31b57db058d84a72c0a968d9ffa0181b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31b57db058d84a72c0a968d9ffa0181b_JaffaCakes118
Size

182KB
MD5

31b57db058d84a72c0a968d9ffa0181b
SHA1

4f72bca007afc00685279825b565b93e0dcf9898
SHA256

33f44372cb43ff9f0c2457223a24696f4bdadf31ea71d07b32d898c2f27b92cc
SHA512

2fb80acad3131f94bf7b6c3b333116d0469735aef977eb729a2d984a817daac98691a4002b51d5fe410b2046567179efca7c042523a066c6e023703a45e96208
SSDEEP

3072:KRm92Y8DZIx4nlPpaO/nQJyCXbFLRMM4y97Axxajtvq4ZzZK+/qfgYoXlV+uZX4O:KRm92K4nlPdQVRMM4yWxwtlZzZvGgYyf

Score

1^/10

Malware Config

Signatures

Files

31b57db058d84a72c0a968d9ffa0181b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

08ff6e2a8ee2626939b5e660c888b70c

Code Sign

3e:cf:d8:ff
Certificate

Issuer

O=ACNLB,C=SI

Not Before

26/05/2009, 13:53

Not After

26/05/2014, 14:23

Subject

SERIALNUMBER=6721079100,CN=Uros Mavretic,OU=Fizicne osebe,O=ACNLB+O=NLB,C=SI

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageIPSECUser
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

71:c7:6f:ef:63:4f:3c:b1:9f:cf:61:79:1c:b3:37:d5:4a:20:46:2d
Signer

Actual PE Digest

71:c7:6f:ef:63:4f:3c:b1:9f:cf:61:79:1c:b3:37:d5:4a:20:46:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

traffic

TcDeregisterClient

netapi32

NetMessageBufferSend
NetApiBufferAllocate
NetpIsRemote
NetApiBufferFree

msvcrt

wcscat
wcschr
strchr
malloc
wcscmp
_wcsicmp
_except_handler3
free
_adjust_fdiv
_beep
_initterm
strrchr
wcslen
_itoa
_ultoa
wcsncpy

kernel32

GetCurrentProcessId
GetCurrentProcess
MultiByteToWideChar
Sleep
LoadLibraryExW
UnhandledExceptionFilter
GetTimeZoneInformation
TerminateProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
ReadFile
GetTimeFormatA
LocalFree
GetDateFormatA
GetThreadLocale
QueryPerformanceCounter
SetUnhandledExceptionFilter
FreeLibrary
GetComputerNameExW
GetLastError
WideCharToMultiByte
FormatMessageW
CreateMailslotW
CloseHandle
VirtualAlloc
DisableThreadLibraryCalls
GetTickCount

ntdll

RtlCopySid
RtlAddAce
RtlxUnicodeStringToOemSize
RtlSetOwnerSecurityDescriptor
RtlSetSaclSecurityDescriptor
NlsMbOemCodePageTag
RtlLengthSid
RtlSetGroupSecurityDescriptor
RtlxOemStringToUnicodeSize
RtlOemStringToUnicodeString
RtlInitUnicodeString
RtlInitAnsiString
RtlNtStatusToDosError
RtlInitString
RtlSetDaclSecurityDescriptor
RtlCreateAcl
RtlUnicodeStringToOemString
RtlCreateSecurityDescriptor

advapi32

RegOpenKeyExW
RegConnectRegistryW
RegQueryInfoKeyW
RegisterEventSourceW
ReportEventW
RegisterServiceCtrlHandlerW
RegCloseKey
RegQueryValueExW
DeregisterEventSource
SetServiceStatus

Sections

.textbss
Size: - Virtual size: 800KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08ff6e2a8ee2626939b5e660c888b70c

Code Sign

3e:cf:d8:ffCertificate

Extended Key Usages

Key Usages

71:c7:6f:ef:63:4f:3c:b1:9f:cf:61:79:1c:b3:37:d5:4a:20:46:2dSigner

Headers

File Characteristics

Imports

traffic

netapi32

msvcrt

kernel32

ntdll

advapi32

Sections

.textbss Size: - Virtual size: 800KB

.idata Size: 4KB - Virtual size: 4KB

.text Size: 512B - Virtual size: 428B

.rdata Size: 174KB - Virtual size: 174KB

3e:cf:d8:ff
Certificate

71:c7:6f:ef:63:4f:3c:b1:9f:cf:61:79:1c:b3:37:d5:4a:20:46:2d
Signer

.textbss
Size: - Virtual size: 800KB

.idata
Size: 4KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 428B

.rdata
Size: 174KB - Virtual size: 174KB