ae3b58a66004a360f2ae293b0a7bbc9a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ae3b58a66004a360f2ae293b0a7bbc9a_JaffaCakes118
Size

231KB
MD5

ae3b58a66004a360f2ae293b0a7bbc9a
SHA1

1d128e094dfb8cbc9822021093a3b47460ce1555
SHA256

917619ac4cc6fcb2c54f5b07440603e805cc29d6fd4335731ae6154a61460bc3
SHA512

142fc14ea2eacf9a8af7bfd151d11c35539b8be7e65561dd8064b69bd01c5ba2d3942da5b7bc18c9d76be58e571cfa54002c4eba116725ebdc7bd1805094c52f
SSDEEP

3072:sd2PHUXh5RidYASjd53qI02ojksuzwj42JpfmmJCZwgEE6pjTcTeuwClKWW3n/8Z:w2fOJyf+H9uAGhJkmwwjcTe+KL0Z

Score

1^/10

Malware Config

Signatures

Files

ae3b58a66004a360f2ae293b0a7bbc9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cdc80fdee083d3fb5d0897059ceff20

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

28/10/2010, 09:07

Not After

28/10/2013, 09:07

Subject

CN=BullGuard Ltd.,OU=IT,O=BullGuard Ltd.,L=Heathrow,ST=Middlesex,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db
Signer

Actual PE Digest

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
CreateDirectoryA
GetLogicalDrives
GetCalendarInfoA
GetStringTypeA
GetExitCodeThread
GetComputerNameA
GetExpandedNameA
EnumDateFormatsW
WinExec
ConnectNamedPipe
Sleep
GetStartupInfoW
ReadDirectoryChangesW
SetLocaleInfoW
SleepEx
GetSystemDefaultLCID
ExpandEnvironmentStringsW
LoadLibraryExA
LocalAlloc
lstrcpy
GetVolumeInformationW
GetModuleHandleA
LocalFree
GetCPInfo
GetCurrentProcess
OpenEventA
GetUserDefaultLCID
GetLocaleInfoA
OpenSemaphoreA
CreateMutexW
IsBadWritePtr
BeginUpdateResourceW
DeleteAtom
GetWindowsDirectoryW
GetEnvironmentVariableA
GetDateFormatW
CreateNamedPipeA
lstrcat
RemoveDirectoryA
FreeLibrary
ExpandEnvironmentStringsA
CopyFileExA
WaitForMultipleObjects
GetNumberFormatA
EnumCalendarInfoA
GetModuleHandleW
FindAtomW
GetSystemTime
GetStartupInfoA
GetProcessHeap
GetLongPathNameA
CopyFileA
DisconnectNamedPipe
GetEnvironmentStringsA
GetEnvironmentStringsW
MoveFileA
GetProcAddress
GetTickCount
CreateSemaphoreW
CreateEventW
GetVersionExA
SetEvent
GetDiskFreeSpaceA
GetSystemDirectoryA
GetVersion
MultiByteToWideChar
SystemTimeToFileTime

user32

PostMessageW
CopyIcon
SetCursor
InvalidateRect
MessageBoxW
SetWindowLongW
GetDlgItemTextA
IsIconic
MessageBoxA
RegisterClassExA
LoadCursorW
GetMenuInfo
CharUpperW
EndDialog
InsertMenuA
InsertMenuItemW
LoadBitmapW
GetClassInfoW
SendDlgItemMessageW
LoadCursorA
RegisterWindowMessageW
FindWindowW
CopyRect
EnumWindows
EndMenu
GetSysColorBrush
EnableMenuItem
GetKeyState
GetDCEx
GetMenuItemCount
OffsetRect
AppendMenuW
CreatePopupMenu
wsprintfA
CharNextW
LoadBitmapA
DialogBoxIndirectParamA
SetWindowTextW
mouse_event
PeekMessageW
CharPrevW
CharNextA
LoadMenuIndirectA
GetDlgItemTextW
LoadMenuA
MonitorFromRect
WaitForInputIdle
SetWindowPos
GetKeyboardLayout
LoadMenuIndirectW
MessageBoxIndirectW
SetWindowRgn
SetMenu
GetMessageW
wvsprintfA
SetCapture
CreateAcceleratorTableA
keybd_event
MoveWindow
CreateMenu
WinHelpW
CreateDialogParamA

gdi32

CreateBitmapIndirect
CreateICW
CreateDIBSection
CreateRoundRectRgn
SelectBrushLocal
CreateMetaFileA
CreateBrushIndirect
GetEnhMetaFileW

advapi32

CryptContextAddRef

shell32

ShellExecuteEx
ShellExecuteA
SHGetDataFromIDListW
SHGetDataFromIDListA
Shell_NotifyIcon
SHCreateDirectoryExA
StrNCmpA

shlwapi

PathIsRelativeA
UrlUnescapeW
SHOpenRegStreamA
PathIsSameRootA
IntlStrEqWorkerA
PathIsUNCServerA
UrlIsNoHistoryW
UrlCreateFromPathW
SHEnumValueA
SHRegQueryInfoUSKeyW
AssocQueryStringW
PathCanonicalizeA
HashData
StrChrIA
UrlGetPartA
UrlHashW

Sections

.ZQPt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qaC
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mPL
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vi
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uJiHFf
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.A
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mfAbF
Size: 3KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cdc80fdee083d3fb5d0897059ceff20

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2b:f2:4a:45:3eCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:dbSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.ZQPt Size: 8KB - Virtual size: 8KB

.qaC Size: 92KB - Virtual size: 92KB

.mPL Size: 12KB - Virtual size: 12KB

.vi Size: 4KB - Virtual size: 21KB

.uJiHFf Size: 90KB - Virtual size: 90KB

.A Size: 5KB - Virtual size: 14KB

.mfAbF Size: 3KB - Virtual size: 140KB

.rsrc Size: 7KB - Virtual size: 6KB

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db
Signer

.ZQPt
Size: 8KB - Virtual size: 8KB

.qaC
Size: 92KB - Virtual size: 92KB

.mPL
Size: 12KB - Virtual size: 12KB

.vi
Size: 4KB - Virtual size: 21KB

.uJiHFf
Size: 90KB - Virtual size: 90KB

.A
Size: 5KB - Virtual size: 14KB

.mfAbF
Size: 3KB - Virtual size: 140KB

.rsrc
Size: 7KB - Virtual size: 6KB