2759c24626d671c29b9b5a9828fbb487_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2759c24626d671c29b9b5a9828fbb487_JaffaCakes118
Size

288KB
MD5

2759c24626d671c29b9b5a9828fbb487
SHA1

ae207a6dcce3ee6c0ef18e0246847d56a6c71e62
SHA256

f499ab567b8877d3b6faf9da3a1a9e5fe486a2839879dff3887caecc4e7c1fa1
SHA512

927b59accc7038e2f52165347aabc9c98d99a80aaf3a5838004eea583342c2858841c4d81edf9baa63f6fdfb783093c3767e382d50fe5db2422a4bd7b9f3b3ea
SSDEEP

6144:sKjBzsuDVxz3lyUqqLSwAohoRaAwu5z469o09ZXb8slYJ:lNsGVVz9A3RAh0rZl+

Score

1^/10

Malware Config

Signatures

Files

2759c24626d671c29b9b5a9828fbb487_JaffaCakes118
.exe windows:4 windows x86 arch:x86

87fe56bbce50b82b59b075d82b50741b

Code Sign

70:e7:24:0e:9c:31:68:6c:b8:90:13:5d:55:bb:50:47
Certificate

Issuer

CN=62esgfdgs

Not Before

23/02/2012, 09:44

Not After

31/12/2039, 23:59

Subject

CN=62esgfdgs

Extended Key Usages

ExtKeyUsageCodeSigning

23:c4:2a:62:41:c7:f1:80:c8:e7:27:4d:30:68:1d:96:61:44:0f:d0
Signer

Actual PE Digest

23:c4:2a:62:41:c7:f1:80:c8:e7:27:4d:30:68:1d:96:61:44:0f:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
VirtualAlloc
GetEnvironmentVariableA
WaitForSingleObject
GetStdHandle
GetNumberOfConsoleInputEvents
OpenWaitableTimerW
VirtualUnlock
ExpandEnvironmentStringsA
GetCurrentDirectoryW
ResumeThread
Heap32ListFirst
SetFilePointer
lstrcat
DeleteFileW
RtlZeroMemory
CreateJobObjectA
TlsSetValue
FindResourceW
SetSystemTime
SetThreadLocale
LocalShrink
LocalLock
SetConsoleScreenBufferSize
TransmitCommChar
FindResourceExA
GetProfileSectionA
TlsAlloc
GlobalFix
MultiByteToWideChar
MoveFileWithProgressA
GetConsoleOutputCP
HeapFree
lstrcpynW
WriteConsoleOutputCharacterA
GetSystemInfo
OpenJobObjectW
WriteProfileStringA
GetPrivateProfileSectionNamesW
SetupComm
CancelIo
SetMessageWaitingIndicator
GlobalAddAtomW
SetConsoleCP
WaitForDebugEvent
GetProcessTimes
GetSystemWindowsDirectoryA
QueryPerformanceCounter
GetEnvironmentVariableW
SetComputerNameW
SearchPathA
IsBadHugeReadPtr
VerLanguageNameW
TerminateProcess
DefineDosDeviceW
FindNextFileA
SetThreadIdealProcessor
GetFileSize
GetUserDefaultLangID
VerifyVersionInfoA
CancelDeviceWakeupRequest
SetInformationJobObject
SwitchToThread
GetFileAttributesW
SystemTimeToFileTime
WritePrivateProfileStringW
GetThreadSelectorEntry
FindCloseChangeNotification
OpenMutexW
GetComputerNameExA
GetPrivateProfileStringA
GetSystemTimeAdjustment
FindFirstVolumeW
DosDateTimeToFileTime
GetProfileIntW
GetCurrentProcess
CreateEventW
ReadProcessMemory
GetCommandLineA
Module32NextW
GetLogicalDriveStringsA
GlobalDeleteAtom
OpenProcess
CreateFiber
FindFirstChangeNotificationA
ReadConsoleOutputAttribute
DeleteCriticalSection
GetAtomNameW
SetConsoleTitleW
QueryPerformanceFrequency
lstrcatA
DisconnectNamedPipe
WriteFileEx
GetProcessWorkingSetSize
GetPrivateProfileStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindClose
lstrcmpA
GetLargestConsoleWindowSize
ContinueDebugEvent
GetPrivateProfileIntW
DeleteVolumeMountPointW
GetTempPathA
DisableThreadLibraryCalls
SwitchToFiber
OpenFile
MoveFileExW
CreateDirectoryExW
ResetWriteWatch
EnumResourceNamesW
GetLocalTime
GetExitCodeThread
SetConsoleTitleA
FindAtomW
lstrcpynA
GlobalFindAtomA
GetStringTypeA
SetThreadPriorityBoost
GetThreadTimes
GlobalFindAtomW
SetTapePosition
_lclose
InitializeCriticalSectionAndSpinCount
CopyFileW
GetConsoleDisplayMode
EnumSystemLanguageGroupsW
CreateHardLinkA
FoldStringA
ReplaceFile
GetCommTimeouts
GenerateConsoleCtrlEvent
WriteConsoleInputA
CreateConsoleScreenBuffer
RemoveDirectoryA
GetWriteWatch

advapi32

RegOpenKeyExW

comctl32

ImageList_GetIcon
ImageList_LoadImage
ord14
ImageList_SetBkColor
FlatSB_SetScrollPos
ord16
ImageList_GetImageRect
ord3
ord13
CreatePropertySheetPageW
ImageList_Copy
InitMUILanguage
ImageList_BeginDrag
FlatSB_SetScrollProp
InitializeFlatSB
ImageList_Write
ImageList_ReplaceIcon
ImageList_SetImageCount
PropertySheetW
ImageList_SetFilter
CreateStatusWindow
ImageList_GetDragImage
PropertySheet
ImageList_AddMasked
DrawStatusTextW
ord6
PropertySheetA
DestroyPropertySheetPage
ImageList_Create
CreateToolbarEx
ImageList_Destroy
ImageList_Read
FlatSB_GetScrollInfo
FlatSB_GetScrollRange
DrawStatusText
ImageList_GetIconSize
ImageList_GetImageCount
CreatePropertySheetPage
ImageList_SetIconSize
CreatePropertySheetPageA
ord15
ImageList_Duplicate
ImageList_SetOverlayImage
ImageList_EndDrag
ImageList_Merge
FlatSB_ShowScrollBar
ImageList_DragMove
ImageList_Add
ord5
ord17
FlatSB_SetScrollInfo
ImageList_DrawIndirect
ImageList_Remove
UninitializeFlatSB
ImageList_DragLeave
FlatSB_SetScrollRange
ImageList_DragEnter
GetMUILanguage
ImageList_LoadImageW
ImageList_Replace
ImageList_GetImageInfo
ImageList_LoadImageA
ImageList_DrawEx
ord4
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ord7
ord2
FlatSB_GetScrollProp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text11
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text12
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textH3
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH1
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH5
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH7
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH8
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH9
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH10
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87fe56bbce50b82b59b075d82b50741b

Code Sign

70:e7:24:0e:9c:31:68:6c:b8:90:13:5d:55:bb:50:47Certificate

Extended Key Usages

23:c4:2a:62:41:c7:f1:80:c8:e7:27:4d:30:68:1d:96:61:44:0f:d0Signer

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

Sections

.text Size: 4KB - Virtual size: 3KB

.text11 Size: 263KB - Virtual size: 263KB

.text12 Size: 2KB - Virtual size: 1KB

.textH3 Size: 512B - Virtual size: 500B

.textH4 Size: 512B - Virtual size: 500B

.textH1 Size: 512B - Virtual size: 500B

.textH5 Size: 512B - Virtual size: 500B

.textH6 Size: 512B - Virtual size: 500B

.textH7 Size: 512B - Virtual size: 500B

.textH8 Size: 512B - Virtual size: 500B

.textH9 Size: 512B - Virtual size: 500B

.textH10 Size: 512B - Virtual size: 500B

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

70:e7:24:0e:9c:31:68:6c:b8:90:13:5d:55:bb:50:47
Certificate

23:c4:2a:62:41:c7:f1:80:c8:e7:27:4d:30:68:1d:96:61:44:0f:d0
Signer

.text
Size: 4KB - Virtual size: 3KB

.text11
Size: 263KB - Virtual size: 263KB

.text12
Size: 2KB - Virtual size: 1KB

.textH3
Size: 512B - Virtual size: 500B

.textH4
Size: 512B - Virtual size: 500B

.textH1
Size: 512B - Virtual size: 500B

.textH5
Size: 512B - Virtual size: 500B

.textH6
Size: 512B - Virtual size: 500B

.textH7
Size: 512B - Virtual size: 500B

.textH8
Size: 512B - Virtual size: 500B

.textH9
Size: 512B - Virtual size: 500B

.textH10
Size: 512B - Virtual size: 500B

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB