39377541679e8a4f296777751e7c3bf2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

39377541679e8a4f296777751e7c3bf2_JaffaCakes118
Size

25KB
MD5

39377541679e8a4f296777751e7c3bf2
SHA1

96106a1f5c21eb3e6bca8a909269a352709f2052
SHA256

74864f790cff6b3c2338b929f76a321c415e7f026872a764df5790b721025dd1
SHA512

9e10dd36d8f5f812b0963b4697552b8f0fbd6e75f9eee344c79b967b0dedc8b8ef89f4a4d7a80a2689301b0234ae116b03e49f9e86a0262302d2a25c8c0ace7f
SSDEEP

384:oI8Sgfn8SGrpHsPwjPW3UQqrr3yw/yz8Sjgm1GGd1R9lmhh4WWieZWN7H:eSgkSGFHsPwjPkDa3peZRfmhhdeG

Score

1^/10

Malware Config

Signatures

Files

39377541679e8a4f296777751e7c3bf2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7872a014f4677ed9d938c113aecb4111

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

Issuer

CN=eryf2w4v6y2w

Not Before

25/02/2012, 10:44

Not After

31/12/2039, 23:59

Subject

CN=eryf2w4v6y2w

Extended Key Usages

ExtKeyUsageCodeSigning

a3:c1:ed:e0:89:b8:98:b8:bf:fb:58:60:e3:da:6b:07:03:c5:f3:8f
Signer

Actual PE Digest

a3:c1:ed:e0:89:b8:98:b8:bf:fb:58:60:e3:da:6b:07:03:c5:f3:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalUnlock
LockFile
LockFileEx
LockResource
MapUserPhysicalPagesScatter
MapViewOfFileEx
Module32NextW
MoveFileW
MoveFileWithProgressA
OpenFileMappingA
OpenSemaphoreW
OpenWaitableTimerA
PostQueuedCompletionStatus
Process32Next
PurgeComm
QueryPerformanceCounter
RaiseException
ReadConsoleInputA
ReadConsoleOutputA
ReadDirectoryChangesW
ReadFileScatter
RemoveDirectoryA
ReplaceFileA
RequestWakeupLatency
ResumeThread
SetComputerNameA
SetConsoleCP
SetConsoleCursorInfo
SetConsoleDisplayMode
SetConsoleTitleW
LocalCompact
SetFileAttributesA
SetFilePointer
SetInformationJobObject
SetLocaleInfoW
SetPriorityClass
SetTapeParameters
SetThreadExecutionState
SetVolumeMountPointA
SwitchToThread
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsFree
TlsSetValue
TransactNamedPipe
UnregisterWait
UnregisterWaitEx
VerifyVersionInfoW
VirtualProtect
WaitForDebugEvent
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObjectEx
WriteConsoleInputW
WriteFileEx
_lclose
_lwrite
lstrcmpW
lstrcmpi
lstrcpyW
LeaveCriticalSection
IsProcessorFeaturePresent
IsBadStringPtrW
HeapCreate
Heap32ListFirst
Heap32First
GlobalUnlock
GlobalUnfix
GlobalGetAtomNameW
GlobalDeleteAtom
GlobalCompact
GetWindowsDirectoryW
GetVolumePathNameA
GetVolumeInformationW
GetThreadSelectorEntry
GetTapeStatus
GetSystemDirectoryA
GetStringTypeW
GetProfileStringA
GetProfileIntA
GetProcessShutdownParameters
GetProcessPriorityBoost
GetProcessIoCounters
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesW
GetNamedPipeHandleStateW
GetModuleFileNameW
GetMailslotInfo
GetModuleHandleA
GetLocalTime
GetFullPathNameW
GetFullPathNameA
GetFileTime
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceExW
GetDateFormatA
GetCurrentDirectoryA
GetCurrencyFormatW
GetConsoleTitleA
GetConsoleAliasW
GetCommandLineA
GetCommConfig
GetCalendarInfoW
GetAtomNameA
FreeResource
FreeLibrary
FreeEnvironmentStringsA
FormatMessageA
FoldStringW
FindCloseChangeNotification
FillConsoleOutputCharacterA
EscapeCommFunction
EnumResourceNamesA
EnumResourceLanguagesA
DosDateTimeToFileTime
DeleteVolumeMountPointA
DeleteFileW
CreateToolhelp32Snapshot
CreateThread
CreateMutexW
CreateJobObjectA
CreateHardLinkA
CreateFileA
CreateEventA
CopyFileW
CompareStringA
CloseHandle
CancelWaitableTimer
CancelDeviceWakeupRequest
BuildCommDCBAndTimeoutsA
BuildCommDCBA
AreFileApisANSI
GetProcAddress
SetEvent

msvcrt

memset

advapi32

RegOpenKeyExW

oleaut32

VarI2FromI1
VarI2FromI4
VarI2FromR4
VarI2FromR8
VarI2FromStr
VarI2FromUI4
VarI4FromDate
VarI4FromI2
VarIdiv
VarMod
VarMonthName
VarNumFromParseNum
VarParseNumFromStr
VarR4FromDec
VarR4FromR8
VarR4FromStr
VarR4FromUI1
VarR4FromUI4
VarR8FromCy
VarR8FromDate
VarR8FromDec
VarR8FromI1
VarR8FromI2
VarR8FromR4
VarR8Round
VarRound
VarTokenizeFormatString
VarUI1FromBool
VarUI1FromDate
VarUI1FromR4
VarUI1FromR8
VarUI1FromUI4
VarUI2FromDate
VarUI2FromDec
VarUI2FromI1
VarUI2FromR8
VarUI2FromUI4
VarUI4FromBool
VarUI4FromDec
VarUI4FromR8
VarUI4FromUI1
VarUdateFromDate
VarWeekdayName
VariantChangeType
VarI2FromDisp
VarI2FromBool
VarI1FromStr
VarI1FromR4
VarI1FromI4
VarI1FromI2
VarI1FromCy
VarI1FromBool
VarFormatCurrency
VarEqv
VarDecNeg
VarDecFromUI2
VarDecFromUI1
VarDecFromI2
VarDecFromI1
VarDecCmpR8
VarDecAdd
VarDateFromUdateEx
VarDateFromUI4
VarDateFromUI2
VarDateFromR4
VarDateFromI4
VarDateFromI1
VarDateFromDisp
VarDateFromDec
VarDateFromBool
VarCyNeg
VarCyFromUI4
VarCyFromI4
VarCyFromDate
VarCyFix
VarCat
VarBstrFromDec
VarBstrFromDate
VarBstrFromBool
VarBoolFromR8
VarBoolFromR4
VarBoolFromI2
VarBoolFromI1
VARIANT_UserUnmarshal
SystemTimeToVariantTime
SysReAllocString
SysAllocStringByteLen
SysAllocString
SafeArrayUnlock
SafeArrayUnaccessData
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayCreate
SafeArrayCopy
SafeArrayAccessData
RevokeActiveObject
RegisterActiveObject
QueryPathOfRegTypeLi
OleTranslateColor
OleLoadPictureFileEx
OleLoadPicture
OleIconToCursor
OleCreatePropertyFrameIndirect
OaBuildVersion
GetRecordInfoFromGuids
GetAltMonthNames
DispGetIDsOfNames
DispCallFunc
BSTR_UserUnmarshal
BSTR_UserMarshal
SafeArraySetRecordInfo

imm32

ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmEnumInputContext
ImmEscapeA
ImmEscapeW
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmAssociateContextEx
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmReSizeIMCC
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmUnlockIMC
ImmUnlockIMCC
ImmGetIMEFileNameW
ImmUnregisterWordA
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7872a014f4677ed9d938c113aecb4111

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2bCertificate

Extended Key Usages

a3:c1:ed:e0:89:b8:98:b8:bf:fb:58:60:e3:da:6b:07:03:c5:f3:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 8KB - Virtual size: 8KB

.text1 Size: 2KB - Virtual size: 1KB

.text2 Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 128B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

a3:c1:ed:e0:89:b8:98:b8:bf:fb:58:60:e3:da:6b:07:03:c5:f3:8f
Signer

.text
Size: 8KB - Virtual size: 8KB

.text1
Size: 2KB - Virtual size: 1KB

.text2
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 128B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB