165a0e438985bcc40dda97ea71e87cee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

165a0e438985bcc40dda97ea71e87cee_JaffaCakes118
Size

448KB
MD5

165a0e438985bcc40dda97ea71e87cee
SHA1

c33ea2f13df52d914411d0e4842fd6954ef37fcf
SHA256

e90e26cdda00472c5482551b95674e6c7ca243708d7fffcdd24252947650bb67
SHA512

0f7e9d6a870dec413e5b0de658dcfa46c32283547e9bd451e1122fd7faf5c578bd49e8e172c0d6f7f52018c2b2679c190f06e4abec055048037ef18fa4f373b6
SSDEEP

12288:7ow+p15hjwnRSbdlDquXaNm9HoU+W6hgI:Etp15hj+RSplD7XaN8P+SI

Score

1^/10

Malware Config

Signatures

Files

165a0e438985bcc40dda97ea71e87cee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

78b8e344f4ee1b686a3cd4eabd54a4c9

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:62:55:f4:1e:05:92:f2:81:ff:8b:e4:58:4c:13:8e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2012, 00:00

Not After

13/11/2013, 23:59

Subject

CN=Dirk's Projects,O=Dirk's Projects,POSTALCODE=8603AK,STREET=Kapelstraat 36,L=Sneek,ST=The Netherlands,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3e:72:c6:8f:ca:41:e2:c9:ee:ea:f2:b3:76:34:f0:77:3a:ab:0f:f5
Signer

Actual PE Digest

3e:72:c6:8f:ca:41:e2:c9:ee:ea:f2:b3:76:34:f0:77:3a:ab:0f:f5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GetProcAddress
GetModuleHandleW
lstrcpyW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
lstrcatW
GetVersion
lstrlenA
FreeLibrary
LoadLibraryA
GetModuleHandleA
lstrlenW
SetLastError
MulDiv
InterlockedIncrement
InterlockedDecrement
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpynW
GetFileAttributesW
GetFileSize
GetFileTime
CreateFileW
DuplicateHandle
GlobalUnlock
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DeleteFileW
GetFullPathNameW
lstrcmpiW
GetCurrentThread
lstrcmpW
GlobalFlags
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
SetErrorMode
WritePrivateProfileStringW
GetCurrentDirectoryW
GetStartupInfoW
ExitProcess
RtlUnwind
RaiseException
HeapFree
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapAlloc
TerminateProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
GetDriveTypeA
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
InterlockedExchange
SetCurrentDirectoryW
GetModuleFileNameW
GetLongPathNameW
WaitForSingleObject
CloseHandle
GetCurrentThreadId
GetVolumeInformationW
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateDirectoryW
SetFileAttributesW
MoveFileW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalFree
GetTempPathW
Sleep
GetTickCount
GetCurrentProcess
CreateThread

advapi32

CryptGenRandom
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptAcquireContextA
CryptReleaseContext

user32

RegisterClassW
GetClassInfoW
wsprintfW
WinHelpW
GetCapture
GetTopWindow
IsWindowVisible
CopyRect
GetClientRect
ScreenToClient
AdjustWindowRectEx
SetFocus
GetFocus
DispatchMessageW
PeekMessageW
GetSysColor
MapWindowPoints
SendDlgItemMessageA
SendDlgItemMessageW
UpdateWindow
LoadIconW
IsDialogMessageW
SetWindowTextW
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
LoadBitmapW
GetMenuCheckMarkDimensions
ReleaseDC
GetDC
ClientToScreen
TabbedTextOutW
DrawTextW
GrayStringW
CharUpperW
PostQuitMessage
SetCursor
GetMenu
ValidateRect
TranslateMessage
GetMessageW
GetClassNameW
PtInRect
LoadCursorW
GetSysColorBrush
DestroyMenu
LoadStringW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetWindow
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamW
DestroyWindow
GetParent
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetMenuItemCount
GetSubMenu
GetMenuItemID
SendMessageW
GetWindowRect
RedrawWindow
GetWindowTextW
GetDlgCtrlID
GetKeyState
InvalidateRect
EnableWindow
GetSystemMetrics
CopyImage
PostMessageW
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
DefWindowProcW
GetCursorPos
CreateWindowExW
MessageBoxW
UnregisterClassW

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateBitmap
DeleteDC
DeleteObject
SetBkColor
SetMapMode
SelectObject
GetDeviceCaps
GetStockObject
RestoreDC
SaveDC
GetObjectW
SetTextColor
GetClipBox

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

comctl32

ord17

ole32

CreateStreamOnHGlobal

olepro32

ord251

wininet

HttpQueryInfoW
InternetReadFile
InternetOpenW
InternetGetConnectedState
InternetCloseHandle
InternetOpenUrlW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

Sections

.text
Size: 288KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78b8e344f4ee1b686a3cd4eabd54a4c9

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

19:62:55:f4:1e:05:92:f2:81:ff:8b:e4:58:4c:13:8eCertificate

Extended Key Usages

Key Usages

3e:72:c6:8f:ca:41:e2:c9:ee:ea:f2:b3:76:34:f0:77:3a:ab:0f:f5Signer

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

comctl32

ole32

olepro32

wininet

comdlg32

winspool.drv

Sections

.text Size: 288KB - Virtual size: 284KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 28KB - Virtual size: 43KB

.rsrc Size: 52KB - Virtual size: 48KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

19:62:55:f4:1e:05:92:f2:81:ff:8b:e4:58:4c:13:8e
Certificate

3e:72:c6:8f:ca:41:e2:c9:ee:ea:f2:b3:76:34:f0:77:3a:ab:0f:f5
Signer

.text
Size: 288KB - Virtual size: 284KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 28KB - Virtual size: 43KB

.rsrc
Size: 52KB - Virtual size: 48KB