7361a7f6b1f56cfa70756156008f5fda_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7361a7f6b1f56cfa70756156008f5fda_JaffaCakes118
Size

22KB
MD5

7361a7f6b1f56cfa70756156008f5fda
SHA1

3ef96440ea0d1c6d38867dddf80b9ac6d07b4b8d
SHA256

5e275bac8c990acba4824961f241f1e2668c9dd15bc99535a1abde2f47fd30af
SHA512

63f142a1607fd48c6b014c63805264a33b5df626ea47fb5140820d78867a6c8d3fbdd25c1091a711f97d2aac8864a3aa374ac3561a848da5a740612d322d3a6b
SSDEEP

384:VAI41nI3CW6NhT+HZUQ5ifW3FTdU1thh4WWieZWd7f:+IWYCWaT+HOQYfsdU1thhde2

Score

1^/10

Malware Config

Signatures

Files

7361a7f6b1f56cfa70756156008f5fda_JaffaCakes118
.exe windows:5 windows x86 arch:x86

17efbe149bd66984deddacdc20981586

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

Issuer

CN=eryf2w4v6y2w

Not Before

25/02/2012, 10:44

Not After

31/12/2039, 23:59

Subject

CN=eryf2w4v6y2w

Extended Key Usages

ExtKeyUsageCodeSigning

52:03:9e:08:b8:7b:8a:ac:48:50:5a:bc:b0:e8:7e:8d:5d:bc:1e:43
Signer

Actual PE Digest

52:03:9e:08:b8:7b:8a:ac:48:50:5a:bc:b0:e8:7e:8d:5d:bc:1e:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomW
GlobalFlags
GlobalSize
Heap32Next
HeapCompact
HeapLock
InitializeCriticalSectionAndSpinCount
IsBadCodePtr
LeaveCriticalSection
LocalAlloc
LockResource
MapViewOfFile
MapViewOfFileEx
OutputDebugStringW
PeekConsoleInputA
PrepareTape
Process32NextW
QueryPerformanceFrequency
ReadConsoleOutputA
ReadConsoleOutputCharacterA
ReleaseMutex
ScrollConsoleScreenBufferA
SetComputerNameExW
SetConsoleTitleW
SetEvent
GetWindowsDirectoryA
SetFilePointer
SetLocaleInfoW
SetNamedPipeHandleState
SetPriorityClass
SetThreadContext
SetTimeZoneInformation
SetTimerQueueTimer
SetupComm
SwitchToFiber
SystemTimeToFileTime
TerminateJobObject
TlsFree
TransmitCommChar
VerLanguageNameW
WaitForDebugEvent
WriteConsoleOutputCharacterW
WriteConsoleOutputW
WriteTapemark
_lclose
_lopen
lstrcatW
lstrcmp
lstrcmpW
lstrcpyA
GetVersion
GetThreadTimes
GetSystemTimeAsFileTime
GetSystemTime
GetSystemDefaultLangID
GetStringTypeW
GetStringTypeExW
GetProcessVersion
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetLocaleInfoW
GetLocaleInfoA
GetLargestConsoleWindowSize
GetFileTime
GetCurrentProcessId
GetCurrentProcess
GetCurrencyFormatA
GetConsoleAliasW
GetModuleHandleA
GetComputerNameW
GetAtomNameA
FormatMessageW
FindNextVolumeMountPointA
FillConsoleOutputAttribute
FatalExit
EnumUILanguagesW
EnumUILanguagesA
EnumSystemCodePagesA
EnumResourceTypesA
EnumDateFormatsExA
EnumCalendarInfoExA
DebugBreak
CreateProcessW
CreateJobObjectA
CreateEventA
CopyFileExW
ClearCommError
BuildCommDCBW
GetProcAddress
SetFileApisToOEM

msvcrt

memset

advapi32

RegOpenKeyExA

oleaut32

VarBstrFromCy
VarBstrFromDate
VarBstrFromR8
VarBstrFromUI2
VarCyCmpR8
VarCyFromI2
VarCyFromI4
VarCyFromR8
VarCyNeg
VarDateFromI1
VarDateFromUdate
VarDecCmp
VarDecFromI1
VarDecNeg
VarDecRound
VarI1FromCy
VarI1FromDisp
VarI2FromCy
VarI2FromR4
VarI2FromStr
VarI2FromUI1
VarI4FromI2
VarI4FromUI2
VarI4FromUI4
VarInt
VarPow
VarR4FromCy
VarR4FromDec
VarR4FromI1
VarR8FromBool
VarR8FromCy
VarR8FromDisp
VarR8FromStr
VarR8FromUI1
VarUI1FromCy
VarUI1FromDec
VarUI1FromR8
VarUI1FromUI4
VarUI2FromDate
VarUI2FromDisp
VarUI2FromI2
VarUI2FromI4
VarUI2FromStr
VarUI2FromUI1
VarUI4FromBool
VarUI4FromCy
VarUI4FromUI1
VarUdateFromDate
VariantChangeTypeEx
VariantInit
VariantTimeToSystemTime
VarBstrCmp
VarBstrCat
VarBoolFromUI2
VarBoolFromI1
VarBoolFromDisp
VarBoolFromDec
VARIANT_UserSize
UnRegisterTypeLi
SysStringLen
SysAllocString
SetErrorInfo
SafeArrayUnaccessData
SafeArraySetIID
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetVartype
SafeArrayDestroyDescriptor
SafeArrayCopyData
SafeArrayCopy
SafeArrayAllocDescriptor
RevokeActiveObject
OleTranslateColor
OleLoadPicture
OleIconToCursor
OleCreatePictureIndirect
OleCreateFontIndirect
LoadTypeLibEx
LPSAFEARRAY_UserMarshal
GetRecordInfoFromTypeInfo
GetErrorInfo
GetAltMonthNames
DispInvoke
DispCallFunc
BstrFromVector
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserFree
QueryPathOfRegTypeLi

imm32

ImmDestroyContext
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumRegisterWordW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetConversionListA
ImmGetConversionStatus
ImmGetDescriptionW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmCreateContext
ImmGetImeMenuItemsW
ImmGetRegisterWordStyleA
ImmGetVirtualKey
ImmInstallIMEA
ImmIsUIMessageW
ImmLockIMC
ImmNotifyIME
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetConversionStatus
ImmGetImeMenuItemsA
ImmSetOpenStatus
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17efbe149bd66984deddacdc20981586

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2bCertificate

Extended Key Usages

52:03:9e:08:b8:7b:8a:ac:48:50:5a:bc:b0:e8:7e:8d:5d:bc:1e:43Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 6KB - Virtual size: 5KB

.text1 Size: 1024B - Virtual size: 1004B

.text2 Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 180B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

52:03:9e:08:b8:7b:8a:ac:48:50:5a:bc:b0:e8:7e:8d:5d:bc:1e:43
Signer

.text
Size: 6KB - Virtual size: 5KB

.text1
Size: 1024B - Virtual size: 1004B

.text2
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 180B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB