5d8b8498d47569f36aa8d6e9079359ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d8b8498d47569f36aa8d6e9079359ba_JaffaCakes118
Size

202KB
MD5

5d8b8498d47569f36aa8d6e9079359ba
SHA1

c9f8a349901504646dbe11f82b1934f6c6d203df
SHA256

0f2ee0d16518a8d56bae8260824e4c95ddaae9be8c74bfc3fff1427bf08f3b44
SHA512

ceec371204d65e6f4c25097533ebce3051d826202bf784b7f74191af8883852224ece97cd37a83bb13531735f99fe38f130a1a17eb611b94fd4f537cd2b635ff
SSDEEP

3072:Ccug3jXsJ6mQrdTKypHgWTzEQJV3so+RBBI0Ic9oZO0cULoqSZ4hf6owC/aBm8:CYsJtQrd1ldEQcHDBIXZOBQe2FwCiBd

Score

1^/10

Malware Config

Signatures

Files

5d8b8498d47569f36aa8d6e9079359ba_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bc0afe0bf2f2e0303911df2adb2faff5

Code Sign

0f:1d:b0:a6:2c:6d:d5:b2:47:86:46:85:24:2c:9b:18
Certificate

Issuer

CN=t123612333

Not Before

05/02/2012, 18:21

Not After

31/12/2039, 23:59

Subject

CN=t123612333

Extended Key Usages

ExtKeyUsageCodeSigning

a1:54:ea:00:b5:a0:9d:39:8b:66:e4:c6:ba:b9:03:6d:7e:57:fd:c2
Signer

Actual PE Digest

a1:54:ea:00:b5:a0:9d:39:8b:66:e4:c6:ba:b9:03:6d:7e:57:fd:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
ExitProcess

gdi32

GetStockObject

ole32

StringFromCLSID
WdtpInterfacePointer_UserSize
WriteClassStg
WriteFmtUserTypeStg
WriteOleStg
WriteStringStream
StgOpenStorageOnILockBytes
StgOpenStorage
StgOpenAsyncDocfileOnIFillLockBytes
StgCreateStorageEx
StgCreatePropStg
StgConvertVariantToProperty
StgConvertPropertyToVariant
SetDocumentBitStg
SetConvertStg
STGMEDIUM_UserSize
SNB_UserUnmarshal
ReadClassStm
PropVariantClear
PropStgNameToFmtId
OleUninitialize
OleSetMenuDescriptor
OleSetContainedObject
OleSave
OleRun
OleRegEnumFormatEtc
OleQueryLinkFromData
OleQueryCreateFromData
OleLoad
OleIsRunning
OleInitialize
OleDuplicateData
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleCreateLinkToFile
OleCreateLinkFromData
OleCreateFromFileEx
OleCreateFromData
OleCreateEmbeddingHelper
OleCreate
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
MkParseDisplayName
HkOleRegisterObject
HWND_UserMarshal
HPALETTE_UserMarshal
HMETAFILE_UserUnmarshal
HMETAFILE_UserSize
HMETAFILE_UserMarshal
HMETAFILE_UserFree
HMETAFILEPICT_UserUnmarshal
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserMarshal
HMENU_UserUnmarshal
HMENU_UserMarshal
HMENU_UserFree
HICON_UserUnmarshal
HICON_UserMarshal
HGLOBAL_UserSize
HGLOBAL_UserMarshal
HDC_UserUnmarshal
HDC_UserSize
HDC_UserMarshal
HBRUSH_UserUnmarshal
HBRUSH_UserSize
HBRUSH_UserFree
HBITMAP_UserSize
HBITMAP_UserMarshal
HBITMAP_UserFree
HACCEL_UserSize
GetHGlobalFromStream
GetDocumentBitStg
GetClassFile
FreePropVariantArray
FmtIdToPropStgName
DoDragDrop
DllDebugObjectRPCHook
DcomChannelSetHResult
CreateObjrefMoniker
CreateItemMoniker
CreateILockBytesOnHGlobal
CreateDataAdviseHolder
CoUnmarshalInterface
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
CoSetCancelObject
CoRevokeMallocSpy
CoRevertToSelf
CoReleaseServerProcess
CoRegisterSurrogate
CoRegisterPSClsid
CoRegisterClassObject
CoRegisterChannelHook
CoReactivateObject
CoMarshalInterface
CoMarshalHresult
CoInitializeSecurity
CoInitializeEx
CoGetTreatAsClass
CoGetPSClsid
CoGetMarshalSizeMax
CoGetInterfaceAndReleaseStream
CoGetClassVersion
CoGetCancelObject
CoGetCallerTID
CoFreeLibrary
CoFreeAllLibraries
CoFileTimeToDosDateTime
CoDosDateTimeToFileTime
CoDisconnectObject
CoDisableCallCancellation
CoCreateObjectInContext
CoCreateInstanceEx
CoCreateGuid
CoCopyProxy
CoAddRefServerProcess
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserFree
BindMoniker
WdtpInterfacePointer_UserFree

shlwapi

wnsprintfW
wnsprintfA
UrlUnescapeW
UrlUnescapeA
UrlIsW
UrlIsNoHistoryW
UrlHashW
UrlGetLocationA
UrlEscapeW
UrlCompareW
UrlCanonicalizeA
StrTrimW
StrToIntW
StrStrW
StrStrA
StrSpnW
StrSpnA
StrRetToStrW
StrRetToStrA
StrRetToBufA
StrRStrIA
StrRChrIA
StrPBrkW
StrPBrkA
StrNCatA
StrIsIntlEqualA
StrDupW
StrDupA
StrCpyW
StrCmpNIW
StrChrW
StrChrIW
StrChrIA
StrChrA
StrCatW
StrCatBuffW
SHSetValueW
SHSetValueA
SHSetThreadRef
SHRegWriteUSValueW
SHRegWriteUSValueA
SHRegSetUSValueA
SHRegOpenUSKeyW
SHRegGetUSValueW
SHRegGetPathA
SHRegEnumUSKeyW
SHRegDeleteUSValueW
SHRegDeleteUSValueA
SHRegCreateUSKeyW
SHQueryValueExW
SHQueryValueExA
SHQueryInfoKeyW
SHQueryInfoKeyA
SHOpenRegStreamW
SHOpenRegStreamA
SHOpenRegStream2W
SHOpenRegStream2A
SHIsLowMemoryMachine
SHGetValueW
SHEnumKeyExA
SHDeleteValueW
ord16
SHCreateStreamOnFileW
SHCopyKeyA
SHAutoComplete
PathUnmakeSystemFolderW
PathStripToRootW
PathStripPathA
PathRenameExtensionW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveExtensionA
PathRelativePathToW
PathQuoteSpacesW
PathQuoteSpacesA
PathMatchSpecA
PathMakePrettyW
PathMakePrettyA
PathIsURLW
PathIsURLA
PathIsUNCServerShareW
PathIsUNCServerShareA
PathIsSystemFolderW
PathIsSystemFolderA
PathIsSameRootW
PathIsSameRootA
PathIsRootW
PathIsRelativeW
PathIsNetworkPathW
PathIsFileSpecA
PathIsDirectoryEmptyW
PathIsDirectoryEmptyA
PathIsContentTypeW
PathIsContentTypeA
PathGetDriveNumberW
PathGetDriveNumberA
PathGetArgsW
PathGetArgsA
PathFindSuffixArrayW
PathFindOnPathW
PathFileExistsW
PathCompactPathW
PathCompactPathExW
PathCompactPathA
PathCommonPrefixW
PathCanonicalizeW
PathCanonicalizeA
PathBuildRootW
PathBuildRootA
IntlStrEqWorkerA
ColorRGBToHLS
ColorAdjustLuma
AssocQueryStringW
AssocQueryStringA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nnn
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gay4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc0afe0bf2f2e0303911df2adb2faff5

Code Sign

0f:1d:b0:a6:2c:6d:d5:b2:47:86:46:85:24:2c:9b:18Certificate

Extended Key Usages

a1:54:ea:00:b5:a0:9d:39:8b:66:e4:c6:ba:b9:03:6d:7e:57:fd:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

ole32

shlwapi

Sections

.text Size: 8KB - Virtual size: 8KB

.nnn Size: 175KB - Virtual size: 175KB

.data Size: 512B - Virtual size: 236B

.gay4 Size: 1024B - Virtual size: 1000B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

0f:1d:b0:a6:2c:6d:d5:b2:47:86:46:85:24:2c:9b:18
Certificate

a1:54:ea:00:b5:a0:9d:39:8b:66:e4:c6:ba:b9:03:6d:7e:57:fd:c2
Signer

.text
Size: 8KB - Virtual size: 8KB

.nnn
Size: 175KB - Virtual size: 175KB

.data
Size: 512B - Virtual size: 236B

.gay4
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB