287d485cd2de8e4bfbe259890a02e982_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

287d485cd2de8e4bfbe259890a02e982_JaffaCakes118
Size

75KB
MD5

287d485cd2de8e4bfbe259890a02e982
SHA1

f759441de308ff80203b14435ede38d24fc3946d
SHA256

ae12518d1d7b99c66e56282799ee2dec181fc1ca642a4ed1e10dd9e4cbb7850f
SHA512

272b5f0b96ffc835ac67fe5ea28fcf073da08b13379edb8d97819e156b9f95fc060ffd34c0c2e37a9cbef9505e1a9e07314c076bf8599436a7bf01ebf0695ab0
SSDEEP

1536:zljnbXVjO9VbdB/+UD7cVIUhFbKrVif1z1WSuScJhhde8p:zljnbXVjO9ZjY5hFbgWz11Ee8

Score

1^/10

Malware Config

Signatures

Files

287d485cd2de8e4bfbe259890a02e982_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8946be53441b3ea767587ba1182f91a9

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

Issuer

CN=NCrG992VieeQ

Not Before

14/03/2012, 06:19

Not After

31/12/2039, 23:59

Subject

CN=NCrG992VieeQ

Extended Key Usages

ExtKeyUsageCodeSigning

0e:bd:d5:89:15:d0:38:c7:47:d4:13:db:7f:c5:80:d5:f0:66:20:af
Signer

Actual PE Digest

0e:bd:d5:89:15:d0:38:c7:47:d4:13:db:7f:c5:80:d5:f0:66:20:af

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
InterlockedCompareExchange
lstrcpyA
lstrlenA
GetWindowsDirectoryA
GetProcAddress
CreateFileA
VirtualAlloc
BeginUpdateResourceA
BuildCommDCBAndTimeoutsA
CancelIo
CreateHardLinkW
CreateJobObjectW
CreateTapePartition
DefineDosDeviceA
DefineDosDeviceW
EnterCriticalSection
EnumDateFormatsExW
EnumResourceLanguagesA
EnumResourceTypesW
EnumSystemLanguageGroupsA
EnumTimeFormatsW
EnumUILanguagesA
FileTimeToSystemTime
FindAtomA
FindClose
FlushInstructionCache
FoldStringA
GetBinaryType
GetCPInfo
GetCPInfoExA
GetCommModemStatus
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentDirectoryW
GetDefaultCommConfigW
GetDriveTypeA
GetFileSizeEx
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetModuleFileNameA
GetProcessAffinityMask
GetShortPathNameA
GetShortPathNameW
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeExW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetTapeStatus
GetTempPathA
GetTempPathW
GetThreadPriorityBoost
GetThreadSelectorEntry
GetTimeZoneInformation
GetUserDefaultLangID
GetVersionExW
GetVolumePathNameW
GlobalMemoryStatusEx
GlobalReAlloc
Heap32Next
HeapCompact
HeapFree
HeapLock
HeapUnlock
InterlockedIncrement
IsBadStringPtrW
IsDBCSLeadByteEx
IsValidLanguageGroup
IsValidLocale
LoadLibraryExW
LoadLibraryW
LoadModule
LocalFileTimeToFileTime
LocalHandle
LocalShrink
MoveFileA
OpenSemaphoreW
OpenWaitableTimerA
ReleaseMutex
ReplaceFileW
SetComputerNameA
SetComputerNameExA
SetComputerNameExW
SetComputerNameW
SetEnvironmentVariableW
SetLastError
SetThreadPriority
Thread32Next
VerLanguageNameA
VerLanguageNameW
VerifyVersionInfoW
VirtualProtect
WaitForMultipleObjects
WriteConsoleOutputW
WritePrivateProfileStringA
WritePrivateProfileStructW
lstrcatA
lstrcmpiW

user32

OpenClipboard
OpenIcon
RemovePropW
ScreenToClient
ScrollWindowEx
SendIMEMessageExA
SendMessageW
SetActiveWindow
SetCaretPos
SetClipboardViewer
SetDebugErrorLevel
SetDlgItemTextW
SetWindowLongW
SetWindowsHookExA
ShowCaret
SwitchDesktop
SystemParametersInfoA
ToAscii
TrackPopupMenuEx
UnloadKeyboardLayout
UnregisterClassA
VkKeyScanExA
WindowFromPoint
wsprintfA
wvsprintfA
OemToCharBuffA
OemKeyScan
MessageBoxW
MessageBoxExW
MapWindowPoints
MapVirtualKeyA
LoadIconW
LoadBitmapA
IsZoomed
IsWindowUnicode
IsWindow
IsDialogMessage
IMPGetIMEW
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextLengthW
GetWindowRect
GetWindowDC
GetWindowContextHelpId
GetThreadDesktop
GetPriorityClipboardFormat
GetMouseMovePointsEx
GetMessagePos
GetMenuStringA
GetMenuInfo
GetMenuDefaultItem
GetLastInputInfo
GetKeyboardLayoutNameW
GetKeyboardLayout
GetKeyState
GetDlgItemTextW
GetClipCursor
GetClassNameW
GetClassInfoExA
GetAncestor
EnumDisplaySettingsA
EnumDisplayDevicesW
EnumDisplayDevicesA
EnumDesktopsW
EnableWindow
EmptyClipboard
DrawTextW
DrawTextExW
DrawStateA
DragObject
DlgDirSelectComboBoxExW
DialogBoxIndirectParamW
DefWindowProcW
DefFrameProcW
DdePostAdvise
DdeImpersonateClient
DdeEnableCallback
DdeConnectList
DdeAccessData
CreateIconIndirect
CreateDialogParamA
CreateDesktopW
CreateCursor
CountClipboardFormats
CopyRect
CopyAcceleratorTableA
CheckRadioButton
CharUpperBuffA
ChangeMenuW
ChangeDisplaySettingsA
CascadeWindows
EndPaint

shell32

SHBrowseForFolderA
Shell_NotifyIconW
Shell_NotifyIcon
ShellExecuteW
ShellAboutA
SHQueryRecycleBinA
SHPathPrepareForWriteW
SHInvokePrinterCommandW
SHInvokePrinterCommandA
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetSettings
CheckEscapesW
CommandLineToArgvW
DoEnvironmentSubstA
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryPoint
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractIconExA
ExtractIconExW
FindExecutableA
SHGetPathFromIDListW
FindExecutableW
SHAddToRecentDocs
SHAppBarMessage
SHBindToParent
SHBrowseForFolder
WOWShellExecute
SHBrowseForFolderW
SHChangeNotify
SHCreateDirectoryExA
SHCreateDirectoryExW
SHEmptyRecycleBinW
SHFileOperation
SHFreeNameMappings
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetFileInfoW
SHGetFolderPathA
SHGetFolderPathW
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDList
SHGetPathFromIDListA

shlwapi

StrChrIA
StrChrIW
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrStrIA
StrStrIW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8946be53441b3ea767587ba1182f91a9

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3bCertificate

Extended Key Usages

0e:bd:d5:89:15:d0:38:c7:47:d4:13:db:7f:c5:80:d5:f0:66:20:afSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Sections

.text Size: 12KB - Virtual size: 11KB

.text1 Size: 55KB - Virtual size: 55KB

.data Size: 1024B - Virtual size: 944B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

0e:bd:d5:89:15:d0:38:c7:47:d4:13:db:7f:c5:80:d5:f0:66:20:af
Signer

.text
Size: 12KB - Virtual size: 11KB

.text1
Size: 55KB - Virtual size: 55KB

.data
Size: 1024B - Virtual size: 944B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB