b090d80ae84a9b85dcb24f9832ee86a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b090d80ae84a9b85dcb24f9832ee86a6_JaffaCakes118
Size

160KB
MD5

b090d80ae84a9b85dcb24f9832ee86a6
SHA1

3d92a2a122dc0bcbd9469709d3bdd95798d57360
SHA256

11dee2ea1f46fa27b57c0ddea4d1bcbe2551851f0ab883ea0fbae8002e91fad5
SHA512

426aac8d17f5a8b3c67ac73d5acd8f5b1e6df11bce5012562f3fb5a3b6b4a86bc034351e2e2871d91b74760c2d7542bf4ca42b4cbe1e69832adcf687bd58be29
SSDEEP

3072:nNi6JETTFA3cdGcTzfpP0dDB73+oQuU0w6gSLDV:NL6TR2Y7p8H73Noq5

Score

1^/10

Malware Config

Signatures

Files

b090d80ae84a9b85dcb24f9832ee86a6_JaffaCakes118
.dll windows:5 windows x64 arch:x64

05a1933bd319ca9958149722765c608a

Code Sign

b7:ba:41:cf:ba:8d:50:af:9a:2a:64:36:2c:08:fa:91
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/10/2014, 00:00

Not After

20/10/2015, 23:59

Subject

CN=Porter Studio Plus,O=Porter Studio Plus,POSTALCODE=2025,STREET=Dasoupoli Strovolos+STREET=Athinodorou 3,L=Nicosia,ST=Cyprus,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ba:19:52:a3:ee:af:8c:18:b3:e9:30:f3:2e:74:ed:0c:d0:a3:14:38
Signer

Actual PE Digest

ba:19:52:a3:ee:af:8c:18:b3:e9:30:f3:2e:74:ed:0c:d0:a3:14:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
Sleep
LeaveCriticalSection
GetMailslotInfo
ReleaseSemaphore
GetLastError
SetLastError
InitializeCriticalSection
EnterCriticalSection
OpenThread
GetFileType
GetModuleFileNameA
CreateMutexA
CloseHandle
CreateThread
GetTickCount
GetModuleHandleW
GetProcAddress
CreateMutexW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
HeapSize
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
OutputDebugStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05a1933bd319ca9958149722765c608a

Code Sign

b7:ba:41:cf:ba:8d:50:af:9a:2a:64:36:2c:08:fa:91Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

ba:19:52:a3:ee:af:8c:18:b3:e9:30:f3:2e:74:ed:0c:d0:a3:14:38Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 5KB - Virtual size: 5KB

b7:ba:41:cf:ba:8d:50:af:9a:2a:64:36:2c:08:fa:91
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

ba:19:52:a3:ee:af:8c:18:b3:e9:30:f3:2e:74:ed:0c:d0:a3:14:38
Signer

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 5KB - Virtual size: 5KB