ea88dd6a4f5566c01ca2b4b0663db0e9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea88dd6a4f5566c01ca2b4b0663db0e9_JaffaCakes118
Size

694KB
MD5

ea88dd6a4f5566c01ca2b4b0663db0e9
SHA1

6cba60b79eb71af7b1fb1f7a4685b40b24043d19
SHA256

13ee50594998f54f212da309db168e062f38c06c89a7d237a41ed42c36da7da2
SHA512

8601857362f1a60e65e5502bf7c4a6ee20f8c654dc396dba0bdde8c3e2ea5304630e03f628e6bf6dfd2fd245d3d082aef099bc0112210c9dc48b9441e3772903
SSDEEP

12288:lEAnv+zNuGYyuyUngyxwLzEJ3JXM/giH70r:2Av+7Vuy8n33JXYb0r

Score

1^/10

Malware Config

Signatures

Files

ea88dd6a4f5566c01ca2b4b0663db0e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ea76590aa80d050b448f3156c4c20dbf

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:b9:12:c7:b2:e2:52:f9:f5:7d:ec:fa:ae:e1:52:c5
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/06/2015, 00:00

Not After

04/06/2016, 23:59

Subject

CN=PROSTOR,O=PROSTOR,POSTALCODE=614000,STREET=ul. Ekaterininskaya 96,L=Perm,ST=Perm region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

57:fc:93:8e:fe:b5:db:93:d1:d1:0d:6a:9a:9e:71:6f:75:67:2f:c0
Signer

Actual PE Digest

57:fc:93:8e:fe:b5:db:93:d1:d1:0d:6a:9a:9e:71:6f:75:67:2f:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shlwapi

PathUndecorateW
SHRegCreateUSKeyA
StrCSpnA
UrlUnescapeW
PathIsFileSpecW
PathGetArgsW
StrRetToStrW
SHSetValueW
StrNCatW
PathRemoveBlanksA
UrlCompareA
PathIsDirectoryW
PathIsContentTypeA
StrToIntW

ole32

CoRevokeMallocSpy
CoFileTimeNow
IsEqualGUID
StgOpenPropStg
OleQueryCreateFromData

comdlg32

ChooseColorW
ChooseFontW
ReplaceTextA
PrintDlgExA
WantArrows
LoadAlterBitmap
ChooseFontA
FindTextW

oleaut32

SafeArrayAllocDescriptorEx
VarCyInt
VarR4FromUI4

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDList
SHPathPrepareForWriteA
StrRChrW
StrRChrA
ShellExecuteEx
SHGetPathFromIDListW
PrintersGetCommand_RunDLLA
SHFreeNameMappings

winspool.drv

DocumentPropertiesW
QueryRemoteFonts
QueryColorProfile
DeletePortA
WaitForPrinterChange
FlushPrinter
DeviceMode
PerfCollect
EnumJobsA
PerfOpen
GetSpoolFileHandle
AbortPrinter
DeletePrinterIC
SetPortW

advapi32

WmiQueryAllDataMultipleW
TreeResetNamedSecurityInfoA
SaferiChangeRegistryScope
GetTrusteeFormA
LsaQueryTrustedDomainInfoByName
CryptEnumProvidersW
CredUnmarshalCredentialW
CryptHashData
LsaSetInformationPolicy
StartTraceA
LsaGetSystemAccessAccount
GetServiceKeyNameW
RegEnumValueW
RegisterEventSourceA
WmiQueryAllDataA

gdi32

GdiStartPageEMF
GetCharWidthI
GdiConvertPalette
STROBJ_bEnumPositionsOnly
GetTextCharsetInfo
CreateMetaFileA
GetTextExtentExPointW
FlattenPath
GetTextExtentPointA
EnumFontFamiliesA
GetFontLanguageInfo
GetEUDCTimeStampExW
ExtEscape
PtVisible
MaskBlt
CopyMetaFileW
GetCharWidthA
UnrealizeObject
GetPixel
CreateDCA
GetClipRgn
EngDeleteSurface

version

VerFindFileA
VerQueryValueA
VerLanguageNameA
VerLanguageNameW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileW
VerQueryValueW
VerInstallFileA

wtsapi32

WTSSendMessageA
WTSLogoffSession
WTSUnRegisterSessionNotification
WTSSetSessionInformationA
WTSRegisterSessionNotification
WTSEnumerateServersW
WTSEnumerateServersA
WTSOpenServerA
WTSEnumerateProcessesA
WTSShutdownSystem
WTSCloseServer
WTSVirtualChannelPurgeInput

ws2_32

WSARecvFrom
WSACloseEvent
shutdown
WSCUnInstallNameSpace
WSCUpdateProvider
WSALookupServiceNextW
WSANSPIoctl
WSAUnhookBlockingHook
WSACancelBlockingCall
WSAGetLastError
getaddrinfo
WSCDeinstallProvider
socket
WSAEnumProtocolsW
getservbyname
WSAEnumNameSpaceProvidersA
gethostname
WSAGetServiceClassInfoW
getsockname
getnameinfo

comctl32

GetEffectiveClientRect
ImageList_Destroy
LBItemFromPt
FlatSB_ShowScrollBar
ImageList_SetIconSize
ImageList_GetIcon
ImageList_Create
UninitializeFlatSB
ImageList_LoadImage
CreateToolbarEx
PropertySheetW
MenuHelp
ImageList_GetImageRect
ImageList_Read
ImageList_SetFlags
InitializeFlatSB
ImageList_DragEnter
ImageList_Duplicate

kernel32

CreateToolhelp32Snapshot
AssignProcessToJobObject
GetVersion
LoadLibraryExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

��X�Jz�ƚh�`ON�bTl;dw��ߊf��M��6��Ű��"�z>�i=��]�U��ukDwn�}�J0J�o� [��g��&v�{a�'��h%��l�\� I��_��&��~��}�mX:��q��5�� Ӛ*HS�� 1ܢB��3A�!�#�\Jr\̼ϒ��Mk�ړ�E��H�|��H6]6�>��St��G�P8d��`�T�#Pb�?Z��0+��l��?X�v��}��^��U��X�2;.Uo�V.� !�B��*]y��pY��L��Ki�>�?��F]�L3o<��i9��A#d8��(µ|�\�� +'��v��\1F��#1&��M�M䝴��P��W��-�p��j�]2��А��A��JJT2�\Wy�V��"�J��Y��:q�Kh��[�t�=��$�9 ^��M��B�%ͱ�N��3��%McʹVאͮ2"/�y~��H��)��8�B1��9�i+��}��y��j��m�{��Ba��Xx��2<I� s<C��/��CC��RB��j��O��}o��$r�^��焄��B��L�.�v:�D��t�z3�(� ��n�|��d_T��2;�E��FO�pk��̣��I NڷE��w?j�S�Ri��{��~O< ��2-�n��Y�A�#nu��i9S`�(^y��ꅪ�=aqӍ�I�Uz��^ �`�� ?O��!�R�_�e;�')M�kk&[^��a��r+HM�N�H��+ȼ,�#��l��~�'�F�u�|>�[/�9�9�:yr+��Q}��BѨ��a�O��%�䍑z� ��A��N�xA]�"9bjIL0�l��j'aє��b�~��ǜD�i5�k�D��P�V�Α�S@�;:j�W��'��F��\��r�(2��i]�F�Ō��{�[��?wgV�� ӗ"Ȟ]v�Al0��Л��^�� $;��1�h:��S}-R�� }�t�͋�1Ej�̯ ٢��e�;��|�"��n�Ɠ�i��qJ��U�^��K��vX�ܝ��U��Y`!�V��zK�X~�2.�;�x��ǹ� ;2��^Nҁ��!/j�_Y?9L�ygg�זBҠAk[�.�ru-��4�sf��8$��7�D�ߺ��e�u��D��-G�+ݨ� 0r(��7^��®/�c\�Lvz��o��4�^}�F��a�GD0V�'��V(�-6��k��w��!YAn&�T��bpjҧkP�fU}Mq��]�r'��eS-^Ud�P��C��s�d-Ĩm@o�^>g��H�JI" ��A��~�@m��4��&�o��P�G �$2'��%@A\��l�jC��W>�T�ӊ9u�C!�V�%�@��+�x��yO�z��V&�L��o=��s�u�Q.#��p/��D��8\-�jh�.9�WT�@�-=?��'��o"daZ� �s�.�:lx��x:�Ӏ��m��,��1��EC3��k��?�@VOWӖ��t� ��2i��3�]ϖ��u��Ri��}d��[d�sKu�HhGA.��5̦�g0��{��@!B��rǶ�(��&A9Ė)�1�|�@��Ў��c2��Xp��/�F��nH5�T��3��*��N��(��N/(��=�F��m�#Ս�OUCqڣ#�"T�d��]�"�I2>�� |P�V��4��/��&K�I!�Q"Yɢ{�~w�r�Y�9��l��f5(��9��8#<��Q��` �:�$V�A�I ��~o�}��H�1E?��r)��nu��ĩ�j ,ZŭsQ��q�55�Ұk>�;Bl��V<��q��Ĥ��BWTp��_#>�ʬ}�I��)^N��ˣ=��\T4m�^�k�Ƿ�QbyN�/"S��3a9��W��#��Ic��yz}�%kD�:�^�[��vI��/��O@�ι �k�ŷE�>��U��g��)��#7��ac�5��\��=U�X?Œ�g��̴]��N�Q�t��ی0��f ��L��}Hh�]Co#��Wa�%�V�t�G��^��94��)��j�(�� s>M�ߺ��'�� Sg�=�Q��5l��OX�c\��Y'뉟8�UY+q�w�>�Ԟhm��~3��^�o��n�p��~�N;��^��*T�.�2{��z��ڻP�E��T��&d|�q�X�N�,M^M�8�dU��a@(��f��-.�[Ƈ�)��HJy�5��#��~��Y3+�l2��m:�_��ŀOZx9H��A�'��r��|ɞ(n՗��HKr��8#��_˶Ҕ��x.�,R�E�'Z\�:��쪞e�H{��a�y6��@� ��!��H�f�.�t?��Hn}}��Z�v�� 5Mv�F�8�_w�sR>��根�� %)�-��gvm@'B��0Z`�=��fV��OϬ��<;߆z��I��|M�4�8�T�Hw��>��ج��¸��\d\^c��\�ޢ~]��O7�+�#��Ͻ��%�� b-�9��;�VBEp��z0��]7�9B%���[��;0�)��ۣ^?��h� ��S��q�$+)��-J`K.{� ��8j96��Zf ��k��L��Z��k[Ly5�bt(B��R�� .�G��8Oա�-ivE�/� o�t+�d��49KsL0�G�/+B��/��H�G��'�T<�h��<�7#��q��D϶��RZ�Zyc��[�(��3��XIe�!c�\��z �a��S?�`�xeѷ�t��ֱͼ�Z�屽|��Y�s�:_��e��N��^L(_�Y��=l%��P��\?�=��}�^ү�fQ��r�b+Mɱ��kT��^�

Sections

CODE
Size: 438KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea76590aa80d050b448f3156c4c20dbf

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

81:b9:12:c7:b2:e2:52:f9:f5:7d:ec:fa:ae:e1:52:c5Certificate

Extended Key Usages

Key Usages

57:fc:93:8e:fe:b5:db:93:d1:d1:0d:6a:9a:9e:71:6f:75:67:2f:c0Signer

Headers

File Characteristics

Imports

shlwapi

ole32

comdlg32

oleaut32

shell32

winspool.drv

advapi32

gdi32

version

wtsapi32

ws2_32

comctl32

kernel32

Exports

Exports

Sections

CODE Size: 438KB - Virtual size: 440KB

DATA Size: 11KB - Virtual size: 16KB

.idata Size: 4KB - Virtual size: 8KB

.text Size: 15KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.text Size: 63KB - Virtual size: 64KB

.reloc Size: 4KB - Virtual size: 8KB

.rsrc Size: 150KB - Virtual size: 150KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

81:b9:12:c7:b2:e2:52:f9:f5:7d:ec:fa:ae:e1:52:c5
Certificate

57:fc:93:8e:fe:b5:db:93:d1:d1:0d:6a:9a:9e:71:6f:75:67:2f:c0
Signer

CODE
Size: 438KB - Virtual size: 440KB

DATA
Size: 11KB - Virtual size: 16KB

.idata
Size: 4KB - Virtual size: 8KB

.text
Size: 15KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 64KB

.reloc
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 150KB - Virtual size: 150KB