448c68ad48bc15114c51bb3a46af8358_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

448c68ad48bc15114c51bb3a46af8358_JaffaCakes118
Size

200KB
MD5

448c68ad48bc15114c51bb3a46af8358
SHA1

9556c141d2fcd92e0e34f05d6f570c1dd9c93e69
SHA256

b999d8e168691bb57dbed5c45ae4e6ade9ffae0ec321a047def10733bd77d85a
SHA512

aa2f95b74494066a4f20d9f109ffe08580d876039cc9b4b578d4edba804a1e62fd0225ff71b824de5df1ae819c2986527c4ed8ca8c4f3408e325b00a78ff0855
SSDEEP

6144:8/KEEp565LUUao5wvyQWG6kkvD/mIBWwiNyn/u:95gLFu9WG6kkbfWwiI/u

Score

1^/10

Malware Config

Signatures

Files

448c68ad48bc15114c51bb3a46af8358_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3350570b7ba57a4e56d49b3ae15a5a4d

Code Sign

48:9e:f3:4d:64:bb:6b:ac:4b:ed:98:84:e1:21:0d:fe
Certificate

Issuer

CN=SafnRElhFAGP8QxJP63oxr76R

Not Before

18/04/2012, 08:08

Not After

31/12/2039, 23:59

Subject

CN=SafnRElhFAGP8QxJP63oxr76R

Extended Key Usages

ExtKeyUsageCodeSigning

87:54:37:57:81:58:22:7a:fc:93:67:c2:2c:08:97:7d:f8:e1:40:c9
Signer

Actual PE Digest

87:54:37:57:81:58:22:7a:fc:93:67:c2:2c:08:97:7d:f8:e1:40:c9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
FileTimeToDosDateTime
GetCommandLineA
GetWindowsDirectoryA
lstrcatA
CreateFileA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
IsDebuggerPresent

advapi32

RegOpenKeyExA

ole32

CoAddRefServerProcess
WriteStringStream
WriteClassStm
WdtpInterfacePointer_UserSize
UtGetDvtd32Info
UtConvertDvtd32toDvtd16
StringFromGUID2
StringFromCLSID
StgSetTimes
StgPropertyLengthAsVariant
StgOpenStorage
StgOpenPropStg
StgIsStorageILockBytes
StgIsStorageFile
StgGetIFillLockBytesOnILockBytes
StgCreateStorageEx
StgCreateDocfile
StgConvertVariantToProperty
StgConvertPropertyToVariant
SetConvertStg
STGMEDIUM_UserFree
SNB_UserSize
SNB_UserFree
RevokeDragDrop
ReleaseStgMedium
ReadFmtUserTypeStg
PropVariantCopy
PropVariantClear
PropStgNameToFmtId
ProgIDFromCLSID
OpenOrCreateStream
OleUninitialize
OleTranslateAccelerator
OleSetMenuDescriptor
OleSetContainedObject
OleSetClipboard
OleSetAutoConvert
OleSaveToStream
OleSave
OleRun
OleRegGetUserType
OleRegEnumVerbs
OleNoteObjectVisible
OleMetafilePictFromIconAndLabel
OleLockRunning
OleLoad
OleIsCurrentClipboard
OleInitialize
OleGetIconOfFile
OleGetIconOfClass
OleGetAutoConvert
OleDuplicateData
OleDoAutoConvert
OleCreateStaticFromData
OleCreateMenuDescriptor
OleCreateLinkToFileEx
OleCreateLinkToFile
OleCreateLinkFromDataEx
OleCreateLinkFromData
OleCreateLinkEx
OleCreateFromFileEx
OleCreateFromData
OleCreateEx
OleCreateEmbeddingHelper
OleCreateDefaultHandler
OleConvertOLESTREAMToIStorageEx
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAMEx
OleConvertIStorageToOLESTREAM
MonikerRelativePathTo
IsAccelerator
HkOleRegisterObject
HWND_UserUnmarshal
HWND_UserSize
HWND_UserFree
HPALETTE_UserSize
HPALETTE_UserMarshal
HPALETTE_UserFree
HMETAFILE_UserSize
HMETAFILEPICT_UserFree
HMENU_UserUnmarshal
HMENU_UserSize
HICON_UserMarshal
HGLOBAL_UserSize
HGLOBAL_UserMarshal
HGLOBAL_UserFree
HENHMETAFILE_UserUnmarshal
HENHMETAFILE_UserSize
HENHMETAFILE_UserMarshal
HDC_UserUnmarshal
HDC_UserMarshal
HDC_UserFree
HBRUSH_UserUnmarshal
HBRUSH_UserSize
HBRUSH_UserMarshal
HBRUSH_UserFree
HBITMAP_UserUnmarshal
HBITMAP_UserSize
HBITMAP_UserFree
HACCEL_UserUnmarshal
HACCEL_UserSize
HACCEL_UserFree
GetRunningObjectTable
GetHookInterface
GetHGlobalFromStream
GetHGlobalFromILockBytes
GetConvertStg
FreePropVariantArray
EnableHookObject
DoDragDrop
DllGetClassObjectWOW
DllDebugObjectRPCHook
DcomChannelSetHResult
CreateStreamOnHGlobal
CreateStdProgressIndicator
CreateObjrefMoniker
CreateItemMoniker
CreateILockBytesOnHGlobal
CreateFileMoniker
CreateDataCache
CreateDataAdviseHolder
CreateClassMoniker
CreateAntiMoniker
CoWaitForMultipleHandles
CoUnmarshalHresult
CoUnloadingWOW
CoUninitialize
CoTreatAsClass
CoTestCancel
CoTaskMemAlloc
CoSwitchCallContext
CoSuspendClassObjects
CoSetProxyBlanket
CoSetCancelObject
CoRevokeMallocSpy
CoResumeClassObjects
CoRegisterSurrogateEx
CoRegisterSurrogate
CoRegisterPSClsid
CoRegisterMessageFilter
CoRegisterMallocSpy
CoRegisterClassObject
CoReactivateObject
CoQueryReleaseObject
CoQueryProxyBlanket
CoQueryClientBlanket
CoQueryAuthenticationServices
CoMarshalInterThreadInterfaceInStream
CoMarshalHresult
CoLockObjectExternal
CoLoadLibrary
CoIsOle1Class
CoInstall
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoImpersonateClient
CoGetTreatAsClass
CoGetStdMarshalEx
CoGetStandardMarshal
CoGetObject
CoGetMarshalSizeMax
CoGetInstanceFromIStorage
CoGetInstanceFromFile
CoGetCurrentProcess
CoGetCurrentLogicalThreadId
CoGetClassVersion
CoGetClassObject
CoGetCallerTID
CoGetCallContext
CoGetApartmentID
CoFreeLibrary
CoFileTimeNow
CoEnableCallCancellation
CoDisconnectObject
CoDisableCallCancellation
CoDeactivateObject
CoCreateObjectInContext
CoCreateInstanceEx
CLSIDFromString
CLSIDFromProgID
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
BindMoniker
CoCreateInstance

oleaut32

SafeArrayGetElement
VectorFromBstr
VariantTimeToSystemTime
VariantInit
VariantCopyInd
VariantCopy
VariantClear
VariantChangeTypeEx
VariantChangeType
VarWeekdayName
VarUdateFromDate
VarUI4FromUI2
VarUI4FromUI1
VarUI4FromStr
VarUI4FromR8
VarUI4FromR4
VarUI4FromI4
VarUI4FromI2
VarUI4FromI1
VarUI4FromDisp
VarUI4FromDec
VarUI4FromDate
VarUI4FromCy
VarUI4FromBool
VarUI2FromUI4
VarUI2FromUI1
VarUI2FromI4
VarUI2FromI2
VarUI2FromDisp
VarUI2FromDec
VarUI2FromDate
VarUI2FromCy
VarUI2FromBool
VarUI1FromUI4
VarUI1FromUI2
VarUI1FromStr
VarUI1FromR8
VarUI1FromR4
VarUI1FromI4
VarUI1FromI1
VarUI1FromDisp
VarUI1FromDec
VarUI1FromDate
VarUI1FromCy
VarUI1FromBool
VarTokenizeFormatString
VarSu
VarRound
VarR8Round
VarR8Pow
VarR8FromUI4
VarR8FromUI2
VarR8FromUI1
VarR8FromStr
VarR8FromI2
VarR8FromI1
VarR8FromDisp
VarR8FromDec
VarR8FromDate
VarR8FromCy
VarR8FromBool
VarR4FromUI4
VarR4FromUI2
VarR4FromUI1
VarR4FromStr
VarR4FromR8
VarR4FromI4
VarR4FromI2
VarR4FromI1
VarR4FromDisp
VarR4FromDec
VarR4FromDate
VarR4FromCy
VarR4FromBool
VarR4CmpR8
VarPow
VarParseNumFromStr
VarOr
VarNumFromParseNum
VarNot
VarNeg
VarMonthName
VarMod
VarInt
VarImp
VarIdiv
VarI4FromUI1
VarI4FromR8
VarI4FromR4
VarI4FromI2
VarI4FromI1
VarI4FromDisp
VarI4FromDec
VarI4FromDate
VarI4FromCy
VarI4FromBool
VarI2FromUI2
VarI2FromUI1
VarI2FromStr
VarI2FromR8
VarI2FromR4
VarI2FromI4
VarI2FromI1
VarI2FromDisp
VarI2FromDec
VarI2FromDate
VarI2FromCy
VarI2FromBool
VarI1FromUI4
VarI1FromUI1
VarI1FromStr
VarI1FromR8
VarI1FromR4
VarI1FromI4
VarI1FromDisp
VarI1FromDec
VarI1FromDate
VarI1FromCy
VarI1FromBool
VarFormatPercent
VarFormatNumber
VarFormatFromTokens
VarFormatDateTime
VarFormatCurrency
VarFormat
VarFix
VarEqv
VarDiv
VarDecSu
VarDecRound
VarDecMul
VarDecInt
VarDecFromUI2
VarDecFromUI1
VarDecFromStr
VarDecFromR8
VarDecFromI2
VarDecFromI1
VarDecFromDisp
VarDecFromDate
VarDecFromCy
VarDecFromBool
VarDecFix
VarDecDiv
VarDecCmpR8
VarDecCmp
VarDecAdd
VarDecAbs
VarDateFromUdateEx
VarDateFromUdate
VarDateFromUI4
VarDateFromUI2
VarDateFromUI1
VarDateFromStr
VarDateFromR8
VarDateFromR4
VarDateFromI4
VarDateFromI2
VarDateFromDisp
VarDateFromDec
VarDateFromCy
VarDateFromBool
VarCySu
VarCyRound
VarCyMulI4
VarCyMul
VarCyFromUI1
VarCyFromStr
VarCyFromR8
VarCyFromR4
VarCyFromI4
VarCyFromI2
VarCyFromI1
VarCyFromDisp
VarCyFromDate
VarCyFromBool
VarCyFix
VarCyCmpR8
VarCyCmp
BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserUnmarshal
BstrFromVector
ClearCustData
CreateDispTypeInfo
CreateErrorInfo
CreateStdDispatch
CreateTypeLib2
DispCallFunc
DispGetIDsOfNames
DispGetParam
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
GetRecordInfoFromTypeInfo
LHashValOfNameSys
LHashValOfNameSysA
LPSAFEARRAY_Marshal
LPSAFEARRAY_Size
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LoadRegTypeLi
LoadTypeLi
OACreateTypeLib2
OaBuildVersion
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleLoadPictureEx
OleLoadPictureFile
OleLoadPictureFileEx
OleLoadPicturePath
OleSavePictureFile
OleTranslateColor
QueryPathOfRegTypeLi
RegisterActiveObject
RegisterTypeLi
RevokeActiveObject
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
VarCyAdd
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayCreateVectorEx
SafeArrayDestroyData
SafeArrayGetDim
SafeArrayCopyData
SafeArrayGetElemsize
SafeArrayGetIID
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArraySetIID
SafeArraySetRecordInfo
SafeArrayUnaccessData
SetErrorInfo
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysReAllocString
SysReAllocStringLen
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
UnRegisterTypeLi
VARIANT_UserFree
VARIANT_UserMarshal
VARIANT_UserSize
VarAbs
VarAdd
VarAnd
VarBoolFromCy
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI1
VarBoolFromI2
VarBoolFromI4
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI1
VarBoolFromUI2
VarBoolFromUI4
VarBstrCat
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromUI1
VarBstrFromUI4
VarCat
VarCmp
VarCyAbs

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data7
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data8
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3350570b7ba57a4e56d49b3ae15a5a4d

Code Sign

48:9e:f3:4d:64:bb:6b:ac:4b:ed:98:84:e1:21:0d:feCertificate

Extended Key Usages

87:54:37:57:81:58:22:7a:fc:93:67:c2:2c:08:97:7d:f8:e1:40:c9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 179KB - Virtual size: 178KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.data6 Size: 512B - Virtual size: 500B

.data7 Size: 512B - Virtual size: 500B

.data8 Size: 512B - Virtual size: 500B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

48:9e:f3:4d:64:bb:6b:ac:4b:ed:98:84:e1:21:0d:fe
Certificate

87:54:37:57:81:58:22:7a:fc:93:67:c2:2c:08:97:7d:f8:e1:40:c9
Signer

.text
Size: 179KB - Virtual size: 178KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.data6
Size: 512B - Virtual size: 500B

.data7
Size: 512B - Virtual size: 500B

.data8
Size: 512B - Virtual size: 500B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB