cfb13a19043e026570e4fa356392105b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cfb13a19043e026570e4fa356392105b_JaffaCakes118
Size

558KB
MD5

cfb13a19043e026570e4fa356392105b
SHA1

80e56a0718ad40627d551a5afd2856eb687c9e5c
SHA256

154cace1da16f78a7c3b6309cd11852deb88d1d5ce5670da8372489be53d6c7f
SHA512

e4cf86c6bdf61883933a1fcd7a431e5a0043a516fbf1058717b2bd736700d6f386957621612f458ea54fc99dc3df6336724a3932fb7cd1fec7adf972b77a1766
SSDEEP

12288:X6X6VeXLpzl8B1Gfk5kNEFFduy8aFl17duSqT3l:X6X6sXG1GfGRTXnuJT1

Score

1^/10

Malware Config

Signatures

Files

cfb13a19043e026570e4fa356392105b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d9ce06092f876aed849188c7fe8857e4

Code Sign

ec:f3:5e:88:0a:d0:f3:bc:6f:82:df:b1:f2:e8:4c:c0
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/06/2014, 00:00

Not After

23/06/2015, 23:59

Subject

CN=Robokid Technologies,O=Robokid Technologies,POSTALCODE=2025,STREET=Athinodorou 3 Dasoupoli Strovolos,L=Nicosia,ST=Cyprus,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3f:50:45:da:41:71:39:c2:49:9b:17:51:90:4a:48:4a:ed:72:e7:0d
Signer

Actual PE Digest

3f:50:45:da:41:71:39:c2:49:9b:17:51:90:4a:48:4a:ed:72:e7:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

urlmon

URLDownloadToCacheFileA

wininet

InternetOpenA
InternetCloseHandle
InternetQueryOptionA
InternetSetOptionA
InternetCrackUrlA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA

ws2_32

inet_ntoa
WSACleanup
WSAStartup
gethostbyname

kernel32

OpenThread
GetLastError
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
Sleep
LoadResource
SizeofResource
GetFileType
FindClose
CloseHandle
GetTickCount
PeekNamedPipe
GetMailslotInfo
GetModuleFileNameA
FindResourceW
FindResourceExW
GetDiskFreeSpaceA
CreateFileA
DeleteFileA
FindFirstFileA
FindNextFileA
MultiByteToWideChar
WideCharToMultiByte
GetTimeZoneInformation
GetFileSize
GetFileSizeEx
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
CreateDirectoryA
GetCurrentProcess
TerminateProcess
GetVersion
GetModuleHandleA
GetVersionExA
CreateMutexA
OpenMutexA
LocalFree
SetLastError
LocalAlloc
InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
RaiseException
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
MulDiv
lstrcmpA
InitializeCriticalSection
GlobalHandle
GlobalFree
lstrcmpiA
LoadLibraryExA
FindResourceA
IsDBCSLeadByte
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetCommandLineA
AreFileApisANSI
LoadLibraryExW
ExitThread
IsDebuggerPresent
VirtualQuery
VirtualProtect
GetSystemInfo
RtlUnwind
GetStringTypeW
EncodePointer
lstrlenA
DecodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
InterlockedDecrement
FreeEnvironmentStringsW
OutputDebugStringW
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
MoveFileExW
QueryPerformanceCounter
FlushInstructionCache
GetCurrentProcessId
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
IsValidCodePage
SetFilePointerEx
SetStdHandle
WriteConsoleW
CreateFileW
ReadConsoleW
SetEnvironmentVariableA
TlsFree
DeleteCriticalSection
GetStartupInfoW

user32

GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
CreateDialogIndirectParamA
MapDialogRect
SetWindowContextHelpId
KillTimer
SetTimer
SendDlgItemMessageA
EndDialog
GetMonitorInfoA
MonitorFromWindow
IsDialogMessageA
LoadCursorA
IsWindowVisible
GetDesktopWindow
SetWindowLongA
GetWindowLongA
FillRect
GetSysColor
MapWindowPoints
ScreenToClient
ClientToScreen
GetWindowRect
GetClientRect
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
GetDC
FindWindowExA
GetWindow
DestroyAcceleratorTable
CreateAcceleratorTableA
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextA
GetDlgItem
MoveWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExA
GetClassInfoExA
RegisterClassExA
CallWindowProcA
PostQuitMessage
DefWindowProcA
SendMessageA
RegisterWindowMessageA
SystemParametersInfoA
GetWindowThreadProcessId
GetClassNameA
FindWindowA
GetParent
MessageBoxA
AllowSetForegroundWindow
SetForegroundWindow
GetForegroundWindow
keybd_event
GetKeyboardState
BringWindowToTop
SetWindowPos
AttachThreadInput
PostMessageA
UnregisterClassA
ReleaseDC

gdi32

CreateSolidBrush
DeleteDC
DeleteObject
CreateCompatibleDC
GetStockObject
SelectObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleBitmap

advapi32

GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
RegDeleteKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegEnumValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
RegCreateKeyExA

shell32

SHGetFolderPathA
ShellExecuteExA

ole32

CoCreateInstance
CLSIDFromProgID
CoGetClassObject
CLSIDFromString
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoInitialize
CoTaskMemRealloc
CoUninitialize

oleaut32

SysStringLen
VariantInit
VariantClear
VariantChangeType
LoadTypeLi
SysFreeString
OleCreateFontIndirect
DispCallFunc
VarUI4FromStr
VariantCopy
SysAllocStringLen
LoadRegTypeLi
SysAllocString

shlwapi

UrlEscapeA

comctl32

InitCommonControlsEx

Sections

.text
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9ce06092f876aed849188c7fe8857e4

Code Sign

ec:f3:5e:88:0a:d0:f3:bc:6f:82:df:b1:f2:e8:4c:c0Certificate

Extended Key Usages

Key Usages

3f:50:45:da:41:71:39:c2:49:9b:17:51:90:4a:48:4a:ed:72:e7:0dSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

urlmon

wininet

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 437KB - Virtual size: 437KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 11KB - Virtual size: 23KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 8KB - Virtual size: 7KB

ec:f3:5e:88:0a:d0:f3:bc:6f:82:df:b1:f2:e8:4c:c0
Certificate

3f:50:45:da:41:71:39:c2:49:9b:17:51:90:4a:48:4a:ed:72:e7:0d
Signer

.text
Size: 437KB - Virtual size: 437KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 11KB - Virtual size: 23KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 8KB - Virtual size: 7KB