300db996c6fdfb3255010c3bec4d340e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

300db996c6fdfb3255010c3bec4d340e_JaffaCakes118
Size

176KB
MD5

300db996c6fdfb3255010c3bec4d340e
SHA1

f18751122f2deac6de493a30d34761907efe1599
SHA256

91429c427df2f3d100c1e324463e7f4360e9c0d37f6645fd11fe3408533900b4
SHA512

aad96ba572dfc74dae36ba994dc3bde1a67599de0c7003963eed9e071458e4501f086d037775f69d274eb49f7f43b8f9331d1ab37a4001390f24944536b61920
SSDEEP

3072:zEnbXVjO1Iw9CK5rLxh63nGYMosokbufPm0xLm4eiI11mrtTJgp3/ZK4Xme8:zE3w9vZQ3nDsoCu3bxq4eiHrtTJUX

Score

1^/10

Malware Config

Signatures

Files

300db996c6fdfb3255010c3bec4d340e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8946be53441b3ea767587ba1182f91a9

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

Issuer

CN=NCrG992VieeQ

Not Before

14/03/2012, 06:19

Not After

31/12/2039, 23:59

Subject

CN=NCrG992VieeQ

Extended Key Usages

ExtKeyUsageCodeSigning

7a:86:72:ea:a1:b7:2f:55:d9:9d:7e:97:b0:7b:3d:a4:86:bb:20:e0
Signer

Actual PE Digest

7a:86:72:ea:a1:b7:2f:55:d9:9d:7e:97:b0:7b:3d:a4:86:bb:20:e0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
InterlockedCompareExchange
lstrcpyA
lstrlenA
GetWindowsDirectoryA
GetProcAddress
CreateFileA
VirtualAlloc
BeginUpdateResourceA
BuildCommDCBAndTimeoutsA
CancelIo
CreateHardLinkW
CreateJobObjectW
CreateTapePartition
DefineDosDeviceA
DefineDosDeviceW
EnterCriticalSection
EnumDateFormatsExW
EnumResourceLanguagesA
EnumResourceTypesW
EnumSystemLanguageGroupsA
EnumTimeFormatsW
EnumUILanguagesA
FileTimeToSystemTime
FindAtomA
FindClose
FlushInstructionCache
FoldStringA
GetBinaryType
GetCPInfo
GetCPInfoExA
GetCommModemStatus
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentDirectoryW
GetDefaultCommConfigW
GetDriveTypeA
GetFileSizeEx
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetModuleFileNameA
GetProcessAffinityMask
GetShortPathNameA
GetShortPathNameW
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeExW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetTapeStatus
GetTempPathA
GetTempPathW
GetThreadPriorityBoost
GetThreadSelectorEntry
GetTimeZoneInformation
GetUserDefaultLangID
GetVersionExW
GetVolumePathNameW
GlobalMemoryStatusEx
GlobalReAlloc
Heap32Next
HeapCompact
HeapFree
HeapLock
HeapUnlock
InterlockedIncrement
IsBadStringPtrW
IsDBCSLeadByteEx
IsValidLanguageGroup
IsValidLocale
LoadLibraryExW
LoadLibraryW
LoadModule
LocalFileTimeToFileTime
LocalHandle
LocalShrink
MoveFileA
OpenSemaphoreW
OpenWaitableTimerA
ReleaseMutex
ReplaceFileW
SetComputerNameA
SetComputerNameExA
SetComputerNameExW
SetComputerNameW
SetEnvironmentVariableW
SetLastError
SetThreadPriority
Thread32Next
VerLanguageNameA
VerLanguageNameW
VerifyVersionInfoW
VirtualProtect
WaitForMultipleObjects
WriteConsoleOutputW
WritePrivateProfileStringA
WritePrivateProfileStructW
lstrcatA
lstrcmpiW

user32

OpenClipboard
OpenIcon
RemovePropW
ScreenToClient
ScrollWindowEx
SendIMEMessageExA
SendMessageW
SetActiveWindow
SetCaretPos
SetClipboardViewer
SetDebugErrorLevel
SetDlgItemTextW
SetWindowLongW
SetWindowsHookExA
ShowCaret
SwitchDesktop
SystemParametersInfoA
ToAscii
TrackPopupMenuEx
UnloadKeyboardLayout
UnregisterClassA
VkKeyScanExA
WindowFromPoint
wsprintfA
wvsprintfA
OemToCharBuffA
OemKeyScan
MessageBoxW
MessageBoxExW
MapWindowPoints
MapVirtualKeyA
LoadIconW
LoadBitmapA
IsZoomed
IsWindowUnicode
IsWindow
IsDialogMessage
IMPGetIMEW
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextLengthW
GetWindowRect
GetWindowDC
GetWindowContextHelpId
GetThreadDesktop
GetPriorityClipboardFormat
GetMouseMovePointsEx
GetMessagePos
GetMenuStringA
GetMenuInfo
GetMenuDefaultItem
GetLastInputInfo
GetKeyboardLayoutNameW
GetKeyboardLayout
GetKeyState
GetDlgItemTextW
GetClipCursor
GetClassNameW
GetClassInfoExA
GetAncestor
EnumDisplaySettingsA
EnumDisplayDevicesW
EnumDisplayDevicesA
EnumDesktopsW
EnableWindow
EmptyClipboard
DrawTextW
DrawTextExW
DrawStateA
DragObject
DlgDirSelectComboBoxExW
DialogBoxIndirectParamW
DefWindowProcW
DefFrameProcW
DdePostAdvise
DdeImpersonateClient
DdeEnableCallback
DdeConnectList
DdeAccessData
CreateIconIndirect
CreateDialogParamA
CreateDesktopW
CreateCursor
CountClipboardFormats
CopyRect
CopyAcceleratorTableA
CheckRadioButton
CharUpperBuffA
ChangeMenuW
ChangeDisplaySettingsA
CascadeWindows
EndPaint

shell32

SHBrowseForFolderA
Shell_NotifyIconW
Shell_NotifyIcon
ShellExecuteW
ShellAboutA
SHQueryRecycleBinA
SHPathPrepareForWriteW
SHInvokePrinterCommandW
SHInvokePrinterCommandA
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetSettings
CheckEscapesW
CommandLineToArgvW
DoEnvironmentSubstA
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryPoint
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractIconExA
ExtractIconExW
FindExecutableA
SHGetPathFromIDListW
FindExecutableW
SHAddToRecentDocs
SHAppBarMessage
SHBindToParent
SHBrowseForFolder
WOWShellExecute
SHBrowseForFolderW
SHChangeNotify
SHCreateDirectoryExA
SHCreateDirectoryExW
SHEmptyRecycleBinW
SHFileOperation
SHFreeNameMappings
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetFileInfoW
SHGetFolderPathA
SHGetFolderPathW
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDList
SHGetPathFromIDListA

shlwapi

StrChrIA
StrChrIW
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrStrIA
StrStrIW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8946be53441b3ea767587ba1182f91a9

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3bCertificate

Extended Key Usages

7a:86:72:ea:a1:b7:2f:55:d9:9d:7e:97:b0:7b:3d:a4:86:bb:20:e0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Sections

.text Size: 12KB - Virtual size: 11KB

.text1 Size: 156KB - Virtual size: 156KB

.data Size: 1024B - Virtual size: 944B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

7a:86:72:ea:a1:b7:2f:55:d9:9d:7e:97:b0:7b:3d:a4:86:bb:20:e0
Signer

.text
Size: 12KB - Virtual size: 11KB

.text1
Size: 156KB - Virtual size: 156KB

.data
Size: 1024B - Virtual size: 944B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB