047b76a1405eb68926a7dd92abdb79e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

047b76a1405eb68926a7dd92abdb79e7_JaffaCakes118
Size

320KB
MD5

047b76a1405eb68926a7dd92abdb79e7
SHA1

f7f4aad0343ac36bd2c05e729597ed16ca52f3f9
SHA256

8766a7b23510877c9af918d0ebc05b2b564a22c2169c1564a182db5a96dc7b7d
SHA512

7d3a9417dd05b13ed673c2c64cfc7da912e43f422b98d27423a6a50722b9b927868d46f26df5c4b9dc2969c90571de2a649650c542f52b42620710cad2d75569
SSDEEP

6144:YF03zdT9d941odtA82nQynoeJcFBVzE24qEDRa:YK3zZ9d93dtAlX6Vz5QDY

Score

1^/10

Malware Config

Signatures

Files

047b76a1405eb68926a7dd92abdb79e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4102c8e431370769844e0aea3bc94d8d

Code Sign

67:7b:0f:56:de:04:8d:a7:4e:a7:1f:99:23:cc:68:26
Certificate

Issuer

CN=u65ykrty

Not Before

28/01/2012, 05:39

Not After

31/12/2039, 23:59

Subject

CN=u65ykrty

Extended Key Usages

ExtKeyUsageCodeSigning

be:12:fe:2c:d2:af:86:56:bd:c5:44:b2:4f:7f:3e:60:13:0f:58:ad
Signer

Actual PE Digest

be:12:fe:2c:d2:af:86:56:bd:c5:44:b2:4f:7f:3e:60:13:0f:58:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetThreadLocale
GetWindowsDirectoryA
lstrlenA
lstrcpyA
CreateFileA
Module32Next
GlobalFindAtomA
FindFirstVolumeMountPointW
HeapLock
GetPrivateProfileSectionW
GetCommandLineW
LoadLibraryExA
PeekConsoleInputW
GetLogicalDriveStringsW
VerLanguageNameW
SetCommConfig
GetWindowsDirectoryW
CreatePipe
Sleep
GetConsoleScreenBufferInfo
GetFileAttributesExA
GetTempPathA
GetTempPathW
Module32FirstW
Process32FirstW
Heap32Next
RtlZeroMemory
SetSystemPowerState
WriteTapemark
RtlMoveMemory
GetCPInfoExW
GetPrivateProfileSectionNamesW
GetStringTypeExW
GetStringTypeA
_lclose
SetConsoleTitleW
CommConfigDialogW
GetAtomNameW
SetFileApisToANSI
FindFirstFileExA
LockFileEx
GetCPInfoExA
VirtualProtectEx
lstrcpynA
SetCommState
FindResourceExW
CancelWaitableTimer
WriteProfileSectionA
LocalShrink
GetProfileIntW
OpenThread
MoveFileWithProgressW
BindIoCompletionCallback
CreateMutexA
SignalObjectAndWait
OpenMutexA
WriteFileGather
GetConsoleAliasExesA
FlushInstructionCache
FileTimeToDosDateTime
GetThreadSelectorEntry
GetLongPathNameW
SetConsoleCursorInfo
Thread32Next
SetLocaleInfoA
LocalHandle
Process32Next
HeapCreate
ReadConsoleA
IsBadWritePtr
ScrollConsoleScreenBufferW
TlsAlloc
UpdateResourceW
BuildCommDCBA
GetBinaryTypeA
MultiByteToWideChar
UnmapViewOfFile
SetCurrentDirectoryW
RemoveDirectoryW
GlobalDeleteAtom
GetDriveTypeA
LeaveCriticalSection
CallNamedPipeA
VirtualQueryEx
VerifyVersionInfoW
FindNextVolumeA
FindFirstFileW
IsBadStringPtrA
GetSystemWindowsDirectoryW
CloseHandle
FileTimeToSystemTime
WritePrivateProfileStructA
lstrcmpW
GlobalFlags
SetConsoleOutputCP

