36be66ffe2385c60396bbac504aeaca7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36be66ffe2385c60396bbac504aeaca7_JaffaCakes118
Size

344KB
MD5

36be66ffe2385c60396bbac504aeaca7
SHA1

5a3780791e46288015941bda1e142416a28dde8f
SHA256

c2813b3682155fea9e616e9d64e41f089a9a7d9e9559328352fde4831ba070f7
SHA512

5a8f68241a2d7d295b4162be92e8647e795c08eaa5aaae812fe5b43ba9bd19562522763b66d21fb365d6c4af8f0c89298b140e6f966f7790db1b72e26956952d
SSDEEP

6144:uxYl1a809AL19YrmmR7n7X/xGu01fwRqLZpa6pwU5pHYwuvRT9N5owVqUtLk:kEa8r/hOXYnwRq3lpwzwut5owVNtLk

Score

1^/10

Malware Config

Signatures

Files

36be66ffe2385c60396bbac504aeaca7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cc8568ea510de7f14291c5fb4d0a64f

Code Sign

0d:f0:a6:d6:ff:2a:3b:a1:4b:9b:da:81:7d:e9:6a:0e
Certificate

Issuer

CN=hvcmjyrughw

Not Before

05/12/2011, 17:21

Not After

25/02/2024, 22:00

Subject

CN=Kolity

26:38:86:af:94:f6:79:3f:8e:d7:72:7b:8a:ce:f6:e4:33:c1:0a:52
Signer

Actual PE Digest

26:38:86:af:94:f6:79:3f:8e:d7:72:7b:8a:ce:f6:e4:33:c1:0a:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDlgItemTextA
IsWindow
MessageBoxIndirectA
GetParent
IsWindowVisible

ole32

CoGetStandardMarshal
CoGetCurrentProcess
OleSetContainedObject
CoUnmarshalHresult
OleGetAutoConvert
CoLockObjectExternal

advapi32

RegSaveKeyA
RegOpenKeyA

kernel32

LCMapStringA
MultiByteToWideChar
LoadLibraryA
LCMapStringW
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeA
HeapReAlloc
TerminateProcess
GetLocaleInfoA
GetStringTypeW
WritePrivateProfileStructA
SetFilePointer
GetModuleHandleA
GetProcAddress
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersion
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetFileType
SetHandleCount
GetStdHandle
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yesz
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cc8568ea510de7f14291c5fb4d0a64f

Code Sign

0d:f0:a6:d6:ff:2a:3b:a1:4b:9b:da:81:7d:e9:6a:0eCertificate

26:38:86:af:94:f6:79:3f:8e:d7:72:7b:8a:ce:f6:e4:33:c1:0a:52Signer

Headers

File Characteristics

Imports

user32

ole32

advapi32

kernel32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 4KB - Virtual size: 509KB

yesz Size: 195KB - Virtual size: 194KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

0d:f0:a6:d6:ff:2a:3b:a1:4b:9b:da:81:7d:e9:6a:0e
Certificate

26:38:86:af:94:f6:79:3f:8e:d7:72:7b:8a:ce:f6:e4:33:c1:0a:52
Signer

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 4KB - Virtual size: 509KB

yesz
Size: 195KB - Virtual size: 194KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB