01eb2ede541f93859fd7af7f3ef5ac9a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01eb2ede541f93859fd7af7f3ef5ac9a_JaffaCakes118
Size

891KB
MD5

01eb2ede541f93859fd7af7f3ef5ac9a
SHA1

98e4a353ece6361ff001eb779d93cb22c2b3b081
SHA256

81c9972b6efaf0e8a68536b62e1064800d15e40c1978c593666d1bca3f399e5c
SHA512

ad10b51a0e73e01bbb8a9a9155d50b7e9599416bfa231b00920dbddf88bf5911cd2362d6c65b7447ed9f6bd4c61ecabb6ee5b906e9741fc72917ac7ca6153799
SSDEEP

12288:7LkjgFpmfFDDDIQrvhyWtFEFWNEn/gs74cJo/PXOS:7VYfFDDIKgWaS3/2S

Score

1^/10

Malware Config

Signatures

Files

01eb2ede541f93859fd7af7f3ef5ac9a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9ee5e0fe14ba2e949166ec28cfcc4ced

Code Sign

69:a0:5f:de:49:47:93:35:3a:44:95:a3:d4:44:09:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14/06/2016, 00:00

Not After

14/06/2017, 23:59

Subject

CN=Era Tehno,O=Era Tehno,POSTALCODE=117534,STREET=KIROVOGRADSKAJa Street\, Building 42,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:7d:e0:79:4a:aa:e8:a7:f5:86:88:99:07:cb:5a:c1:d3:47:b3:ec
Signer

Actual PE Digest

ce:7d:e0:79:4a:aa:e8:a7:f5:86:88:99:07:cb:5a:c1:d3:47:b3:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
UnhandledExceptionFilter
WriteFile
lstrlenA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
TerminateProcess
Sleep
SetVolumeMountPointW
SetUnhandledExceptionFilter
SetStdHandle
SetLastError
SetHandleCount
SetFilePointer
SetEvent
SetErrorMode
SetEnvironmentVariableW
SetEnvironmentVariableA
SetEndOfFile
SetCurrentDirectoryW
SetConsoleCursorPosition
RtlUnwind
RemoveDirectoryW
ReadFile
ReadConsoleOutputCharacterA
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
OutputDebugStringW
MultiByteToWideChar
MulDiv
MoveFileW
LocalFree
LocalAlloc
LoadLibraryW
LoadLibraryExA
LeaveCriticalSection
LCMapStringW
IsValidLocale
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
IsBadStringPtrA
IsBadReadPtr
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
VirtualAlloc
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapSize
HeapSetInformation
HeapReAlloc
HeapFree
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalAlloc
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetVersionExW
GetUserDefaultLCID
GetTimeZoneInformation
GetTimeFormatW
GetTickCount
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetStringTypeW
GetStdHandle
GetStartupInfoW
GetProcessHeap
GetProcAddress
GetPriorityClass
GetOEMCP
GetNamedPipeHandleStateA
GetModuleHandleA
GetModuleFileNameW
GetLogicalDriveStringsA
GetLocaleInfoW
GetLocaleInfoA
GetLastError
GetFullPathNameW
GetFileType
GetFileTime
GetEnvironmentVariableW
GetEnvironmentStringsW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetConsoleScreenBufferInfo
GetConsoleMode
GetConsoleCP
GetCommandLineW
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeConsole
FormatMessageW
FlushFileBuffers
FindVolumeMountPointClose
FindVolumeClose
FindNextVolumeW
FindNextVolumeMountPointW
FindNextFileW
FindFirstVolumeW
FindFirstVolumeMountPointW
FindFirstFileW
FindClose
FillConsoleOutputCharacterW
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
ExitProcess
EnumSystemLocalesA
EnumDateFormatsExA
EnterCriticalSection
EncodePointer
DeviceIoControl
DeleteVolumeMountPointW
DeleteFileW
DeleteCriticalSection
DefineDosDeviceW
DecodePointer
DebugBreak
CreateFileW
CopyFileW
CompareStringW
CloseHandle
GetModuleHandleW
GetVersion
lstrlenW
GetDriveTypeW
GetFileAttributesW
WriteConsoleW

user32

RedrawWindow
RegisterClassA
ScrollDC
SetMenuItemBitmaps
SetProcessDefaultLayout
SetSystemCursor
ShowOwnedPopups
SwitchDesktop
UnhookWindowsHookEx
WINNLSEnableIME
PostThreadMessageA
IsWindowVisible
LoadIconA
CharNextA
CharToOemBuffA
CharToOemW
CharUpperW
CopyRect
DrawIconEx
EndMenu
EnumDisplaySettingsExA
GetCaretPos
GetGUIThreadInfo
OpenIcon
OpenDesktopW
LoadCursorW
LoadMenuIndirectA
LoadKeyboardLayoutA
GetWindowModuleFileNameA
GetMonitorInfoA
GetDC

gdi32

PtInRegion
Polyline
Polygon
PolyPolygon
PolyBezier
PlayEnhMetaFile
Pie
PATHOBJ_bEnumClipLines
OffsetRgn
MoveToEx
MaskBlt
LineTo
InvertRgn
GetTextMetricsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetRelAbs
GetRegionData
GetPixel
GetPaletteEntries
GetOutlineTextMetricsW
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFileW
GetEnhMetaFileHeader
GetETM
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetClipBox
GetCharABCWidthsW
GetBkColor
GdiFlush
GdiFixUpHandle
GdiEntry2
GdiEndDocEMF
RealizePalette
FillPath
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExtCreateRegion
ExtCreatePen
ExcludeClipRect
EqualRgn
EnumFontFamiliesExW
EngUnicodeToMultiByteN
EngDeletePath
EngCreateSemaphore
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePen
CreatePatternBrush
CreatePalette
CreateHatchBrush
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleBitmap
CreateBitmap
CombineRgn
CloseEnhMetaFile
BitBlt
Arc
AddFontResourceW
CreateCompatibleDC
StretchDIBits
RectInRegion
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectPalette
SelectObject
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDCBrushColor
SetDeviceGammaRamp
SetMapMode
SetPixel
SetPolyFillMode
SetROP2
SetRelAbs
SetStretchBltMode
SetTextAlign
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StartDocW
StartPage
GdiAlphaBlend
CreateICW
StretchBlt

comdlg32

PageSetupDlgW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
ChooseFontW
ChooseColorW
PrintDlgW

advapi32

RegOpenKeyA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

DuplicateIcon
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
ExtractAssociatedIconA
ExtractAssociatedIconExW
ExtractIconExW
ExtractIconW
FindExecutableW
SHAddToRecentDocs
SHAppBarMessage
SHBindToParent
Shell_NotifyIcon
SHLoadNonloadedIconOverlayIdentifiers
SHLoadInProc
SHIsFileAvailableOffline
SHInvokePrinterCommandA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetInstanceExplorer
SHGetFolderPathW
SHGetFileInfo
SHGetDiskFreeSpaceExW
SHFileOperationW
SHFileOperation
SHCreateDirectoryExA
SHBrowseForFolderW
SHBrowseForFolderA

ole32

RevokeDragDrop
ReleaseStgMedium
RegisterDragDrop
OleUninitialize
OleSetClipboard
OleIsCurrentClipboard
OleInitialize
OleGetClipboard
CoTaskMemAlloc
CoLockObjectExternal
CoCreateInstance
OleFlushClipboard

shlwapi

StrChrIW
StrChrIA
StrRStrIA

comctl32

ImageList_GetImageCount
ImageList_GetIconSize
ImageList_EndDrag
ImageList_Draw
ImageList_DragMove
ImageList_Remove
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_DragLeave
ImageList_SetDragCursorImage

msvcrt

_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
exit
swprintf
wcscat
wcslen
__setusermatherr
_XcptFilter
__getmainargs
__initenv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 715KB - Virtual size: 715KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ee5e0fe14ba2e949166ec28cfcc4ced

Code Sign

69:a0:5f:de:49:47:93:35:3a:44:95:a3:d4:44:09:17Certificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

ce:7d:e0:79:4a:aa:e8:a7:f5:86:88:99:07:cb:5a:c1:d3:47:b3:ecSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

msvcrt

Sections

.text Size: 715KB - Virtual size: 715KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 47KB - Virtual size: 46KB

.rsrc Size: 9KB - Virtual size: 9KB

69:a0:5f:de:49:47:93:35:3a:44:95:a3:d4:44:09:17
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

ce:7d:e0:79:4a:aa:e8:a7:f5:86:88:99:07:cb:5a:c1:d3:47:b3:ec
Signer

.text
Size: 715KB - Virtual size: 715KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 47KB - Virtual size: 46KB

.rsrc
Size: 9KB - Virtual size: 9KB