2dd608d4ac56b0c1c1ff89cf5cf74347_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2dd608d4ac56b0c1c1ff89cf5cf74347_JaffaCakes118
Size

90KB
MD5

2dd608d4ac56b0c1c1ff89cf5cf74347
SHA1

fbe02a1c047dc186c4a353ee79d5f04046d9da2a
SHA256

f14bf98a2e377bf319150ee73f5b13c723b7aaeab56658cb9936e9fc12b498df
SHA512

f1a82e101347308961be196fb6c89e6956ff70eb9741d353221740b8571dea01f7992f74ce6d55033b3e82a95be2baa6c74a6365a76f44e5295a37622969f046
SSDEEP

1536:kXZ/ZXUpZ6FfFUHgrGOyT+MJzqcl50g0pyjirwg3Muks6MLKMbh+:kXZ/ZXU/kugrnyT+UJ50hyOrwu8sRLKV

Score

1^/10

Malware Config

Signatures

Files

2dd608d4ac56b0c1c1ff89cf5cf74347_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0642c8d76fb6157a0c5e91d469035a61

Code Sign

69:9d:1f:67:c2:f1:c4:4c:b9:38:42:69:f1:79:93:0e
Certificate

Issuer

CN=666666

Not Before

12/02/2012, 08:59

Not After

31/12/2039, 23:59

Subject

CN=666666

Extended Key Usages

ExtKeyUsageCodeSigning

9c:fc:74:f9:b0:47:a6:70:85:3a:b4:39:03:33:a7:39:90:f1:4a:c5
Signer

Actual PE Digest

9c:fc:74:f9:b0:47:a6:70:85:3a:b4:39:03:33:a7:39:90:f1:4a:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
GetExitCodeThread
GetFileSize
GetFileSizeEx
GetFileTime
GetLongPathNameW
GetNamedPipeHandleStateW
GetNamedPipeInfo
GetNumberFormatW
GetOEMCP
GetPrivateProfileSectionNamesW
GetProcessHeap
GetProcessHeaps
GetProfileSectionW
GetShortPathNameA
GetStringTypeA
GetSystemDefaultLCID
GetThreadPriorityBoost
GetVersionExW
GetVolumePathNameW
GetWindowsDirectoryW
GetWriteWatch
GlobalAddAtomW
GlobalDeleteAtom
GlobalMemoryStatus
GlobalUnWire
GlobalUnlock
InitializeCriticalSection
IsBadStringPtrA
LoadLibraryA
LocalAlloc
LocalCompact
LocalFlags
LocalUnlock
Module32NextW
MulDiv
OpenEventW
OpenMutexW
GetDriveTypeA
QueryDosDeviceA
QueryInformationJobObject
RaiseException
ReadDirectoryChangesW
ReadProcessMemory
ReleaseMutex
ScrollConsoleScreenBufferA
SearchPathA
SearchPathW
SetCommBreak
SetComputerNameExA
SetConsoleActiveScreenBuffer
SetConsoleDisplayMode
SetConsoleScreenBufferSize
SetEndOfFile
SetFileApisToOEM
SetFileAttributesW
SetInformationJobObject
SetWaitableTimer
SuspendThread
UnhandledExceptionFilter
UnlockFile
UnregisterWait
VirtualAllocEx
VirtualQuery
WaitForDebugEvent
WaitNamedPipeA
WaitNamedPipeW
WriteConsoleW
WriteFileGather
WritePrivateProfileStringW
WritePrivateProfileStructW
WriteTapemark
_hwrite
lstrcmpA
lstrcpyn
GetDiskFreeSpaceA
GetDefaultCommConfigW
GetCurrencyFormatA
VirtualAlloc
GetConsoleTitleA
GetConsoleDisplayMode
GetConsoleAliasesLengthW
GetConsoleAliasExesA
GetComputerNameW
GetComputerNameA
GetCommandLineA
GetCommState
GetCommProperties
GetCalendarInfoW
GetAtomNameW
FreeEnvironmentStringsA
FoldStringA
FlushInstructionCache
FindResourceA
FindNextFileA
FindFirstVolumeW
FindFirstVolumeMountPointW
FindFirstVolumeA
FindFirstChangeNotificationA
FillConsoleOutputCharacterW
FileTimeToDosDateTime
ExitProcess
EnumUILanguagesA
EnumTimeFormatsW
EnumSystemLocalesW
EnumSystemLanguageGroupsA
EnumResourceTypesW
EnumResourceNamesW
EnumResourceNamesA
EnumDateFormatsExW
EnumCalendarInfoExW
EnumCalendarInfoA
DnsHostnameToComputerNameW
DisconnectNamedPipe
DisableThreadLibraryCalls
DeleteFileA
DeleteFiber
DebugBreak
CreateProcessA
CreateNamedPipeW
CreateMutexW
CreateHardLinkA
CreateEventW
CreateEventA
CreateDirectoryA
CopyFileExW
ConvertThreadToFiber
ConvertDefaultLocale
CancelIo
BuildCommDCBAndTimeoutsA
BeginUpdateResourceA
BackupSeek
BackupRead
AllocateUserPhysicalPages
AddAtomW
AddAtomA
LoadLibraryW
GetProcAddress
PeekConsoleInputA

user32

LoadAcceleratorsW

shell32

DoEnvironmentSubstW
DoEnvironmentSubstA
CommandLineToArgvW
CheckEscapesW
WOWShellExecute
Shell_NotifyIconA
ShellHookProc
ShellExecuteW
ShellExecuteExW
ShellExecuteEx
ShellExecuteA
ShellAboutW
SHQueryRecycleBinW
SHQueryRecycleBinA
SHPathPrepareForWriteA
SHLoadInProc
SHInvokePrinterCommandW
SHInvokePrinterCommandA
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconEx
ExtractIconExA
ExtractIconW
FindExecutableW
SHAddToRecentDocs
SHAppBarMessage
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHChangeNotify
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDiskFreeSpaceExA
SHGetFileInfo
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathW
SHGetIconOverlayIndexA
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
Shell_NotifyIconW

shlwapi

StrStrIW
StrStrIA
StrStrA
StrRStrIW
StrRStrIA
StrRChrIW
StrRChrIA
StrRChrA
StrCmpNIW
StrCmpNA
StrChrW
StrChrIA
StrChrA

comctl32

CreatePropertySheetPage
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
ord7
CreateToolbarEx
ord15
DrawStatusText
ord5
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_SetScrollRange
ImageList_Add
ImageList_AddIcon
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Duplicate
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetOverlayImage
ord17
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
ord13
ord2
PropertySheet
PropertySheetA
PropertySheetW
ord3
UninitializeFlatSB
ord8

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ggj
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heh
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0642c8d76fb6157a0c5e91d469035a61

Code Sign

69:9d:1f:67:c2:f1:c4:4c:b9:38:42:69:f1:79:93:0eCertificate

Extended Key Usages

9c:fc:74:f9:b0:47:a6:70:85:3a:b4:39:03:33:a7:39:90:f1:4a:c5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

comctl32

Sections

.text Size: 9KB - Virtual size: 9KB

.ggj Size: 2KB - Virtual size: 1KB

.heh Size: 66KB - Virtual size: 66KB

.data Size: 512B - Virtual size: 192B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 1KB

69:9d:1f:67:c2:f1:c4:4c:b9:38:42:69:f1:79:93:0e
Certificate

9c:fc:74:f9:b0:47:a6:70:85:3a:b4:39:03:33:a7:39:90:f1:4a:c5
Signer

.text
Size: 9KB - Virtual size: 9KB

.ggj
Size: 2KB - Virtual size: 1KB

.heh
Size: 66KB - Virtual size: 66KB

.data
Size: 512B - Virtual size: 192B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 1KB