71c25aa6e9e397677ca88252590c3740_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

71c25aa6e9e397677ca88252590c3740_JaffaCakes118
Size

246KB
MD5

71c25aa6e9e397677ca88252590c3740
SHA1

870fea9b4b42cbfd486b5e0db2a62b5732521951
SHA256

14240fce2d367150621238212e1c599e2c3949cff097551c435b8f17942e7d12
SHA512

c2ba90cc42ba539fb5bfd2817339a030f414c2b20dea2dae376b5ad33ca6ed315a801bdcb69559ca051be03e5d94c88e65b68f2aed469ae08f19242d2a882dbe
SSDEEP

3072:SwPnVR5vByfBc9UzV1GvcvcRrCXWZeO3dogVU9SDJibG4NJrzFhCXbbPa/2WFtPm:h+ZzV11vu3dZCEDdohhEfSOWPuGsN

Score

1^/10

Malware Config

Signatures

Files

71c25aa6e9e397677ca88252590c3740_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb7d1ee638d0017515d511340a236a13

Code Sign

2f:f9:94:a9:77:dd:93:8a:4a:a8:e7:98:be:f7:d0:ff
Certificate

Issuer

CN=sihwnxxpqiz

Not Before

18/06/2012, 11:35

Not After

31/12/2039, 23:59

Subject

CN=Jerani

fe:92:66:ca:02:a8:61:34:41:13:ca:3f:2f:a5:bd:a3:66:5d:fc:45
Signer

Actual PE Digest

fe:92:66:ca:02:a8:61:34:41:13:ca:3f:2f:a5:bd:a3:66:5d:fc:45

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsWindowUnicode
DestroyWindow
GetSysColor
MoveWindow
FindWindowExA
GetTopWindow
SetDlgItemTextA
SetSysColors
IsDialogMessageA
ArrangeIconicWindows
BringWindowToTop
SetWindowPlacement
IsChild
IsWindowVisible

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegUnLoadKeyA
RegReplaceKeyA
RegLoadKeyA
RegQueryValueA
RegCreateKeyExA
RegOpenKeyA
RegEnumKeyExA
RegNotifyChangeKeyValue

kernel32

GetCurrentProcessId
SetEvent
SuspendThread
CloseHandle
ResumeThread
GetCommandLineA
GetStartupInfoA
GetHandleInformation
DeleteFileA
GetCurrentProcess
VirtualAlloc
GetModuleHandleA
GetComputerNameA
ResetEvent
GetPrivateProfileSectionA
WriteProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetProcAddress
SetHandleInformation

winspool.drv

EnumPrinterDataA
DeletePrinterConnectionA
AdvancedDocumentPropertiesA
ConfigurePortA
AbortPrinter
DeleteFormA
ClosePrinter
AddJobA
DeletePrinterDataA
DeletePrinter
AddFormA
ConnectToPrinterDlg
AddPrinterConnectionA
AddPrinterA

msvcrt

_XcptFilter
_exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
exit

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb7d1ee638d0017515d511340a236a13

Code Sign

2f:f9:94:a9:77:dd:93:8a:4a:a8:e7:98:be:f7:d0:ffCertificate

fe:92:66:ca:02:a8:61:34:41:13:ca:3f:2f:a5:bd:a3:66:5d:fc:45Signer

Headers

File Characteristics

Imports

user32

advapi32

kernel32

winspool.drv

msvcrt

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 210KB - Virtual size: 210KB

.data Size: 512B - Virtual size: 329KB

.rsrc Size: 19KB - Virtual size: 19KB

2f:f9:94:a9:77:dd:93:8a:4a:a8:e7:98:be:f7:d0:ff
Certificate

fe:92:66:ca:02:a8:61:34:41:13:ca:3f:2f:a5:bd:a3:66:5d:fc:45
Signer

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 210KB - Virtual size: 210KB

.data
Size: 512B - Virtual size: 329KB

.rsrc
Size: 19KB - Virtual size: 19KB