcess
WideCharToMultiByte
OpenFileMappingA
BeginUpdateResourceW
GetEnvironmentStringsA
GetTickCount
SetFileValidData
GetLongPathNameW
GetProcessShutdownParameters
GetVolumePathNameW
EnumLanguageGroupLocalesW
OpenSemaphoreW
FindNextChangeNotification
RtlFillMemory
FindResourceExA
GetSystemPowerStatus
VerifyConsoleIoHandle
GetLocalTime
AttachConsole
EnumResourceLanguagesW
SetLocaleInfoA
IsValidLocale
FindFirstVolumeMountPointW
ReadConsoleW
FindNextVolumeA
GetVolumeInformationW
ConvertDefaultLocale
GetProcessHeap
GetLastError
FreeEnvironmentStringsW
VirtualQuery
LoadLibraryA
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

CommDlgExtendedError
dwOKSubclass
WantArrows
PrintDlgA

oleaut32

VarUI2FromUI4
VarDateFromCy

gdi32

GetWindowOrgEx
EnableEUDC

version

VerLanguageNameA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

ws2_32

WSAProviderConfigChange
WSAAsyncGetServByName

comctl32

DrawInsert
ImageList_GetBkColor
FlatSB_SetScrollPos

Exports

Exports

��Q� �{��WcZ��)$��hZ1��7�מ��ϣ��h�a= sm�啊�SI��/��6<�6��cf(bI_;e��mLL�F -g��1�2[=�n��7�Cò�!��n8�� xVΆ�a1��M��_ʎ�L��S�H��B��8ĕ��-�y�x��RA�ɒ�V�>CI{?�u�� }��O<��cn,Uc��_;��3�ؒ0�P�g��&"=�é�!��/��@�ge��DB�G$A�.�go[3��;�a�O~se�G��j-��i��߲�ȎV�bx��'��4�>05�qb>{ �pRR�A1��d�[-�_�B_{��7 �"m!�*S�ԥ�~��~�w�ddR�R�^��.�6��vm�G��(��b��؜S�M��k��7�vZ�M�<1�?ȼ%*a\�m�0�Y��x!Іt� ��C�ƤZ��φ<״��x�`��F��?� )��u_a/&V�˒}W�� l��I�E��BY��<��,$��'��-]�� 02]�Ä֗5u6��"��ƛ��qsY��C 5*��)��vv�U�|=��'��"۞�� _�:.md��H�v��{|��H��8��_�l��(`��ʋm��_f�"^��=� ý��NZ`)|�i�+6r�G_�s]��5B�7�U�KW+��)��p��hZ4-<�v퀹̵ �"zN�0�Z��x?��kW��b��?��k�y�� ;�|2��l1"d��.t��Q}��%�U3<e��`��D@�f��z��Xp-]��r��AdB��&�\�M9��#@tD��&mm)��Pſ�l�b�[�@�kvu)��S�E�F>��v��3�6��5��j+�30�0�g�^\�n{��c��<�8�[9F9�2K��|��]!h�}�)&H�)�ՇY��hu��!G��w��w�\N�,�(��/?��]��Lb��@w1�8��S'.2��:G��J��qA\�~��xVZ;�71�L�Xݾ<�Ot�G��F�y�8F�"�L��e��0iE~�>��`�~��|xs�\u��س�J�_Vc1w��n3��]e��9��ɳ��о+��w��FE6�.G�Y�Ks�n:�1��\^�c��r��o��fr�e~��HK<�xe�=��q��v�yƴ�N��'Gp�K��|��nIБu�|H�5��^��c�+�=�tz}�]��E(i�8=��6Zj*��F�ԯ��2�9&w\]I��ۏu��E�A�֢:��`�P��¥s19��٣h_ӹ��EM��X��i�EuΠM�0�[Gj��ɳ�7 ��}0��e��o�n��l��l�6��6��}��aGU�wI��F��Cw��\��_��к�h��=�Z�S8+�j��#��a��!>�3[�z7��z0��[1��8�Qr=B��7'v|N ��=zj!^K@v��5��J��+�>�}gi�w��uI��\�s[��^��f7ڣj�1�hR��~��h��R,2a��_�\��0|{!�Ov��?�ks/�ݿ"�Y�#b�Ӫ� #/�Nhw��v<��I ڈv� �}.�2��_��x��Z�П/4�z9��o��o!3��kg�s��yAa�ӽo��ц��C`ye��lu��!&LQ*뭷�~7�fxvvK��[��t�uP֝Hd��sX,��3�{��G�:�*��J"�5�C8��[1e`j�7�ozE�)w��4�A�ʰ��+}Yh{�~~37�אa9��T]��Y��&�N�{*'�1��N��_��,u�zmq��6V��kc��1��ۄrr(��P��!��Q��!D:�r�5�nOU��[�f�m1 ��U��>]D;)ގzS��.Ԇ-_�T�퇃G�%��T x��.7�+��c��B��̷S�S�2�;C�76>itnO��0�=�4��4No%i�'��bE��(^Z�9A 9ɀ�M��$� ah�[��]�>��Oҕ"z�H�W��Ŝ�L�yws��&\�j��Q��b��S��v�0�_<�8�Î^��U}M*��"&UN��!��%��0�"O�M��b�I��/��۷M�10��:2o¼��v��慽3Z&˿��]Nᔜ��h�H��N�2�De}��T��h?��NC��tp1&I� �e�s<��Y��X�Z#p�_�$$]{��S�hfF{X�PI�(f��V{h?�l.|��~��J={_��3��{@��w��P��w��/וa;>g��),]^Y@�+v� a�ԭ#�3��G��O�Y4+�.9@~~ �m��ͨ��DA=�䥅�҃wg�/��o:%!�M��P�]��F��;��G�,�V��(j̺�j��A-��F<el��V!��0D�׉��t�M��ũ6觥?�4�wo��p�ͧ�tqP��#i��ف�Oe��Q��x㋨�j��9E�g��i�&�6��:��1+��nOƵ�Z��ϲ�(a�͙$�\L��lD�Z�{��ً$�� 3/_� Q�ZU�߿��ˬ��.��>��v��1��!h�L��!��Լ�-��;�k<��C��l��"��a��ǅ�TB߾�d��F��ݧ�a�\-��E��ә4qѷY�|��C��?��e�OI[��:S2�߸�O�e��*�$��2�7= YYc+�;��t�/�?ھ W�sYꖖk�!k�l��\ ��u`��]w�IpRغ)�c��-ǹ��D��<F�)��(b�J��(>p��g�G2`ı ��3�Vj�ۃ[�U��XS��s�c� �.��'��S0�c�2��4��M��h��On�α��F�uk:D�6�

Sections

CODE
Size: 437KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a689be7a342046f8fbc925779af7a057

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62Certificate

Extended Key Usages

Key Usages

34:6a:78:f9:30:e1:c6:66:7a:4f:3f:4e:af:9a:e3:7d:fc:e6:8e:c2Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

gdi32

version

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 437KB - Virtual size: 440KB

DATA Size: 20KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 8KB

.text0 Size: 18KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 4KB

.text1 Size: 65KB - Virtual size: 68KB

.reloc Size: 5KB - Virtual size: 8KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62
Certificate

34:6a:78:f9:30:e1:c6:66:7a:4f:3f:4e:af:9a:e3:7d:fc:e6:8e:c2
Signer

CODE
Size: 437KB - Virtual size: 440KB

DATA
Size: 20KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 8KB

.text0
Size: 18KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 4KB

.text1
Size: 65KB - Virtual size: 68KB

.reloc
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 53KB - Virtual size: 53KB