27a4075ee7d97fad7fdb84b1e8a28af9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27a4075ee7d97fad7fdb84b1e8a28af9_JaffaCakes118
Size

418KB
MD5

27a4075ee7d97fad7fdb84b1e8a28af9
SHA1

eb9b19b9ff66dfd292f8abd2161bf57224a1a369
SHA256

e6c0d1773045afc6084d14fdf5d2cd107e81889626f5965862228e6659ef25de
SHA512

ef4e48c6f97526993998a034dc602264564fa7520d3cf5e704c252823b61d69e4183198ab3df6fff7dba8de649c105d3da1d884440cb5e2c702497a59dfaa7d1
SSDEEP

6144:aJS4uHZou3TRo71scJOOvHWqLGTghRNpNAhd0KGUGf2sfvDEwKIRAKI5FbcIkaYy:aJS40Z7TC717JGSGTojUG93+x3drexG3

Score

1^/10

Malware Config

Signatures

Files

27a4075ee7d97fad7fdb84b1e8a28af9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

84355bbabc4aaa3cf3f95a0cd193847d

Code Sign

09:46:a5:aa:d3:6b:00:67:bf:ae:d5:54:cf:cd:9c:fd
Certificate

Issuer

CN=vtvkwqyfqdu

Not Before

04/02/2012, 13:56

Not After

31/12/2039, 23:59

Subject

CN=Cakit

51:d1:b9:4f:db:6d:71:00:70:67:f9:18:60:ac:8c:d8:47:2b:f5:c8
Signer

Actual PE Digest

51:d1:b9:4f:db:6d:71:00:70:67:f9:18:60:ac:8c:d8:47:2b:f5:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowExA
GetSysColor
GetWindowThreadProcessId
CloseWindow
GetParent
ShowOwnedPopups
GetForegroundWindow
BeginDeferWindowPos
ShowWindow
GetLastActivePopup
CascadeWindows
IsWindow
MoveWindow
GetDlgItem
EndDialog

ole32

CoFileTimeToDosDateTime
CoCreateGuid
OleCreateStaticFromData
StringFromCLSID
CoRegisterMessageFilter
RevokeDragDrop
OleNoteObjectVisible
StgOpenStorage
OleCreateFromFileEx
CreatePointerMoniker
StgIsStorageILockBytes
OleConvertOLESTREAMToIStorage

oledlg

ord6
ord3
ord2
ord10
ord4
ord9
ord5
ord1
ord7
ord11
ord12
ord8

kernel32

VirtualUnlock
GetEnvironmentVariableA
QueryPerformanceCounter
SetLastError
GetStringTypeA
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetStringTypeW
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
OpenMutexA
VirtualProtectEx
IsBadStringPtrA
WaitForSingleObject
GetProcessHeap
LocalHandle
CreateEventA
HeapUnlock
IsBadReadPtr
GlobalAlloc
GetOverlappedResult
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 267KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84355bbabc4aaa3cf3f95a0cd193847d

Code Sign

09:46:a5:aa:d3:6b:00:67:bf:ae:d5:54:cf:cd:9c:fdCertificate

51:d1:b9:4f:db:6d:71:00:70:67:f9:18:60:ac:8c:d8:47:2b:f5:c8Signer

Headers

File Characteristics

Imports

user32

ole32

oledlg

kernel32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 267KB - Virtual size: 341KB

.rsrc Size: 5KB - Virtual size: 5KB

09:46:a5:aa:d3:6b:00:67:bf:ae:d5:54:cf:cd:9c:fd
Certificate

51:d1:b9:4f:db:6d:71:00:70:67:f9:18:60:ac:8c:d8:47:2b:f5:c8
Signer

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 267KB - Virtual size: 341KB

.rsrc
Size: 5KB - Virtual size: 5KB