9ef1b0cbdc9382541e83f48fd9b9880f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9ef1b0cbdc9382541e83f48fd9b9880f_JaffaCakes118
Size

465KB
MD5

9ef1b0cbdc9382541e83f48fd9b9880f
SHA1

8d57905f90fb8874859fd1b95071651f80350055
SHA256

a77ab8771a4f9d56d3c536aeb36fda71f2e71454bf2c7f600829e945f416915e
SHA512

f2c2e5c92bfd4f66db4aff7f829aeb84c2396fb55b064e70c06d3adb76e0824872efb30d589a1176a160897d10595c5a7da92ca26119828b315e901c7176ce9c
SSDEEP

12288:wUuV+IAUeSqni9qx5eqXuRBHdzgscY3KNG:wXCBUqx5W3qcJ

Score

1^/10

Malware Config

Signatures

Files

9ef1b0cbdc9382541e83f48fd9b9880f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

089cca205aa73463a4692c6bdf9071e2

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9b:61:ac:54:a4:5b:31:fe:22:ee:d5:d6:f9:0f:95:bf
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/11/2016, 00:00

Not After

09/11/2017, 23:59

Subject

CN=AiTi Shag,O=AiTi Shag,POSTALCODE=121059,STREET=ul. Kievskaya\, d. 7,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:03:17:46:73:57:f6:a5:88:47:91:ef:16:b6:58:51:17:26:f6:a7
Signer

Actual PE Digest

9e:03:17:46:73:57:f6:a5:88:47:91:ef:16:b6:58:51:17:26:f6:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDC
DestroyWindow
AllowSetForegroundWindow
LoadIconW
SendMessageW
CreateWindowExW
MessageBoxW

kernel32

LoadResource
VirtualAllocEx
OpenProcess
GetCurrentProcessId
HeapSetInformation
GetCommandLineW
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
GetTickCount
GetProcAddress
WaitNamedPipeW
LoadLibraryW
CreateFileW
ReadFile
DisconnectNamedPipe
CloseHandle
WriteFile
GetModuleHandleW
SizeofResource
LockResource
FindResourceW
FindResourceExW
GetCurrentProcess
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
LCMapStringW
IsProcessorFeaturePresent
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
WaitForSingleObject
LocalFree
GetLastError
MultiByteToWideChar
GetModuleFileNameW
GetVersionExW
GetSystemTimeAsFileTime
QueryPerformanceCounter
Sleep
IsValidCodePage
WideCharToMultiByte
GetCommandLineA
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
InterlockedIncrement
InterlockedDecrement
VirtualFree
LoadLibraryA
VirtualAlloc
GetLocaleInfoA
LCMapStringA
GetStringTypeA

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 396KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

089cca205aa73463a4692c6bdf9071e2

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

9b:61:ac:54:a4:5b:31:fe:22:ee:d5:d6:f9:0f:95:bfCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

9e:03:17:46:73:57:f6:a5:88:47:91:ef:16:b6:58:51:17:26:f6:a7Signer

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 396KB - Virtual size: 392KB

.data Size: 4KB - Virtual size: 154KB

.rsrc Size: 4KB - Virtual size: 3KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

9b:61:ac:54:a4:5b:31:fe:22:ee:d5:d6:f9:0f:95:bf
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

9e:03:17:46:73:57:f6:a5:88:47:91:ef:16:b6:58:51:17:26:f6:a7
Signer

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 396KB - Virtual size: 392KB

.data
Size: 4KB - Virtual size: 154KB

.rsrc
Size: 4KB - Virtual size: 3KB