af931288a61d419765d14279ef58ce8f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af931288a61d419765d14279ef58ce8f_JaffaCakes118
Size

314KB
MD5

af931288a61d419765d14279ef58ce8f
SHA1

2b2a36d250d9f81961aa9d7dd9ff93a4ea651606
SHA256

108bd2fbdc475300a616fd5e424dbdea63daf099d98dfece2fee86c4dfc2bec8
SHA512

163f49459053c4b8e3ce2df29cef786294f27845d64dc5883bf9d2aafc305cb29bad84eb8fc4ee70508054ee836787231fc09235059ed87c72897f011dd32d8c
SSDEEP

6144:ja+rrj5vQUkAQUtMskzNlfLrhljgcLGLofARzOpbmOlsbiPXL8MPxnC1X:jFf5hkAizNpLrhlkLoYzIxL7C1X

Score

1^/10

Malware Config

Signatures

Files

af931288a61d419765d14279ef58ce8f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

abc18e9cf3ca0343422e756586b534d4

Code Sign

12:a7:a4:98:01:69:6d:40:66:b1:e8:e6:ca:2a:3e:89
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/11/2014, 00:00

Not After

07/11/2015, 23:59

Subject

CN=Consortium Group ltd.,O=Consortium Group ltd.,POSTALCODE=00152,STREET=CORNER OF GR.MARLBOROUGH UN GR.GEORGE STR. ROSEAU\,DOMINICA\, 00152+STREET=3RD FLOOR\, C&h TOWERS,L=ROSEAU,ST=ROSEAU,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:e1:59:e7:c2:44:ea:aa:b3:a9:e7:10:f5:61:28:d1:4b:a6:2d:f4
Signer

Actual PE Digest

73:e1:59:e7:c2:44:ea:aa:b3:a9:e7:10:f5:61:28:d1:4b:a6:2d:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

wininet

HttpEndRequestA

kernel32

GetCommandLineW
SetCurrentDirectoryW
CreateThread
CreateFileMappingA
InterlockedDecrement
FreeLibrary
FindResourceA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
CreateEventA
CompareStringA
GetTempPathW
GetCurrentProcess
GetUserDefaultLangID
CreateDirectoryW
GetStringTypeA
GetModuleHandleW
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
HeapAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetStartupInfoA
GetModuleHandleA
VirtualAlloc
ExitProcess
WriteFile
SetErrorMode
GetVersion
GetProcAddress
TlsGetValue
GetVersionExA
lstrcmpiA
GetTickCount
QueryPerformanceCounter
FlushFileBuffers
GetLastError
GetSystemTimeAsFileTime
GetCommandLineA
CreateFileA
DeleteFileW
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
GetStringTypeW
LCMapStringA
LCMapStringW
SetFilePointer
SetStdHandle
MultiByteToWideChar

user32

SetRect
SetPropA
SetMenuItemInfoA
SetMenu
CreateWindowExA
LoadStringA
SetScrollInfo
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
RemovePropA
PtInRect
GetKeyboardType
GetSystemMetrics
MessageBoxA
CharNextA
CharNextW
RegisterClassExA
IntersectRect
IsWindowEnabled
IsWindowVisible
IsZoomed
WindowFromPoint
GetCapture
GetClassInfoA
GetClassNameA
GetSystemMenu
GetWindowLongA
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
GetScrollPos

gdi32

SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
DeleteEnhMetaFile
ExcludeClipRect
DeleteObject
CreatePen
CreatePenIndirect
GetClipBox
TextOutW
Rectangle
OffsetWindowOrgEx
DeleteMetaFile
SetAbortProc
CreateFontIndirectA
GetLogColorSpaceW

comdlg32

ReplaceTextW
ChooseFontA
GetSaveFileNameA
GetOpenFileNameA
FindTextW

advapi32

RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA
StrStrIA

oleaut32

SafeArrayRedim
VarRound
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayPutElement
VariantInit

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abc18e9cf3ca0343422e756586b534d4

Code Sign

12:a7:a4:98:01:69:6d:40:66:b1:e8:e6:ca:2a:3e:89Certificate

Extended Key Usages

Key Usages

73:e1:59:e7:c2:44:ea:aa:b3:a9:e7:10:f5:61:28:d1:4b:a6:2d:f4Signer

Headers

File Characteristics

Imports

comctl32

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

Sections

.text Size: 260KB - Virtual size: 257KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 28KB - Virtual size: 24KB

12:a7:a4:98:01:69:6d:40:66:b1:e8:e6:ca:2a:3e:89
Certificate

73:e1:59:e7:c2:44:ea:aa:b3:a9:e7:10:f5:61:28:d1:4b:a6:2d:f4
Signer

.text
Size: 260KB - Virtual size: 257KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 28KB - Virtual size: 24KB