644b3459a064143f8bb7920459f0732e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

644b3459a064143f8bb7920459f0732e_JaffaCakes118
Size

339KB
MD5

644b3459a064143f8bb7920459f0732e
SHA1

8c9c8f07c069bb47be91d361025515cfb7b4271e
SHA256

1c3426003bf3aa881d069479b64be745ef6d98ce0e4d154fbf90114e68ba9ad1
SHA512

2ad5d3e5abdc22a910a6897fccd85b6d98f1ddd2dbeef527051651684ccfb85a7592318540f496a5f5ddb9b4418cd011742eca079725e47b747ef97377324d4b
SSDEEP

6144:q+REoQFaSdyXpJsVq/UrR7VH49blFhB1esTzyr49K9:uoEDy5PCt49blFYsyM9K9

Score

1^/10

Malware Config

Signatures

Files

644b3459a064143f8bb7920459f0732e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61082f161a03346d8c95f2bd80ad6308

Code Sign

66:09:b9:d1:82:d2:81:4a:b5:0a:66:6a:c1:b5:d7:66
Certificate

Issuer

CN=exsgjtruxhj

Not Before

27/01/2012, 20:28

Not After

31/12/2039, 23:59

Subject

CN=Jervop

d3:a5:9e:fb:2a:56:18:5f:97:c3:0a:e4:a9:a4:5a:af:37:ce:6e:c9
Signer

Actual PE Digest

d3:a5:9e:fb:2a:56:18:5f:97:c3:0a:e4:a9:a4:5a:af:37:ce:6e:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StgCreatePropSetStg
StgIsStorageILockBytes
OleCreateLinkFromDataEx
CoLockObjectExternal
StgCreateDocfile
OleRegGetMiscStatus
RegisterDragDrop
CoLoadLibrary
OleRun
CreateItemMoniker
StgIsStorageFile
CoBuildVersion
FreePropVariantArray
OleCreateLink
OleFlushClipboard

kernel32

TlsAlloc
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapAlloc
VirtualFree
GlobalUnlock
GetUserDefaultLCID
IsValidLocale
GetCPInfo
PulseEvent
WaitForSingleObject
HeapDestroy
LocalAlloc
GlobalSize
GetProcAddress
GetModuleHandleA
GetLastError
DeleteFileW
MoveFileW
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
GetStringTypeW
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapCreate
HeapFree
RtlUnwind
WriteFile

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61082f161a03346d8c95f2bd80ad6308

Code Sign

66:09:b9:d1:82:d2:81:4a:b5:0a:66:6a:c1:b5:d7:66Certificate

d3:a5:9e:fb:2a:56:18:5f:97:c3:0a:e4:a9:a4:5a:af:37:ce:6e:c9Signer

Headers

File Characteristics

Imports

ole32

kernel32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 302KB - Virtual size: 302KB

.data Size: 2KB - Virtual size: 504KB

.rsrc Size: 16KB - Virtual size: 15KB

66:09:b9:d1:82:d2:81:4a:b5:0a:66:6a:c1:b5:d7:66
Certificate

d3:a5:9e:fb:2a:56:18:5f:97:c3:0a:e4:a9:a4:5a:af:37:ce:6e:c9
Signer

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 302KB - Virtual size: 302KB

.data
Size: 2KB - Virtual size: 504KB

.rsrc
Size: 16KB - Virtual size: 15KB