b9ca5258094b3b4d394f9fdb7f9fa7f8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b9ca5258094b3b4d394f9fdb7f9fa7f8_JaffaCakes118
Size

231KB
MD5

b9ca5258094b3b4d394f9fdb7f9fa7f8
SHA1

04eae947481a34f78613f20640d022e31d4169d0
SHA256

01a3d0fab1d23f68a23826efd1dbea8872ec30b2600fa59abc3d95bbb6b3c68d
SHA512

6eed7e0ed7aebe1e8cb42aa3169d11d4b68420b447987bedd95b50f13e07914ea9ad3ebe92e619a960f877988d06a6fdd89449d80bb12af470b33713ac79fc9c
SSDEEP

3072:Ld2PHUXh5RidYASjd53qI02ojksuzwj42JpfmmJCZwgEE6pjTcTeuwClKWW3n/8Z:Z2fOJyf+H9uAGhJkmwwjcTe+KL0Z

Score

1^/10

Malware Config

Signatures

Files

b9ca5258094b3b4d394f9fdb7f9fa7f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cdc80fdee083d3fb5d0897059ceff20

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

28/10/2010, 09:07

Not After

28/10/2013, 09:07

Subject

CN=BullGuard Ltd.,OU=IT,O=BullGuard Ltd.,L=Heathrow,ST=Middlesex,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db
Signer

Actual PE Digest

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
CreateDirectoryA
GetLogicalDrives
GetCalendarInfoA
GetStringTypeA
GetExitCodeThread
GetComputerNameA
GetExpandedNameA
EnumDateFormatsW
WinExec
ConnectNamedPipe
Sleep
GetStartupInfoW
ReadDirectoryChangesW
SetLocaleInfoW
SleepEx
GetSystemDefaultLCID
ExpandEnvironmentStringsW
LoadLibraryExA
LocalAlloc
lstrcpy
GetVolumeInformationW
GetModuleHandleA
LocalFree
GetCPInfo
GetCurrentProcess
OpenEventA
GetUserDefaultLCID
GetLocaleInfoA
OpenSemaphoreA
CreateMutexW
IsBadWritePtr
BeginUpdateResourceW
DeleteAtom
GetWindowsDirectoryW
GetEnvironmentVariableA
GetDateFormatW
CreateNamedPipeA
lstrcat
RemoveDirectoryA
FreeLibrary
ExpandEnvironmentStringsA
CopyFileExA
WaitForMultipleObjects
GetNumberFormatA
EnumCalendarInfoA
GetModuleHandleW
FindAtomW
GetSystemTime
GetStartupInfoA
GetProcessHeap
GetLongPathNameA
CopyFileA
DisconnectNamedPipe
GetEnvironmentStringsA
GetEnvironmentStringsW
MoveFileA
GetProcAddress
GetTickCount
CreateSemaphoreW
CreateEventW
GetVersionExA
SetEvent
GetDiskFreeSpaceA
GetSystemDirectoryA
GetVersion
MultiByteToWideChar
SystemTimeToFileTime

user32

PostMessageW
CopyIcon
SetCursor
InvalidateRect
MessageBoxW
SetWindowLongW
GetDlgItemTextA
IsIconic
MessageBoxA
RegisterClassExA
LoadCursorW
GetMenuInfo
CharUpperW
EndDialog
InsertMenuA
InsertMenuItemW
LoadBitmapW
GetClassInfoW
SendDlgItemMessageW
LoadCursorA
RegisterWindowMessageW
FindWindowW
CopyRect
EnumWindows
EndMenu
GetSysColorBrush
EnableMenuItem
GetKeyState
GetDCEx
GetMenuItemCount
OffsetRect
AppendMenuW
CreatePopupMenu
wsprintfA
CharNextW
LoadBitmapA
DialogBoxIndirectParamA
SetWindowTextW
mouse_event
PeekMessageW
CharPrevW
CharNextA
LoadMenuIndirectA
GetDlgItemTextW
LoadMenuA
MonitorFromRect
WaitForInputIdle
SetWindowPos
GetKeyboardLayout
LoadMenuIndirectW
MessageBoxIndirectW
SetWindowRgn
SetMenu
GetMessageW
wvsprintfA
SetCapture
CreateAcceleratorTableA
keybd_event
MoveWindow
CreateMenu
WinHelpW
CreateDialogParamA

gdi32

CreateBitmapIndirect
CreateICW
CreateDIBSection
CreateRoundRectRgn
SelectBrushLocal
CreateMetaFileA
CreateBrushIndirect
GetEnhMetaFileW

advapi32

CryptContextAddRef

shell32

ShellExecuteEx
ShellExecuteA
SHGetDataFromIDListW
SHGetDataFromIDListA
Shell_NotifyIcon
SHCreateDirectoryExA
StrNCmpA

shlwapi

PathIsRelativeA
UrlUnescapeW
SHOpenRegStreamA
PathIsSameRootA
IntlStrEqWorkerA
PathIsUNCServerA
UrlIsNoHistoryW
UrlCreateFromPathW
SHEnumValueA
SHRegQueryInfoUSKeyW
AssocQueryStringW
PathCanonicalizeA
HashData
StrChrIA
UrlGetPartA
UrlHashW

Sections

.ZQPt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qaC
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mPL
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vi
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uJiHFf
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.A
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mfAbF
Size: 3KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cdc80fdee083d3fb5d0897059ceff20

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2b:f2:4a:45:3eCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:dbSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.ZQPt Size: 8KB - Virtual size: 8KB

.qaC Size: 92KB - Virtual size: 92KB

.mPL Size: 12KB - Virtual size: 12KB

.vi Size: 4KB - Virtual size: 21KB

.uJiHFf Size: 90KB - Virtual size: 90KB

.A Size: 5KB - Virtual size: 14KB

.mfAbF Size: 3KB - Virtual size: 140KB

.rsrc Size: 7KB - Virtual size: 6KB

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db
Signer

.ZQPt
Size: 8KB - Virtual size: 8KB

.qaC
Size: 92KB - Virtual size: 92KB

.mPL
Size: 12KB - Virtual size: 12KB

.vi
Size: 4KB - Virtual size: 21KB

.uJiHFf
Size: 90KB - Virtual size: 90KB

.A
Size: 5KB - Virtual size: 14KB

.mfAbF
Size: 3KB - Virtual size: 140KB

.rsrc
Size: 7KB - Virtual size: 6KB