b4008a8e01412aabc01ba398bdf04fe5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4008a8e01412aabc01ba398bdf04fe5_JaffaCakes118
Size

214KB
MD5

b4008a8e01412aabc01ba398bdf04fe5
SHA1

b7a00dc36faf919eaa04eff988da770eb4da98ca
SHA256

509595c52d13d187d5db26cf9358efb960bb3e8721ac86a7eb06b769613a411f
SHA512

4445b51275ec7ed2e2c347c8638936bf7ff88ea8d50dea251fe26d169661aee87aefbad3cd9baba648de4b5b0e9314831d855d682b776c35fda69fd1aede6cbc
SSDEEP

3072:PIzpmo5YsiXwyj3F3cuRBmUVMOSjwme2wHSRkopAOIrFeH+Q7LjiR:PI0o5YJXh3cu7pV8vyZZ

Score

1^/10

Malware Config

Signatures

Files

b4008a8e01412aabc01ba398bdf04fe5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4bddc64ad492b304e9cc664d315a6ff9

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:28:b0:49:6b:2d:e8:96:6b:50:69:91:46:a8:aa:dc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/01/2018, 00:00

Not After

16/01/2019, 23:59

Subject

CN=John El Self,O=John El Self,POSTALCODE=75791,STREET=19724 Highland Place,L=Whitehouse,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:3b:5b:6d:21:c9:4b:4f:43:3f:1a:85:37:e5:19:85:4b:5f:2b:54
Signer

Actual PE Digest

da:3b:5b:6d:21:c9:4b:4f:43:3f:1a:85:37:e5:19:85:4b:5f:2b:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
RaiseException
GetACP
HeapSize
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetDriveTypeA
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
TerminateProcess
ExitProcess
HeapAlloc
GetProfileStringA
HeapReAlloc
HeapFree
RtlUnwind
GetFullPathNameA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
SetErrorMode
SizeofResource
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalFlags
GetProcessVersion
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcpynA
MulDiv
SetLastError
GlobalUnlock
GlobalFree
GetProcAddress
CloseHandle
GlobalLock
GlobalAlloc
lstrcmpA
GetCurrentThread
LocalFree
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
SetCurrentDirectoryA
FreeLibrary
LoadLibraryA
GetEnvironmentStrings

user32

MapWindowPoints
UpdateWindow
PostMessageA
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
GetActiveWindow
TranslateMessage
GetMessageA
CreateDialogIndirectParamA
EndDialog
LoadStringA
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
TabbedTextOutA
DrawTextA
GrayStringA
wvsprintfA
DestroyMenu
InflateRect
LoadCursorA
GetSysColorBrush
GetClassNameA
PtInRect
CopyRect
IsWindowVisible
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetKeyState
DestroyWindow
CreateWindowExA
GetSysColor
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
GetUpdateRect
wsprintfA
EnableWindow
SetActiveWindow
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
CharNextA
IsWindowUnicode
BeginPaint
EndPaint
InvalidateRect
GetFocus
GetParent
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
PeekMessageA
DispatchMessageA
IsWindow
AdjustWindowRectEx
SetWindowsHookExA
ScreenToClient
SetCapture
SetFocus
ReleaseCapture
GetPropA

gdi32

SetTextColor
SetBkColor
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetClipBox
DeleteObject
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateDCA
PatBlt
DPtoLP
CreateBitmap
GetTextMetricsA
GetDeviceCaps
StartPage
EndPage
GetBkColor
Rectangle
StartDocA
EndDoc
GetStockObject
GetObjectA
CreateFontIndirectA
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreatePen

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
PrintDlgA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey

comctl32

ord17

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bddc64ad492b304e9cc664d315a6ff9

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

0a:28:b0:49:6b:2d:e8:96:6b:50:69:91:46:a8:aa:dcCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

da:3b:5b:6d:21:c9:4b:4f:43:3f:1a:85:37:e5:19:85:4b:5f:2b:54Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 28KB - Virtual size: 27KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

0a:28:b0:49:6b:2d:e8:96:6b:50:69:91:46:a8:aa:dc
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

da:3b:5b:6d:21:c9:4b:4f:43:3f:1a:85:37:e5:19:85:4b:5f:2b:54
Signer

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 28KB - Virtual size: 27KB