9362d9bdf051e5446827eca28d068910_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9362d9bdf051e5446827eca28d068910_JaffaCakes118
Size

522KB
MD5

9362d9bdf051e5446827eca28d068910
SHA1

36ed920a809970d64cc326d40e3de9c2a7fe1205
SHA256

33d84e3d4a47eec95f53d84e5564e3a630cd46a9f96a3055a41249b9eb7262ff
SHA512

8f3b38a20c5d71070d906894183dcc494cb9260e3eda1d5f49dcb138066bd268404181b29423d3050bfbadf22796700f44b98bec19fa53e5dc547d36490ed39a
SSDEEP

12288:3o72fTycHAf/UE0eXSn4Ji6mZidLV8ca3L8jI8d2tZTN2u:3oaLf5ii4w6QgNatWiTn

Score

1^/10

Malware Config

Signatures

Files

9362d9bdf051e5446827eca28d068910_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3fd189d2f9c923b294161e45136d0eff

Code Sign

41:79:ea:1b:ec:59:d4:ca:7e:66:86:28:32:55:54:80
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

24/09/2014, 00:00

Not After

24/09/2015, 23:59

Subject

CN=Evgen Kugitko,OU=Individual Developer,O=No Organization Affiliation,L=Kiev,ST=Kiev,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

07:c7:44:81:e4:63:ef:f8:9a:93:06:9b:0a:b8:a1:6a:97:e7:41:ef
Signer

Actual PE Digest

07:c7:44:81:e4:63:ef:f8:9a:93:06:9b:0a:b8:a1:6a:97:e7:41:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

SetWindowLongA
SendMessageA
GetWindowLongA
DestroyWindow
PostQuitMessage
DispatchMessageA
EnableMenuItem
EnableWindow
ShowWindow
UpdateWindow
GetDlgItem
PostMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
EndDialog
IsDlgButtonChecked
DialogBoxParamA
CreateDialogParamA
ExitWindowsEx
MessageBoxA
SetWindowTextA
SystemParametersInfoA
GetSystemMenu
CharNextA
PeekMessageA

advapi32

RegCloseKey
RegOpenKeyExA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExA
SHGetSpecialFolderPathA
SHFileOperationA
SHBrowseForFolderA
SHGetPathFromIDListA

kernel32

lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
MultiByteToWideChar
lstrlenA
GetFileSize
CreateFileA
CreateDirectoryA
DeleteFileA
GetTempFileNameA
GetTempPathA
GetFullPathNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
MoveFileA
ReadFile
ExpandEnvironmentStringsA
SetEvent
CreateEventA
SetFilePointer
LockResource
LoadResource
FindResourceA
GetSystemDirectoryA
GetUserDefaultLangID
GetSystemDefaultLangID
GetVersionExA
WriteFile
GlobalFree
GlobalAlloc
CompareStringA
GetCurrentProcess
WritePrivateProfileStringA
GetWindowsDirectoryA
SetCurrentDirectoryA
CreateProcessA
GetDiskFreeSpaceExA
GetModuleFileNameA
SetLastError
WideCharToMultiByte
SetFileTime
DosDateTimeToFileTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetCPInfo
HeapSize
Sleep
VirtualAlloc
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetFileType
GetCurrentDirectoryA
GetLastError
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LocalFree
GetFileAttributesA
LocalAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapReAlloc
RtlUnwind
ExitThread
GetCurrentThreadId
CreateThread
GetModuleHandleA
ExitProcess
GetSystemTimeAsFileTime
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
LoadResource
FindResourceA
CreateFileA
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCommandLineW
CreateEventA
OpenEventA
GetTickCount
lstrcatA
HeapFree
lstrcpyA
HeapAlloc
GetProcessHeap
ReadProcessMemory
GetDateFormatA
lstrcmpA
lstrcmpiA
GetEnvironmentVariableA
MulDiv
CreateProcessA
ExpandEnvironmentStringsA
SearchPathA
GetFileAttributesA
GetNumberFormatA
lstrcpynA
GetSystemDirectoryA
GetProcessAffinityMask
Sleep
SetThreadAffinityMask
GetCurrentThread
DeleteFileA
GetCommandLineA
VirtualQueryEx
OpenProcess
SetFilePointer
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
ResetEvent
LoadLibraryW
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
PulseEvent
GlobalMemoryStatus
WaitForMultipleObjects
SetErrorMode
GetCurrentProcessId
TerminateProcess
SetPriorityClass
SizeofResource
FindFirstFileA
SetEnvironmentVariableA
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalReAlloc
SetProcessWorkingSetSize
GetLocaleInfoA
GetComputerNameW
FormatMessageA
DeviceIoControl
GetDriveTypeA
GetCurrentDirectoryA
GetFileTime
GetExitCodeThread
DuplicateHandle
VirtualFree
VirtualAlloc
GetThreadContext
GetProcessWorkingSetSize
MultiByteToWideChar
GlobalAddAtomA
GetSystemInfo
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
GetStartupInfoA
ResumeThread
CreateThread
GetCurrentThreadId
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
RaiseException
InterlockedExchange
LockResource
GetCurrentProcess
IsBadStringPtrA
lstrlenA
InitializeCriticalSection
GetSystemTimeAsFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatA
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetModuleHandleA
WaitForSingleObject
TerminateThread
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
CreateToolhelp32Snapshot
Module32First
CloseHandle
Module32Next
GetVersion
FreeLibrary
LoadLibraryA
GetProcAddress
GetLastError
LocalFree
LocalAlloc
GetModuleFileNameA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
FindClose
FreeEnvironmentStringsW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

oleaut32

SysAllocString
SysReAllocString
SysAllocStringLen
SysReAllocStringLen
SysFreeString
SysStringLen

Sections

CODE
Size: - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 29B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3fd189d2f9c923b294161e45136d0eff

Code Sign

41:79:ea:1b:ec:59:d4:ca:7e:66:86:28:32:55:54:80Certificate

Extended Key Usages

Key Usages

07:c7:44:81:e4:63:ef:f8:9a:93:06:9b:0a:b8:a1:6a:97:e7:41:efSigner

Headers

File Characteristics

Imports

user32

advapi32

shell32

kernel32

oleaut32

Sections

CODE Size: - Virtual size: 687KB

DATA Size: - Virtual size: 27KB

.idata Size: - Virtual size: 11KB

.tls Size: - Virtual size: 29B

.rdata Size: - Virtual size: 24B

.text Size: - Virtual size: 160KB

.itext Size: 496KB - Virtual size: 495KB

.reloc Size: 512B - Virtual size: 3KB

.rsrc Size: 21KB - Virtual size: 93KB

41:79:ea:1b:ec:59:d4:ca:7e:66:86:28:32:55:54:80
Certificate

07:c7:44:81:e4:63:ef:f8:9a:93:06:9b:0a:b8:a1:6a:97:e7:41:ef
Signer

CODE
Size: - Virtual size: 687KB

DATA
Size: - Virtual size: 27KB

.idata
Size: - Virtual size: 11KB

.tls
Size: - Virtual size: 29B

.rdata
Size: - Virtual size: 24B

.text
Size: - Virtual size: 160KB

.itext
Size: 496KB - Virtual size: 495KB

.reloc
Size: 512B - Virtual size: 3KB

.rsrc
Size: 21KB - Virtual size: 93KB