b054a7382adf6b774b15f52d971f3799_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b054a7382adf6b774b15f52d971f3799_JaffaCakes118
Size

169KB
MD5

b054a7382adf6b774b15f52d971f3799
SHA1

b4d43cd2d81d17dec523915c0fc61b4b29e62c58
SHA256

bdff852398f174e9eef1db1c2d3fefdda25fe0ea90a40a2e06e51b5c0ebd69eb
SHA512

7c307a2ed0e6e483a0f3e7161ff0433e6bd498ab0b14b5359a938554999b076c4143a766b96c05dc0b949948cac97d81534ceb1300d02276ec90e2c1162383a9
SSDEEP

1536:XN9cIi98pUYi7tIP+arPg1ssvpoOJwtFT6BxdYIHs/5mBS0LiF:99clzLPPBoOJwWBxdYlxySr

Score

1^/10

Malware Config

Signatures

Files

b054a7382adf6b774b15f52d971f3799_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b25cd98650edb58a9a4d00af1d17453d

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:73:55:0b:83:76:86:3b:d9:43:0f:aa:8b:5a:29:87
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/05/2018, 00:00

Not After

21/05/2019, 23:59

Subject

CN=CELAS LLC,O=CELAS LLC,POSTALCODE=49319,STREET=15519 WHITE CREEK AVE NE,L=Cedar Springs,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:34:c4:d4:6c:b8:b5:9c:38:a1:cb:d8:1c:49:c6:ce:bc:84:28:96
Signer

Actual PE Digest

31:34:c4:d4:6c:b8:b5:9c:38:a1:cb:d8:1c:49:c6:ce:bc:84:28:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\jeus\downloader\downloader_exe_vs2010\Release\dloader.pdb

Imports

kernel32

IsBadReadPtr
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
HeapFree
VirtualProtect
SetLastError
Sleep
GetTickCount
GetCommandLineA
GetComputerNameA
GetLastError
Process32Next
CloseHandle
Process32First
CreateFileW
HeapSize
WriteConsoleW
SetStdHandle
RtlUnwind
GetStringTypeW
LCMapStringW
CreateToolhelp32Snapshot
GetSystemTimeAsFileTime
HeapReAlloc
MultiByteToWideChar
WideCharToMultiByte
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
FlushFileBuffers

advapi32

CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
RegOpenKeyExA
CryptCreateHash
CryptAcquireContextA
RegQueryValueExA

wininet

InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetSetOptionA
HttpOpenRequestA
InternetConnectA
InternetOpenA

crypt32

CryptStringToBinaryA

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b25cd98650edb58a9a4d00af1d17453d

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

9a:73:55:0b:83:76:86:3b:d9:43:0f:aa:8b:5a:29:87Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

31:34:c4:d4:6c:b8:b5:9c:38:a1:cb:d8:1c:49:c6:ce:bc:84:28:96Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

wininet

crypt32

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 107KB - Virtual size: 106KB

.reloc Size: 4KB - Virtual size: 3KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

9a:73:55:0b:83:76:86:3b:d9:43:0f:aa:8b:5a:29:87
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

31:34:c4:d4:6c:b8:b5:9c:38:a1:cb:d8:1c:49:c6:ce:bc:84:28:96
Signer

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 107KB - Virtual size: 106KB

.reloc
Size: 4KB - Virtual size: 3KB