859734f5023c7f1689aec03ea852099f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

859734f5023c7f1689aec03ea852099f_JaffaCakes118
Size

3.2MB
MD5

859734f5023c7f1689aec03ea852099f
SHA1

06b766f7d4e65147cbbc7aeed55449835ff2c80c
SHA256

53e079525bfefc8ce6dd3c9cf569e653b5181a65a7550db3b86d671e8516c3ce
SHA512

e496d7881893f898bb9570f849488fea1653fdb50e20e530e91d894df5f4360e51e1b5e2657ab980539f424938a2ffc0255a62cac29136014c8cf3a7da7dd18d
SSDEEP

98304:QZN5iErqX/nsh7KC+q4ZH+InrsuFIaVbCC9:CIErrh7KJZe+PFBRT9

Score

1^/10

Malware Config

Signatures

Files

859734f5023c7f1689aec03ea852099f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb0bbd05fc4648a01f8e04b3e781f333

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:bb:0b:72:18:4e:df:3a:53:89:82:06:2e:c8:29:e0
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/12/2010, 00:00

Not After

10/12/2011, 23:59

Subject

CN=Serotek Corporation,O=Serotek Corporation,POSTALCODE=55403,STREET=Suite 310+STREET=1128 Harmon Place,L=Minneapolis,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e3:ee:ca:e3:d8:26:6a:4b:b7:c3:cc:22:2d:8b:c1:0c:bd:a0:fb:12
Signer

Actual PE Digest

e3:ee:ca:e3:d8:26:6a:4b:b7:c3:cc:22:2d:8b:c1:0c:bd:a0:fb:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CloseHandle
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
CreateProcessW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
ExitProcess
FindAtomA
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetAtomNameA
GetCommandLineA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetNamedPipeHandleStateA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
PeekNamedPipe
ReadFile
RemoveDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointerEx
SetFileTime
SetNamedPipeHandleState
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_chsize
_close
_errno
_get_osfhandle
_iob
_isctype
_onexit
_open
_open_osfhandle
_pctype
_rmdir
_setmode
_strdup
_umask
_unlink
_wchdir
_winmajor
_wmkdir
_wopen
_wrmdir
_wunlink
abort
atexit
calloc
exit
fputc
free
fwrite
getenv
localeconv
malloc
mbtowc
memchr
memcmp
memcpy
memmove
memset
realloc
signal
strcmp
strlen
strrchr
swprintf
time
toupper
vfprintf
wcscat
wcscpy
wcslen
wcsncat
wcsncpy
wcsrchr

