03603beabe95a20af2f0abea40678ab5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

03603beabe95a20af2f0abea40678ab5_JaffaCakes118
Size

258KB
MD5

03603beabe95a20af2f0abea40678ab5
SHA1

c5a55335ed23aaceab0b06ce77da1d9332b7d5f2
SHA256

eb4e91bab18a2319f03869f35358ddd77047335dc33edd0e67eb295040a82062
SHA512

82ca8c8a2bc8d9d5cd8cee03de8118b569e5da082a741b1504f4d05ef0a3f209a44cbdda1cfc7b2318cd41d59ac113e45384c62faf941a7d25d1b5067364e155
SSDEEP

6144:eHVMEA3s06rlllll9lllll46EhuuVbxTJOvI:+VMkllllll9lllll46EhHOw

Score

1^/10

Malware Config

Signatures

Files

03603beabe95a20af2f0abea40678ab5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

cc443f1563830cca8dd4ce5163697f31

Code Sign

0b:54:59:18:f2:f5:75:90:43:7b:c7:aa:79:99:62:f1
Certificate

Issuer

CN=UwguJCfGoa6Uf2nnngFecF1Ue

Not Before

21-04-2012 09:32

Not After

31-12-2039 23:59

Subject

CN=UwguJCfGoa6Uf2nnngFecF1Ue

Extended Key Usages

ExtKeyUsageCodeSigning

f1:46:41:d1:c4:20:8a:dc:55:35:ff:91:49:ef:52:bd:28:79:9b:5a
Signer

Actual PE Digest

f1:46:41:d1:c4:20:8a:dc:55:35:ff:91:49:ef:52:bd:28:79:9b:5a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
VirtualAllocEx
AddAtomA
AllocConsole
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBAndTimeoutsA
BuildCommDCBW
CancelDeviceWakeupRequest
CancelWaitableTimer
CompareFileTime
CompareStringA
ConnectNamedPipe
ContinueDebugEvent
CopyFileExA
CopyFileExW
CreateConsoleScreenBuffer
CreateDirectoryExA
CreateDirectoryExW
CreateFiber
CreateFileMappingW
CreateIoCompletionPort
CreateJobObjectA
CreateJobObjectW
CreateMailslotW
CreateMutexA
CreatePipe
CreateProcessA
CreateRemoteThread
CreateSemaphoreA
CreateSemaphoreW
CreateTapePartition
CreateThread
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateWaitableTimerA
CreateWaitableTimerW
DebugActiveProcess
DebugBreak
DeleteCriticalSection
DeleteFileA
DeleteTimerQueue
DeleteTimerQueueTimer
DeleteVolumeMountPointA
DeleteVolumeMountPointW
DosDateTimeToFileTime
EndUpdateResourceA
EnumCalendarInfoW
EnumDateFormatsW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
EnumSystemCodePagesA
EnumSystemCodePagesW
EnumSystemLocalesA
EnumTimeFormatsA
EnumTimeFormatsW
EnumUILanguagesA
EnumUILanguagesW
ExitThread
ExpandEnvironmentStringsW
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FindAtomA
FindAtomW
FindClose
FindFirstChangeNotificationA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeA
FindFirstVolumeMountPointW
FindNextFileW
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindNextVolumeW
FindResourceExW
FindVolumeMountPointClose
FlushConsoleInputBuffer
FlushInstructionCache
FoldStringW
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GenerateConsoleCtrlEvent
GetAtomNameA
GetAtomNameW
GetBinaryType
GetBinaryTypeA
GetCPInfo
GetCPInfoExW
GetCalendarInfoA
GetCalendarInfoW
GetCommMask
GetCommandLineA
GetCommandLineW
GetComputerNameExA
GetConsoleAliasA
GetConsoleAliasExesA
GetConsoleAliasesA
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleFontSize
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrencyFormatA
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDefaultCommConfigW
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsA
GetEnvironmentVariableA
GetExitCodeThread
GetFileAttributesExA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetHandleInformation
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNamedPipeHandleStateA
GetNamedPipeInfo
GetNumberFormatW
GetNumberOfConsoleMouseButtons
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProcAddress
GetProcessAffinityMask
GetProcessHeaps
GetProcessIoCounters
GetProcessPriorityBoost
GetProcessShutdownParameters
GetProcessVersion
GetProfileIntA
GetProfileIntW
GetQueuedCompletionStatus
GetShortPathNameA
GetShortPathNameW
GetStringTypeA
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemPowerStatus
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetTapeParameters
GetTapePosition
GetTapeStatus
GetTempFileNameW
GetThreadContext
lstrcatA
GetThreadPriorityBoost
GetThreadTimes
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultUILanguage
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
GetVolumeNameForVolumeMountPointA
GetVolumeNameForVolumeMountPointW
GetVolumePathNameA
GlobalAddAtomW
GlobalAlloc
GlobalFindAtomW
GlobalFix
GlobalFree
GlobalGetAtomNameW
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
GlobalWire
Heap32First
Heap32ListNext
HeapAlloc
HeapCompact
HeapDestroy
HeapFree
HeapLock
HeapReAlloc
HeapValidate
HeapWalk
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
IsBadCodePtr
IsBadStringPtrA
IsBadStringPtrW
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LoadLibraryA
LoadLibraryExA
LoadLibraryW
LocalAlloc
LocalLock
LocalReAlloc
LockFileEx
MapUserPhysicalPages
MapUserPhysicalPagesScatter
MoveFileA
MoveFileW
MoveFileWithProgressW
OpenEventA
OpenFile
OpenJobObjectA
OpenJobObjectW
OpenMutexW
OpenProcess
OpenSemaphoreA
OpenSemaphoreW
OpenThread
OpenWaitableTimerA
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
Process32Next
Process32NextW
PulseEvent
QueryDosDeviceA
QueryPerformanceCounter
QueueUserAPC
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputCharacterW
ReadDirectoryChangesW
ReadFileEx
ReadFileScatter
ReadProcessMemory
ReleaseMutex
RemoveDirectoryA
RemoveDirectoryW
ReplaceFile
RequestDeviceWakeup
ResetEvent
ResetWriteWatch
ResumeThread
RtlFillMemory
RtlMoveMemory
SearchPathW
SetCalendarInfoA
SetCalendarInfoW
SetCommBreak
SetCommConfig
SetCommMask
SetCommTimeouts
SetComputerNameExA
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleOutputCP
SetConsoleTitleW
SetConsoleWindowInfo
SetDefaultCommConfigW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointerEx
SetFileTime
SetHandleCount
SetHandleInformation
SetLocaleInfoW
SetMailslotInfo
SetNamedPipeHandleState
SetProcessPriorityBoost
SetSystemTimeAdjustment
SetTapePosition
SetThreadAffinityMask
SetThreadContext
SetThreadIdealProcessor
SetThreadPriorityBoost
SetTimeZoneInformation
SetUnhandledExceptionFilter
SetVolumeLabelA
SetVolumeLabelW
SetVolumeMountPointA
SetWaitableTimer
SetupComm
SignalObjectAndWait
SuspendThread
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
Thread32First
Thread32Next
TlsSetValue
Toolhelp32ReadProcessMemory
TryEnterCriticalSection
UpdateResourceW
VerLanguageNameW
VerifyVersionInfoW
VirtualAlloc
VirtualProtect
VirtualProtectEx
WaitForDebugEvent
WaitForMultipleObjects
WaitNamedPipeA
WinExec
WriteConsoleA
WriteConsoleInputA
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleOutputAttribute
WriteConsoleOutputCharacterW
WriteConsoleOutputW
WriteConsoleW
WriteFile
WriteFileGather
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStructA
WriteProfileSectionA
WriteProfileSectionW
_hread
_hwrite
_lclose
_llseek
_lopen
lstrcat
lstrcatW
lstrcmp
lstrcmpA
lstrcpy
lstrcpyA
lstrcpynW
lstrlenW
GetThreadPriority
CreateFileA

advapi32

RegOpenKeyExW

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

textg3
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

textg4
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

textg
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

textgQ
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

textg2
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc443f1563830cca8dd4ce5163697f31

Code Sign

0b:54:59:18:f2:f5:75:90:43:7b:c7:aa:79:99:62:f1Certificate

Extended Key Usages

f1:46:41:d1:c4:20:8a:dc:55:35:ff:91:49:ef:52:bd:28:79:9b:5aSigner

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 2KB - Virtual size: 1KB

textg3 Size: 10KB - Virtual size: 9KB

textg4 Size: 10KB - Virtual size: 9KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 184B

textg Size: 10KB - Virtual size: 9KB

textgQ Size: 10KB - Virtual size: 9KB

textg2 Size: 10KB - Virtual size: 9KB

text Size: 183KB - Virtual size: 183KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 2KB

0b:54:59:18:f2:f5:75:90:43:7b:c7:aa:79:99:62:f1
Certificate

f1:46:41:d1:c4:20:8a:dc:55:35:ff:91:49:ef:52:bd:28:79:9b:5a
Signer

.text
Size: 2KB - Virtual size: 1KB

textg3
Size: 10KB - Virtual size: 9KB

textg4
Size: 10KB - Virtual size: 9KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 184B

textg
Size: 10KB - Virtual size: 9KB

textgQ
Size: 10KB - Virtual size: 9KB

textg2
Size: 10KB - Virtual size: 9KB

text
Size: 183KB - Virtual size: 183KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 2KB