71318ea1a30fe915c586968881be7ee1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

71318ea1a30fe915c586968881be7ee1_JaffaCakes118
Size

425KB
MD5

71318ea1a30fe915c586968881be7ee1
SHA1

59cb0be54dd5a0565c2c4da22d6ef48d38c640ec
SHA256

191ee3ec8c38eac959f642633f603a903bb90e1726e9d51eab02df1c5a94503c
SHA512

bd675566fff52b33ee5a6dd0f9a6e4c3adcb2ebf4ea4bedf87d22d7cdbb72a1c6ac97d314ab908d0cf548a5229051a76052807be88f9e9193f2c914f40ee5505
SSDEEP

12288:WSCir3twltCaKmI9kWLVqJ+B3gvyrDkhD:vCMDHjLIJ+sIoD

Score

1^/10

Malware Config

Signatures

Files

71318ea1a30fe915c586968881be7ee1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2827af3b7d9cc8ec0278c8e2290b02ac

Code Sign

16:ce:dc:4b:bb:90:84:59:b1:ab:81:59:e4:e6:fd:73
Certificate

Issuer

CN=rfddqmlpcgf

Not Before

29-01-2012 12:32

Not After

31-12-2039 23:59

Subject

CN=Gasqipo

b8:2a:f9:e1:f1:68:dd:74:9c:7c:7e:6a:11:6e:c3:0f:77:17:3a:74
Signer

Actual PE Digest

b8:2a:f9:e1:f1:68:dd:74:9c:7c:7e:6a:11:6e:c3:0f:77:17:3a:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

WindowFromPoint
GetNextDlgTabItem
IsZoomed
DefDlgProcA
IsWindow
MessageBoxA
SendDlgItemMessageA
IsChild
FindWindowExA
DeferWindowPos
EnumChildWindows

ole32

StgIsStorageILockBytes
StgCreatePropSetStg
CoBuildVersion
GetClassFile
StgIsStorageFile
OleFlushClipboard
CoIsOle1Class
CoUnmarshalInterface
CoInstall
StringFromIID
ReadFmtUserTypeStg
CoRevokeMallocSpy

oledlg

ord8
ord6
ord1
ord12
ord5
ord9
ord10
ord2
ord7
ord11
ord3

advapi32

RegNotifyChangeKeyValue
RegDeleteValueA
RegSetValueExA
RegConnectRegistryA
RegCloseKey
RegEnumKeyExA

kernel32

GetModuleHandleA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetProcAddress
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetStringTypeW
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetStartupInfoA
GetStringTypeA
SetLastError
GetTickCount
GetEnvironmentVariableA
GetStdHandle
GlobalReAlloc
GetProcessHeap
CreateSemaphoreA
HeapLock
HeapSize
SetLocaleInfoA
SetThreadLocale
LocalLock
GetProfileStringA
WriteProfileStringA
WritePrivateProfileStructA
WritePrivateProfileStringA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2827af3b7d9cc8ec0278c8e2290b02ac

Code Sign

16:ce:dc:4b:bb:90:84:59:b1:ab:81:59:e4:e6:fd:73Certificate

b8:2a:f9:e1:f1:68:dd:74:9c:7c:7e:6a:11:6e:c3:0f:77:17:3a:74Signer

Headers

File Characteristics

Imports

user32

ole32

oledlg

advapi32

kernel32

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 403KB - Virtual size: 403KB

.data Size: 512B - Virtual size: 77KB

.rsrc Size: 5KB - Virtual size: 5KB

16:ce:dc:4b:bb:90:84:59:b1:ab:81:59:e4:e6:fd:73
Certificate

b8:2a:f9:e1:f1:68:dd:74:9c:7c:7e:6a:11:6e:c3:0f:77:17:3a:74
Signer

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 403KB - Virtual size: 403KB

.data
Size: 512B - Virtual size: 77KB

.rsrc
Size: 5KB - Virtual size: 5KB