fde0107f8920405054528265756d29f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fde0107f8920405054528265756d29f6_JaffaCakes118
Size

311KB
MD5

fde0107f8920405054528265756d29f6
SHA1

63e853fc00e1bc6c7ffa87eaafd12a333ed1baae
SHA256

060c3677b7d222a487b8d2380f146b3684edd01e8391b92ea569b3feddb33075
SHA512

9dc8e7979741f94b80de8e3ce3e452450206672b661fa610ed02298ca3a223847423036d54442edb4d9157c21d6eb53368238939941afa79e4e28484795d01c8
SSDEEP

6144:hk469aB49wl/AOuz9mYaUsrXrsxuzRRE6DxGTN5qjtCtlGuIn/x1bs:hkT9N9ZXxaUsbrbzRR9DxZjtKlGuG/x2

Score

1^/10

Malware Config

Signatures

Files

fde0107f8920405054528265756d29f6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

00cb375a3df926ed00f8f3aafffeff33

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

38:aa:82:39:49:97:8c:c9:88:a9:0c:3d:6f:dc:cf:0f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26/03/2014, 00:00

Not After

26/03/2015, 23:59

Subject

CN=Onlain Sekyuriti Sistems\, OOO,O=Onlain Sekyuriti Sistems\, OOO,POSTALCODE=125080,STREET=12 Komn 42\, ul.Vrubelya,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:6f:c1:7c:2f:90:a5:c3:52:65:ec:8c:21:d9:41:15:2d:93:e8:b6
Signer

Actual PE Digest

1f:6f:c1:7c:2f:90:a5:c3:52:65:ec:8c:21:d9:41:15:2d:93:e8:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
VirtualAlloc
UnmapViewOfFile
GetModuleHandleA
FormatMessageW
lstrcmpiW
IsDebuggerPresent
LoadLibraryA
SetEvent
RaiseException
FreeEnvironmentStringsW
SystemTimeToFileTime
SetFilePointer
WideCharToMultiByte
CompareStringW
LocalFree
lstrlenW
CreateThread
FreeLibrary
WaitForSingleObject
GetStringTypeA
GetOEMCP
GlobalGetAtomNameA
Sleep
HeapFree
ExitProcess

user32

SetFocus
MessageBeep
PtInRect
OffsetRect
GetSysColorBrush
BeginPaint
EndDialog
EnableWindow
SendDlgItemMessageW
DestroyIcon
MoveWindow
SystemParametersInfoW
PostQuitMessage
GetDC
CreateWindowExW
ReleaseDC
wsprintfW
GetWindowRect
EnableMenuItem
CheckDlgButton

advapi32

ImpersonateLoggedOnUser
OpenServiceW
CopySid
OpenProcessToken
RegCreateKeyW
GetSidSubAuthorityCount
DeregisterEventSource
CryptDecrypt
CryptGenKey
CryptAcquireContextA
CryptHashData
CheckTokenMembership
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
RegEnumKeyA
OpenSCManagerW
MakeSelfRelativeSD

ole32

HWND_UserSize
StgCreateDocfile
CreateBindCtx
CoInitializeSecurity
CoRegisterMessageFilter
OleFlushClipboard
CoInitialize
CoCreateFreeThreadedMarshaler
CoMarshalInterface
OleSetClipboard
HBITMAP_UserMarshal

rpcrt4

NdrDllGetClassObject
NdrStubCall2
CStdStubBuffer_IsIIDSupported
NdrOleAllocate
RpcBindingFree
RpcServerUseProtseqEpW
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
RpcBindingToStringBindingW
UuidFromStringW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
CStdStubBuffer_AddRef

Sections

.text
Size: 278KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

00cb375a3df926ed00f8f3aafffeff33

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

38:aa:82:39:49:97:8c:c9:88:a9:0c:3d:6f:dc:cf:0fCertificate

Extended Key Usages

Key Usages

1f:6f:c1:7c:2f:90:a5:c3:52:65:ec:8c:21:d9:41:15:2d:93:e8:b6Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

Sections

.text Size: 278KB - Virtual size: 310KB

.rdata Size: 13KB - Virtual size: 12KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 716B

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

38:aa:82:39:49:97:8c:c9:88:a9:0c:3d:6f:dc:cf:0f
Certificate

1f:6f:c1:7c:2f:90:a5:c3:52:65:ec:8c:21:d9:41:15:2d:93:e8:b6
Signer

.text
Size: 278KB - Virtual size: 310KB

.rdata
Size: 13KB - Virtual size: 12KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 716B