0465a65a64aa3665dff680d15f57bb1f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0465a65a64aa3665dff680d15f57bb1f_JaffaCakes118
Size

279KB
MD5

0465a65a64aa3665dff680d15f57bb1f
SHA1

dce1eb9952d2dad4ad6cfd376feec0382c84aa96
SHA256

21f7b3a558cf87f0676951b835c737de059e9c6ca418c8accbec8c90492d2308
SHA512

8004dd99e845d97489dc6d3fa009e1014f8d1f469eac55c9a3996296524e619d59b46d9b5124eb50bf6f53daab725df592568ff4c08b46d9a1f04d99bf1798ee
SSDEEP

6144:LWEbItVUll5FcDOGej/1jOcM28gQw3IvCpm5hG7X0hLqih:Pll5FsOdj/1KB1hOpmvGb0

Score

1^/10

Malware Config

Signatures

Files

0465a65a64aa3665dff680d15f57bb1f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55a292386462f039f1b9e7d7fc293656

Code Sign

48:74:45:b2:ab:8c:59:b7:45:d8:76:d4:df:e2:58:96
Certificate

Issuer

CN=aPgdobQNbLOM

Not Before

12-03-2012 14:38

Not After

31-12-2039 23:59

Subject

CN=aPgdobQNbLOM

Extended Key Usages

ExtKeyUsageCodeSigning

f1:7b:0a:dd:01:cb:c5:d7:58:60:d5:d9:5a:30:bc:63:58:d6:bd:cd
Signer

Actual PE Digest

f1:7b:0a:dd:01:cb:c5:d7:58:60:d5:d9:5a:30:bc:63:58:d6:bd:cd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
CreateFileA
lstrlenA
lstrcpyA
VirtualAlloc

advapi32

RegOpenKeyExW
DeleteAce
SetPrivateObjectSecurity
CloseTrace
CryptGenKey
RegCreateKeyExA
GetServiceKeyNameA
AccessCheckByTypeResultListAndAuditAlarmW
ElfReportEventW
GetAccessPermissionsForObjectA
RegFlushKey
StartTraceW
RegReplaceKeyA
StartServiceA
GetKernelObjectSecurity
SystemFunction021
LsaSetSecret
RegOpenKeyA
CryptEnumProviderTypesA
SystemFunction003
CryptVerifySignatureA
NotifyChangeEventLog
DeregisterEventSource
RemoveTraceCallback
SetSecurityDescriptorRMControl
LsaSetQuotasForAccount
OpenTraceA
LsaClose
SetSecurityInfoExW
InitiateSystemShutdownExA
SystemFunction032
GetSecurityDescriptorLength
OpenSCManagerW
RegConnectRegistryA
AddAuditAccessObjectAce
CreatePrivateObjectSecurityEx
LsaOpenAccount
GetSidSubAuthorityCount
OpenBackupEventLogW
RegQueryValueExA
BuildSecurityDescriptorA
IsTokenRestricted
AllocateAndInitializeSid
LsaRemoveAccountRights
QueryServiceLockStatusW
ClearEventLogA
ElfReadEventLogW
LsaSetSystemAccessAccount
CryptGetHashParam
EnumServicesStatusExW
BuildExplicitAccessWithNameW
WriteEncryptedFileRaw
CryptSetProviderExA
GetSecurityInfoExW
LookupAccountNameW
SetSecurityDescriptorControl
StartTraceA
RegCreateKeyA
RegisterServiceCtrlHandlerW
GetSecurityDescriptorRMControl
SystemFunction023
AddAce
GetAccessPermissionsForObjectW
CryptHashData
GetSidLengthRequired
SystemFunction017
GetServiceKeyNameW
BuildTrusteeWithSidA
RegOverridePredefKey
FileEncryptionStatusA
ControlService
GetManagedApplications
FindFirstFreeAce
ElfOpenEventLogW
ElfChangeNotify
CryptDuplicateKey
AddAuditAccessAceEx
LsaQuerySecret
GetSecurityInfo
RegCreateKeyExW
DecryptFileW
QueryServiceObjectSecurity
IsValidSid
AccessCheckAndAuditAlarmA
PrivilegedServiceAuditAlarmW
SystemFunction033
OpenSCManagerA
OpenEncryptedFileRawA
LookupPrivilegeValueW
CommandLineFromMsiDescriptor
GetNamedSecurityInfoW
EnumServicesStatusExA
CloseEventLog
SetSecurityInfo
AdjustTokenGroups

shell32

SHAddToRecentDocs
DoEnvironmentSubstW
SHGetDesktopFolder
SHGetPathFromIDListA
ShellAboutA
SHGetIconOverlayIndexW
SHInvokePrinterCommandW
ShellExecuteW
DragQueryFileAorW
ExtractIconExA
ShellHookProc
SHGetIconOverlayIndexA
DragQueryFileW
SHGetFileInfo
SHBrowseForFolderW
WOWShellExecute
ExtractIconA
SHGetDataFromIDListW
SHGetDiskFreeSpaceA
DoEnvironmentSubstA
ExtractIconW
SHGetFileInfoA
SHGetSettings
ExtractAssociatedIconExW
SHGetFolderPathW
SHGetInstanceExplorer
ShellExecuteExW
SHEmptyRecycleBinW
SHFileOperationA
SHEmptyRecycleBinA
ShellExecuteEx
SHCreateProcessAsUserW
SHPathPrepareForWriteA
ExtractAssociatedIconExA
SHInvokePrinterCommandA
SHCreateDirectoryExW
SHIsFileAvailableOffline
FindExecutableA
ShellAboutW
ExtractAssociatedIconW
DragFinish
SHQueryRecycleBinA
SHFreeNameMappings
Shell_NotifyIconA
ShellExecuteA
SHPathPrepareForWriteW
ExtractAssociatedIconA
Shell_NotifyIconW
DuplicateIcon
SHBrowseForFolder
DragQueryFileA
SHAppBarMessage

shlwapi

StrRChrW
StrRChrA
StrStrIW
StrCmpNA
StrStrA
StrRChrIW
StrCmpNIA
StrStrIA
StrChrW
StrStrW

comctl32

CreateToolbarEx
ord6
CreateStatusWindowW
PropertySheetW
ImageList_AddMasked
FlatSB_SetScrollProp
ImageList_SetImageCount
ImageList_SetBkColor
UninitializeFlatSB
ord8
CreatePropertySheetPageW
DrawStatusTextW
ord14
PropertySheet
ImageList_SetDragCursorImage
GetMUILanguage
PropertySheetA
ImageList_GetIcon
ImageList_GetDragImage
ImageList_GetImageInfo
ord3
FlatSB_GetScrollPos
ord2
ImageList_DragLeave
ImageList_Destroy
ImageList_BeginDrag
ImageList_SetFilter
FlatSB_SetScrollRange
ord4
_TrackMouseEvent
ord5
ImageList_LoadImageA
DestroyPropertySheetPage
ImageList_Duplicate
ImageList_Replace
FlatSB_ShowScrollBar
ImageList_GetIconSize
ord17
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_Copy
ImageList_DrawEx
DrawStatusText
ImageList_LoadImage
CreateStatusWindow
ImageList_SetOverlayImage
InitMUILanguage
InitCommonControlsEx
ImageList_Merge
FlatSB_GetScrollInfo
ImageList_LoadImageW
InitializeFlatSB
ImageList_Remove
CreatePropertySheetPage
FlatSB_GetScrollRange
ImageList_Create
ord13
ImageList_DrawIndirect
ord16
ImageList_Draw

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55a292386462f039f1b9e7d7fc293656

Code Sign

48:74:45:b2:ab:8c:59:b7:45:d8:76:d4:df:e2:58:96Certificate

Extended Key Usages

f1:7b:0a:dd:01:cb:c5:d7:58:60:d5:d9:5a:30:bc:63:58:d6:bd:cdSigner

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 270KB - Virtual size: 270KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

48:74:45:b2:ab:8c:59:b7:45:d8:76:d4:df:e2:58:96
Certificate

f1:7b:0a:dd:01:cb:c5:d7:58:60:d5:d9:5a:30:bc:63:58:d6:bd:cd
Signer

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 270KB - Virtual size: 270KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB