f9cc2bb83d891f794203887e9c4a48d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9cc2bb83d891f794203887e9c4a48d9_JaffaCakes118
Size

318KB
MD5

f9cc2bb83d891f794203887e9c4a48d9
SHA1

0fea266ad6c26b4560bad762d0eef5f9d7e53ed8
SHA256

108b0bab6198f312d9c334544d9b1e3c71466dde10ac6d9366b2d950239e3504
SHA512

2b07c6122907332b3842343ac4bad2f6316c0fa61f3804acda7c5c38711f1f339939b38f0c7dd6250bb543e876c7d42a2615a14a646979c68f1b3ec2a06a8857
SSDEEP

6144:eVT8Z3pspQGRMgzjsZrOGblArUGV/0Aegvd7jBMFd:EQRpsfMgzdUl6sovd7jGd

Score

1^/10

Malware Config

Signatures

Files

f9cc2bb83d891f794203887e9c4a48d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b5cac916cf22ce81f9ab8b789f3a0fdb

Code Sign

12:a7:a4:98:01:69:6d:40:66:b1:e8:e6:ca:2a:3e:89
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/11/2014, 00:00

Not After

07/11/2015, 23:59

Subject

CN=Consortium Group ltd.,O=Consortium Group ltd.,POSTALCODE=00152,STREET=CORNER OF GR.MARLBOROUGH UN GR.GEORGE STR. ROSEAU\,DOMINICA\, 00152+STREET=3RD FLOOR\, C&h TOWERS,L=ROSEAU,ST=ROSEAU,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:4d:ee:ec:09:7a:cf:4b:8f:29:78:b0:97:d3:b6:80:54:7c:fd:ed
Signer

Actual PE Digest

bd:4d:ee:ec:09:7a:cf:4b:8f:29:78:b0:97:d3:b6:80:54:7c:fd:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
SetCurrentDirectoryW
InterlockedDecrement
FreeLibrary
FindResourceA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
CreateEventA
CompareStringA
CreateDirectoryW
GetUserDefaultLangID
GetTempPathW
GetCurrentProcess
CreateFileMappingA
DeleteFileW
SetStdHandle
SetFilePointer
LCMapStringW
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
HeapAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetStartupInfoA
GetModuleHandleA
ReadFile
GetCommandLineW
GetModuleHandleW
VirtualAlloc
ExitProcess
GetCommandLineA
WriteFile
SetErrorMode
GetVersion
GetProcAddress
TlsGetValue
GetVersionExA
CloseHandle
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
CreateFileA
GetLastError
LCMapStringA
FlushFileBuffers

user32

MessageBoxA
GetSystemMetrics
CreateWindowExA
CharNextW
GetWindowTextA
LoadStringA
GetKeyboardType
GetScrollPos
PtInRect
RemovePropA
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
GetWindowPlacement
GetWindowRect
CharNextA
GetWindowThreadProcessId
IntersectRect
IsWindowEnabled
IsWindowVisible
IsZoomed
WindowFromPoint
GetCapture
GetClassInfoA
GetClassNameA
GetSystemMenu
GetWindowLongA
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
RegisterClassExA

gdi32

SetAbortProc
DeleteMetaFile
GetLogColorSpaceW
Rectangle
SetDIBColorTable
GetClipBox
TextOutW
OffsetWindowOrgEx
SetBkMode
SetBkColor
SelectPalette
DeleteEnhMetaFile
CreateFontIndirectA
ExcludeClipRect
DeleteObject
CreatePen
CreatePenIndirect
SetBrushOrgEx

comdlg32

ChooseFontA
GetSaveFileNameA
FindTextW
ReplaceTextW
GetOpenFileNameA

advapi32

RegCloseKey
RegCreateKeyExA
AllocateAndInitializeSid

shell32

ShellExecuteA
StrStrIA

ole32

CoTaskMemAlloc

oleaut32

VariantInit
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
VarRound

Sections

.text
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5cac916cf22ce81f9ab8b789f3a0fdb

Code Sign

12:a7:a4:98:01:69:6d:40:66:b1:e8:e6:ca:2a:3e:89Certificate

Extended Key Usages

Key Usages

bd:4d:ee:ec:09:7a:cf:4b:8f:29:78:b0:97:d3:b6:80:54:7c:fd:edSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 264KB - Virtual size: 261KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 28KB - Virtual size: 24KB

12:a7:a4:98:01:69:6d:40:66:b1:e8:e6:ca:2a:3e:89
Certificate

bd:4d:ee:ec:09:7a:cf:4b:8f:29:78:b0:97:d3:b6:80:54:7c:fd:ed
Signer

.text
Size: 264KB - Virtual size: 261KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 28KB - Virtual size: 24KB