d4a90650800ae20f69f7bad4650d1506_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4a90650800ae20f69f7bad4650d1506_JaffaCakes118
Size

597KB
MD5

d4a90650800ae20f69f7bad4650d1506
SHA1

ab24d1876e238fed4e15dbe6a81e4ae8062f367d
SHA256

110917a723ce6d40d886ac162fd56072ef0d30df7b962ec8c0715d6104fff8ef
SHA512

d9d208930de0335a6c06959ca760df442fecd4a51faa57d39f874865732f1cdaf2d217893490d3a0372b6aa3e11781c4a11adaf218aa8bc535ee034ba94f973c
SSDEEP

12288:DQH9CFRs4H/4Dh3uxcbABbQvzpQGa/fCvx01By1Bj6:UH9CsBZszTGZ6

Score

1^/10

Malware Config

Signatures

Files

d4a90650800ae20f69f7bad4650d1506_JaffaCakes118
.exe windows:4 windows x86 arch:x86

075d95b9fbee0c460f5d802a63cb01d7

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/05/2015, 00:00

Not After

28/05/2016, 23:59

Subject

CN=KATANA,O=KATANA,POSTALCODE=156002,STREET=44/7 ul.Ostrovskogo,L=Kostroma,ST=Kostroma region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f6:69:88:76:06:4f:a4:f1:df:fe:b5:11:62:3d:35:7a:e6:27:86:09
Signer

Actual PE Digest

f6:69:88:76:06:4f:a4:f1:df:fe:b5:11:62:3d:35:7a:e6:27:86:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

SetMenuItemInfoA
DlgDirListW
PrivateExtractIconsW
DefFrameProcA
CharLowerBuffA
GrayStringA
IsCharLowerA
DestroyCaret
GetKeyboardState
PostMessageA
ChangeDisplaySettingsA
RemovePropA
wsprintfW
RegisterClipboardFormatW
CharUpperBuffA
GetSysColor
AdjustWindowRect
GetMouseMovePointsEx
DefDlgProcW
OpenIcon
GetClassInfoW
InsertMenuItemA
GetMessageW
CreateAcceleratorTableW
GetKeyState
SetCursorPos
RegisterDeviceNotificationA
PeekMessageW
CharUpperA
DlgDirSelectExA
DlgDirSelectExW
RegisterClassA
SetCapture
CloseWindowStation
CallNextHookEx
MessageBoxTimeoutA
CreateIconFromResourceEx
GetClassLongW
LoadCursorFromFileA
MoveWindow
GetAltTabInfoW
ToUnicode
OemToCharA
IsCharUpperA
LockWorkStation
GetClipboardData
LoadStringA
SendMessageCallbackA
GetUpdateRect
RegisterClassExA
UnhookWindowsHook
GetMenuBarInfo
LoadStringW
IntersectRect
ChangeMenuA
MonitorFromRect
GetWindowWord
SendInput
GetDlgItemInt
LoadKeyboardLayoutEx
SetUserObjectInformationW
IsCharLowerW
InflateRect
GetInputDesktop
CascadeChildWindows
GetClipCursor
CopyAcceleratorTableW
UnregisterClassW
GetWindowTextLengthA
GetTopWindow
GetWindowTextA
GetWindowPlacement
CreateMenu
IsWindow
SendMessageA
IsDlgButtonChecked
GetTabbedTextExtentA
SubtractRect
AttachThreadInput
TranslateAcceleratorW
GetDlgItem
SetWindowTextW
EnumPropsExW
MessageBeep
GetDCEx
SetRectEmpty
TileWindows
DrawMenuBarTemp
UnregisterHotKey
InsertMenuW
SendMessageTimeoutW
DialogBoxParamA
IsDialogMessageA
RegisterDeviceNotificationW
SetPropA
SetWindowTextA
MenuWindowProcW
SetProcessWindowStation
ScrollChildren
AdjustWindowRectEx
GetInputState
RemovePropW
CharLowerBuffW
AnimateWindow
SetScrollRange
GetClipboardFormatNameW
EnumDisplaySettingsExA
ExitWindowsEx
LoadIconA
EnableScrollBar
ValidateRgn
DrawFrame
DrawTextExA
CharNextExA
GetCaretPos
GetKeyboardType
UpdateWindow
GetClientRect
GetWindowThreadProcessId
CharPrevExA
UpdateLayeredWindow
GetScrollRange
CloseClipboard
IsCharAlphaNumericA
FindWindowExW
DestroyAcceleratorTable
SetProgmanWindow
LoadIconW
CreateCursor
SetWindowContextHelpId
ToAsciiEx
MapVirtualKeyW
GetMenu
RegisterWindowMessageA
CloseDesktop
SetMenuItemBitmaps
GetComboBoxInfo
IsWindowUnicode
ShowScrollBar
CopyAcceleratorTableA
GetDlgCtrlID
MapWindowPoints
SetMenuDefaultItem
InvalidateRgn
LoadMenuIndirectW
SetMenuItemInfoW
DefWindowProcA
GetMonitorInfoA
GetWindowTextLengthW
DialogBoxIndirectParamA
RemoveMenu
PrintWindow
DeleteMenu
AllowForegroundActivation
IsDialogMessageW
CreateMDIWindowW
GetMenuItemCount
EnumPropsA
SetCaretPos
GetWindowModuleFileNameA
LoadAcceleratorsA
GetClassInfoA
IsGUIThread
MapVirtualKeyExA
BroadcastSystemMessageW
SetWindowsHookExW
EnumWindowStationsA
EnumDisplayMonitors
MenuItemFromPoint
GetWindow
GetKeyboardLayoutNameA
FillRect
GetWindowRect
EndMenu
BeginPaint
BroadcastSystemMessageA
SetForegroundWindow
DrawFrameControl
GetMenuItemID
GetDesktopWindow
IsMenu
ScrollWindowEx
ActivateKeyboardLayout

kernel32

ReadFile
GetFileAttributesW
EnumResourceTypesW
GetStartupInfoA
GetExitCodeProcess
WaitNamedPipeW
LockResource
UnmapViewOfFile
TryEnterCriticalSection
OutputDebugStringA
FlushConsoleInputBuffer
IsBadHugeReadPtr
PrivMoveFileIdentityW
CreateMailslotA
ReadConsoleInputA
CreateNamedPipeW
SetThreadContext
GetConsoleAliasesW
ReadConsoleOutputCharacterW
EnumSystemCodePagesW
WriteFileGather
ScrollConsoleScreenBufferA
SetErrorMode
GetAtomNameA
SetCurrentDirectoryW
WaitNamedPipeA
CreateEventW
AssignProcessToJobObject
CopyLZFile
GetDefaultCommConfigA
MultiByteToWideChar
GetProcessIoCounters
AttachConsole
ReplaceFile
GetNumberOfConsoleFonts
VirtualFree
GetAtomNameW
GetCurrentThreadId
GetNamedPipeHandleStateA
GetCommandLineW
LZCreateFileW
LZInit
GetGeoInfoA
GetLogicalDriveStringsW
GetCurrentProcess
FindFirstVolumeW
WriteConsoleOutputCharacterA
Heap32First
DelayLoadFailureHook
VerLanguageNameA
WriteConsoleOutputAttribute
MapViewOfFileEx
GetCPInfo
GetStringTypeA
GetConsoleMode
ExpandEnvironmentStringsA
GetUserGeoID
SetFileShortNameA
CreateProcessInternalW
IsValidLocale
GetCommandLineA
RtlMoveMemory
GetLocaleInfoA
GetConsoleCharType
ConsoleMenuControl
SearchPathA
GetConsoleOutputCP
FindFirstFileExW
VirtualUnlock
ReadConsoleInputExW
GetCommConfig
CreateJobSet
FindVolumeClose
EndUpdateResourceW
LZRead
GetDiskFreeSpaceA
HeapLock
RtlFillMemory
CallNamedPipeA
GetFileInformationByHandle
GetUserDefaultUILanguage
ReadConsoleInputExA
GetThreadPriorityBoost
MoveFileWithProgressW
EnumTimeFormatsW
SetMailslotInfo
LZStart
SetSystemTime
MoveFileA
EnumResourceLanguagesA
WaitForMultipleObjects
SetThreadPriorityBoost
FindClose
TlsFree
GetConsoleTitleA
WritePrivateProfileStructW
GlobalLock
TransmitCommChar
MulDiv
GetStringTypeExW
GetConsoleWindow
CreateJobObjectW
SetCriticalSectionSpinCount
SetComputerNameA
GlobalAddAtomA
GetVolumeInformationW
GetVersionExA
IsBadStringPtrW
TransactNamedPipe
InitializeCriticalSection
OpenMutexW
SetWaitableTimer
RtlZeroMemory
CreateDirectoryExA
FindNextChangeNotification
ChangeTimerQueueTimer
GetCurrentConsoleFont
SetComputerNameW
ClearCommBreak
FreeConsole
SetFileAttributesA
WriteProfileSectionW
GetLargestConsoleWindowSize
GetLastError
FreeResource
GetUserDefaultLangID
VirtualQuery
LoadLibraryA
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

GetClipBox
EngGetPrinterDataFileName
EnumFontsA
EngCreateClip

comctl32

FlatSB_SetScrollRange
ImageList_Copy
CreateStatusWindow
ImageList_GetIcon

Exports

Exports

�,&.0pF�N㹕� ��5CcQypmƥWt4w� ��_O�x.��+��#r�8gy�"CHX�CG�u��Xu�O3Bw|��X ��MNk/�kG� ��*�oW"��^��}�Y�ף�,�۫�il��̢c�FbA��x&��#n��荞��e�[lOk��JM�C�꽶W��^yw� v奷W�'�J-7��o�7h��w��CsxI&*��D��"@��/QOL�>[蜥9Ѫ8E't0��gϺ��Y��!Aą�Yԝ(�}eQ�}��8��ėK~�ke+ל}}'��"G�-1��@�K��p>�Wt�0��G��z��<�1N=��r_��%8� �F�Av�{][m>�*~q/#�`��P�� 9��M>��a%�� p�Z9v�h��o�D��J�E��C��7_o�A��ui��4{o�1+|�G�Q|9��Bx]�� ܀j�1><�P�Qa� �ߋ��%:EH)�2��T`��%� ��V�ԟ")�'��\w0[V��(]�!�1�h_l��h�ƺ�0Ħ{��sCu��5��)6�$E�+��s(T�ڸ��[��U��B�� j��U�?�%b��:9�u�24`(H��ĲiOr��8��%ak��^=Cud@��)�߈��Q��@��v&�υG�++��/�*~��j�3�Q��Q�@�p�I[�t��E��t_�I��{��h8�XJq�:R��ϐ7j��}u�9'B�F��c��l�:�%?d��!ZN��VvX�U��;�p��U��0Н�-��5��Iu�L�5r��»{lJ��d�u�6�r ;�5pDB�.4C��n��zDD�2.��O> >M�w��8��!��w}��$7��x�O��)� B��|νk�C��_3h��$p��&��m��J�D��h2��k��h>oyv�f��#d A��2��sLwHb=��B��m K0��$)�΃c�+��Qđ˓m&p�mm��b�6XQ՜Q|3J)�H�T�X��.�� X3��Y)��o��$��i��ix��1�OϜ6�3��Z��2�Ѳ6�$;� U!�k��V��o��|�﨟$��>Nj��+�l��l�3��u�{ŝ��ɓ@O��:OV�c�#��p�Ug}�/��ιӟ��XV�1; ��S�*:OR�b��/�|�&��HK��JEv��ҧ!S��K�Q��T篍ϸ��m�`+6L�eU�lUK.��2�\dzw�$�qO5�c�zH��+�[��h]��5�P��*��_~��n��-QmN�wL��ȟ8��(�p�]ׁ@2pn%X<�дMdzY�!��4�6��`��;e��%�u/��yv��w��K�0 �@��ށ�`%�ԭ��e�� $��/l:�|Ǐ);NR*,(��[q�叨_�� o��Ûe�� Î�%x^͛�cQ�x'��jR�#�@4]��.��'��Hs��r*�A��O��'@��/��v91Q�5q:��#m͏[,��5�0��z։�A�G��!a]��1��n}��z=��f'ل~��m��Q��7?XK,|��F��D'�v�6W#4s��Fedז��eCꛅaK.�1k�&S&|\B�"e�K��e�Z�؁~��Pl��3t{{��B�ͻ�VH�N6Npage��g�q�O:]��!;L�:XdL:&%4��E��w�ڈ9reCt��5�v��O�wo�19�P�oi��֞�#YD��q�F5o�e�]��g.tK.4N��/Q�Z��%�JJ�E�ȼ�s��H��C 0@�U��+g�7w>*'[��]�&$�6��p��x��>��/�Q� 옒��)yFų|U�ĉKpl�tgn¯9��5�V��SZ��eQ��x<��I�L`�g��/q��S�^�"�lE�A��p��8ѣ�Ӓ�"D|"kdA"zmX�1�J��ڦH$�~� �rWR5;�T�ԠO��V��4�s��Tf�OPD��=�z�Z��$�$�&��f�Rc�^PN��V�4�-�qDE�2��*�_j�So�:��B��b�}��%,�"�'7.� X��]�� Rs$��#�9z�4��r�s9fA��R� ��q��/o��'�3��"Isp�� ^�`A;�X�t�:��<�rh�ꮾ��4��e� *��A+��u06�K24�{��z�W�혠_�gHS�>{+�h�h�k�)�5o��JFߤ�a+�8j�>�=�]��}�<�x��5><]�nSB6~8VE:�U?�I�s:M�g��"p�ݰ��jmJ� �� sP0��.#}��C��1��̬Γ�J�D��-{��)'��0��xQ�||�n�В!��J�'�ZF�V(��0J�%T#��vgL-<D�-��:g#�&ټ�ݝ��o� g��6��7Ø��4��?��d�r�N�Mφ� �+%�gê��o��z�Ei�)29�u�� ڋ仡+�f;bd��Wa'�Lp��0P��2��'�I��˹�P�T$E�%��e�Q�$K��i�/�W��;�4�I璅kRhw��Yi��Ht��Z^��q=��j$�⭏F�L��Q�3� `��?V��V:��-��w��6�*+�91�5�'"��r[f�W�$Uҵ��Kg+a��Ը{�ĩ: B��(v� Ԫd��s;� �&ƇX�%CAN�O�6w��e�V��9�N�L�W�Q y��NO:��6)*�,�[t� �R��f�"݈�8

Sections

CODE
Size: 443KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

075d95b9fbee0c460f5d802a63cb01d7

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57Certificate

Extended Key Usages

Key Usages

f6:69:88:76:06:4f:a4:f1:df:fe:b5:11:62:3d:35:7a:e6:27:86:09Signer

Headers

File Characteristics

Imports

user32

kernel32

gdi32

comctl32

Exports

Exports

Sections

CODE Size: 443KB - Virtual size: 443KB

DATA Size: 17KB - Virtual size: 17KB

BSS Size: - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 7KB

.text0 Size: 16KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 63KB - Virtual size: 63KB

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 35KB - Virtual size: 34KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57
Certificate

f6:69:88:76:06:4f:a4:f1:df:fe:b5:11:62:3d:35:7a:e6:27:86:09
Signer

CODE
Size: 443KB - Virtual size: 443KB

DATA
Size: 17KB - Virtual size: 17KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 7KB

.text0
Size: 16KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 63KB - Virtual size: 63KB

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 35KB - Virtual size: 34KB