5aee43ac60a7f7b2aafee6f87b1aa895_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5aee43ac60a7f7b2aafee6f87b1aa895_JaffaCakes118
Size

41KB
MD5

5aee43ac60a7f7b2aafee6f87b1aa895
SHA1

cc4837649adb5212254bf9792106e7b8ca6e696e
SHA256

471d8195a34234fa6a5b10d3e5e7b815700ff530d6ad0c0c351fb0199687cab9
SHA512

c5385af6d7262edf6762181ec5f50301143598c3ee1dce0ff83058bb62efae3d98664a5797f1b1dee2dc1a910fa7c55a686c71b48bc1cccf19496eb57dd05961
SSDEEP

768:z3uOBW7ryWs9PtvAq30dLVee/uHpsAUuYfsgfKGzwnyp0cASGr:z3uOBW7e7wlgsAUuYfNKipmP

Score

1^/10

Malware Config

Signatures

Files

5aee43ac60a7f7b2aafee6f87b1aa895_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9fc5d5f176f5ed277e8087c23980ff84

Code Sign

18:51:28:c2:68:eb:6c:4b:be:81:59:c4:52:f3:82:a6
Certificate

Issuer

CN=QJX

Not Before

10/05/2012, 06:26

Not After

31/12/2039, 23:59

Subject

CN=QJX

Extended Key Usages

ExtKeyUsageCodeSigning

1a:f7:a5:b0:96:b0:c8:d7:55:f6:5c:c8:42:d9:94:7d:b5:42:27:a3
Signer

Actual PE Digest

1a:f7:a5:b0:96:b0:c8:d7:55:f6:5c:c8:42:d9:94:7d:b5:42:27:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
LoadLibraryA
lstrcatW
GetProcAddress
VirtualAllocEx
CreateFileW

user32

ShowCursor
RegisterClassExW

advapi32

RegCloseKey
RegOpenKeyW

shlwapi

wvnsprintfA
UrlUnescapeW
UrlIsOpaqueW
AssocCreate
ChrCmpIA
ChrCmpIW
ColorRGBToHLS
HashData
IntlStrEqWorkerA
IntlStrEqWorkerW
PathAddBackslashA
PathAddBackslashW
PathAppendA
PathCanonicalizeA
PathCombineA
PathCommonPrefixW
PathCompactPathExA
PathCompactPathExW
PathCreateFromUrlA
PathCreateFromUrlW
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindNextComponentA
PathFindNextComponentW
PathFindOnPathA
PathFindOnPathW
PathFindSuffixArrayW
PathGetArgsA
PathGetCharTypeA
PathGetDriveNumberW
PathIsContentTypeA
PathIsDirectoryA
PathIsDirectoryEmptyW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsRelativeW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCW
PathMatchSpecA
PathQuoteSpacesA
PathQuoteSpacesW
PathRelativePathToW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathSearchAndQualifyW
PathSetDlgItemPathA
PathSetDlgItemPathW
PathStripPathA
PathStripToRootA
PathUnExpandEnvStringsA
PathUndecorateW
PathUnmakeSystemFolderA
PathUnmakeSystemFolderW
PathUnquoteSpacesA
SHDeleteEmptyKeyW
SHDeleteValueW
SHGetInverseCMAP
SHIsLowMemoryMachine
SHOpenRegStream2A
SHOpenRegStreamA
SHOpenRegStreamW
SHQueryInfoKeyW
SHQueryValueExW
SHRegCloseUSKey
SHRegCreateUSKeyW
SHRegDeleteEmptyUSKeyA
SHRegDeleteUSValueA
SHRegEnumUSKeyA
SHRegEnumUSValueW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetPathA
SHRegOpenUSKeyW
SHRegQueryInfoUSKeyA
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetPathA
SHRegSetUSValueA
SHRegSetUSValueW
SHSetThreadRef
StrCSpnA
StrCatBuffA
StrCatBuffW
StrCatW
StrChrA
StrCmpIW
StrCmpNIA
StrCmpNIW
StrCmpNW
StrFormatByteSize64A
StrFormatKBSizeA
StrPBrkA
StrRChrIW
StrRStrIW
StrRetToStrW
StrStrA
StrStrIW
UrlApplySchemeW
UrlCombineW
UrlCreateFromPathW
UrlEscapeA
UrlEscapeW
UrlIsNoHistoryA
UrlIsNoHistoryW

Sections

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data5
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fc5d5f176f5ed277e8087c23980ff84

Code Sign

18:51:28:c2:68:eb:6c:4b:be:81:59:c4:52:f3:82:a6Certificate

Extended Key Usages

1a:f7:a5:b0:96:b0:c8:d7:55:f6:5c:c8:42:d9:94:7d:b5:42:27:a3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Sections

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 27KB - Virtual size: 26KB

.data5 Size: 1024B - Virtual size: 1000B

.data4 Size: 1024B - Virtual size: 1000B

.data3 Size: 1024B - Virtual size: 1000B

.data2 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

18:51:28:c2:68:eb:6c:4b:be:81:59:c4:52:f3:82:a6
Certificate

1a:f7:a5:b0:96:b0:c8:d7:55:f6:5c:c8:42:d9:94:7d:b5:42:27:a3
Signer

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 27KB - Virtual size: 26KB

.data5
Size: 1024B - Virtual size: 1000B

.data4
Size: 1024B - Virtual size: 1000B

.data3
Size: 1024B - Virtual size: 1000B

.data2
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB