367b308d24dcec4298e93ad2d8c21433_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

367b308d24dcec4298e93ad2d8c21433_JaffaCakes118
Size

381KB
MD5

367b308d24dcec4298e93ad2d8c21433
SHA1

2bfc318801937df4667695fd74b97b7891f15f92
SHA256

953895781fc9634d6257dbba4c270dc702f0ee72269e8c645f77b5c9ab949a2b
SHA512

ee2cef5b3a92f4e59222fdd4e02755db9e4b3e385f75aa12046e449c3111327eb5f53d03876a056f517b87cf0a2ca0860081774f882b87d7991bcfbde864754e
SSDEEP

6144:WAeye05mJvyyLaCh4jzGEnG9Hd4hsgZ66IQaidm6WVyEcxzxdYIgs5K9XEY6RU5p:WAezJvyyF6zGbX/KIQF4UjVQ996WLWRi

Score

1^/10

Malware Config

Signatures

Files

367b308d24dcec4298e93ad2d8c21433_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1bc0b9b9201f95590efb60fa1a54e48f

Code Sign

3f:1a:d3:0c:5e:99:34:7b:b5:a2:36:87:e9:b3:a5:ed
Certificate

Issuer

CN=Root Agency

Not Before

07/11/2011, 11:25

Not After

17/11/2034, 22:00

Subject

CN=WIQ

Extended Key Usages

ExtKeyUsageCodeSigning

88:a5:21:6f:be:3c:a0:60:9a:70:bf:ec:b9:c1:56:2c:1f:66:64:5a
Signer

Actual PE Digest

88:a5:21:6f:be:3c:a0:60:9a:70:bf:ec:b9:c1:56:2c:1f:66:64:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glTexCoord1sv
glMatrixMode
glGetClipPlane
glColor3bv
glColorPointer
glNormal3f
glTexCoord2dv
glDisable
glVertex3sv
glScaled
glGetTexParameterfv

glu32

gluOrtho2D
gluBuild2DMipmaps

ole32

CoSuspendClassObjects
OleRegGetUserType
CoMarshalInterface
CreateFileMoniker
GetRunningObjectTable

comctl32

ord15
UninitializeFlatSB
ord13
CreateStatusWindowW
ord5

urlmon

CreateFormatEnumerator

shlwapi

StrRChrW
StrToIntA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_exit
_XcptFilter
exit
_acmdln
__getmainargs

kernel32

HeapWalk
GlobalReAlloc
CreateEventA
GetProcessHeap
IsValidCodePage
GetStartupInfoA
ExitProcess
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
HeapUnlock

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bjcdcj
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nzsqav
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bc0b9b9201f95590efb60fa1a54e48f

Code Sign

3f:1a:d3:0c:5e:99:34:7b:b5:a2:36:87:e9:b3:a5:edCertificate

Extended Key Usages

88:a5:21:6f:be:3c:a0:60:9a:70:bf:ec:b9:c1:56:2c:1f:66:64:5aSigner

Headers

File Characteristics

Imports

opengl32

glu32

ole32

comctl32

urlmon

shlwapi

msvcrt

kernel32

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 85KB

bjcdcj Size: 240KB - Virtual size: 239KB

nzsqav Size: 117KB - Virtual size: 116KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 5KB - Virtual size: 5KB

3f:1a:d3:0c:5e:99:34:7b:b5:a2:36:87:e9:b3:a5:ed
Certificate

88:a5:21:6f:be:3c:a0:60:9a:70:bf:ec:b9:c1:56:2c:1f:66:64:5a
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 85KB

bjcdcj
Size: 240KB - Virtual size: 239KB

nzsqav
Size: 117KB - Virtual size: 116KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 5KB - Virtual size: 5KB