9ffd7ceda6a87c86cba1d07e834b831b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9ffd7ceda6a87c86cba1d07e834b831b_JaffaCakes118
Size

621KB
MD5

9ffd7ceda6a87c86cba1d07e834b831b
SHA1

849cfffacf61b1423f4b70f510fc8825a766bd50
SHA256

05a3421a44a395484efaa80fc51206a26320ec2d18ae65705cd26ecb4d84a17c
SHA512

a2316f2809c97bb93748de85d273623b859fd6fdbc6f8f7a9b989cc3b82e23305649f74cd094c5a04d9784991704faa0f33cd82e676e0cb42c7bc33657866686
SSDEEP

12288:pf6V5Q4lu1ZshJtPYMQkf8VM73MZ5dq7742FR:0Va/8hJtgdkf8VW3CdqXLFR

Score

1^/10

Malware Config

Signatures

Files

9ffd7ceda6a87c86cba1d07e834b831b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be422ac480096b6570cb1a42c6c912d7

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9d:13:0a:c5:a3:4c:11:40:7b:15:51:47:f0:e2:a1:7e
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/05/2015, 00:00

Not After

12/05/2016, 23:59

Subject

CN=ASKAD,O=ASKAD,POSTALCODE=644045,STREET=pr-t Koroleva\, 16/1\, 68,L=Omsk,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:6e:e0:61:e6:49:84:67:4d:25:7d:10:50:07:a1:e2:55:6e:01:ed
Signer

Actual PE Digest

b9:6e:e0:61:e6:49:84:67:4d:25:7d:10:50:07:a1:e2:55:6e:01:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

TranslateMessageEx
SetFocus
SetForegroundWindow
GrayStringW
IsCharLowerW
GetUpdateRgn
SetDlgItemTextA
DestroyAcceleratorTable
GetWindowLongA
GetMenuContextHelpId
GetWindowContextHelpId
GetWindowLongW
CharNextExA
GetMenuStringW
MonitorFromRect
DefWindowProcA
ReleaseDC
DefFrameProcW
GetDialogBaseUnits
IsChild
SetSystemMenu
GetUpdateRgn
GetWindowTextA
CheckDlgButton
GetClipboardFormatNameW
IsCharAlphaNumericW
BroadcastSystemMessageExW
CreateIcon
MenuWindowProcA
GetClassWord
TabbedTextOutA
SendDlgItemMessageA
GetListBoxInfo
IsDialogMessageW
GetFocus
ToUnicodeEx
SetFocus
MapVirtualKeyW
SetProcessWindowStation
GetScrollRange
GetUserObjectSecurity
DestroyIcon
EndDialog
MapWindowPoints
InsertMenuA
CreateMenu
IsCharAlphaW
WaitForInputIdle
SetDlgItemTextW
EnumDesktopWindows
IsHungAppWindow
SetWindowTextA
DrawIconEx
GetDC
CharToOemW
DialogBoxIndirectParamA
SetScrollPos
CharLowerW
ScreenToClient
AdjustWindowRect
SetDoubleClickTime
GetThreadDesktop
DrawTextA
ChangeDisplaySettingsW
GetKeyboardType
RemovePropW
WinHelpW
AppendMenuA
SetLastErrorEx
ChildWindowFromPointEx
MessageBoxTimeoutW
GetTitleBarInfo
GetWindowDC
wsprintfW
SetWindowsHookExA
GetPropA
AdjustWindowRectEx
EnumPropsExA
MessageBoxTimeoutA
ShowOwnedPopups
wsprintfA
IsCharAlphaA
CreateDialogParamW
RealChildWindowFromPoint
DlgDirListW
SystemParametersInfoA
GetMenuBarInfo
ChildWindowFromPoint
DrawCaption
SetSysColors
GrayStringW
GetGuiResources
GetCaretBlinkTime
PrivateExtractIconsA
FlashWindow
EnumDesktopsW
GetShellWindow
SetCursorPos
CharUpperW
MessageBeep
GetLastActivePopup
OemToCharA
DrawTextExA
ChangeDisplaySettingsExA
CharUpperBuffW
InvalidateRect
CloseWindow
SendMessageCallbackA
CreateDialogIndirectParamA
RealGetWindowClassA
AppendMenuW
GetKeyboardLayoutNameA
LoadStringA
RegisterHotKey
SetPropA
GrayStringA
CreateMDIWindowW
RegisterClassExA
LoadImageA
MonitorFromPoint
SetClassLongA
SetParent
GetMessagePos

comdlg32

PrintDlgA
FindTextA
ChooseFontW
ReplaceTextW
GetSaveFileNameA
GetFileTitleA
GetSaveFileNameW
CommDlgExtendedError
GetFileTitleW
dwLBSubclass
dwOKSubclass
ChooseColorW
ReplaceTextA

oleaut32

VarUI2FromDate
VarDecFromI2
VarCyFromUI1
VarFormatFromTokens
VarR4CmpR8
VarFormatNumber
VarR8FromI8
SafeArrayDestroyData
VarBoolFromDate
VarI2FromI8
VarUI2FromR8
VarBstrCat
VarBstrCmp
SafeArrayCreate
CreateTypeLib2

winspool.drv

AddFormW
GetSpoolFileHandle
EnumMonitorsW
ReadPrinter
DevQueryPrint
GetPrinterW
AddJobA
EnumFormsW
DEVICEMODE
AddFormA
CreatePrinterIC
SetPrinterDataW
DeletePrinterDataExW
AddPortA

gdi32

FloodFill
CreateDCW
FillPath
CreateColorSpaceA
GdiConvertAndCheckDC
PolyPolygon
GetWinMetaFileBits
EndFormPage
EngLineTo
GetRelAbs

version

VerFindFileW
VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerLanguageNameW
GetFileVersionInfoA
GetFileVersionInfoW
VerFindFileA

ws2_32

WSANtohl
WSARecvDisconnect
WSCDeinstallProvider
WSAStartup
WSAIsBlocking
WSAAsyncGetHostByAddr
WSAEventSelect
WSAUnhookBlockingHook
socket
WSARecv
WSADuplicateSocketW

comctl32

ImageList_Copy
CreatePropertySheetPage
ImageList_BeginDrag
CreateUpDownControl
ImageList_GetDragImage
InitCommonControlsEx
ImageList_SetImageCount
FlatSB_SetScrollPos
ImageList_SetDragCursorImage
GetMUILanguage

kernel32

GetLastError
GetVersion
LoadLibraryExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

v {I�k.�a�nF6.�C��l �;��7 ��"�� r�5?v��d�x�V�U�I\��5�l��7��ǘZ�,H�9|�+��n~d��a��H|�?MH��(>-o:�{5k�h�{�N�r�<�2�R��(I{�M�>h*F%��l�K�VN�6i�� *`�ߏ\2S��x�L��J��J�7� �?�:y�!+�o�u3d��9�F}W_$"��!P7>��(�>f��ݶ��3��"��kq��VW�Cwt4�>��:��"��\v-yY�#��S .�oi��.�7($V�]~�'4��',{��Q��ePҡ�C��];0��Z("u�'��eT�k��k_��^[�9ä�>��R�O��W��-��}��2ҭ�T��H0��i��p��F;��K>��N��!_ ��/7i2QJ��VZ��M4�9*�uM�L��N�nv��c[�*>�[�p�b��{�RWsT �!Jr��tD�l��:~�Pǒ��~sDQ�i�Ӎ�c��\h#�8G�Ki��m;��%'6�ܞq@Um��'�\W'g'CšW�||�j"��jhu�C[��uˮ�K��9cq��~��'��/��K~_.��g1��BG��ļ�`8,��`�*��לi1�h|诳��hι�[�2��S��z&��ȳ�҉�%�p��]P�ۦ�Ư� �ڷ%��}$l��Zl��b>�#�$o��L޹�A��[��?+T��l��FSXQ��m��y�3/��TY~�t��,�Kx˾&B=��Z��)5�s��:�r�,X^o�I�D��W��(��7��m֏��&؞��?�k��td��ƴ\n��'�� "a��Uw��zC2�FWO_Տ�}Q�zN&�L�Ͻl��2�>�Ӫ'�܎|(��8��[�˦(�qI�i ׻��Q�op��6�O��r:Lt�՟Lw: �v}�O�8E� D�u��l��aN�k�R�S��)X� ">��D$�ߍUI?��<b��(S��?��*�j��q�.��r��zdf�2Dx�O��/�4�?gF��'��J��j)y�s�ʟ4�=��_2P��m?41��="O��x�;�4"p�8�� g�pU(KhKPk�6��q0.�Rh�'� �5�ƣ�_��e�R��X��W�� x^��a��{� ��V��RO�%��Qq>@j3� �ce3��!m�X�%�M�=��w1E E��L0��r��e��!F��{�O��#Ɲ �"�#�3Q�$nv3.�a��x-Fokos�ś�t� -}�$Js�c��H��Q�_�7)��n?��'��%ZL�� }@� /�ڍ��\�:��aĄ-w�\Ҵ.��7Y��|�tښ��}G��휡q�yX��8+O�?��U�'��]._�6�f�u;�Ѻ{��l��.��)Of�F�it{�r(+��vܻ~�{u/��({��Ѿ��obe�[�x ~�U�<B�|��;�3��ぱE��o��J]�y�u׎��a�Xlľ�)��Xl�0��a��|oz��H�� 3O�]��a��\��rn��iC�|�r�_�ve�5�D33ϕv��u��t�Z`L�ƭ|�.��l%�`�ŗߠ��l��TU�4W)�C��a,in�� ,U>��Uˡ�s��r� �/a��K!4��}W��*��:��_�y��T�D��6�F��) 7~H%Q��b��t;��vIo��&��ַʲ�)W��c(r��Y6L;'�w�w��9�K�� [O��r��,>��Ϧ�Y��}��Qۘ?��۽�*Kn4Ӧ4*�1�cc�z�9��?QSW_>��N�~,1��o��X��a��4 ˤ��*HLn��O<ٲ�?#��H,c��k|EL)��@���t_)?dB �� "k�/�yW�pU8�L��,�v�P�<��q��%��j�P�;7i��CW3�}�/��T4��l�F=f��0��bw�fe��z--�&7ƅT��cz�];C4�T#��3!��¼�i�L�h��1f�e"��t��}��B��z>֑m�-�0l��c�f��`wN��HT*3*��m��ZK*F�I6m�${n��U[��`v�1�/��Sks�QN��3��KCB��z��*FB;��b?�TR=,��Vk��o<��BOSx\�w�`��ߘ�Yx*��"�t�Bۥ�ؚ��F��Mq�׳��V�t%�R��E��>�W��1m��~��u�pǗ�)�uRW�̖c�h��Í��4��0��i�)Ӭt��%�XYB)��,�G!�΁��<E �R��l?��yUN�]��8��(��8�<f/�Pud1�g�h)�26�+��A�з��xچ��L�X��Fm��<��4��,��GO��ɫx��d�4��l��R;4�Ԙ�༱��r��nm��fW*��s��j�ԛN�I��S%�� r;좊�N�0.��,�)"i9,��Y�k_x�r��N߹��#�-:��<r"��%��8��M��O�m��f* F5��G?�q��*B�Z��D?�ā5��2T��i�4jz��eŉ t%�۵�&�6(��F;�<�� |��q " ��d%�m�GeK��%��:��d<S�t��y��ڒ#�}�;��C=A�[��=�ڽ� &dḤ��1��z�e�(p�܁z�q��do� �̦Wّk"��]O e��<��B4��C��`Rܭ�iv+f3ŏ+iS��E| ��\��!c�b��p��L�L�o��1�s��i��z�{�iWf<�"X��

Sections

CODE
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 807B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be422ac480096b6570cb1a42c6c912d7

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

9d:13:0a:c5:a3:4c:11:40:7b:15:51:47:f0:e2:a1:7eCertificate

Extended Key Usages

Key Usages

b9:6e:e0:61:e6:49:84:67:4d:25:7d:10:50:07:a1:e2:55:6e:01:edSigner

Headers

File Characteristics

Imports

user32

comdlg32

oleaut32

winspool.drv

gdi32

version

ws2_32

comctl32

kernel32

Exports

Exports

Sections

CODE Size: 436KB - Virtual size: 436KB

DATA Size: 20KB - Virtual size: 19KB

BSS Size: - Virtual size: 807B

.idata Size: 5KB - Virtual size: 5KB

.text0 Size: 17KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 66KB - Virtual size: 65KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 64KB - Virtual size: 64KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

9d:13:0a:c5:a3:4c:11:40:7b:15:51:47:f0:e2:a1:7e
Certificate

b9:6e:e0:61:e6:49:84:67:4d:25:7d:10:50:07:a1:e2:55:6e:01:ed
Signer

CODE
Size: 436KB - Virtual size: 436KB

DATA
Size: 20KB - Virtual size: 19KB

BSS
Size: - Virtual size: 807B

.idata
Size: 5KB - Virtual size: 5KB

.text0
Size: 17KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 66KB - Virtual size: 65KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 64KB - Virtual size: 64KB