29741764b43a322a67a62440ce3de027_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

29741764b43a322a67a62440ce3de027_JaffaCakes118
Size

22KB
MD5

29741764b43a322a67a62440ce3de027
SHA1

cfbb01fb5474b1c2719c9078cb2bf01f1f3f81f9
SHA256

21c924088aeb683a385a2fcd18a8ffa0df6a8a9d34f6e9d1b488d0ca5a736ef7
SHA512

3f1931ae72028480a2963c757f189e060fa82bb8cc480d22712e0908fa7169e52a38c2c19940fef174c08df3751e49e5326b0475fdd0cc1b346eb2ab4d2c00fa
SSDEEP

384:W+RN007sMtAYZByHa+RDVtp8Zqschh4WWieZWST2tZHp:W+RN77XtAYZByHa+RDVfmQhhdeIHJ

Score

1^/10

Malware Config

Signatures

Files

29741764b43a322a67a62440ce3de027_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f13f6a9c17b24afcf95906f762f737b4

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

Issuer

CN=wqefggq235123

Not Before

01/03/2012, 11:19

Not After

31/12/2039, 23:59

Subject

CN=wqefggq235123

Extended Key Usages

ExtKeyUsageCodeSigning

5a:0c:7b:8c:9b:73:c0:27:1d:67:d2:15:0d:90:a7:76:20:b7:ab:c6
Signer

Actual PE Digest

5a:0c:7b:8c:9b:73:c0:27:1d:67:d2:15:0d:90:a7:76:20:b7:ab:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapWalk
IsBadStringPtrW
LCMapStringA
MulDiv
OpenEventW
OpenMutexA
OpenProcess
OpenThread
PeekConsoleInputA
PostQueuedCompletionStatus
Process32First
Process32FirstW
QueryPerformanceCounter
QueueUserWorkItem
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputCharacterA
SetComputerNameW
SetConsoleCP
SetConsoleTitleA
HeapLock
SetThreadPriority
SetupComm
SizeofResource
SystemTimeToFileTime
TlsAlloc
TryEnterCriticalSection
UnlockFile
UnlockFileEx
VerifyVersionInfoA
VirtualQueryEx
WriteConsoleA
WritePrivateProfileSectionW
WritePrivateProfileStructW
WriteProfileSectionW
WriteProfileStringW
_hwrite
lstrcpyA
lstrcpyW
lstrcpyn
HeapDestroy
HeapAlloc
GlobalMemoryStatusEx
GlobalMemoryStatus
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GetWindowsDirectoryA
GetVolumePathNameA
GetVersionExA
GetThreadTimes
GetThreadSelectorEntry
GetThreadContext
GetSystemInfo
GetStringTypeExW
GetStringTypeExA
GetShortPathNameW
GetProfileIntW
GetProcessWorkingSetSize
GetProcessVersion
GetProcessShutdownParameters
GetProcessHeaps
GetProcessAffinityMask
GetModuleHandleA
GetFileAttributesExA
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeA
GetDateFormatA
GetConsoleScreenBufferInfo
GetConsoleAliasesLengthW
GetConsoleAliasExesW
GetCalendarInfoW
GetACP
FreeEnvironmentStringsA
FormatMessageA
FindFirstVolumeW
ExitThread
EnumLanguageGroupLocalesW
EnumDateFormatsExW
EnumCalendarInfoExA
DnsHostnameToComputerNameW
DeleteTimerQueueEx
DebugBreak
DebugActiveProcess
CreateThread
CreateProcessW
CreateMailslotW
CreateFileW
CreateDirectoryW
CreateConsoleScreenBuffer
CommConfigDialogA
CancelIo
BackupRead
GetWindowsDirectoryW
GetProcAddress
SetLastError

msvcrt

memset

advapi32

RegOpenKeyA

oleaut32

VarI1FromDate
VarI2FromI1
VarI4FromR4
VarI4FromR8
VarI4FromUI2
VarImp
VarMul
VarNeg
VarPow
VarR4FromDisp
VarR4FromI1
VarR4FromI4
VarR4FromR8
VarR4FromUI1
VarR4FromUI2
VarR8FromDate
VarR8FromI2
VarR8FromStr
VarR8Pow
VarSu
VarUI1FromDec
VarUI1FromStr
VarUI1FromUI4
VarUI2FromDate
VarUI2FromI1
VarUI2FromI2
VarUI2FromR4
VarUI2FromStr
VarUI4FromDec
VarUI4FromI4
VariantCopyInd
VectorFromBstr
VarI1FromCy
VarFormatNumber
VarFormatCurrency
VarDecSu
VarDecInt
VarDecFromUI4
VarDecFromUI2
VarDecFromStr
VarDecFromI2
VarDecFromCy
VarDecDiv
VarDateFromUI4
VarDateFromUI1
VarDateFromR4
VarDateFromDisp
VarDateFromCy
VarCyRound
VarCyMulI4
VarCyFromUI2
VarCyFromDisp
VarCyCmp
VarBstrFromI4
VarBstrFromDisp
VarBstrFromDate
VarBstrFromCy
VarBoolFromR4
VarBoolFromI1
VarBoolFromDisp
VarBoolFromDate
VarBoolFromCy
VARIANT_UserUnmarshal
UnRegisterTypeLi
SysFreeString
SafeArrayGetRecordInfo
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayGetDim
SafeArrayDestroyDescriptor
SafeArrayCreateVectorEx
SafeArrayAccessData
RevokeActiveObject
RegisterActiveObject
OleLoadPicture
OleCreatePropertyFrameIndirect
LoadRegTypeLi
LPSAFEARRAY_Size
LHashValOfNameSysA
LHashValOfNameSys
GetRecordInfoFromTypeInfo
GetErrorInfo
CreateTypeLib2
CreateStdDispatch
SetErrorInfo

imm32

ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateWindow
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineW
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMEFileNameA
ImmCreateIMCC
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetStatusWindowPos
ImmInstallIMEA
ImmInstallIMEW
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionWindow
ImmSetHotKey
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmGetIMEFileNameW
ImmUnregisterWordA
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text3
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f13f6a9c17b24afcf95906f762f737b4

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50Certificate

Extended Key Usages

5a:0c:7b:8c:9b:73:c0:27:1d:67:d2:15:0d:90:a7:76:20:b7:ab:c6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 124B

.text3 Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

5a:0c:7b:8c:9b:73:c0:27:1d:67:d2:15:0d:90:a7:76:20:b7:ab:c6
Signer

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 124B

.text3
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB