a35d46dfbc2db3d07fef08d393a7fb7a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a35d46dfbc2db3d07fef08d393a7fb7a_JaffaCakes118
Size

2.6MB
MD5

a35d46dfbc2db3d07fef08d393a7fb7a
SHA1

fde96c040a54d2f5e51af7d3053b6664afefa5f2
SHA256

36dc88cd4343faa4b1e1ff5b32a9e9032feb32f13d8d7d0fe4ed17a3114ae4e7
SHA512

c466621f185de1e6a0e02aa75ceb931ddd033792dcf6d8d21b8fc86a3f6cb23fde469b5a3c0bc244d08a063ee3fb4b9f65880e3e157c87e08dea6639207b3014
SSDEEP

49152:qg9kvc2zhLukLVECr8WfATiPq3eAQwvcO4zj:qumr9AuPq3eAvvcOa

Score

1^/10

Malware Config

Signatures

Files

a35d46dfbc2db3d07fef08d393a7fb7a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ab58d702ea537aae563db1f45daa882b

Code Sign

ec:fe:bd:9b:fa:30:8a:06:b3:a0:21:c7:11:e7:2c:83
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/03/2018, 00:00

Not After

18/07/2018, 23:59

Subject

CN=LTD\, FLOP,O=LTD\, FLOP,POSTALCODE=248021,STREET=ul Moskovskaya 184A,L=Kaluga,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

setupapi

SetupGetBinaryField
SetupGetFileCompressionInfoW
SetupDecompressOrCopyFileW
SetupGetFileCompressionInfoA

kernel32

lstrcpyA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetFilePointer
LoadLibraryA
GetOEMCP
GetCPInfo
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
WriteFile
RtlUnwind
VirtualFree
HeapCreate
IsBadReadPtr
GetModuleHandleW
lstrcatA
GetLastError
GetDateFormatA
FindClose
GetTimeZoneInformation
LockFile
GlobalFlags
UnlockFile
GetExitCodeProcess
RaiseException
SetEndOfFile
RemoveDirectoryA
InterlockedExchange
FlushFileBuffers
GetShortPathNameA
IsValidCodePage
GetVolumeInformationW
GetTimeFormatA
SetCurrentDirectoryA
FindFirstFileA
GetSystemTimeAsFileTime
CloseHandle
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
FreeLibrary
GetACP
GetVersionExA
GetStringTypeW
GetModuleHandleA
GetProcAddress
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA

user32

GetSystemMetrics
wsprintfW
SetClipboardData
GetWindowLongA
MessageBoxIndirectA
LoadBitmapA
GetSystemMenu
EnableMenuItem
BeginPaint
EndDialog
EndPaint
CheckDlgButton
SetWindowPos

gdi32

GetDIBits
PtVisible
SelectObject
OffsetViewportOrgEx
GetViewportExtEx
CreateFontIndirectW
SetBkColor
GetRgnBox
SaveDC
RectVisible
GetWindowExtEx
GetBkColor
CreateFontIndirectA
SetMapMode
ExtSelectClipRgn
CreateBitmap
GetObjectW
RestoreDC
CreateRectRgnIndirect
GetTextColor
EnumFontsA
ExtTextOutW
SetViewportOrgEx
DeleteDC
SetBkMode
SetTextColor
GetStockObject
DeleteObject
GetDeviceCaps
Ellipse

advapi32

RegQueryValueW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
FreeSid
RegEnumKeyExW
RegEnumKeyW
RegOpenKeyW
AllocateAndInitializeSid

oleaut32

SafeArrayPutElement
VarDecRound
VarAdd

Sections

.text
Size: 528KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

a42c7
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

a42c8
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

a42c9
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab58d702ea537aae563db1f45daa882b

Code Sign

ec:fe:bd:9b:fa:30:8a:06:b3:a0:21:c7:11:e7:2c:83Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

comctl32

setupapi

kernel32

user32

gdi32

advapi32

oleaut32

Sections

.text Size: 528KB - Virtual size: 525KB

a42c7 Size: 76KB - Virtual size: 72KB

a42c8 Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 382KB

.tls Size: 4KB - Virtual size: 154B

.rsrc Size: 2.0MB - Virtual size: 2.0MB

a42c9 Size: 12KB - Virtual size: 9KB

ec:fe:bd:9b:fa:30:8a:06:b3:a0:21:c7:11:e7:2c:83
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

.text
Size: 528KB - Virtual size: 525KB

a42c7
Size: 76KB - Virtual size: 72KB

a42c8
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 382KB

.tls
Size: 4KB - Virtual size: 154B

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

a42c9
Size: 12KB - Virtual size: 9KB