9ed282f9ee5db4ad3b24c076f30851d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9ed282f9ee5db4ad3b24c076f30851d0_JaffaCakes118
Size

332KB
MD5

9ed282f9ee5db4ad3b24c076f30851d0
SHA1

5d70c99216fe0b3cf76a9dcf60e863f10328ee29
SHA256

163471ed015bbb57eb2959c21269f087bd070ff641c2ac7f36f937654cb5ed83
SHA512

22b3761cd789a4e3af915ca70d0ee34be9af4365709cd74351efe47a222c3ac7cbcf5574a14170d74ec53af37d41edbfbd9612062ae91f12d4d9f9b7c8831def
SSDEEP

6144:ZqNkf1Xt/5yc6/Z0VHEu2vYtDubwoaL85kfYURwjOUj/FytoosImS:g6f1XtByc6cHEu2JwLjfY2wjOUcp+S

Score

1^/10

Malware Config

Signatures

Files

9ed282f9ee5db4ad3b24c076f30851d0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

27822ef0be6f2fcf1d0652a0debb0dbe

Code Sign

24
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

24/10/2007, 22:01

Not After

24/10/2017, 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:bb
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/11/2014, 00:09

Not After

31/10/2016, 17:47

Subject

CN=ООО ”БАНДЛ” - Bundle LLC,O=ООО ”БАНДЛ” - Bundle LLC,L=Saint-Petersburg,ST=Saint Petersburg City,C=RU,1.2.840.113549.1.9.1=#0c16696e666f40696e7374616c6c62756e646c652e636f6d,2.5.4.13=#1310345173635459644f79754e45624e586d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:02:d9:67:67:9f:a2:af:50:4f:4b:0f:12:f1:2c:f3:83:ee:90:06
Signer

Actual PE Digest

ea:02:d9:67:67:9f:a2:af:50:4f:4b:0f:12:f1:2c:f3:83:ee:90:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMenuItemID
GetMenu
GetUpdateRect
IsWindowVisible
SetWindowLongA
GetClassWord
GetWindowRgn
SetWindowPos
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
DestroyWindow
DefWindowProcA

gdi32

GetStockObject

kernel32

LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
GetStringTypeA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetFileType
HeapAlloc
GetTempFileNameA
GetProcAddress
CreateFileMappingA
GetModuleHandleA
PeekNamedPipe
LoadLibraryA
GetTempPathA
RemoveDirectoryA
GetFileTime
WaitNamedPipeA
DisconnectNamedPipe
GetStringTypeW
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27822ef0be6f2fcf1d0652a0debb0dbe

Code Sign

24Certificate

Key Usages

10:bbCertificate

Extended Key Usages

Key Usages

ea:02:d9:67:67:9f:a2:af:50:4f:4b:0f:12:f1:2c:f3:83:ee:90:06Signer

Headers

File Characteristics

Imports

user32

gdi32

kernel32

Sections

.text Size: 300KB - Virtual size: 298KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 6KB

24
Certificate

10:bb
Certificate

ea:02:d9:67:67:9f:a2:af:50:4f:4b:0f:12:f1:2c:f3:83:ee:90:06
Signer

.text
Size: 300KB - Virtual size: 298KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 6KB