2aa71354a0d067cee14ecc34f2cc2494_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2aa71354a0d067cee14ecc34f2cc2494_JaffaCakes118
Size

142KB
MD5

2aa71354a0d067cee14ecc34f2cc2494
SHA1

0a3925f639d555f91b5b7359fc305797cc8ae210
SHA256

ca39db6dc8bd15162673dab035356b9d73854b2ba99cca1da668d7b250f32b0a
SHA512

14b962a3ddb6ddaceefc02c7fe36724015dcd69af255838fc84367d4be9bc2b361ef70187027db4e757463bff3d22615ca8425833ad84ebc1602dce730d58b42
SSDEEP

3072:MGWov82EddNaEhtfcHVme1o+vlR+wDZjpZIX+tKJdQ:SwYhtWVmJUl0wDZj0ECQ

Score

1^/10

Malware Config

Signatures

Files

2aa71354a0d067cee14ecc34f2cc2494_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e81e611d28c480ba5e36ab2407de33e4

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

28/01/2011, 00:00

Not After

27/01/2013, 23:59

Subject

CN=Zugo Ltd,O=Zugo Ltd,POSTALCODE=JE4 9NU,STREET=37 Broad St.+STREET=1st Floor+STREET=PO Box 36,L=St Helier,ST=Jersey,C=JE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:1b:37:ab:35:09:db:ba:a9:c4:db:13:7a:ff:10:b4:33:29:ba:f9
Signer

Actual PE Digest

59:1b:37:ab:35:09:db:ba:a9:c4:db:13:7a:ff:10:b4:33:29:ba:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\zugo-toolbar\ZTB_2.4\Components\ZugoBuild\Release\ReactivateIE.pdb

Imports

kernel32

SetUnhandledExceptionFilter
lstrcmpiW
LocalAlloc
LocalFree
lstrcatW
GetCurrentProcess
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
InterlockedDecrement
GetVersionExW
HeapAlloc
GetProcessHeap
HeapFree
SetErrorMode
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetTickCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetCurrentProcessId
ExitProcess
WideCharToMultiByte
LockResource
SizeofResource
LoadResource
FindResourceExW
FindResourceW
GetModuleFileNameW
lstrlenW
GetLastError
MultiByteToWideChar
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetModuleHandleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
Sleep
LCMapStringW
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
GetCPInfo
VirtualAlloc
VirtualFree
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapCreate

advapi32

RegCreateKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
GetTokenInformation
OpenProcessToken
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
ConvertStringSidToSidW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString

oleaut32

SysAllocString
SysFreeString
SysStringLen
VarBstrCat
VarBstrCmp
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e81e611d28c480ba5e36ab2407de33e4

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9Certificate

Extended Key Usages

Key Usages

59:1b:37:ab:35:09:db:ba:a9:c4:db:13:7a:ff:10:b4:33:29:ba:f9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 10KB - Virtual size: 9KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

59:1b:37:ab:35:09:db:ba:a9:c4:db:13:7a:ff:10:b4:33:29:ba:f9
Signer

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 10KB - Virtual size: 9KB