shell32

SHGetSpecialFolderPathW

Exports

Exports

__archive_entry_acl_parse_w
archive_api_feature
archive_api_version
archive_clear_error
archive_compression
archive_compression_name
archive_copy_error
archive_entry_acl_add_entry
archive_entry_acl_add_entry_w
archive_entry_acl_clear
archive_entry_acl_count
archive_entry_acl_next
archive_entry_acl_reset
archive_entry_acl_text_w
archive_entry_atime
archive_entry_atime_is_set
archive_entry_atime_nsec
archive_entry_birthtime
archive_entry_birthtime_is_set
archive_entry_birthtime_nsec
archive_entry_clear
archive_entry_clone
archive_entry_copy_fflags_text
archive_entry_copy_fflags_text_w
archive_entry_copy_gname
archive_entry_copy_gname_w
archive_entry_copy_hardlink
archive_entry_copy_hardlink_w
archive_entry_copy_link
archive_entry_copy_link_w
archive_entry_copy_pathname
archive_entry_copy_pathname_w
archive_entry_copy_sourcepath
archive_entry_copy_symlink
archive_entry_copy_symlink_w
archive_entry_copy_uname
archive_entry_copy_uname_w
archive_entry_ctime
archive_entry_ctime_is_set
archive_entry_ctime_nsec
archive_entry_dev
archive_entry_devmajor
archive_entry_devminor
archive_entry_fflags
archive_entry_fflags_text
archive_entry_filetype
archive_entry_free
archive_entry_gid
archive_entry_gname
archive_entry_gname_w
archive_entry_hardlink
archive_entry_hardlink_w
archive_entry_ino
archive_entry_ino64
archive_entry_mode
archive_entry_mtime
archive_entry_mtime_is_set
archive_entry_mtime_nsec
archive_entry_new
archive_entry_nlink
archive_entry_pathname
archive_entry_pathname_w
archive_entry_rdev
archive_entry_rdevmajor
archive_entry_rdevminor
archive_entry_set_atime
archive_entry_set_birthtime
archive_entry_set_ctime
archive_entry_set_dev
archive_entry_set_devmajor
archive_entry_set_devminor
archive_entry_set_fflags
archive_entry_set_filetype
archive_entry_set_gid
archive_entry_set_gname
archive_entry_set_hardlink
archive_entry_set_ino
archive_entry_set_ino64
archive_entry_set_link
archive_entry_set_mode
archive_entry_set_mtime
archive_entry_set_nlink
archive_entry_set_pathname
archive_entry_set_perm
archive_entry_set_rdev
archive_entry_set_rdevmajor
archive_entry_set_rdevminor
archive_entry_set_size
archive_entry_set_symlink
archive_entry_set_uid
archive_entry_set_uname
archive_entry_size
archive_entry_size_is_set
archive_entry_sourcepath
archive_entry_symlink
archive_entry_symlink_w
archive_entry_uid
archive_entry_uname
archive_entry_uname_w
archive_entry_unset_atime
archive_entry_unset_birthtime
archive_entry_unset_ctime
archive_entry_unset_mtime
archive_entry_unset_size
archive_entry_update_gname_utf8
archive_entry_update_hardlink_utf8
archive_entry_update_link_utf8
archive_entry_update_pathname_utf8
archive_entry_update_symlink_utf8
archive_entry_update_uname_utf8
archive_entry_xattr_add_entry
archive_entry_xattr_clear
archive_entry_xattr_count
archive_entry_xattr_next
archive_entry_xattr_reset
archive_errno
archive_error_string
archive_file_count
archive_format
archive_format_name
archive_position_compressed
archive_position_uncompressed
archive_read_close
archive_read_data
archive_read_data_block
archive_read_data_into_buffer
archive_read_data_skip
archive_read_extract_set_skip_file
archive_read_finish
archive_read_header_position
archive_read_new
archive_read_next_header
archive_read_next_header2
archive_read_open
archive_read_open2
archive_read_open_memory
archive_read_open_memory2
archive_read_set_filter_options
archive_read_set_format_options
archive_read_set_options
archive_read_support_compression_lzma
archive_read_support_compression_xz
archive_read_support_format_gnutar
archive_read_support_format_tar
archive_set_error
archive_version
archive_version_number
archive_version_stamp
archive_version_string
archive_write_close
archive_write_data
archive_write_data_block
archive_write_disk_new
archive_write_disk_set_group_lookup
archive_write_disk_set_options
archive_write_disk_set_skip_file
archive_write_disk_set_user_lookup
archive_write_finish
archive_write_finish_entry
archive_write_header

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb0bbd05fc4648a01f8e04b3e781f333

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:bb:0b:72:18:4e:df:3a:53:89:82:06:2e:c8:29:e0Certificate

Extended Key Usages

Key Usages

e3:ee:ca:e3:d8:26:6a:4b:b7:c3:cc:22:2d:8b:c1:0c:bd:a0:fb:12Signer

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

Exports

Exports

Sections

.text Size: 115KB - Virtual size: 115KB

.data Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 25KB - Virtual size: 24KB

.bss Size: - Virtual size: 3KB

.edata Size: 5KB - Virtual size: 5KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 3KB - Virtual size: 2KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:bb:0b:72:18:4e:df:3a:53:89:82:06:2e:c8:29:e0
Certificate

e3:ee:ca:e3:d8:26:6a:4b:b7:c3:cc:22:2d:8b:c1:0c:bd:a0:fb:12
Signer

.text
Size: 115KB - Virtual size: 115KB

.data
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 25KB - Virtual size: 24KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 5KB - Virtual size: 5KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 3KB - Virtual size: 2KB