42c0db7b5bf002725ab92f456bb4a9cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42c0db7b5bf002725ab92f456bb4a9cf_JaffaCakes118
Size

112KB
MD5

42c0db7b5bf002725ab92f456bb4a9cf
SHA1

a7ddbdc00b55c80e8bb86088eab6fe5a753ad612
SHA256

115f60904c536f302edf15050226284e9263a21dd968eb8678b7243b2db1e091
SHA512

690a968b94784e07e8d6f7f8bb1095d01090b4c5f869147c54e2addec82883c1528fd1a5f40e84a845649812ff3f58a1bfe4bb6c48aeb0dbef27c097fec89907
SSDEEP

1536:EUNEXcExe2vuoMCQLUc5KONInBllpx2PT:EUNHNu9jZrONIBFx2PT

Score

1^/10

Malware Config

Signatures

Files

42c0db7b5bf002725ab92f456bb4a9cf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ebf6735d75029869b73ab1e6e3eb1d21

Code Sign

51:23:09:d5:d0:a2:b9:8c:42:fb:c1:82:e7:8e:4e:92
Certificate

Issuer

CN=w466666345uy inc

Not Before

28/01/2012, 07:40

Not After

31/12/2039, 23:59

Subject

CN=w466666345uy inc

Extended Key Usages

ExtKeyUsageCodeSigning

8c:99:45:59:86:6b:87:41:52:d9:63:74:91:e3:29:8d:10:e8:18:fa
Signer

Actual PE Digest

8c:99:45:59:86:6b:87:41:52:d9:63:74:91:e3:29:8d:10:e8:18:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
LoadLibraryA
GetProcessHeap
GetProcAddress
GetSystemInfo
AddConsoleAliasA
BackupRead
BuildCommDCBAndTimeoutsW
CreateDirectoryA
CreateEventW
CreateJobObjectA
CreateRemoteThread
CreateWaitableTimerW
DebugBreak
DeleteTimerQueue
DeleteTimerQueueTimer
DosDateTimeToFileTime
EnumResourceLanguagesA
EnumResourceNamesA
EnumSystemCodePagesW
EnumTimeFormatsA
EnumTimeFormatsW
ExitProcess
ExitThread
FatalAppExitA
FileTimeToSystemTime
FindFirstFileW
FindFirstVolumeMountPointA
FindNextFileA
FindNextVolumeMountPointW
FindNextVolumeW
FlushViewOfFile
FoldStringW
GetCalendarInfoA
GetComputerNameW
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesExW
GetNumberOfConsoleInputEvents
GetPrivateProfileIntW
GetPrivateProfileSectionNamesA
GetProfileIntA
GetQueuedCompletionStatus
GetShortPathNameW
GetThreadSelectorEntry
lstrcatW
GetVolumeInformationW
GlobalFix
GlobalUnlock
HeapFree
InterlockedCompareExchange
IsBadStringPtrW
IsValidLanguageGroup
LCMapStringA
LocalFlags
LocalSize
MoveFileA
MoveFileW
OpenJobObjectA
Process32Next
ProcessIdToSessionId
QueryInformationJobObject
ReadConsoleInputW
ReadConsoleOutputAttribute
ReadFile
ReplaceFile
SetCalendarInfoA
SetCommBreak
SetCommState
SetConsoleCursor
SetEvent
SetMailslotInfo
SetProcessAffinityMask
SetVolumeLabelA
SetVolumeLabelW
SuspendThread
TerminateJobObject
TerminateThread
TransactNamedPipe
TryEnterCriticalSection
UnlockFileEx
VerSetConditionMask
VirtualFreeEx
WaitForMultipleObjectsEx
WaitForSingleObject
WaitNamedPipeA
WriteConsoleW
WriteProcessMemory
_hwrite
_llseek
_lwrite
lstrcat
lstrcatA
lstrcmpi
GetVersion
CreateFileW

msvcrt

memset

user32

CallWindowProcA
DdeInitializeW
DlgDirSelectComboBoxExW
DrawTextW
EndDialog
EnumDisplaySettingsA
EnumWindowStationsA
MapVirtualKeyExA
SetWindowPlacement
SwapMouseButton

advapi32

RegOpenKeyExW

ole32

CLIPFORMAT_UserFree
CLIPFORMAT_UserMarshal
CoCreateInstance
CoCreateObjectInContext
CoFreeUnusedLibraries
CoGetPSClsid
CoGetStdMarshalEx
CoGetTreatAsClass
CoMarshalHresult
CoQueryClientBlanket
CoQueryReleaseObject
CoWaitForMultipleHandles
CreateDataAdviseHolder
CreateFileMoniker
DcomChannelSetHResult
DllGetClassObjectWOW
GetClassFile
GetHGlobalFromStream
GetRunningObjectTable
HACCEL_UserUnmarshal
HBRUSH_UserSize
HBRUSH_UserUnmarshal
HGLOBAL_UserMarshal
HGLOBAL_UserSize
HMENU_UserUnmarshal
HMETAFILE_UserFree
HMETAFILE_UserUnmarshal
HPALETTE_UserFree
HWND_UserFree
HWND_UserSize
IIDFromString
IsAccelerator
MonikerCommonPrefixWith
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleCreateDefaultHandler
OleCreateEx
OleCreateLinkToFileEx
OleDraw
OleFlushClipboard
OleGetAutoConvert
OleGetIconOfClass
OleInitializeWOW
OleLoad
OleLoadFromStream
OleLockRunning
OleRegEnumFormatEtc
OleRegGetMiscStatus
OleSetClipboard
OleTranslateAccelerator
ProgIDFromCLSID
PropVariantCopy
ReadClassStg
STGMEDIUM_UserFree
STGMEDIUM_UserUnmarshal
StgOpenPropStg
StgOpenStorage
StgPropertyLengthAsVariant
StringFromIID
UtConvertDvtd32toDvtd16
WriteClassStm
WriteFmtUserTypeStg

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebf6735d75029869b73ab1e6e3eb1d21

Code Sign

51:23:09:d5:d0:a2:b9:8c:42:fb:c1:82:e7:8e:4e:92Certificate

Extended Key Usages

8c:99:45:59:86:6b:87:41:52:d9:63:74:91:e3:29:8d:10:e8:18:faSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

advapi32

ole32

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 452B

.text2 Size: 1024B - Virtual size: 712B

.text2 Size: 78KB - Virtual size: 77KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 1KB - Virtual size: 1KB

51:23:09:d5:d0:a2:b9:8c:42:fb:c1:82:e7:8e:4e:92
Certificate

8c:99:45:59:86:6b:87:41:52:d9:63:74:91:e3:29:8d:10:e8:18:fa
Signer

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 452B

.text2
Size: 1024B - Virtual size: 712B

.text2
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 1KB - Virtual size: 1KB