199198b143c762985cfa20492ac3b200_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

199198b143c762985cfa20492ac3b200_JaffaCakes118
Size

256KB
MD5

199198b143c762985cfa20492ac3b200
SHA1

cce9a81ca224281587870c8ec745858640ce94a4
SHA256

04580c1c5d90eb53519943cd4c003e0e151a0d0aea5c1ac3442f26861f3e8542
SHA512

b0ef2ff637fca58c8bc24d36e4781c99dcee445099571a8ac403d038a967bfa2283c607d000645f6fba33bbddb0c6b31c8b702d3a179d51b84bf75a62fd56730
SSDEEP

6144:SWJtNz+cj19jLlRTZxwUMI8UPP71FrJ3ivOZa3:SWJtR+cjHvvqI82XEOM3

Score

1^/10

Malware Config

Signatures

Files

199198b143c762985cfa20492ac3b200_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7fdcb19d102496e9b03137c0ce6c7543

Code Sign

71:84:06:37:9c:5e:31:81:48:4f:e4:a5:4d:08:4d:2a
Certificate

Issuer

CN=WC7Ju8GKnqRYQy3ZVgJ0VnUHG

Not Before

21/04/2012, 03:57

Not After

31/12/2039, 23:59

Subject

CN=WC7Ju8GKnqRYQy3ZVgJ0VnUHG

Extended Key Usages

ExtKeyUsageCodeSigning

e1:bc:f2:19:49:1b:5d:35:db:c0:fc:f5:04:2b:1a:13:f3:b0:d8:60
Signer

Actual PE Digest

e1:bc:f2:19:49:1b:5d:35:db:c0:fc:f5:04:2b:1a:13:f3:b0:d8:60

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AddConsoleAliasA
AllocConsole
AllocateUserPhysicalPages
AreFileApisANSI
AssignProcessToJobObject
BackupRead
Beep
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBW
CallNamedPipeA
CallNamedPipeW
CancelWaitableTimer
ChangeTimerQueueTimer
ClearCommBreak
ClearCommError
CommConfigDialogA
CompareFileTime
ConnectNamedPipe
CopyFileExA
CopyFileExW
CopyFileW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateJobObjectW
CreateMailslotA
CreateNamedPipeA
CreateNamedPipeW
CreateProcessA
CreateRemoteThread
CreateSemaphoreW
CreateTapePartition
CreateThread
CreateWaitableTimerW
DefineDosDeviceW
DeleteCriticalSection
DeleteFileW
DeleteTimerQueue
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DisconnectNamedPipe
DnsHostnameToComputerNameA
DuplicateHandle
EndUpdateResourceW
EnumCalendarInfoW
EnumDateFormatsA
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesA
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumTimeFormatsW
EnumUILanguagesW
EraseTape
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FatalAppExitA
FatalAppExitW
FileTimeToDosDateTime
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindClose
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExW
FindNextChangeNotification
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeW
FindResourceA
FindResourceExA
FindResourceW
FindVolumeClose
FindVolumeMountPointClose
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FoldStringA
FoldStringW
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
GetAtomNameA
GetBinaryType
GetCPInfoExA
GetCommModemStatus
GetCommProperties
GetCommandLineA
GetCompressedFileSizeW
GetComputerNameExW
GetComputerNameW
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasesA
GetConsoleAliasesLengthW
GetConsoleCP
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetConsoleTitleW
GetCurrencyFormatA
GetCurrentConsoleFont
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetDateFormatW
GetDefaultCommConfigA
GetDriveTypeA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetMailslotInfo
GetModuleFileNameA
GetModuleFileNameW
GetNamedPipeHandleStateW
GetNumberFormatA
GetNumberFormatW
GetNumberOfConsoleMouseButtons
GetPriorityClass
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileStructA
GetProcessHeaps
GetProcessIoCounters
GetProcessPriorityBoost
GetProcessShutdownParameters
GetProcessTimes
GetProfileIntA
GetProfileIntW
GetProfileSectionW
GetProfileStringW
GetQueuedCompletionStatus
GetShortPathNameA
GetStartupInfoA
GetStartupInfoW
GetStringTypeExA
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTapePosition
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadLocale
GetThreadPriority
GetThreadSelectorEntry
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLangID
GetVersion
GetVolumeInformationA
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetWindowsDirectoryA
GlobalAddAtomA
GlobalFindAtomA
GlobalFix
GlobalFlags
GlobalGetAtomNameW
GlobalReAlloc
AddAtomA
GlobalUnfix
GlobalUnlock
Heap32First
Heap32ListFirst
Heap32Next
HeapAlloc
HeapCreate
HeapFree
HeapLock
HeapSize
HeapUnlock
HeapWalk
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
IsBadCodePtr
IsBadHugeReadPtr
IsBadHugeWritePtr
IsBadStringPtrA
IsBadWritePtr
IsDBCSLeadByte
IsDBCSLeadByteEx
IsSystemResumeAutomatic
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalShrink
LocalSize
LockFile
LockFileEx
MapViewOfFileEx
Module32First
Module32FirstW
MoveFileA
MoveFileExA
MoveFileW
MoveFileWithProgressA
MulDiv
MultiByteToWideChar
OpenEventA
OpenEventW
OpenFileMappingA
OpenFileMappingW
OpenJobObjectA
OpenMutexW
OpenProcess
OpenWaitableTimerA
OpenWaitableTimerW
PeekConsoleInputW
PrepareTape
Process32First
Process32Next
Process32NextW
ProcessIdToSessionId
PulseEvent
QueryDosDeviceA
QueryDosDeviceW
QueueUserAPC
RaiseException
ReadConsoleA
ReadConsoleOutputA
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
ReadFileScatter
ReadProcessMemory
RemoveDirectoryA
ReplaceFile
ReplaceFileA
ReplaceFileW
RequestDeviceWakeup
RtlFillMemory
RtlMoveMemory
RtlZeroMemory
ScrollConsoleScreenBufferA
SearchPathA
SetCommMask
SetCommState
SetCommTimeouts
SetComputerNameExA
SetConsoleActiveScreenBuffer
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleDisplayMode
SetConsoleOutputCP
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetCurrentDirectoryA
SetDefaultCommConfigA
SetEnvironmentVariableW
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetHandleCount
SetInformationJobObject
SetLastError
SetLocalTime
SetLocaleInfoA
SetLocaleInfoW
SetMessageWaitingIndicator
SetNamedPipeHandleState
SetProcessAffinityMask
SetProcessPriorityBoost
SetProcessWorkingSetSize
SetStdHandle
SetSystemTime
SetSystemTimeAdjustment
SetTapeParameters
SetThreadContext
SetThreadIdealProcessor
SetThreadPriority
SetThreadPriorityBoost
SetUnhandledExceptionFilter
SetVolumeLabelA
SetVolumeLabelW
SetVolumeMountPointA
SetVolumeMountPointW
SetupComm
SignalObjectAndWait
SizeofResource
SleepEx
SuspendThread
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateThread
Thread32Next
Toolhelp32ReadProcessMemory
TransactNamedPipe
TransmitCommChar
UnlockFile
UnlockFileEx
UnregisterWaitEx
UpdateResourceA
UpdateResourceW
VerifyVersionInfoA
VerifyVersionInfoW
VirtualFree
VirtualLock
VirtualProtect
VirtualProtectEx
VirtualQueryEx
VirtualUnlock
WaitCommEvent
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitNamedPipeA
WriteConsoleA
WriteConsoleInputA
WriteConsoleOutputA
WriteConsoleOutputCharacterW
WriteConsoleW
WriteFile
WriteFileEx
WritePrivateProfileSectionW
WritePrivateProfileStringW
WritePrivateProfileStructA
WriteProfileSectionW
WriteProfileStringA
WriteProfileStringW
WriteTapemark
_lcreat
_lopen
_lwrite
lstrcatW
lstrcmpiW
lstrcpyA
lstrcpynA
lstrlenW
GlobalUnWire
VirtualAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent

advapi32

RegOpenKeyW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fdcb19d102496e9b03137c0ce6c7543

Code Sign

71:84:06:37:9c:5e:31:81:48:4f:e4:a5:4d:08:4d:2aCertificate

Extended Key Usages

e1:bc:f2:19:49:1b:5d:35:db:c0:fc:f5:04:2b:1a:13:f3:b0:d8:60Signer

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 231KB - Virtual size: 231KB

.data2 Size: 1024B - Virtual size: 1000B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 2KB

71:84:06:37:9c:5e:31:81:48:4f:e4:a5:4d:08:4d:2a
Certificate

e1:bc:f2:19:49:1b:5d:35:db:c0:fc:f5:04:2b:1a:13:f3:b0:d8:60
Signer

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 231KB - Virtual size: 231KB

.data2
Size: 1024B - Virtual size: 1000B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 2KB