2b072b5a2392e49be6bb06ae7895a8e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b072b5a2392e49be6bb06ae7895a8e2_JaffaCakes118
Size

124KB
MD5

2b072b5a2392e49be6bb06ae7895a8e2
SHA1

ce0c56cb35b0cf9ea5b240853a81b43229ac1621
SHA256

a94115124b0e22845ecde3f71c63ac88889303c17f562d6c715c4ad12580252a
SHA512

e2d0c0fbd099ccfdfa387cc16d3c64afdcfad6bf32724fbb3911acee6880ce3106d204b74f629976dfc7613307aa836d67fb4e63432d3e41a67d8d0e2c716815
SSDEEP

3072:LXv9tGNjSL2+0oAI/EF0onuK40nDKZZPaHEhICnE0tbE:jv8jyGN0ovtnDKZJ9hVnzbE

Score

1^/10

Malware Config

Signatures

Files

2b072b5a2392e49be6bb06ae7895a8e2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fec1bb6d197b4fe7cef9e1f3bcf38c07

Code Sign

2f:6d:1b:0d:3e:bb:b8:8b:4a:0f:b2:46:69:8a:ad:c2
Certificate

Issuer

CN=Application Compatibility UI

Not Before

31/12/2008, 16:00

Not After

31/12/2014, 16:00

Subject

CN=Application Compatibility UI

Extended Key Usages

ExtKeyUsageCodeSigning

af:18:5a:aa:24:b5:22:9e:72:3f:dd:56:c4:04:f4:89:54:0a:6b:a7
Signer

Actual PE Digest

af:18:5a:aa:24:b5:22:9e:72:3f:dd:56:c4:04:f4:89:54:0a:6b:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

GetPixel

wsock32

WSACleanup

wininet

InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JSOff
JSOn

Sections

"
Size: - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

"
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

"
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

>
Size: - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

;
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

-
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

$
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fec1bb6d197b4fe7cef9e1f3bcf38c07

Code Sign

2f:6d:1b:0d:3e:bb:b8:8b:4a:0f:b2:46:69:8a:ad:c2Certificate

Extended Key Usages

af:18:5a:aa:24:b5:22:9e:72:3f:dd:56:c4:04:f4:89:54:0a:6b:a7Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

wsock32

wininet

Exports

Exports

Sections

" Size: - Virtual size: 125KB

5 Size: - Virtual size: 2KB

" Size: - Virtual size: 5KB

" Size: - Virtual size: 3KB

> Size: - Virtual size: 193B

0 Size: - Virtual size: 8KB

; Size: 512B - Virtual size: 4KB

- Size: - Virtual size: 22KB

$ Size: 121KB - Virtual size: 121KB

6 Size: 512B - Virtual size: 108B

2f:6d:1b:0d:3e:bb:b8:8b:4a:0f:b2:46:69:8a:ad:c2
Certificate

af:18:5a:aa:24:b5:22:9e:72:3f:dd:56:c4:04:f4:89:54:0a:6b:a7
Signer

"
Size: - Virtual size: 125KB

5
Size: - Virtual size: 2KB

"
Size: - Virtual size: 5KB

"
Size: - Virtual size: 3KB

>
Size: - Virtual size: 193B

0
Size: - Virtual size: 8KB

;
Size: 512B - Virtual size: 4KB

-
Size: - Virtual size: 22KB

$
Size: 121KB - Virtual size: 121KB

6
Size: 512B - Virtual size: 108B