404ef9992f97c1e5cbbb9382a8704c18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

404ef9992f97c1e5cbbb9382a8704c18_JaffaCakes118
Size

673KB
MD5

404ef9992f97c1e5cbbb9382a8704c18
SHA1

256437fd4b7801553b93a0ec39ca29117da77acd
SHA256

726928ec2da2c555a9b83751bd75d113bf5407c9e9f0b51ff9647595b4598648
SHA512

444b24330f465ff6ebf23da71bbb01c483a3ef87c99d519b573199518b4c2e9684cc813e13d8ac69973cda0d42d427e0661b9c124f16d98a449919d46c74b110
SSDEEP

12288:bgBNNDq5dzjmR+spu/veVDCs9ypBHwA/6o39IOmGmZN:+b4dOcbu1C62wA/jVYN

Score

1^/10

Malware Config

Signatures

Files

404ef9992f97c1e5cbbb9382a8704c18_JaffaCakes118
.exe windows:5 windows x86 arch:x86

66ef10f2af6d136b09ffe05efaf86d78

Code Sign

28:34:fb:06:f2:0c:e3:ed:97:5a:64:a6:a9:dc:2f:35
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/06/2016, 00:00

Not After

16/06/2017, 23:59

Subject

CN=Prof Assist,O=Prof Assist,POSTALCODE=236010,STREET=d. 2 kv. 34\, ul.Vozdushnaya,L=Kaliningrad,ST=Kaliningrad,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:cf:26:6b:43:09:b4:24:5a:7c:4a:9d:50:3b:06:53:60:83:ed:5e
Signer

Actual PE Digest

b0:cf:26:6b:43:09:b4:24:5a:7c:4a:9d:50:3b:06:53:60:83:ed:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushInstructionCache
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetLastError
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapSetInformation
HeapSize
InitializeCriticalSection
FindResourceW
InterlockedPushEntrySList
LoadResource
LockResource
MulDiv
MultiByteToWideChar
RaiseException
SetEvent
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualFree
WideCharToMultiByte
lstrcmpW
lstrlenW
DeleteCriticalSection
CreateMutexW
CreateFileW
CloseHandle
LoadLibraryA
GetModuleHandleW
GetProcessHeap
HeapAlloc
InterlockedPopEntrySList
VirtualAlloc

user32

LoadIconA
GetParent
LoadBitmapA
GetSystemMetrics
LoadBitmapW
LoadIconW

advapi32

GetTraceEnableFlags
RegOpenKeyA
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
TraceMessage
UnregisterTraceGuids
RegQueryValueExW

winmm

timeGetTime

Sections

.text
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66ef10f2af6d136b09ffe05efaf86d78

Code Sign

28:34:fb:06:f2:0c:e3:ed:97:5a:64:a6:a9:dc:2f:35Certificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

b0:cf:26:6b:43:09:b4:24:5a:7c:4a:9d:50:3b:06:53:60:83:ed:5eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winmm

Sections

.text Size: 566KB - Virtual size: 566KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 588B

.rsrc Size: 98KB - Virtual size: 98KB

28:34:fb:06:f2:0c:e3:ed:97:5a:64:a6:a9:dc:2f:35
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

b0:cf:26:6b:43:09:b4:24:5a:7c:4a:9d:50:3b:06:53:60:83:ed:5e
Signer

.text
Size: 566KB - Virtual size: 566KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 588B

.rsrc
Size: 98KB - Virtual size: 98KB