44670650d2d4885b37c294b42cb648cf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

44670650d2d4885b37c294b42cb648cf_JaffaCakes118
Size

25KB
MD5

44670650d2d4885b37c294b42cb648cf
SHA1

09b050f780dbf2997f731155b859d60f71dc877c
SHA256

e7949fa869530835ebdf9f38636d8ec05902ec5bab2ce6a44a4881a2fe0190ab
SHA512

181963e9f262b5f675c45d5f7fd81c3a055cffc72bb8e2af110c228a8d9f3f09f9b9705ae88af31271fb419dfb4e2b5376b22d1147ea2d776641f69344567a02
SSDEEP

384:dLuL83RZkeWFUavqTDrjgs+5OjQ/Yd/TI9VU9hh44WieZWL4o:dLuYhZzof5J5Ojp7I9e9hh7es

Score

1^/10

Malware Config

Signatures

Files

44670650d2d4885b37c294b42cb648cf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

619e633935b35700986511fc935d04b5

Code Sign

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:ca
Certificate

Issuer

CN=55121212512

Not Before

14/02/2012, 04:59

Not After

31/12/2039, 23:59

Subject

CN=55121212512

Extended Key Usages

ExtKeyUsageCodeSigning

0d:32:20:4a:c8:f9:1b:a2:6d:34:1a:c6:5e:73:e8:57:f4:6f:07:0e
Signer

Actual PE Digest

0d:32:20:4a:c8:f9:1b:a2:6d:34:1a:c6:5e:73:e8:57:f4:6f:07:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetTimeFormatW
GetVersion
GetVolumeInformationW
GlobalFix
GlobalGetAtomNameA
GlobalHandle
Heap32ListFirst
Heap32Next
HeapSize
HeapValidate
IsBadStringPtrW
IsDBCSLeadByteEx
IsProcessorFeaturePresent
IsValidLanguageGroup
LCMapStringW
LocalCompact
LocalFlags
MapUserPhysicalPages
MapViewOfFile
MapViewOfFileEx
Module32Next
MoveFileWithProgressA
OpenJobObjectA
OutputDebugStringW
ReadConsoleOutputA
ReadDirectoryChangesW
ReadProcessMemory
ResetWriteWatch
ScrollConsoleScreenBufferA
SetComputerNameA
SetConsoleCursor
GetSystemTimeAdjustment
SetConsoleScreenBufferSize
SetConsoleTitleW
SetConsoleWindowInfo
SetEnvironmentVariableW
SetEvent
SetFileApisToOEM
SetFilePointerEx
SetInformationJobObject
SetLastError
SetLocaleInfoW
SetProcessAffinityMask
SetProcessPriorityBoost
SetProcessShutdownParameters
SetProcessWorkingSetSize
SetStdHandle
SetThreadLocale
SetTimeZoneInformation
SetTimerQueueTimer
SwitchToFiber
UnmapViewOfFile
VirtualUnlock
WaitNamedPipeA
WriteConsoleInputW
WriteConsoleOutputAttribute
WriteFileEx
WritePrivateProfileStringA
WritePrivateProfileStructW
WriteProfileSectionA
WriteProfileSectionW
WriteTapemark
lstrcatW
lstrcmpiA
lstrcpy
GetStdHandle
GetStartupInfoA
GetShortPathNameW
GetProfileStringW
GetProcessWorkingSetSize
GetProcessVersion
GetProcessTimes
GetProcessIoCounters
GetPrivateProfileStructA
GetPrivateProfileSectionW
GetNumberOfConsoleInputEvents
GetNamedPipeHandleStateW
GetModuleHandleW
GetLongPathNameA
GetLogicalDriveStringsA
GetFileAttributesW
GetFileAttributesExW
GetExitCodeProcess
GetDefaultCommConfigA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryA
GetCurrencyFormatA
GetConsoleWindow
GetConsoleTitleW
GetConsoleMode
GetConsoleFontSize
GetConsoleDisplayMode
GetModuleHandleA
GetConsoleCP
GetCompressedFileSizeW
GetCalendarInfoA
GetCPInfo
FormatMessageA
FindResourceW
FindNextVolumeA
FindFirstVolumeW
FindFirstVolumeA
FindFirstFileExW
FindFirstChangeNotificationA
FindClose
FindAtomW
FindAtomA
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
FatalAppExitW
FatalAppExitA
EscapeCommFunction
EnumSystemLocalesW
EnumResourceLanguagesA
EnumDateFormatsExW
EnumCalendarInfoW
EnumCalendarInfoExW
DnsHostnameToComputerNameW
DisableThreadLibraryCalls
DeleteTimerQueueTimer
DeleteTimerQueue
CreateThread
CreateFileA
CreateDirectoryExW
CopyFileW
CompareStringW
CallNamedPipeW
Beep
AllocConsole
GetTapeStatus
GetProcAddress
SetConsoleCursorPosition

msvcrt

memset

user32

LoadBitmapA

advapi32

RegOpenKeyExA

oleaut32

VarDecFromUI2
VarDecFromUI4
VarDecInt
VarDecMul
VarFormatCurrency
VarFormatDateTime
VarFormatPercent
VarI1FromBool
VarI1FromDec
VarI1FromStr
VarI1FromUI1
VarI1FromUI2
VarI2FromDate
VarI2FromI1
VarI4FromBool
VarI4FromDate
VarI4FromDec
VarI4FromDisp
VarI4FromStr
VarI4FromUI4
VarImp
VarMonthName
VarNumFromParseNum
VarOr
VarPow
VarR4FromDec
VarR4FromI2
VarR4FromI4
VarR4FromR8
VarR8FromBool
VarR8FromCy
VarR8FromStr
VarR8FromUI2
VarR8FromUI4
VarRound
VarUI1FromDisp
VarUI1FromI4
VarUI1FromStr
VarUI1FromUI2
VarUI1FromUI4
VarUI2FromDate
VarUI2FromDisp
VarUI2FromI4
VarUI2FromR8
VarUI2FromStr
VarUI2FromUI1
VarUI4FromBool
VarUI4FromCy
VarUI4FromDate
VarUI4FromDec
VarUI4FromR8
VarUI4FromUI1
VarUI4FromUI2
VarUdateFromDate
VarWeekdayName
VarXor
VariantChangeType
VariantTimeToDosDateTime
VarDecFromUI1
VarDecFromI4
VarDecFromI2
VarDecFix
VarDecDiv
VarDecCmpR8
VarDecCmp
VarDecAbs
VarDateFromUI4
VarDateFromUI1
VarDateFromDisp
VarDateFromCy
VarCySu
VarCyRound
VarCyFromUI2
VarCyFromR8
VarCyFromI2
VarCyFromDec
VarCyFromDate
VarCyFix
VarCyCmpR8
VarCyCmp
VarCyAdd
VarCyAbs
VarBstrFromUI4
VarBstrFromDec
VarBoolFromUI1
VarBoolFromStr
VarBoolFromCy
VarAnd
VarAdd
VARIANT_UserSize
VARIANT_UserFree
SysReAllocStringLen
SysFreeString
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArraySetIID
SafeArrayPutElement
SafeArrayDestroyDescriptor
SafeArrayCreateVectorEx
SafeArrayCopy
SafeArrayAllocDescriptorEx
SafeArrayAllocDescriptor
RevokeActiveObject
OleSavePictureFile
OleLoadPictureFileEx
OleCreatePropertyFrameIndirect
OleCreatePropertyFrame
OACreateTypeLib2
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_Unmarshal
LHashValOfNameSys
GetActiveObject
DosDateTimeToVariantTime
DispInvoke
DispGetIDsOfNames
CreateStdDispatch
BstrFromVector
BSTR_UserUnmarshal
SafeArrayGetDim

imm32

ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEscapeA
ImmEscapeW
ImmGenerateMessage
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetConversionListA
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmAssociateContextEx
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmReSizeIMCC
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmGetIMCCSize
ImmSimulateHotKey
ImmUnlockIMC
ImmUnlockIMCC
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

619e633935b35700986511fc935d04b5

Code Sign

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:caCertificate

Extended Key Usages

0d:32:20:4a:c8:f9:1b:a2:6d:34:1a:c6:5e:73:e8:57:f4:6f:07:0eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

advapi32

oleaut32

imm32

Sections

.text Size: 8KB - Virtual size: 8KB

.text1 Size: 2KB - Virtual size: 1KB

.text2 Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 92B

.rsrc Size: 3KB - Virtual size: 2KB

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:ca
Certificate

0d:32:20:4a:c8:f9:1b:a2:6d:34:1a:c6:5e:73:e8:57:f4:6f:07:0e
Signer

.text
Size: 8KB - Virtual size: 8KB

.text1
Size: 2KB - Virtual size: 1KB

.text2
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 92B

.rsrc
Size: 3KB - Virtual size: 2KB