eb25d6a2e556b8176462c7cfd113f1eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb25d6a2e556b8176462c7cfd113f1eb_JaffaCakes118
Size

41KB
MD5

eb25d6a2e556b8176462c7cfd113f1eb
SHA1

878382ce717747232ceae03722fee16ce2e3646d
SHA256

3a8f93b41c5d4e76ccccaf00d2fade3d5381d812b99a9eafbdfa1f1c844d538e
SHA512

2a731c00d98aba199f369dfd22538a42ca45ab8147d7cd76c8da47ed853211154212335896147150e08f2168a952cfc59c3eb84b09649f46da1b4b015382e99a
SSDEEP

768:TMKixm1ld2Pzoo+NsHmWIzpLdVLdlLdDBfLdDmKxPjA:TMKi4ld2Pzoo+E4LDLbL7fLPpjA

Score

1^/10

Malware Config

Signatures

Files

eb25d6a2e556b8176462c7cfd113f1eb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f726b6b0fadc07e630b512d337a5534f

Code Sign

3c:a2:ac:cf:ba:9b:d4:8f:48:09:8c:05:ae:26:8d:9d
Certificate

Issuer

CN=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb zpGj8cc28il7tGJpL3Bn2AGpLw4a9Agv7mouGDpzi3exC2nKkHJA5Hekjjb4sGsAFcfuECsC57nmli4u3Kvk1fc LIvom3nMsaAiMH j7EGg3tevl2llDhJ6mbFtBDjpnu2GL4kv1wB1GvqwL1c7fkny7aiw1cL1h5CazHfJkeGhldrBm 67ocd5upipnpArpK3szodIlhILM2zska45qL8hwx3dHhii9FacdGksGl1k796g5ovmtCHKrbbgv6mkJ9bqsjMfaFrvFHL5Jz32 FI9p2bigutwnM1HEuq8j4EwqKdnk8qCEcpGk7Mhr3v96jp5Jhyv7gqtepbjlAMxoDg85Lop5E4y4Ec8s3mzleh5lJlssC5xIcBi9hhj5ryjtwp3cv7DxgyCMm21AFqG2nagqJ93iIlHJ85bILma1axFBokiacbdrxggMab1nAjx9dsegIL4nvdai2H42y4A1j91Fidyf7n8LpIcc5fEhklEJh5GusEFxzDz k9cKM J2ctzfHw9qhAbI6HGoGq4AbGLeK gm4jyMbarJfge5eqAih2jzi zbHA5elBL8HDtuKBAqj82wH7nHrHnd4ytj 7KzLvcLAMu943ek1exMwnnuv3q5sbpnBojCcmgd77ioDqg9g8bL 27ofApxG57u Awav3od4ebrrAFbwmhE8J5h6Ea5twbLFu1Kg Gjeag7gx151L16o55FCCK7r7ruLmdagJvGiyu8cfBbKu i5CvpHHvHgnGuryunxnJ6ud3zaerMA3LC9zeABF5kkiaAIGBwmDzkK7hJMEvr2Gr25BJsDEqlbk3qLweJ1v8xu3tqL2vi2cAjzvz9Jpolfg4rxAfAzbfvM3sELya6ts c2pAo1nJdL2ucH8r4qoHnrBIfc heouAhHdDI6awqkc5Ei1gEiInrB854nnebalLjArfyAoHltbgnEexvouGgLpIpBasfClsys6teFnc6iIdgHupfLn1ooMMM8BDhxl9cdq8KzzwfkIKoKemgvFv61wDKjlwhsxzxfClvGLzCjlwEeb9zduMfeJelzeAjr6ggGk6fzbrzFJ5IL4IGlhHFEJsyGEp3FA5K9AA75vHEIa I 1FxnhhfhxMd1IdABlGzau8KGtCFjqsqeano6ucrdKMKE6mp1a1hliFMyy2uyAuHm3AIBEfhagnAcpsMkpeBEGLIkAvL8IMsMl33hjjlblxB4dj oF9JomMdr1z65vzC4rJloluz7FcMFKC2E8uIjbjK982klG9nI96vA1idMMiLlKx9unM2b eh4skgw4zglxutd7ge5eHakKJ3h3axvEzyJmGxmMlExo9aHbmK9LJbn9M79FEFb 3Jer6M6ltKegACFLChHFH4KJI9nD12v971cfze7yFnLu2L3 muurdJBjeyz2eesLu4mrlFsE7A4LKsEww3M25KqaqdA6g714C19poJGintaaxyojx4HHvilC738Lie85MHK7LBotpzAhz1AJ97IljDhErq6HwG4K2ubxsrDnBwFvlnMyActDs AsbDxfahdtnM2jpt4vFDKqzkF93mjoju z352D6 K9j768wlHzdlh7exijrG8D9dEpg3BzLcgy74LlkGJKl5h7wFF458DB9yD9f41jrmxoqj9zCJaiuMgbFBDrg5aeBjyynCFkLfK3fJ37hAvvMyEErqMIJBoeop x4sipAbz7jyEfdn4M2xyyBpr2qshvu5qprD2 ufhFc8mDdhEIevILAfLyaF7ld3lzg51MweJmvzhby62lAMuw5DEFEAraMor4A2kejrFMueszv9mGcKF 6fb5KAt8517Jqxjw6Lcan9ptDJr6 n4E9u8CGBt2o fCpu5G965j5DGhl1roFd3n3AJgpD1tcJBqr3k1LAAqqawBjwFw 4mMBDIvoczo9G69ungdFo3h4dd2Ilq9Mo2n3KGqg aaaaaaaaaaaaaaaaaaaaaaa

Not Before

08/01/2013, 18:21

Not After

31/12/2039, 23:59

Subject

CN=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb zpGj8cc28il7tGJpL3Bn2AGpLw4a9Agv7mouGDpzi3exC2nKkHJA5Hekjjb4sGsAFcfuECsC57nmli4u3Kvk1fc LIvom3nMsaAiMH j7EGg3tevl2llDhJ6mbFtBDjpnu2GL4kv1wB1GvqwL1c7fkny7aiw1cL1h5CazHfJkeGhldrBm 67ocd5upipnpArpK3szodIlhILM2zska45qL8hwx3dHhii9FacdGksGl1k796g5ovmtCHKrbbgv6mkJ9bqsjMfaFrvFHL5Jz32 FI9p2bigutwnM1HEuq8j4EwqKdnk8qCEcpGk7Mhr3v96jp5Jhyv7gqtepbjlAMxoDg85Lop5E4y4Ec8s3mzleh5lJlssC5xIcBi9hhj5ryjtwp3cv7DxgyCMm21AFqG2nagqJ93iIlHJ85bILma1axFBokiacbdrxggMab1nAjx9dsegIL4nvdai2H42y4A1j91Fidyf7n8LpIcc5fEhklEJh5GusEFxzDz k9cKM J2ctzfHw9qhAbI6HGoGq4AbGLeK gm4jyMbarJfge5eqAih2jzi zbHA5elBL8HDtuKBAqj82wH7nHrHnd4ytj 7KzLvcLAMu943ek1exMwnnuv3q5sbpnBojCcmgd77ioDqg9g8bL 27ofApxG57u Awav3od4ebrrAFbwmhE8J5h6Ea5twbLFu1Kg Gjeag7gx151L16o55FCCK7r7ruLmdagJvGiyu8cfBbKu i5CvpHHvHgnGuryunxnJ6ud3zaerMA3LC9zeABF5kkiaAIGBwmDzkK7hJMEvr2Gr25BJsDEqlbk3qLweJ1v8xu3tqL2vi2cAjzvz9Jpolfg4rxAfAzbfvM3sELya6ts c2pAo1nJdL2ucH8r4qoHnrBIfc heouAhHdDI6awqkc5Ei1gEiInrB854nnebalLjArfyAoHltbgnEexvouGgLpIpBasfClsys6teFnc6iIdgHupfLn1ooMMM8BDhxl9cdq8KzzwfkIKoKemgvFv61wDKjlwhsxzxfClvGLzCjlwEeb9zduMfeJelzeAjr6ggGk6fzbrzFJ5IL4IGlhHFEJsyGEp3FA5K9AA75vHEIa I 1FxnhhfhxMd1IdABlGzau8KGtCFjqsqeano6ucrdKMKE6mp1a1hliFMyy2uyAuHm3AIBEfhagnAcpsMkpeBEGLIkAvL8IMsMl33hjjlblxB4dj oF9JomMdr1z65vzC4rJloluz7FcMFKC2E8uIjbjK982klG9nI96vA1idMMiLlKx9unM2b eh4skgw4zglxutd7ge5eHakKJ3h3axvEzyJmGxmMlExo9aHbmK9LJbn9M79FEFb 3Jer6M6ltKegACFLChHFH4KJI9nD12v971cfze7yFnLu2L3 muurdJBjeyz2eesLu4mrlFsE7A4LKsEww3M25KqaqdA6g714C19poJGintaaxyojx4HHvilC738Lie85MHK7LBotpzAhz1AJ97IljDhErq6HwG4K2ubxsrDnBwFvlnMyActDs AsbDxfahdtnM2jpt4vFDKqzkF93mjoju z352D6 K9j768wlHzdlh7exijrG8D9dEpg3BzLcgy74LlkGJKl5h7wFF458DB9yD9f41jrmxoqj9zCJaiuMgbFBDrg5aeBjyynCFkLfK3fJ37hAvvMyEErqMIJBoeop x4sipAbz7jyEfdn4M2xyyBpr2qshvu5qprD2 ufhFc8mDdhEIevILAfLyaF7ld3lzg51MweJmvzhby62lAMuw5DEFEAraMor4A2kejrFMueszv9mGcKF 6fb5KAt8517Jqxjw6Lcan9ptDJr6 n4E9u8CGBt2o fCpu5G965j5DGhl1roFd3n3AJgpD1tcJBqr3k1LAAqqawBjwFw 4mMBDIvoczo9G69ungdFo3h4dd2Ilq9Mo2n3KGqg aaaaaaaaaaaaaaaaaaaaaaa

Extended Key Usages

ExtKeyUsageCodeSigning

aa:02:a3:b7:8b:46:d1:f8:86:4d:67:49:ed:b5:31:9c:2e:08:b4:63
Signer

Actual PE Digest

aa:02:a3:b7:8b:46:d1:f8:86:4d:67:49:ed:b5:31:9c:2e:08:b4:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetLocalTime
GetLocaleInfoA
GetOEMCP
GetSystemTime
HeapAlloc
HeapFree
HeapReAlloc
InterlockedExchange
LoadLibraryA
RtlUnwind
SetEndOfFile
GetCPInfo
SystemTimeToFileTime
GetFileSize
VirtualAlloc
VirtualFree
VirtualQuery
WriteFile
lstrcmpA
lstrcmpiA
lstrlenA
lstrcatA
GetSystemDirectoryA
ReadFile
GetACP
FindNextFileA
FindFirstFileA
TlsSetValue
GetDiskFreeSpaceA
FindClose
DeleteFileA
CreateFileA
CreateDirectoryA
SetFilePointer
CloseHandle

user32

MessageBoxA
OffsetRect
PeekMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetWindowPos
ShowWindow
SystemParametersInfoA
TranslateMessage
LoadCursorA
LoadStringA
IsDlgButtonChecked
IsDialogMessageA
GetWindowRect
GetParent
GetDlgItem
GetDesktopWindow
EndDialog
DispatchMessageA
DialogBoxParamA
DestroyWindow
CheckDlgButton
CharPrevA
CreateDialogParamA

advapi32

RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyExA
RegOverridePredefKey

ole32

CoInitialize
CoGetMalloc
CoCreateInstance
CoTaskMemRealloc
CoUninitialize

shlwapi

wnsprintfA
StrFormatByteSize64A

comctl32

InitCommonControlsEx

msvcrt

memcpy

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f726b6b0fadc07e630b512d337a5534f

Code Sign

3c:a2:ac:cf:ba:9b:d4:8f:48:09:8c:05:ae:26:8d:9dCertificate

Extended Key Usages

aa:02:a3:b7:8b:46:d1:f8:86:4d:67:49:ed:b5:31:9c:2e:08:b4:63Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

comctl32

msvcrt

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 92B

.data3 Size: 512B - Virtual size: 100B

.data2 Size: 512B - Virtual size: 100B

.rsrc Size: 3KB - Virtual size: 2KB

3c:a2:ac:cf:ba:9b:d4:8f:48:09:8c:05:ae:26:8d:9d
Certificate

aa:02:a3:b7:8b:46:d1:f8:86:4d:67:49:ed:b5:31:9c:2e:08:b4:63
Signer

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 92B

.data3
Size: 512B - Virtual size: 100B

.data2
Size: 512B - Virtual size: 100B

.rsrc
Size: 3KB - Virtual size: 2KB