user32

LoadIconA

advapi32

RegOpenKeyExW

shell32

SHGetDataFromIDListW
SHGetFileInfoW
DragQueryPoint
SHInvokePrinterCommandA
SHGetInstanceExplorer
Shell_NotifyIcon
SHFileOperation
SHEmptyRecycleBinA
ExtractIconExA
FindExecutableW
ExtractAssociatedIconExW
SHGetFileInfoA
SHCreateDirectoryExA
ShellExecuteExA
ShellExecuteA
WOWShellExecute
SHFormatDrive
SHBrowseForFolderA
CheckEscapesW
SHGetDesktopFolder
SHGetFolderLocation
CommandLineToArgvW
DragQueryFileA
DragQueryFileW
SHLoadInProc
ShellExecuteW
SHLoadNonloadedIconOverlayIdentifiers
DragFinish
SHGetPathFromIDList
SHAddToRecentDocs
SHGetPathFromIDListW
SHPathPrepareForWriteA
ExtractIconW
ShellAboutW
ExtractAssociatedIconW
Shell_NotifyIconA
SHGetIconOverlayIndexA
ExtractIconEx
ShellExecuteEx
DragAcceptFiles
ShellHookProc
DragQueryFile
SHQueryRecycleBinW
ExtractIconExW
ExtractAssociatedIconExA
SHBrowseForFolder
SHGetMalloc
ExtractAssociatedIconA
SHQueryRecycleBinA
SHChangeNotify
SHGetSpecialFolderPathW
SHBrowseForFolderW
ExtractIconA
SHGetSettings
SHFileOperationA
SHGetFolderPathA
FindExecutableA
ShellExecuteExW
SHIsFileAvailableOffline
SHFileOperationW
SHCreateDirectoryExW
SHPathPrepareForWriteW

shlwapi

SHRegEnumUSValueA
PathMakeSystemFolderA
PathSetDlgItemPathA
SHRegGetBoolUSValueW
SHRegSetUSValueW
SHRegWriteUSValueA
PathAddExtensionA
ord16
PathIsUNCA
SHSkipJunction
StrTrimW
UrlIsOpaqueA
PathFindExtensionA
PathRelativePathToA
PathIsUNCServerA
PathMatchSpecW
SHEnumValueW
SHSetThreadRef
SHRegEnumUSKeyA
PathAppendW
ColorAdjustLuma
UrlCanonicalizeA
SHStrDupW
StrToIntExW
wvnsprintfW
AssocQueryStringA
PathAddBackslashA
SHEnumKeyExA
PathRemoveArgsW
ChrCmpIA
SHGetInverseCMAP
PathSetDlgItemPathW
SHOpenRegStreamA
StrCSpnIW
PathAddExtensionW
PathGetDriveNumberW
PathIsSameRootW
StrPBrkA
PathIsDirectoryEmptyA
SHDeleteEmptyKeyA
PathCanonicalizeA
AssocQueryKeyW
PathUnquoteSpacesA
StrChrIW
wnsprintfW
StrCpyNW
StrCSpnW
StrToIntW
SHRegDeleteEmptyUSKeyW
PathRemoveBackslashA
PathIsLFNFileSpecA
PathCompactPathW
SHRegQueryUSValueA
SHIsLowMemoryMachine
UrlCombineA
PathFindFileNameA
PathIsUNCServerShareA
PathIsUNCServerShareW
SHRegWriteUSValueW
UrlCompareW
SHRegQueryInfoUSKeyW
StrRStrIA
PathIsContentTypeW
PathParseIconLocationA
StrStrA
PathGetDriveNumberA
PathGetArgsA
SHDeleteEmptyKeyW
SHRegOpenUSKeyA
StrToIntExA
UrlCreateFromPathW
PathUndecorateW
StrFromTimeIntervalW
StrRChrA
PathCombineA
PathIsSystemFolderW
SHRegDeleteUSValueW
StrCpyW
AssocQueryStringByKeyW
UrlCreateFromPathA
AssocQueryStringW
SHRegEnumUSValueW
SHGetValueW
PathIsDirectoryEmptyW
StrRStrIW
StrChrA
StrRChrIW
StrRChrIA
StrStrIW
StrCmpNIW
StrStrIA

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4102c8e431370769844e0aea3bc94d8d

Code Sign

67:7b:0f:56:de:04:8d:a7:4e:a7:1f:99:23:cc:68:26Certificate

Extended Key Usages

be:12:fe:2c:d2:af:86:56:bd:c5:44:b2:4f:7f:3e:60:13:0f:58:adSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 306KB - Virtual size: 305KB

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

67:7b:0f:56:de:04:8d:a7:4e:a7:1f:99:23:cc:68:26
Certificate

be:12:fe:2c:d2:af:86:56:bd:c5:44:b2:4f:7f:3e:60:13:0f:58:ad
Signer

.text
Size: 306KB - Virtual size: 305KB

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB