94944e42cca5fa7d4571f0bf7ac91c90_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

94944e42cca5fa7d4571f0bf7ac91c90_JaffaCakes118
Size

896KB
MD5

94944e42cca5fa7d4571f0bf7ac91c90
SHA1

4f7b00910db792a6b4536d3396cebd33dae7aefc
SHA256

e067d4557cc7cd421a143112b54a89b49b90592fae7cd8f0199b2883da7ff545
SHA512

aa4dcb9a68c2891975dbe905145ee282fe80255eccf8d9f58657625b9588d1ba607b2726a71e515252a70602f814a2ffde76867c818e945bdbdfda9ea2942fbb
SSDEEP

24576:BUj0D0Wwh8fRTdaAJlXVnwpb+oaBpKW3nbcXVDZ/8UZ:BY0DBwOOQXRuEBTbQh8y

Score

1^/10

Malware Config

Signatures

Files

94944e42cca5fa7d4571f0bf7ac91c90_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c69ab02b51ce7c3bce5e64ccdcbcc4f5

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:de:6b:1c:05:30:3b:b5
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

08/12/2015, 23:49

Not After

06/11/2016, 23:05

Subject

CN=Fast Downloader Media,O=Fast Downloader Media,L=Oakland,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:37:a7:2e:93:33:c1:86:36:7a:a3:42:83:7a:8f:95:4c:c1:6b:a4
Signer

Actual PE Digest

30:37:a7:2e:93:33:c1:86:36:7a:a3:42:83:7a:8f:95:4c:c1:6b:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
CreateFileMappingA
CreateFileA
CreateMutexA
GetVersionExA
GetCurrentProcess
GetVersion
lstrcpynA
ExitProcess
GetModuleFileNameA
FreeLibrary
DeleteFileA
SetEnvironmentVariableA
DuplicateHandle
GetCurrentProcessId
GetEnvironmentVariableA
GetExitCodeProcess
TerminateProcess
ResumeThread
CreateProcessA
GetCommandLineA
LoadLibraryA
FlushFileBuffers
WriteFile
SetCurrentDirectoryA
CreateDirectoryA
GetTempPathA
GetModuleHandleA
ReadConsoleA
WriteConsoleA
GetStdHandle
GetFileSize
GetFullPathNameA
SetErrorMode
DeleteFiber
TryEnterCriticalSection
HeapLock
GetExitCodeThread
HeapCreate
SwitchToFiber
CreateTimerQueueTimer
ExitThread
WaitNamedPipeA
GetPriorityClass
Sleep
DeleteTimerQueueEx
OpenWaitableTimerA
InitializeCriticalSectionAndSpinCount
SetCriticalSectionSpinCount
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
FormatMessageA
LocalFree
GetSystemTimeAsFileTime
CloseHandle
ReleaseMutex
WaitForSingleObject
GetProcAddress
GetFileAttributesA
lstrcmpiA
MultiByteToWideChar
GetCurrentDirectoryA
GetLastError

user32

RegisterClassA
PostMessageA
TranslateMessage
GetWindowLongA
DrawTextW
BeginPaint
GetMessageA
CreateWindowExA
ShowWindow
SendMessageW
DrawTextA
GetDC
DispatchMessageA
EndPaint
SendMessageA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

gdi32

EnumObjects
SelectObject
CreateBitmap
CreateFontIndirectA
CreateFontA
AngleArc
ArcTo
DeleteObject

msvcrt

rand
??2@YAPAXI@Z
srand
_pgmptr
__argc
__argv
memmove
_ismbblead
__getmainargs
_cexit
_exit
_XcptFilter
exit
realloc
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
atoi
_snprintf
??3@YAXPAX@Z
_time64
__CxxFrameHandler
memcpy
free
malloc
memset
_acmdln

ole32

OleInitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx

shell32

SHBrowseForFolderA
SHFileOperationA
ShellExecuteExA
SHGetIconOverlayIndexA
ord256
SHCreateShellItem
SHGetPathFromIDListA

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c69ab02b51ce7c3bce5e64ccdcbcc4f5

Code Sign

1b:e7:15Certificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

06:de:6b:1c:05:30:3b:b5Certificate

Extended Key Usages

Key Usages

30:37:a7:2e:93:33:c1:86:36:7a:a3:42:83:7a:8f:95:4c:c1:6b:a4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

gdi32

msvcrt

ole32

shell32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 600KB - Virtual size: 600KB

.data Size: 225KB - Virtual size: 228KB

.rsrc Size: 7KB - Virtual size: 6KB

1b:e7:15
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

07
Certificate

06:de:6b:1c:05:30:3b:b5
Certificate

30:37:a7:2e:93:33:c1:86:36:7a:a3:42:83:7a:8f:95:4c:c1:6b:a4
Signer

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 600KB - Virtual size: 600KB

.data
Size: 225KB - Virtual size: 228KB

.rsrc
Size: 7KB - Virtual size: 6KB