b95bf7a955d1fb27858f4b340dccf838_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b95bf7a955d1fb27858f4b340dccf838_JaffaCakes118
Size

206KB
MD5

b95bf7a955d1fb27858f4b340dccf838
SHA1

00c86ad73428a80a1fc10775f9325533ecb69d0a
SHA256

e29e8db16204cb7f92e2045f4f493327ff8bf49fbc6d2efc7746faa0dd17048c
SHA512

e7e802604b4fad5a067223e7b99e9775aec06b7342a9a7e8df84d34485524d5fa461610ab775392d790d27bb0b1bf86048a2ad7fc95b66324cdc41ec7538a82a
SSDEEP

3072:zU9eObijliec7CtjkwuXpCUojED5Iw4VfaD5xU499qkR2DtLcJy1TLxLcCLQA:zU9eOmjlxBtjmQjED5Iw42Ythn

Score

1^/10

Malware Config

Signatures

Files

b95bf7a955d1fb27858f4b340dccf838_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fe0f102d30dcb01506ddaf26d8bb8074

Code Sign

75:b3:62:d1:5a:6d:51:e2:5b:63:78:3f:30:ba:3d:e1
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:f4:aa:2c:85:7e:59:e5:73:f0:b8:3c:57:21:8d:8f
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/09/2008, 00:00

Not After

30/05/2020, 10:48

Subject

CN=The Code Project Code Signing CA,O=The Code Project,C=CA

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:11:80:67:b7:1e:99:8b:ec:4d:ef:4e:19:56:af:82
Certificate

Issuer

CN=The Code Project Code Signing CA,O=The Code Project,C=CA

Not Before

19/10/2010, 00:00

Not After

18/10/2013, 23:59

Subject

CN=Biz Secure Labs Pvt. Ltd.,O=Biz Secure Labs Pvt. Ltd.,POSTALCODE=411030,STREET=1206\, Sadashiv Peth\, Tilak Road,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:23:ab:bf:27:8b:6b:c3:07:60:1c:ee:6b:4e:ca:39:51:e8:17:d6
Signer

Actual PE Digest

59:23:ab:bf:27:8b:6b:c3:07:60:1c:ee:6b:4e:ca:39:51:e8:17:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
SetFilePointer
CreateFileA
GetFileSize
Sleep
FlushFileBuffers
WriteFile
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
CloseHandle
TerminateThread
DeleteFileA
MoveFileA
CreateProcessA
CreateThread
WaitForSingleObject
SuspendThread
ResumeThread
WinExec
GetModuleFileNameA
CreateMutexA
LCMapStringW
GetLastError
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DebugBreak
GetStdHandle
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
HeapAlloc
HeapReAlloc

user32

ShowWindow
GetDlgItemTextA
MessageBoxA
DialogBoxParamA
SetForegroundWindow
GetCursorPos
LoadMenuA
GetSubMenu
TrackPopupMenu
DestroyMenu
GetWindowTextA
GetDlgItem
SetClassLongA
SetWindowLongA
BeginPaint
GetClientRect
FillRect
EndPaint
EndDialog
GetDC
SetWindowTextA
FindWindowA
LoadCursorA
ShowCursor
LoadIconA
SendMessageA
EnableWindow
SetDlgItemTextA

gdi32

CreateSolidBrush
CreatePen
SetTextColor
SetBkColor
SetBkMode
SelectObject

advapi32

RegSetValueExA
RegOpenKeyA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

shell32

SHBrowseForFolderA
SHGetSpecialFolderPathA
Shell_NotifyIconA
SHGetPathFromIDListA

wininet

InternetSetFilePointer
InternetOpenUrlA
InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

shlwapi

PathFileExistsA

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe0f102d30dcb01506ddaf26d8bb8074

Code Sign

75:b3:62:d1:5a:6d:51:e2:5b:63:78:3f:30:ba:3d:e1Certificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:f4:aa:2c:85:7e:59:e5:73:f0:b8:3c:57:21:8d:8fCertificate

Key Usages

b5:11:80:67:b7:1e:99:8b:ec:4d:ef:4e:19:56:af:82Certificate

Extended Key Usages

Key Usages

59:23:ab:bf:27:8b:6b:c3:07:60:1c:ee:6b:4e:ca:39:51:e8:17:d6Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

shlwapi

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 112KB - Virtual size: 109KB

75:b3:62:d1:5a:6d:51:e2:5b:63:78:3f:30:ba:3d:e1
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:f4:aa:2c:85:7e:59:e5:73:f0:b8:3c:57:21:8d:8f
Certificate

b5:11:80:67:b7:1e:99:8b:ec:4d:ef:4e:19:56:af:82
Certificate

59:23:ab:bf:27:8b:6b:c3:07:60:1c:ee:6b:4e:ca:39:51:e8:17:d6
Signer

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 112KB - Virtual size: 109KB