fa87e72e9ecd65c1ccc090e83c16a4b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa87e72e9ecd65c1ccc090e83c16a4b5_JaffaCakes118
Size

1.3MB
MD5

fa87e72e9ecd65c1ccc090e83c16a4b5
SHA1

1b071211e79a839ea4007a156c062ab1a866ad3d
SHA256

6070a58d569080da94fe81cea672a35854504c8b7a7c88b1d3f83fdf3fb8259d
SHA512

0453ee4eac1b1d898a4279dcf34a8fd8a8cfe1436a364dd241bebd89b55600110be81692d278af940396b0ea50f59a47c443601edd839f83a379ebb992fa8086
SSDEEP

24576:n44Aol8JQSmc4P4SgpxWXRMPIbu4VQPlpHgU:n46l9P4SrXRMPIi4qD

Score

1^/10

Malware Config

Signatures

Files

fa87e72e9ecd65c1ccc090e83c16a4b5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4c42b6d24e2ffb84ae172e912e286749

Code Sign

9f:3c:17:8b:bd:6e:e1:73:7f:ca:8e:fe:1b:29:a2:f3
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/07/2016, 00:00

Not After

25/07/2017, 23:59

Subject

CN=TORRENT,O=TORRENT,POSTALCODE=TORRENT,STREET=quay Admiral Tributsa\, 37,L=Kaliningrad,ST=Kaliningrad,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:de:dd:8e:68:bf:68:2e:dd:49:ea:07:33:7b:38:0f:df:ab:6a:06
Signer

Actual PE Digest

e1:de:dd:8e:68:bf:68:2e:dd:49:ea:07:33:7b:38:0f:df:ab:6a:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDeleteStringFormat
GdipFree
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipAlloc
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawLines
GdipFillPolygon
GdipDrawImageRectI
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight

kernel32

IsValidLocale
GetFileType
HeapFree
HeapReAlloc
HeapAlloc
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileSizeEx
SetLastError
WriteFile
RegisterWaitForSingleObject
InterlockedCompareExchange
WaitForMultipleObjects
GetTempPathW
CreateMutexW
WaitForSingleObject
LocalAlloc
CreateFileW
GetFileAttributesW
GetCurrentThreadId
ReleaseMutex
UnmapViewOfFile
DuplicateHandle
OpenProcess
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
SetEvent
DeleteFileW
CloseHandle
SetFilePointerEx
UnregisterWaitEx
LocalFree
GetCurrentProcessId
GetModuleHandleW
InterlockedIncrement
LocalFlags
CreateFileMappingW
MapViewOfFile
lstrcmpiW
FlushFileBuffers
MulDiv
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
GetUserDefaultLCID
InterlockedDecrement
ResetEvent
WideCharToMultiByte
FindResourceExW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
VerSetConditionMask
VerifyVersionInfoW
GetModuleFileNameW
MoveFileW
GetExitCodeProcess
ReadFile
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
UnhandledExceptionFilter
GetProcAddress
WaitForSingleObjectEx
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetLocaleInfoW
GetCPInfo
OutputDebugStringW
FreeLibrary
LoadLibraryExW
RtlUnwind
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
InterlockedExchange

user32

SetCapture
GetDlgCtrlID
PostMessageW
PtInRect
ScreenToClient
EndPaint
OffsetRect
FillRect
BeginPaint
UpdateWindow
MoveWindow
SetWindowTextW
InvalidateRect
ReleaseCapture
LoadCursorW
SetCursor
GetDlgItem
GetWindowTextW
PostQuitMessage
IsDlgButtonChecked
RegisterClassW
SetWindowPos
SetWindowLongW
AdjustWindowRect
SetRect
DrawTextW
CheckDlgButton
EnableWindow
GetWindowLongW
SendMessageW
GetDC
GetSystemMetrics
ReleaseDC
DefWindowProcW
CallWindowProcW
SendMessageTimeoutW
DestroyWindow
IsWindowVisible
CreateWindowExW
RemovePropW
IsWindow
DispatchMessageW
GetMessageW
TranslateMessage
RegisterWindowMessageW
ShowWindow

gdi32

SetBkColor
GetObjectA
CreateFontW
CreateSolidBrush
SetTextColor
SetBkMode
SelectObject
GetDeviceCaps

advapi32

ConvertSidToStringSidW
CryptAcquireContextW
CryptReleaseContext
LookupAccountNameW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHGetMalloc

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

VarI4FromStr
VarUI8FromStr

winhttp

WinHttpOpenRequest
WinHttpCrackUrl
WinHttpWriteData
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpConnect

urlmon

ObtainUserAgentString

shlwapi

PathAppendW
StrCmpNA

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 993KB - Virtual size: 993KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c42b6d24e2ffb84ae172e912e286749

Code Sign

9f:3c:17:8b:bd:6e:e1:73:7f:ca:8e:fe:1b:29:a2:f3Certificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

e1:de:dd:8e:68:bf:68:2e:dd:49:ea:07:33:7b:38:0f:df:ab:6a:06Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

urlmon

shlwapi

Sections

.text Size: 231KB - Virtual size: 230KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 12KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 1024B - Virtual size: 536B

.rsrc Size: 993KB - Virtual size: 993KB

9f:3c:17:8b:bd:6e:e1:73:7f:ca:8e:fe:1b:29:a2:f3
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

e1:de:dd:8e:68:bf:68:2e:dd:49:ea:07:33:7b:38:0f:df:ab:6a:06
Signer

.text
Size: 231KB - Virtual size: 230KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 12KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 1024B - Virtual size: 536B

.rsrc
Size: 993KB - Virtual size: 993KB