4ab1103b61d3feb64a592c8e044be862_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4ab1103b61d3feb64a592c8e044be862_JaffaCakes118
Size

321KB
MD5

4ab1103b61d3feb64a592c8e044be862
SHA1

fde1d70421cda5c4604e2ea6f99d4fb3924a98b1
SHA256

2a74d81b6c28ccf02ea9e07d932653cd8f06872c0247080af240519d0be49c39
SHA512

580ad5d8d4341af20efa77805bc03467312e8c5bd196f817c0183060a685adb21d4819caace87207127d5e916ab28262d4c72340476aeac3f73f8cd650c3624c
SSDEEP

6144:1Mofb8bGq+ueVRmAvEUkUCAocZJb0ZmVhRHOqFEGcWSlpMBl:JWGq6m0E2C8b0ItEGZSlpC

Score

1^/10

Malware Config

Signatures

Files

4ab1103b61d3feb64a592c8e044be862_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55904a9d93ef1744035f5cb61bd03e3a

Code Sign

75:94:49:e1:66:f5:9f:8c:4c:3e:3b:82:27:cc:5a:11
Certificate

Issuer

CN=253322

Not Before

05/02/2012, 19:33

Not After

31/12/2039, 23:59

Subject

CN=253322

Extended Key Usages

ExtKeyUsageCodeSigning

b2:30:fb:a2:a3:48:81:a0:f2:54:db:ea:ec:69:9b:77:25:44:07:ed
Signer

Actual PE Digest

b2:30:fb:a2:a3:48:81:a0:f2:54:db:ea:ec:69:9b:77:25:44:07:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetThreadLocale
GetWindowsDirectoryA
lstrlenA
lstrcpyA
CreateFileA
VerSetConditionMask
ClearCommError
GetTimeFormatW
CompareStringA
LoadLibraryExA
UpdateResourceA
SetConsoleCursorInfo
GetSystemInfo
FlushConsoleInputBuffer
GetTempPathW
FindResourceExA
GlobalFindAtomW
GlobalAlloc
SystemTimeToFileTime
GetModuleHandleA
WaitForMultipleObjects
DeleteFileW
GetFileInformationByHandle
lstrcat
CreateProcessW
GetPrivateProfileSectionNamesA
GetConsoleAliasExesA
DosDateTimeToFileTime
PostQueuedCompletionStatus
ReadDirectoryChangesW
GetProcessVersion
SetProcessPriorityBoost
GetUserDefaultLCID
Module32NextW
EnumDateFormatsExW
SetProcessAffinityMask
UnregisterWait
lstrcmpA
SetComputerNameExW
GetDriveTypeA
EnumTimeFormatsA
GetTapeParameters
FindCloseChangeNotification
OpenJobObjectW
SetConsoleDisplayMode
EnumSystemLanguageGroupsA
CreateMailslotA
GetConsoleAliasA
GlobalFlags
GlobalAddAtomW
DeleteFiber
MapUserPhysicalPages
GetCurrencyFormatA
SetUnhandledExceptionFilter
EnumCalendarInfoExA
CreateHardLinkW
UnregisterWaitEx
GetSystemTimeAsFileTime
InterlockedExchangeAdd
MoveFileW
GetFileAttributesExA
CompareStringW
DeleteVolumeMountPointA
SetSystemTime
GetBinaryTypeA
ReadFile
GetProfileStringA
GetVolumePathNameW
IsProcessorFeaturePresent
VerifyVersionInfoW
GetSystemWindowsDirectoryW
FreeConsole
CancelTimerQueueTimer
FindFirstChangeNotificationA
LockResource
ProcessIdToSessionId
FileTimeToLocalFileTime
DefineDosDeviceA
EnumResourceLanguagesW
SetLocaleInfoW
GetConsoleWindow
GetConsoleCP
InitializeCriticalSection
GetSystemDefaultLangID
EnumResourceTypesA
FindFirstFileW
RtlFillMemory
OpenSemaphoreA
HeapValidate
UpdateResourceW
CreateRemoteThread
HeapAlloc
FreeUserPhysicalPages
GlobalFix

user32

LoadIconW
ChangeDisplaySettingsA
GetKeyState
DefWindowProcW
GetProcessDefaultLayout
CreateDialogParamA
DlgDirListW
WINNLSGetIMEHotkey
EnumDesktopsW
SendMessageA
EndTask
GetMenuStringW
GetWindowLongA
SetParent
DdeNameService
CharUpperBuffA
SetPropA
DlgDirSelectExA
UnregisterClassA
GetWindowTextLengthA
CharToOemBuffW
ScreenToClient
SetMenuItemBitmaps
GetCursorInfo
DdeUnaccessData
WINNLSGetEnableStatus
IsChild
OpenDesktopA
GetUpdateRect
GetLastActivePopup
VkKeyScanExW
CreateWindowExW
LoadBitmapW
IsClipboardFormatAvailable
OemKeyScan
SetWindowsHookExW
LookupIconIdFromDirectoryEx
DeleteMenu
SetCapture
InSendMessageEx
GetClipboardFormatNameA
VkKeyScanW
LoadMenuIndirectW
CascadeWindows
IsWindowUnicode
DialogBoxIndirectParamW
CreateAcceleratorTableW
DdeUninitialize
ToAscii
IsRectEmpty
GrayStringW
GetAltTabInfoA
SetWindowsHookW
LoadCursorA
ChildWindowFromPointEx
OpenWindowStationW
GetMenuStringA
IMPGetIMEA
EnumWindows
DrawStateW
ShowCursor
GetMenuItemInfoW
DestroyWindow
RegisterShellHookWindow
SetProcessDefaultLayout
DefDlgProcA
InvalidateRect
SendMessageCallbackA
RemoveMenu
PostThreadMessageW
SetWindowWord
SetSystemCursor
IsCharAlphaW
SetUserObjectInformationA
ShowOwnedPopups
GetCursor
EmptyClipboard
CharNextExA
GetClientRect
CharToOemBuffA
TrackPopupMenu
IntersectRect
ValidateRgn
DialogBoxParamW
GetTitleBarInfo
UnhookWindowsHookEx
SetWindowsHookA
GetClipboardData
CreateIconFromResource
GetMenuContextHelpId
SetDeskWallpaper
CharUpperBuffW
ActivateKeyboardLayout

advapi32

RegOpenKeyExW

ole32

CoDisableCallCancellation
CoEnableCallCancellation
OleFlushClipboard
HICON_UserFree
OleLoad
OleMetafilePictFromIconAndLabel
CreateObjrefMoniker
CLIPFORMAT_UserMarshal
OleRegGetUserType
CoGetStdMarshalEx
UtConvertDvtd32toDvtd16
CoReactivateObject
CoGetClassObject
STGMEDIUM_UserSize
HBRUSH_UserMarshal
CoUnloadingWOW
StgGetIFillLockBytesOnILockBytes
CoDeactivateObject
SetDocumentBitStg
OleDraw
CoGetObjectContext
HBITMAP_UserSize
CoAddRefServerProcess
OleCreateLinkEx
CoTreatAsClass
WriteClassStm
DllDebugObjectRPCHook
HWND_UserFree
CreateOleAdviseHolder
WriteOleStg
CoTaskMemAlloc
ReadClassStm
OleConvertIStorageToOLESTREAMEx
SNB_UserSize
StgConvertPropertyToVariant
OleLoadFromStream
ReadClassStg
StgIsStorageILockBytes
CoQueryAuthenticationServices
CoGetCancelObject
StgCreateDocfile
OleBuildVersion
OleCreate
CoMarshalInterface
HDC_UserFree
HPALETTE_UserMarshal
OleGetIconOfFile
CoUninitialize
OleCreateFromFile
WriteClassStg
CoLockObjectExternal
GetHookInterface
WdtpInterfacePointer_UserSize
CoRegisterMallocSpy
CoGetTreatAsClass
PropStgNameToFmtId
HBRUSH_UserUnmarshal
StringFromCLSID
WriteFmtUserTypeStg
HACCEL_UserMarshal
STGMEDIUM_UserFree
GetHGlobalFromStream
HENHMETAFILE_UserUnmarshal
CoRevokeMallocSpy
StgCreatePropSetStg
CoCreateObjectInContext
OleSetClipboard
HBITMAP_UserUnmarshal
HACCEL_UserUnmarshal
OleCreateLinkFromData
UtGetDvtd32Info
CoSetProxyBlanket
CoSwitchCallContext
GetDocumentBitStg
CoRegisterSurrogate
CoGetObject
OleGetIconOfClass
OleUninitialize
CoCancelCall
HDC_UserMarshal
OleRegEnumVerbs

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text3
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55904a9d93ef1744035f5cb61bd03e3a

Code Sign

75:94:49:e1:66:f5:9f:8c:4c:3e:3b:82:27:cc:5a:11Certificate

Extended Key Usages

b2:30:fb:a2:a3:48:81:a0:f2:54:db:ea:ec:69:9b:77:25:44:07:edSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Sections

.text Size: 3KB - Virtual size: 3KB

.text3 Size: 1KB - Virtual size: 1KB

.text2 Size: 301KB - Virtual size: 301KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

75:94:49:e1:66:f5:9f:8c:4c:3e:3b:82:27:cc:5a:11
Certificate

b2:30:fb:a2:a3:48:81:a0:f2:54:db:ea:ec:69:9b:77:25:44:07:ed
Signer

.text
Size: 3KB - Virtual size: 3KB

.text3
Size: 1KB - Virtual size: 1KB

.text2
Size: 301KB - Virtual size: 301KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB