f3f06037fd4c621df1361d66e9dfe9e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f3f06037fd4c621df1361d66e9dfe9e6_JaffaCakes118
Size

195KB
MD5

f3f06037fd4c621df1361d66e9dfe9e6
SHA1

082e00476f97fe2d3adabde853a7f6dd0520699d
SHA256

40369ac2e8850c719c920cf05ca4c9f9b9e389fc929833932f1ce74bfbca1b9b
SHA512

4ac15dae18a333a52f22f6c1dadaf8dbf70fee4b29ac016150d4ad3b4991d32d73eefd321c46bd8ea05c405486bdf85891c60179de3af61fb2faff1354dd2432
SSDEEP

3072:mTOhDnsLRkyNTBzwSkjM+tGrnrnUOXhzM8Zf7ppmVYKeGFEkF2KwH9GhLGBNj42t:mmDgfNTBzwxjM/rHAaf7ptKFzdL6+mw

Score

1^/10

Malware Config

Signatures

Files

f3f06037fd4c621df1361d66e9dfe9e6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b6811aee1c81a4e9d2a666c71eed939a

Code Sign

40:e8:c8:0e:05:e3:76:47:bd:55:6a:83:7c:7c:15:e8
Certificate

Issuer

CN=t34ywervywe4

Not Before

23/02/2012, 09:30

Not After

31/12/2039, 23:59

Subject

CN=t34ywervywe4

Extended Key Usages

ExtKeyUsageCodeSigning

ef:1b:57:3c:96:91:ac:4c:c4:44:cb:ae:c1:8e:41:3d:44:69:68:8f
Signer

Actual PE Digest

ef:1b:57:3c:96:91:ac:4c:c4:44:cb:ae:c1:8e:41:3d:44:69:68:8f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProfileIntW
GetSystemTimeAdjustment
GetSystemWindowsDirectoryA
GetThreadSelectorEntry
GetUserDefaultLangID
GetVersion
GetWriteWatch
GlobalFindAtomA
GlobalFlags
GlobalReAlloc
GlobalUnfix
GlobalWire
HeapCompact
IsBadReadPtr
LoadModule
LocalAlloc
LocalFlags
LocalLock
LocalReAlloc
MapViewOfFileEx
Module32NextW
MoveFileExA
OpenWaitableTimerW
PeekConsoleInputA
Process32First
GetProcessVersion
ReadConsoleInputA
ReadConsoleOutputCharacterW
RemoveDirectoryA
ResumeThread
ScrollConsoleScreenBufferA
SetConsoleActiveScreenBuffer
SetConsoleTitleW
SetInformationJobObject
SetThreadLocale
SetTimeZoneInformation
SetUnhandledExceptionFilter
SetVolumeMountPointA
SizeofResource
UnlockFile
UnlockFileEx
UpdateResourceA
VerifyVersionInfoW
VirtualFree
VirtualProtect
VirtualProtectEx
WaitForSingleObject
WaitNamedPipeW
WritePrivateProfileSectionW
WritePrivateProfileStructW
GetProcessTimes
GetProcessIoCounters
GetPrivateProfileStringA
GetNumberOfConsoleInputEvents
GetNamedPipeHandleStateA
GetLastError
GetFileAttributesExW
GetExitCodeThread
GetEnvironmentStringsA
GetEnvironmentStrings
GetCurrentDirectoryA
GetConsoleTitleA
GetComputerNameExW
GetComputerNameA
FormatMessageW
FlushViewOfFile
FlushInstructionCache
FlushConsoleInputBuffer
VirtualAlloc
FindNextChangeNotification
FindFirstVolumeMountPointA
FindAtomW
FatalExit
ExpandEnvironmentStringsW
EscapeCommFunction
EraseTape
EnumSystemLanguageGroupsW
EnumSystemCodePagesA
EnumResourceTypesW
EnumResourceNamesA
EnumResourceLanguagesW
EnterCriticalSection
DefineDosDeviceA
CreateWaitableTimerW
CreateTimerQueue
CreateSemaphoreA
CreateIoCompletionPort
CreateFileMappingW
CreateEventA
CreateDirectoryW
CreateDirectoryA
ContinueDebugEvent
CompareFileTime
CancelIo
BeginUpdateResourceA
AddConsoleAliasW
GetWindowsDirectoryA
lstrlenA
lstrcpyA
CreateFileA
LoadLibraryW
GetProcAddress
ExitProcess
PulseEvent

ole32

OleCreate
OleCreateFromDataEx
OleCreateFromFileEx
OleCreateLink
OleCreateLinkEx
OleInitialize
OleInitializeWOW
OleIsRunning
OleLoad
OleLoadFromStream
OleMetafilePictFromIconAndLabel
OleRegEnumFormatEtc
OleRun
OleSetClipboard
OpenOrCreateStream
PropStgNameToFmtId
PropVariantCopy
ReadClassStm
ReadFmtUserTypeStg
ReadStringStream
RegisterDragDrop
SNB_UserMarshal
STGMEDIUM_UserFree
STGMEDIUM_UserSize
STGMEDIUM_UserUnmarshal
StgCreateDocfile
StgIsStorageILockBytes
StgOpenStorage
StgOpenStorageEx
UpdateDCOMSettings
UtGetDvtd32Info
WriteClassStg
IsEqualGUID
IIDFromString
HWND_UserMarshal
HPALETTE_UserMarshal
HPALETTE_UserFree
HMETAFILE_UserMarshal
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserFree
HMENU_UserMarshal
HGLOBAL_UserUnmarshal
HGLOBAL_UserMarshal
HENHMETAFILE_UserUnmarshal
HENHMETAFILE_UserSize
HDC_UserUnmarshal
HDC_UserMarshal
HBITMAP_UserUnmarshal
HBITMAP_UserMarshal
HBITMAP_UserFree
HACCEL_UserSize
GetDocumentBitStg
GetConvertStg
FmtIdToPropStgName
EnableHookObject
CreateObjrefMoniker
CreateDataCache
CoUnmarshalInterface
CoUnloadingWOW
CoTaskMemFree
CoSwitchCallContext
CoResumeClassObjects
CoReleaseMarshalData
CoRegisterMessageFilter
CoRegisterMallocSpy
CoReactivateObject
CoQueryReleaseObject
CoMarshalInterface
CoLockObjectExternal
CoInstall
CoInitializeWOW
CoImpersonateClient
CoGetObjectContext
CoGetMarshalSizeMax
CoGetMalloc
CoGetApartmentID
CoFreeUnusedLibraries
CoFreeLibrary
CoFileTimeToDosDateTime
CoDisableCallCancellation
CoCreateObjectInContext
CoCreateInstanceEx
CoCancelCall
CoAddRefServerProcess
CLIPFORMAT_UserUnmarshal
CoQueryClientBlanket

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
ord7
CreateToolbarEx
ord16
DestroyPropertySheetPage
ord15
DrawStatusText
ord5
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollRange
GetMUILanguage
ImageList_AddMasked
ImageList_Create
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawIndirect
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImageA
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetFilter
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitCommonControlsEx
InitializeFlatSB
ord14
ord13
ord2
PropertySheetW
ord3
UninitializeFlatSB
CreatePropertySheetPage

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text5
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tex5t2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6811aee1c81a4e9d2a666c71eed939a

Code Sign

40:e8:c8:0e:05:e3:76:47:bd:55:6a:83:7c:7c:15:e8Certificate

Extended Key Usages

ef:1b:57:3c:96:91:ac:4c:c4:44:cb:ae:c1:8e:41:3d:44:69:68:8fSigner

Headers

File Characteristics

Imports

kernel32

ole32

comctl32

Sections

.text Size: 9KB - Virtual size: 8KB

.text5 Size: 178KB - Virtual size: 177KB

.data Size: 512B - Virtual size: 244B

.tex5t2 Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

40:e8:c8:0e:05:e3:76:47:bd:55:6a:83:7c:7c:15:e8
Certificate

ef:1b:57:3c:96:91:ac:4c:c4:44:cb:ae:c1:8e:41:3d:44:69:68:8f
Signer

.text
Size: 9KB - Virtual size: 8KB

.text5
Size: 178KB - Virtual size: 177KB

.data
Size: 512B - Virtual size: 244B

.tex5t2
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB