3f1dc861db361d0e7fe5bc472f78acb2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f1dc861db361d0e7fe5bc472f78acb2_JaffaCakes118
Size

47KB
MD5

3f1dc861db361d0e7fe5bc472f78acb2
SHA1

2d16ffbb41cdebb3f1049fd8febfdb4c7379c59c
SHA256

6927054a63af3942adce5eafd6b918e778f65b211817a6ca6114d54202967067
SHA512

88bdbb26cf9c671ba45900fac5d16d3d1b6a2eb47dfc5ee65c07c8c3e598cf3d3627e36063a368970efabbfa483f88831de4e04de036ad27387b6693f8deb60d
SSDEEP

768:HQINdWD1OBxOQk/qV9IEy3iSTq2f8uInfKAjHslK1ycDF:XaIw/qV9INNPiio

Score

1^/10

Malware Config

Signatures

Files

3f1dc861db361d0e7fe5bc472f78acb2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5fa0ca4845583b09bb649ce85018225d

Code Sign

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91
Certificate

Issuer

CN=2612347613

Not Before

05/03/2012, 08:51

Not After

31/12/2039, 23:59

Subject

CN=2612347613

Extended Key Usages

ExtKeyUsageCodeSigning

8f:39:80:2b:34:c1:80:38:9f:a3:52:83:7f:84:b4:35:49:57:3e:7a
Signer

Actual PE Digest

8f:39:80:2b:34:c1:80:38:9f:a3:52:83:7f:84:b4:35:49:57:3e:7a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Heap32ListFirst
Heap32Next
HeapWalk
InterlockedDecrement
IsDBCSLeadByteEx
IsSystemResumeAutomatic
LocalFlags
LocalSize
OpenFile
OpenMutexW
PeekNamedPipe
PurgeComm
ReadFileScatter
RequestWakeupLatency
ResetWriteWatch
SetComputerNameExW
SetCurrentDirectoryA
SetLocaleInfoW
SetProcessWorkingSetSize
SetSystemPowerState
GlobalUnlock
SetThreadContext
SetThreadIdealProcessor
SetUnhandledExceptionFilter
SetVolumeLabelA
SignalObjectAndWait
SystemTimeToFileTime
TerminateThread
UnlockFile
UnlockFileEx
UnregisterWait
UpdateResourceW
VirtualFree
VirtualUnlock
WideCharToMultiByte
WriteConsoleOutputAttribute
WriteConsoleOutputW
WritePrivateProfileStringA
WritePrivateProfileStructA
WriteProfileSectionW
GlobalUnfix
GlobalMemoryStatusEx
GetVolumeInformationA
GetUserDefaultUILanguage
GetThreadTimes
GetThreadSelectorEntry
GetTempPathA
GetTapePosition
GetSystemWindowsDirectoryA
GetSystemTimeAsFileTime
GetSystemDefaultLangID
GetPrivateProfileStructW
GetPrivateProfileStringA
CreateFileA
GetPrivateProfileSectionA
GetModuleHandleA
GetLogicalDrives
GetFullPathNameA
GetExitCodeThread
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentConsoleFont
GetConsoleScreenBufferInfo
GetConsoleAliasExesLengthW
FreeResource
FindNextVolumeMountPointW
FindNextFileW
FindFirstFileA
FindCloseChangeNotification
FindAtomW
EscapeCommFunction
EnumTimeFormatsW
EnumSystemLanguageGroupsW
EnumLanguageGroupLocalesW
EndUpdateResourceW
DisconnectNamedPipe
DeleteTimerQueueTimer
DeleteFileW
DeleteFileA
DebugBreak
CreateWaitableTimerW
CreatePipe
CreateHardLinkA
CreateFileW
CreateDirectoryA
CreateConsoleScreenBuffer
CopyFileW
CopyFileExA
ConvertThreadToFiber
CancelIo
BuildCommDCBW
BuildCommDCBA
Beep
BackupRead
VirtualAlloc
GetWindowsDirectoryA
lstrlenA
lstrcpyA
SetThreadAffinityMask

user32

GetSystemMetrics

advapi32

RegOpenKeyExA

shell32

SHCreateDirectoryExW
Shell_NotifyIcon
ShellHookProc
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
ShellAboutW
ShellAboutA
SHPathPrepareForWriteW
SHPathPrepareForWriteA
SHLoadInProc
SHIsFileAvailableOffline
SHInvokePrinterCommandW
CheckEscapesW
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragQueryFile
DragQueryFileA
DuplicateIcon
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolderA
SHChangeNotify
SHCreateDirectoryExA
SHLoadNonloadedIconOverlayIdentifiers
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListA
SHGetFileInfo
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetPathFromIDList
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHInvokePrinterCommandA

shlwapi

StrChrIA
StrChrW
StrCmpNA
StrStrIA
StrRStrIW
StrRStrIA
StrRChrW
StrRChrIW
StrRChrIA
StrRChrA
StrCmpNIW
StrCmpNIA

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
ord7
CreateToolbarEx
ord16
DestroyPropertySheetPage
DrawStatusText
ord5
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_SetScrollInfo
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
GetMUILanguage
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragShowNolock
CreatePropertySheetPage
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetImageCount
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
ord14
ord2
PropertySheet
PropertySheetA
PropertySheetW
ord3
ImageList_Draw
UninitializeFlatSB
_TrackMouseEvent
ord8

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d1
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d2
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fa0ca4845583b09bb649ce85018225d

Code Sign

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91Certificate

Extended Key Usages

8f:39:80:2b:34:c1:80:38:9f:a3:52:83:7f:84:b4:35:49:57:3e:7aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 204B

.d1 Size: 1024B - Virtual size: 1000B

.d2 Size: 2KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 1KB

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91
Certificate

8f:39:80:2b:34:c1:80:38:9f:a3:52:83:7f:84:b4:35:49:57:3e:7a
Signer

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 204B

.d1
Size: 1024B - Virtual size: 1000B

.d2
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 1KB