5ab98fa374fb3354a17b9f2ae40b2b32_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5ab98fa374fb3354a17b9f2ae40b2b32_JaffaCakes118
Size

359KB
MD5

5ab98fa374fb3354a17b9f2ae40b2b32
SHA1

64cf30c5ed3aee9b1d29e296988aa93d9f3bcf3a
SHA256

1cf8af841511bc3a1210c9c02276627d87dd07d38bbb2baa44c20cf55c3a76f3
SHA512

c673116e62e79a128093f34dda0abb04e59a2bf2ac13e967cd1882551bf63f9e779a6f6e23933bed2d91440005bac3e7724eef31e722c6c243a43c821cfa0a52
SSDEEP

6144:0BFybY/7YsXUmrXgEXrMzp14WaumddWFlhdYBb+vDDTH0DcPGCa3DLb8NHiB:0Cm/XXgsdumdIlnYqDDTUwPbWLb8NCB

Score

1^/10

Malware Config

Signatures

Files

5ab98fa374fb3354a17b9f2ae40b2b32_JaffaCakes118
.exe windows:5 windows x86 arch:x86

50d03f60d164d4ea095b36b79661d00f

Code Sign

e4:62:4b:5c:47:52:07:5d
Certificate

Issuer

CN=TherearemykeysButwhereforeshouldIgo

Not Before

30-08-2011 21:32

Not After

26-05-2014 21:32

Subject

CN=TherearemykeysButwhereforeshouldIgo

cb:53:81:58:07:a1:aa:2e:70:30:fb:15:6d:aa:d2:ca:b9:db:1c:10
Signer

Actual PE Digest

cb:53:81:58:07:a1:aa:2e:70:30:fb:15:6d:aa:d2:ca:b9:db:1c:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
SetEvent
GetFileAttributesA
ContinueDebugEvent
GetLongPathNameW
GetACP
GetCurrentProcess
CreateMutexA
CloseHandle
GetModuleHandleA
GetFileTime
CopyFileW
LoadLibraryA
ResetEvent
GetFileType
GetCurrentThreadId
AreFileApisANSI
GetLastError
GetShortPathNameW
IsSystemResumeAutomatic
GlobalSize
GetProcAddress
IsBadReadPtr
VirtualProtect
VirtualProtectEx
VirtualFree
VirtualAlloc
FreeLibrary
GetProfileIntW
GlobalLock
GetProfileStringW
LocalAlloc
LocalFree
LocalReAlloc
lstrlenW
lstrcatW
WaitForSingleObject
lstrcpynW
CreateThread
GlobalUnlock
WriteProfileStringW
Sleep
lstrcmpW
GlobalReAlloc
GlobalFree
GlobalAlloc
GlobalCompact
GlobalDeleteAtom
GetStartupInfoA
GetCurrentProcessId
GetCommandLineA
CopyFileA
CreateEventA
Module32Next
lstrcpyW
CreateEventW
GetCommandLineW

user32

LoadIconW
LoadCursorW
GetSysColorBrush
RegisterClassExW
CharNextW
SetCursor
SetFocus
SetWindowTextW
CheckRadioButton
GetSubMenu
MessageBeep
EndDialog
DialogBoxParamW
GetSysColor
CloseClipboard
CharNextA
GetClipboardData
OpenClipboard
GetDesktopWindow
TrackPopupMenuEx
EnableMenuItem
IsClipboardFormatAvailable
DefWindowProcW
ChildWindowFromPoint
ScreenToClient
GetDlgCtrlID
PostQuitMessage
WinHelpW
DrawTextW
CallWindowProcW
HideCaret
CheckDlgButton
GetWindowTextW
SetDlgItemInt
GetMenu
SendMessageW
SetDlgItemTextW
CheckMenuItem
CheckMenuRadioItem
SetWindowPos
OffsetRect
MapWindowPoints
GetClientRect
EnableWindow
LoadMenuW
SetWindowLongW
GetWindowLongW
CreateDialogParamW
GetDlgItem
DestroyMenu
SetMenu
GetWindowRect
SystemParametersInfoW
DispatchMessageW
TranslateAcceleratorW
IsChild
IsDialogMessageW
GetMessageW
LoadAcceleratorsW
CreateWindowExW
MessageBoxW
LoadStringW
SetProcessDefaultLayout
GetProcessDefaultLayout
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
MessageBoxA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
InvalidateRect

gdi32

SetTextColor
SetBkColor
SetBkMode

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
DuplicateTokenEx
AllocateAndInitializeSid
ImpersonateSelf
CloseServiceHandle
QueryServiceStatus
QueryServiceConfigW
ChangeServiceConfig2W
QueryServiceConfig2W
ChangeServiceConfigW
RegQueryValueExW
LookupPrivilegeValueW
RegDeleteKeyW
InitiateSystemShutdownExW
RevertToSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetUserNameW
IsValidSid
GetLengthSid
CopySid
RegOpenCurrentUser
OpenThreadToken
OpenProcessToken
GetTokenInformation
FreeSid
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW

Sections

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50d03f60d164d4ea095b36b79661d00f

Code Sign

e4:62:4b:5c:47:52:07:5dCertificate

cb:53:81:58:07:a1:aa:2e:70:30:fb:15:6d:aa:d2:ca:b9:db:1c:10Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 796B

.text Size: 350KB - Virtual size: 349KB

.rsrc Size: 1KB - Virtual size: 1KB

e4:62:4b:5c:47:52:07:5d
Certificate

cb:53:81:58:07:a1:aa:2e:70:30:fb:15:6d:aa:d2:ca:b9:db:1c:10
Signer

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 796B

.text
Size: 350KB - Virtual size: 349KB

.rsrc
Size: 1KB - Virtual size: 1KB