3b3c253b6d0067b0ecf6cec2d115625b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b3c253b6d0067b0ecf6cec2d115625b_JaffaCakes118
Size

25KB
MD5

3b3c253b6d0067b0ecf6cec2d115625b
SHA1

e1b517190eb90ff386115b36728c2e33744f9f77
SHA256

9da08b12cab73667f40d954d931572a3a8a6bccd3e46979189a4be95bdbe1a8a
SHA512

7c076fceed863b6b79aa17cdaeab348f63aeaad887435fa0786e986eb26280b2c446fd5a94a190a2a298b62affba546cd87def97077b6b667806bdaaa1744b5c
SSDEEP

384:dBmUdv/mWnaBDdhbKg5Eeq69WJs+5JsQI5Voy4Dqhh4WWieZW:dBmUBm2cJ5KEjDWJJ5JsQs2ygqhhde

Score

1^/10

Malware Config

Signatures

Files

3b3c253b6d0067b0ecf6cec2d115625b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4e58b69391d35d70bb5e4324fe306868

Code Sign

48:87:89:cd:00:30:34:74:b1:c7:43:d8:cd:eb:07:73
Certificate

Issuer

CN=235235623562

Not Before

15/02/2012, 15:36

Not After

31/12/2039, 23:59

Subject

CN=235235623562

Extended Key Usages

ExtKeyUsageCodeSigning

62:85:e4:62:bb:86:9e:dd:7d:2d:8a:08:86:b7:ca:dd:09:61:76:6c
Signer

Actual PE Digest

62:85:e4:62:bb:86:9e:dd:7d:2d:8a:08:86:b7:ca:dd:09:61:76:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
GetSystemInfo
GetSystemPowerStatus
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVolumePathNameA
GlobalAddAtomA
GlobalHandle
GlobalLock
HeapCompact
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
IsDBCSLeadByte
IsDebuggerPresent
IsValidCodePage
LoadResource
LocalUnlock
LockResource
MoveFileW
MoveFileWithProgressA
MoveFileWithProgressW
OpenFileMappingW
OpenWaitableTimerA
QueryDosDeviceW
ReadConsoleOutputCharacterW
ReleaseSemaphore
RtlFillMemory
RtlUnwind
RtlZeroMemory
ScrollConsoleScreenBufferA
SetCommConfig
SetComputerNameExA
SetConsoleActiveScreenBuffer
GetShortPathNameW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDefaultCommConfigW
SetEnvironmentVariableW
SetErrorMode
SetFilePointer
SetFilePointerEx
SetLastError
SetPriorityClass
SetProcessShutdownParameters
SetTapePosition
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SystemTimeToFileTime
Toolhelp32ReadProcessMemory
TryEnterCriticalSection
VerifyVersionInfoA
WaitForSingleObject
WaitNamedPipeW
WriteConsoleOutputAttribute
WriteFile
WritePrivateProfileSectionA
WriteProcessMemory
_lcreat
_lopen
lstrcatW
lstrcmpW
lstrcpyn
lstrcpynW
GetShortPathNameA
GetProfileStringW
GetProfileSectionA
GetProcessTimes
GetProcessHeaps
GetPrivateProfileStructA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
GetNumberFormatW
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetLargestConsoleWindowSize
GetFullPathNameA
GetFileAttributesW
GetFileAttributesExA
GetDriveTypeA
GetCurrentThreadId
GetCurrencyFormatA
GetConsoleMode
GetConsoleFontSize
GetConsoleDisplayMode
GetConsoleCP
GetComputerNameExW
GetComputerNameExA
GetCommState
GetCommModemStatus
GetModuleHandleA
GetAtomNameA
GetACP
FoldStringA
FlushInstructionCache
FindResourceA
FindNextFileW
FindNextFileA
FindNextChangeNotification
FillConsoleOutputCharacterA
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumSystemLanguageGroupsW
EnumSystemLanguageGroupsA
EnumSystemCodePagesA
EnumLanguageGroupLocalesA
EnumDateFormatsExW
EnterCriticalSection
DnsHostnameToComputerNameA
DeleteFiber
CreateTimerQueue
CreateSemaphoreW
CreateMutexA
CreateJobObjectW
CreateFileW
CreateFileA
CreateDirectoryW
CreateDirectoryExA
CreateConsoleScreenBuffer
ConvertThreadToFiber
ConnectNamedPipe
CommConfigDialogA
CancelDeviceWakeupRequest
BindIoCompletionCallback
BackupRead
AllocateUserPhysicalPages
AddConsoleAliasW
GetProcAddress
SetConsoleTitleA

msvcrt

memset

user32

LoadBitmapA

advapi32

RegOpenKeyExA

oleaut32

VarDecAdd
VarDecFix
VarDecFromDisp
VarDecFromI4
VarDecFromR8
VarDecMul
VarEqv
VarFix
VarFormat
VarFormatFromTokens
VarI1FromDate
VarI1FromDec
VarI1FromI2
VarI1FromR4
VarI1FromR8
VarI1FromUI1
VarI2FromBool
VarI2FromCy
VarI2FromUI1
VarI4FromBool
VarI4FromDate
VarI4FromDec
VarI4FromDisp
VarI4FromI1
VarI4FromI2
VarI4FromR8
VarI4FromStr
VarIdiv
VarNeg
VarNumFromParseNum
VarOr
VarParseNumFromStr
VarR4FromDec
VarR4FromI4
VarR4FromR8
VarR4FromUI2
VarR4FromUI4
VarR8FromDisp
VarR8FromI4
VarR8FromUI2
VarR8Pow
VarUI1FromDate
VarUI1FromI2
VarUI1FromI4
VarUI1FromUI2
VarUI4FromBool
VarUI4FromDec
VarUI4FromR4
VarUI4FromR8
VarUI4FromStr
VariantCopy
VariantCopyInd
VariantInit
VariantTimeToSystemTime
VectorFromBstr
VarDecAbs
VarDateFromUI1
VarDateFromI4
VarDateFromI2
VarDateFromDisp
VarDateFromBool
VarCyMul
VarCyInt
VarCyFromUI2
VarCyFromUI1
VarCyFromR4
VarCyFromI4
VarCyFromDate
VarCyFromBool
VarCat
VarBstrFromUI4
VarBstrFromR8
VarBstrFromI2
VarBstrFromI1
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarBstrCat
VarBoolFromUI1
VarBoolFromI2
VarBoolFromDisp
SystemTimeToVariantTime
SysStringLen
SysStringByteLen
SysReAllocStringLen
SetErrorInfo
SafeArraySetIID
SafeArrayPutElement
SafeArrayGetRecordInfo
SafeArrayGetElemsize
SafeArrayDestroyDescriptor
SafeArrayCreateVectorEx
SafeArrayCreateVector
SafeArrayCreate
SafeArrayCopyData
RevokeActiveObject
QueryPathOfRegTypeLi
OleLoadPictureEx
OleCreatePropertyFrameIndirect
OleCreateFontIndirect
OaBuildVersion
LoadTypeLibEx
LoadTypeLi
LoadRegTypeLi
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LHashValOfNameSysA
LHashValOfNameSys
GetErrorInfo
GetActiveObject
DosDateTimeToVariantTime
DispGetParam
DispGetIDsOfNames
CreateErrorInfo
CreateDispTypeInfo
BstrFromVector
BSTR_UserMarshal
BSTR_UserFree
SafeArrayCopy

imm32

ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetIMCCLockCount
ImmConfigureIMEA
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmGetIMCCSize
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmUnlockIMC
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e58b69391d35d70bb5e4324fe306868

Code Sign

48:87:89:cd:00:30:34:74:b1:c7:43:d8:cd:eb:07:73Certificate

Extended Key Usages

62:85:e4:62:bb:86:9e:dd:7d:2d:8a:08:86:b7:ca:dd:09:61:76:6cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

advapi32

oleaut32

imm32

Sections

.text Size: 8KB - Virtual size: 8KB

.text1 Size: 2KB - Virtual size: 1KB

.text2 Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 92B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

48:87:89:cd:00:30:34:74:b1:c7:43:d8:cd:eb:07:73
Certificate

62:85:e4:62:bb:86:9e:dd:7d:2d:8a:08:86:b7:ca:dd:09:61:76:6c
Signer

.text
Size: 8KB - Virtual size: 8KB

.text1
Size: 2KB - Virtual size: 1KB

.text2
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 92B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB