71f25db18a686f2a8798ea935c55ef69_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

71f25db18a686f2a8798ea935c55ef69_JaffaCakes118
Size

344KB
MD5

71f25db18a686f2a8798ea935c55ef69
SHA1

1ebb56a13ec54dd330e3383110f0204b9b7a1298
SHA256

c297c0361afb84af705658db1639a68d8b3badb4558a9e1b6579662410ef1da0
SHA512

66ed86cda38af7e077bdf3743bb8858cefba6c740924072e868ee407c58568fa51bff1905d695c43419c576ad264bb4b564639019ca307e39fad8ed3b31a174a
SSDEEP

6144:Q6eNbWKgbes/X0tZqFKsnY3PsKBfiMVa47zYDwx/AQe6wNlcINGv6Mqr3w:Q6P1PwqRnmPNBqQsDg4r7GAw

Score

1^/10

Malware Config

Signatures

Files

71f25db18a686f2a8798ea935c55ef69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

33ebb2dea9c7fa8fe67736568c8f1eb6

Code Sign

76:43:2d:6d:77:bf:0f:a5:46:b5:10:42:56:e7:9a:d5
Certificate

Issuer

CN=kolkrlhomuo

Not Before

02-12-2011 05:56

Not After

22-07-2017 22:00

Subject

CN=Loretusa

50:25:33:18:c8:bd:a3:96:99:80:ce:7b:58:3c:cf:d4:7a:f9:4e:bf
Signer

Actual PE Digest

50:25:33:18:c8:bd:a3:96:99:80:ce:7b:58:3c:cf:d4:7a:f9:4e:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

WindowFromPoint
OpenIcon
SetWindowPos
ShowOwnedPopups
GetParent
GetDlgItemInt

ole32

CoFreeLibrary
CoUnmarshalInterface
OleSetAutoConvert
CoMarshalHresult
CoLockObjectExternal
CoRegisterPSClsid

comctl32

CreatePropertySheetPageA
CreateToolbarEx

urlmon

CreateFormatEnumerator

shlwapi

StrCmpNA

kernel32

LoadLibraryA
HeapReAlloc
VirtualAlloc
GetOEMCP
LCMapStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LCMapStringW
GetACP
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapAlloc
IsBadReadPtr
GetSystemDefaultLangID
CreateFileA
GetModuleHandleA
GetProcAddress
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 213KB - Virtual size: 718KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33ebb2dea9c7fa8fe67736568c8f1eb6

Code Sign

76:43:2d:6d:77:bf:0f:a5:46:b5:10:42:56:e7:9a:d5Certificate

50:25:33:18:c8:bd:a3:96:99:80:ce:7b:58:3c:cf:d4:7a:f9:4e:bfSigner

Headers

File Characteristics

Imports

user32

ole32

comctl32

urlmon

shlwapi

kernel32

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 213KB - Virtual size: 718KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

76:43:2d:6d:77:bf:0f:a5:46:b5:10:42:56:e7:9a:d5
Certificate

50:25:33:18:c8:bd:a3:96:99:80:ce:7b:58:3c:cf:d4:7a:f9:4e:bf
Signer

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 213KB - Virtual size: 718KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB