33f6334ef6ffc225b74cbe974ab244fa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

33f6334ef6ffc225b74cbe974ab244fa_JaffaCakes118
Size

248KB
MD5

33f6334ef6ffc225b74cbe974ab244fa
SHA1

06d855cde4ec95c15b407b9ba468eceea21346fc
SHA256

1f37659da9862fb96692c4126fbe24402e070679cf7e17a3e8ae8390bc915dc4
SHA512

b7165b095fac49acfb1be8d922959087334caf1f936e50acb4c010ceba7a715f2c1e6f585a6f917ebb178f683997a62d47269bfd50a83998be5dc4edf8a3a4d0
SSDEEP

6144:KrtCIyoJ5PUCdMt4iZKOeKWq2ZMNh1sBwwg2ZMPh0z:azyoLFdaeK/wvhgIMPhE

Score

1^/10

Malware Config

Signatures

Files

33f6334ef6ffc225b74cbe974ab244fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7708eaf52eb3cdf441692a537d410cc4

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

28-10-2010 09:07

Not After

28-10-2013 09:07

Subject

CN=BullGuard Ltd.,OU=IT,O=BullGuard Ltd.,L=Heathrow,ST=Middlesex,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:4b:81:15:85:e1:ce:1a:47:00:a9:24:a8:d3:f9:b2:fe:7c:01:dd
Signer

Actual PE Digest

8d:4b:81:15:85:e1:ce:1a:47:00:a9:24:a8:d3:f9:b2:fe:7c:01:dd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumCalendarInfoW
GetCurrentProcess
AddAtomW
OpenMutexA
GetEnvironmentStringsW
GetLocalTime
LoadLibraryExA
GlobalDeleteAtom
FindAtomA
DisconnectNamedPipe
GetDiskFreeSpaceW
FileTimeToSystemTime
GetSystemDirectoryA
CreateEventA
AddAtomA
GetModuleFileNameA
GetFullPathNameA
GetTempFileNameW
HeapCreate
SetComputerNameA
GetExitCodeProcess
SetCalendarInfoW
GetCurrentThreadId
OpenMutexW
IsBadReadPtr
GetModuleHandleW
GetProcAddress
GetSystemDefaultLangID
CreateMutexW
Beep

user32

SetForegroundWindow
LoadCursorW
CreateWindowExW
WaitForInputIdle
CharPrevA
EnumClipboardFormats
RegisterWindowMessageW
SendMessageW
UnregisterClassA
GetMenuItemCount
MonitorFromWindow
CreateDialogParamA
LoadImageW
PostMessageA
CreateDesktopW
MessageBoxW
CreateDialogIndirectParamA
EndDialog
wsprintfA
CreateDialogIndirectParamW
LoadIconA
AppendMenuA
GetMessageW
SetTimer
CharNextA
DialogBoxParamA
CreateWindowExA
CreateAcceleratorTableA
PostMessageW
CreateMenu
ShowCursor
DialogBoxParamW
PeekMessageA
InvalidateRect
RegisterClassExW
MessageBoxIndirectA
IsIconic
CharNextW
MessageBoxA
LoadBitmapA
GetClassInfoExA
GetCapture
LoadCursorA
SendDlgItemMessageA
CharPrevW
SetFocus
GetActiveWindow
GetSysColorBrush
DialogBoxIndirectParamA
GetDlgItemInt
wsprintfW
CharLowerA
MonitorFromRect
SetDlgItemInt
GetKeyState
OffsetRect
GetMenuStringA
GetClassInfoA
PeekMessageW
SetWindowPos
LoadIconW
GetMenuState
GetActiveWindow
OpenClipboard
GetClassInfoExW
TrackPopupMenu
GetMenuItemRect
GetClassInfoW
GetMenuItemInfoW
IsDlgButtonChecked
mouse_event
LoadImageA
GetIconInfo
GetDlgItemTextA
DestroyCursor
GetKeyboardType
CreateDesktopA
GetFocus
MessageBoxIndirectW
EnableWindow
wvsprintfA
wvsprintfW
GetCapture
GetScrollPos
ShowCaret
GetForegroundWindow
GetWindowRgn
ShowWindow
UpdateLayeredWindow

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetFolderPathA

ws2_32

inet_ntoa
WSACloseEvent
ioctlsocket
listen

printui

RegisterPrintNotify
bFolderRefresh

sqlunirl

_MessageBox@16
_GetPrivateProfileSection_@16
_IsCharUpper_@4
_ExtractAssociatedIcon_@12
_GetProcAddress_@8
_IsCharLower_@4

wsock32

WSAAsyncGetProtoByNumber
GetAddressByNameA
AcceptEx
socket
EnumProtocolsW
sethostname
dn_expand
getsockopt
gethostbyaddr

Sections

.PBU
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ug
Size: 1KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PNn
Size: 1KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kC
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.M
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tIFM
Size: 5KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hwrLF
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fr
Size: 4KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ezyq
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OtBaD
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gZrOG
Size: 14KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UNk
Size: 1024B - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upeuTT
Size: 1024B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7708eaf52eb3cdf441692a537d410cc4

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2b:f2:4a:45:3eCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

8d:4b:81:15:85:e1:ce:1a:47:00:a9:24:a8:d3:f9:b2:fe:7c:01:ddSigner

Headers

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

printui

sqlunirl

wsock32

Sections

.PBU Size: 2KB - Virtual size: 1KB

.Ug Size: 1KB - Virtual size: 130KB

.PNn Size: 1KB - Virtual size: 382KB

.kC Size: 92KB - Virtual size: 92KB

.M Size: 1024B - Virtual size: 376KB

.tIFM Size: 5KB - Virtual size: 154KB

.hwrLF Size: 10KB - Virtual size: 10KB

.fr Size: 4KB - Virtual size: 391KB

.ezyq Size: 4KB - Virtual size: 22KB

.OtBaD Size: 91KB - Virtual size: 91KB

.gZrOG Size: 14KB - Virtual size: 258KB

.UNk Size: 1024B - Virtual size: 394KB

.upeuTT Size: 1024B - Virtual size: 88KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 1KB - Virtual size: 1KB

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

8d:4b:81:15:85:e1:ce:1a:47:00:a9:24:a8:d3:f9:b2:fe:7c:01:dd
Signer

.PBU
Size: 2KB - Virtual size: 1KB

.Ug
Size: 1KB - Virtual size: 130KB

.PNn
Size: 1KB - Virtual size: 382KB

.kC
Size: 92KB - Virtual size: 92KB

.M
Size: 1024B - Virtual size: 376KB

.tIFM
Size: 5KB - Virtual size: 154KB

.hwrLF
Size: 10KB - Virtual size: 10KB

.fr
Size: 4KB - Virtual size: 391KB

.ezyq
Size: 4KB - Virtual size: 22KB

.OtBaD
Size: 91KB - Virtual size: 91KB

.gZrOG
Size: 14KB - Virtual size: 258KB

.UNk
Size: 1024B - Virtual size: 394KB

.upeuTT
Size: 1024B - Virtual size: 88KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 1KB - Virtual size: 1KB