449b817baf76d633d23fab6f4f2a730e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

449b817baf76d633d23fab6f4f2a730e_JaffaCakes118
Size

284KB
MD5

449b817baf76d633d23fab6f4f2a730e
SHA1

c9b7906a49456f4cb40ac930388d4a458aad381b
SHA256

f06590549e4d091634f1810d3b05f8d1c35b9f98849e14afb2e171813f4329f1
SHA512

73057200f1df141dc0c1b156eb8833cc6518b6b8b65b0db69dab8fc4ec1d6debf104f61a9b6f77a2decb9f93a5be014a772949d9f5006d5d3cd5e7d58fb5a615
SSDEEP

6144:qNq6AL17HPwmDDANk9eAMez58Tu4+4lAGBI9gGSwDpc6j:qM6AL17HB19xHLBj

Score

1^/10

Malware Config

Signatures

Files

449b817baf76d633d23fab6f4f2a730e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cd4b2f17fec7f7f47ad9cb11d0e38fd2

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

Issuer

CN=55666123h

Not Before

14-02-2012 20:22

Not After

31-12-2039 23:59

Subject

CN=55666123h

Extended Key Usages

ExtKeyUsageCodeSigning

f2:bb:2d:4c:4f:b7:9c:6e:3a:19:e0:cf:be:fb:5d:93:85:cf:d3:f6
Signer

Actual PE Digest

f2:bb:2d:4c:4f:b7:9c:6e:3a:19:e0:cf:be:fb:5d:93:85:cf:d3:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
VirtualAlloc
SetComputerNameExW
GetUserDefaultUILanguage
CreateMutexA
HeapSize
CancelDeviceWakeupRequest
LockResource
FreeConsole
GetLastError
UpdateResourceW
InterlockedDecrement
GetPrivateProfileSectionA
lstrcmpiW
GetStringTypeExA
IsBadReadPtr
SetCurrentDirectoryA
GetPrivateProfileIntW
GetConsoleAliasW
GetThreadSelectorEntry
GetProfileIntW
GetBinaryTypeW
FreeUserPhysicalPages
SetCalendarInfoW
CancelIo
GetProfileStringA
GetCPInfo
ReleaseMutex
SetProcessWorkingSetSize
SetConsoleMode
LoadModule
FindAtomW
GetACP
SetConsoleCtrlHandler
EnumResourceTypesA
SetComputerNameW
GetProcessVersion
CommConfigDialogW
ScrollConsoleScreenBufferA
GetNamedPipeInfo
IsBadStringPtrW
SwitchToFiber
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetPrivateProfileSectionNamesA
GetConsoleAliasesW
ExpandEnvironmentStringsW
WriteProfileSectionA
IsBadStringPtrA
SetCommMask
WaitNamedPipeA
GetLocaleInfoA
Heap32ListNext
ResetEvent
SetDefaultCommConfigA
DosDateTimeToFileTime
CreateFileA
GetDateFormatW
SetThreadAffinityMask
GetSystemWindowsDirectoryW
IsDebuggerPresent
GetCPInfoExA
GetCommandLineA
FatalAppExitA
WriteConsoleA
VirtualAllocEx
AddAtomW
EnumResourceNamesW
GetFileTime
FindAtomA
GetPrivateProfileStringW
VirtualProtect
TransactNamedPipe
GetProcessHeaps
SetThreadExecutionState
GlobalUnfix
SetConsoleCP
WritePrivateProfileStringW
HeapReAlloc
GlobalHandle
FindFirstFileA
AreFileApisANSI
SetProcessPriorityBoost
DeleteTimerQueueEx
GetCurrentThreadId
CopyFileExW
GetProcessShutdownParameters
LCMapStringA
Toolhelp32ReadProcessMemory
GlobalReAlloc
Module32NextW
GlobalDeleteAtom
GetFileSizeEx
ReadProcessMemory
GetProfileSectionW
DeleteTimerQueueTimer
GetSystemTimeAdjustment
lstrcmpiA
BuildCommDCBW
TryEnterCriticalSection
SetHandleCount
MoveFileExW
CreateTimerQueue
SystemTimeToTzSpecificLocalTime
VirtualLock
WritePrivateProfileSectionW
FindResourceW
lstrcmpW
CreateMailslotW
SetFilePointer
SetFileTime
QueryPerformanceCounter
CompareStringA
GetEnvironmentVariableW
FindFirstChangeNotificationA
GetDefaultCommConfigA
GetOverlappedResult
ReadConsoleA
GetFileAttributesA
VirtualQueryEx
LocalUnlock
GetEnvironmentStringsW
FindClose
GetCurrentConsoleFont
GetPrivateProfileStringA
WriteConsoleOutputAttribute
GlobalUnWire
GetDefaultCommConfigW
RtlFillMemory
CancelWaitableTimer
_hwrite
GetCompressedFileSizeA
SetConsoleScreenBufferSize

advapi32

RegOpenKeyExW

shell32

DuplicateIcon
ShellAboutW
SHFileOperationA
SHGetSpecialFolderLocation
SHBrowseForFolder
FindExecutableA
SHCreateDirectoryExA
SHGetFolderPathA
Shell_NotifyIconW
ExtractAssociatedIconExA
DragQueryFileW
SHQueryRecycleBinW
DragAcceptFiles
DragQueryFileAorW
ShellExecuteEx
ShellHookProc
SHGetSettings
CommandLineToArgvW
SHGetFolderLocation
SHGetSpecialFolderPathA
SHGetDataFromIDListA
SHFreeNameMappings
ExtractIconW
ExtractAssociatedIconExW
DragQueryFile
SHGetSpecialFolderPathW
SHPathPrepareForWriteW
SHGetDesktopFolder
SHGetPathFromIDListW
SHChangeNotify
SHGetIconOverlayIndexA
SHFormatDrive
SHCreateProcessAsUserW
DoEnvironmentSubstA
FindExecutableW
ExtractIconEx
ShellExecuteA
ShellAboutA
SHGetDiskFreeSpaceExA
ExtractIconExW
SHInvokePrinterCommandW
SHBindToParent
SHLoadNonloadedIconOverlayIdentifiers
SHGetDataFromIDListW
ExtractIconA
SHGetFileInfoW
SHPathPrepareForWriteA
SHGetFileInfoA
SHCreateDirectoryExW
SHGetFileInfo
ExtractAssociatedIconW
DragFinish
SHGetMalloc
DragQueryFileA
SHAddToRecentDocs
SHIsFileAvailableOffline
ShellExecuteW
WOWShellExecute
SHBrowseForFolderW
Shell_NotifyIconA
SHEmptyRecycleBinA
SHAppBarMessage
ShellExecuteExA
SHGetInstanceExplorer
SHGetPathFromIDListA
SHInvokePrinterCommandA

shlwapi

StrRChrW
StrRStrIA
StrCmpNIW
StrChrIA
StrStrIA
StrStrIW
StrStrW
StrChrIW
StrRStrIW
StrCmpNW
StrCmpNA
StrRChrIA

comctl32

CreatePropertySheetPage
CreatePropertySheetPageW
PropertySheet
CreateStatusWindowW
ImageList_LoadImageW
CreateStatusWindow
ord2
FlatSB_GetScrollProp
ImageList_BeginDrag
ImageList_ReplaceIcon
DestroyPropertySheetPage
ImageList_Merge
GetMUILanguage
ImageList_DragEnter
ImageList_Create
ImageList_EndDrag
ImageList_GetImageRect
ImageList_Add
ord17
ImageList_GetBkColor
ord8
InitMUILanguage
FlatSB_EnableScrollBar
_TrackMouseEvent
ImageList_AddIcon
FlatSB_ShowScrollBar
ord3
ImageList_Write
ImageList_LoadImage
ImageList_Replace
ord7
ImageList_DragMove
ImageList_Destroy
ImageList_Copy
DrawStatusText
ord4
FlatSB_GetScrollRange
ImageList_DrawIndirect
CreatePropertySheetPageA
FlatSB_SetScrollInfo
ImageList_Duplicate
ImageList_LoadImageA
InitCommonControlsEx
FlatSB_SetScrollProp
ImageList_GetImageInfo
ord5
UninitializeFlatSB
ImageList_SetIconSize
ImageList_Draw
ImageList_Read
PropertySheetA
ImageList_GetImageCount
ImageList_SetBkColor
PropertySheetW
ImageList_GetIcon
ord16
ImageList_SetFilter
FlatSB_GetScrollInfo
ImageList_DragShowNolock
DrawStatusTextW
ImageList_SetOverlayImage
ord6
ImageList_GetIconSize
CreateToolbarEx
ImageList_AddMasked

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV2
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textF4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV3
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV1
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV5
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV7
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd4b2f17fec7f7f47ad9cb11d0e38fd2

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86Certificate

Extended Key Usages

f2:bb:2d:4c:4f:b7:9c:6e:3a:19:e0:cf:be:fb:5d:93:85:cf:d3:f6Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 4KB - Virtual size: 4KB

.textV2 Size: 258KB - Virtual size: 258KB

.textF4 Size: 2KB - Virtual size: 2KB

.textV3 Size: 512B - Virtual size: 500B

.textV4 Size: 512B - Virtual size: 500B

.textV1 Size: 512B - Virtual size: 500B

.textV5 Size: 512B - Virtual size: 500B

.textV6 Size: 512B - Virtual size: 500B

.textV7 Size: 512B - Virtual size: 500B

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

f2:bb:2d:4c:4f:b7:9c:6e:3a:19:e0:cf:be:fb:5d:93:85:cf:d3:f6
Signer

.text
Size: 4KB - Virtual size: 4KB

.textV2
Size: 258KB - Virtual size: 258KB

.textF4
Size: 2KB - Virtual size: 2KB

.textV3
Size: 512B - Virtual size: 500B

.textV4
Size: 512B - Virtual size: 500B

.textV1
Size: 512B - Virtual size: 500B

.textV5
Size: 512B - Virtual size: 500B

.textV6
Size: 512B - Virtual size: 500B

.textV7
Size: 512B - Virtual size: 500B

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB