8a727d7405d5c0f2b91c47f5947b87b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a727d7405d5c0f2b91c47f5947b87b0_JaffaCakes118
Size

248KB
MD5

8a727d7405d5c0f2b91c47f5947b87b0
SHA1

e25b8375f0507acef402164d941760c94f5bd4dc
SHA256

3733abcb7ee3bb38e65ac53724019d756d934665a9365a69b6148628561bf61c
SHA512

17d2a0fd57c20b0da3240588a90a28c9ca45115086591a48a2c679c8f9dd7ed960d3dad26abeb9f9399c2f6254209f7f2bd4fbde13cfc3fc49eefb9a04ac6b5d
SSDEEP

6144:lrtCIyoJ5PUCdMt4iZKOeKWq2ZMNh1sBwwg2ZMPh0z:tzyoLFdaeK/wvhgIMPhE

Score

1^/10

Malware Config

Signatures

Files

8a727d7405d5c0f2b91c47f5947b87b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7708eaf52eb3cdf441692a537d410cc4

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

28/10/2010, 09:07

Not After

28/10/2013, 09:07

Subject

CN=BullGuard Ltd.,OU=IT,O=BullGuard Ltd.,L=Heathrow,ST=Middlesex,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:4b:81:15:85:e1:ce:1a:47:00:a9:24:a8:d3:f9:b2:fe:7c:01:dd
Signer

Actual PE Digest

8d:4b:81:15:85:e1:ce:1a:47:00:a9:24:a8:d3:f9:b2:fe:7c:01:dd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumCalendarInfoW
GetCurrentProcess
AddAtomW
OpenMutexA
GetEnvironmentStringsW
GetLocalTime
LoadLibraryExA
GlobalDeleteAtom
FindAtomA
DisconnectNamedPipe
GetDiskFreeSpaceW
FileTimeToSystemTime
GetSystemDirectoryA
CreateEventA
AddAtomA
GetModuleFileNameA
GetFullPathNameA
GetTempFileNameW
HeapCreate
SetComputerNameA
GetExitCodeProcess
SetCalendarInfoW
GetCurrentThreadId
OpenMutexW
IsBadReadPtr
GetModuleHandleW
GetProcAddress
GetSystemDefaultLangID
CreateMutexW
Beep

user32

SetForegroundWindow
LoadCursorW
CreateWindowExW
WaitForInputIdle
CharPrevA
EnumClipboardFormats
RegisterWindowMessageW
SendMessageW
UnregisterClassA
GetMenuItemCount
MonitorFromWindow
CreateDialogParamA
LoadImageW
PostMessageA
CreateDesktopW
MessageBoxW
CreateDialogIndirectParamA
EndDialog
wsprintfA
CreateDialogIndirectParamW
LoadIconA
AppendMenuA
GetMessageW
SetTimer
CharNextA
DialogBoxParamA
CreateWindowExA
CreateAcceleratorTableA
PostMessageW
CreateMenu
ShowCursor
DialogBoxParamW
PeekMessageA
InvalidateRect
RegisterClassExW
MessageBoxIndirectA
IsIconic
CharNextW
MessageBoxA
LoadBitmapA
GetClassInfoExA
GetCapture
LoadCursorA
SendDlgItemMessageA
CharPrevW
SetFocus
GetActiveWindow
GetSysColorBrush
DialogBoxIndirectParamA
GetDlgItemInt
wsprintfW
CharLowerA
MonitorFromRect
SetDlgItemInt
GetKeyState
OffsetRect
GetMenuStringA
GetClassInfoA
PeekMessageW
SetWindowPos
LoadIconW
GetMenuState
GetActiveWindow
OpenClipboard
GetClassInfoExW
TrackPopupMenu
GetMenuItemRect
GetClassInfoW
GetMenuItemInfoW
IsDlgButtonChecked
mouse_event
LoadImageA
GetIconInfo
GetDlgItemTextA
DestroyCursor
GetKeyboardType
CreateDesktopA
GetFocus
MessageBoxIndirectW
EnableWindow
wvsprintfA
wvsprintfW
GetCapture
GetScrollPos
ShowCaret
GetForegroundWindow
GetWindowRgn
ShowWindow
UpdateLayeredWindow

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetFolderPathA

ws2_32

inet_ntoa
WSACloseEvent
ioctlsocket
listen

printui

RegisterPrintNotify
bFolderRefresh

sqlunirl

_MessageBox@16
_GetPrivateProfileSection_@16
_IsCharUpper_@4
_ExtractAssociatedIcon_@12
_GetProcAddress_@8
_IsCharLower_@4

wsock32

WSAAsyncGetProtoByNumber
GetAddressByNameA
AcceptEx
socket
EnumProtocolsW
sethostname
dn_expand
getsockopt
gethostbyaddr

Sections

.PBU
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ug
Size: 1KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PNn
Size: 1KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kC
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.M
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tIFM
Size: 5KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hwrLF
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fr
Size: 4KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ezyq
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OtBaD
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gZrOG
Size: 14KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UNk
Size: 1024B - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upeuTT
Size: 1024B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7708eaf52eb3cdf441692a537d410cc4

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2b:f2:4a:45:3eCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

8d:4b:81:15:85:e1:ce:1a:47:00:a9:24:a8:d3:f9:b2:fe:7c:01:ddSigner

Headers

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

printui

sqlunirl

wsock32

Sections

.PBU Size: 2KB - Virtual size: 1KB

.Ug Size: 1KB - Virtual size: 130KB

.PNn Size: 1KB - Virtual size: 382KB

.kC Size: 92KB - Virtual size: 92KB

.M Size: 1024B - Virtual size: 376KB

.tIFM Size: 5KB - Virtual size: 154KB

.hwrLF Size: 10KB - Virtual size: 10KB

.fr Size: 4KB - Virtual size: 391KB

.ezyq Size: 4KB - Virtual size: 22KB

.OtBaD Size: 91KB - Virtual size: 91KB

.gZrOG Size: 14KB - Virtual size: 258KB

.UNk Size: 1024B - Virtual size: 394KB

.upeuTT Size: 1024B - Virtual size: 88KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 1KB - Virtual size: 1KB

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

8d:4b:81:15:85:e1:ce:1a:47:00:a9:24:a8:d3:f9:b2:fe:7c:01:dd
Signer

.PBU
Size: 2KB - Virtual size: 1KB

.Ug
Size: 1KB - Virtual size: 130KB

.PNn
Size: 1KB - Virtual size: 382KB

.kC
Size: 92KB - Virtual size: 92KB

.M
Size: 1024B - Virtual size: 376KB

.tIFM
Size: 5KB - Virtual size: 154KB

.hwrLF
Size: 10KB - Virtual size: 10KB

.fr
Size: 4KB - Virtual size: 391KB

.ezyq
Size: 4KB - Virtual size: 22KB

.OtBaD
Size: 91KB - Virtual size: 91KB

.gZrOG
Size: 14KB - Virtual size: 258KB

.UNk
Size: 1024B - Virtual size: 394KB

.upeuTT
Size: 1024B - Virtual size: 88KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 1KB - Virtual size: 1KB