73b9e88b3c08d71c3fceed98ea922057_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

73b9e88b3c08d71c3fceed98ea922057_JaffaCakes118
Size

23KB
MD5

73b9e88b3c08d71c3fceed98ea922057
SHA1

ec1c5576b37533e9350814209d83e080ca7d9275
SHA256

7416144b3d816e886002dfda82b4ed179d6ec95331eba9dfac400722426e5c5c
SHA512

cd8019e2284cd7713f56af3008b5f142ca14fb6d7c3c24e8dc9f9c9c5da5b1ef03eddb3bd6860ea85a067990b919e09581fccfce8ee9994746ff607bd149e6aa
SSDEEP

384:2GfJmbzGlMVdzBlZMTgz882wFgschh4WWieZW77:5DM/e85FgschhdeA

Score

1^/10

Malware Config

Signatures

Files

73b9e88b3c08d71c3fceed98ea922057_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1009c65e751f7f6839b3928fda0b45ab

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

Issuer

CN=eryf2w4v6y2w

Not Before

25/02/2012, 10:44

Not After

31/12/2039, 23:59

Subject

CN=eryf2w4v6y2w

Extended Key Usages

ExtKeyUsageCodeSigning

69:ba:b2:85:4a:76:49:4b:a3:86:3e:34:f0:33:fb:09:d9:ca:3d:29
Signer

Actual PE Digest

69:ba:b2:85:4a:76:49:4b:a3:86:3e:34:f0:33:fb:09:d9:ca:3d:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCommState
SetConsoleActiveScreenBuffer
SetConsoleWindowInfo
SetErrorMode
SetFileAttributesW
SetFilePointerEx
SetHandleCount
SetLocaleInfoW
SetProcessPriorityBoost
SetSystemPowerState
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeLabelW
SuspendThread
UnhandledExceptionFilter
UnlockFileEx
SetCommMask
VerLanguageNameA
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualLock
WaitCommEvent
WaitForDebugEvent
WriteConsoleInputW
WriteConsoleOutputCharacterA
WritePrivateProfileStructA
WritePrivateProfileStructW
WriteProfileSectionW
lstrcatW
lstrlenA
ReleaseMutex
ReadFile
ReadConsoleInputW
ReadConsoleInputA
QueueUserAPC
OpenSemaphoreW
MulDiv
MoveFileWithProgressA
MoveFileA
LeaveCriticalSection
IsDBCSLeadByte
IsBadWritePtr
IsBadHugeReadPtr
InterlockedDecrement
HeapSize
HeapLock
HeapDestroy
HeapCompact
GlobalGetAtomNameA
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetUserDefaultUILanguage
GetUserDefaultLCID
GetModuleHandleA
GetThreadPriority
GetThreadLocale
GetTapePosition
GetSystemInfo
GetQueuedCompletionStatus
GetProcessWorkingSetSize
GetPrivateProfileStructA
GetLogicalDriveStringsW
GetFullPathNameA
GetEnvironmentVariableW
GetEnvironmentStringsA
GetConsoleAliasExesLengthA
GetConsoleAliasExesA
GetCommProperties
GetBinaryTypeW
GetAtomNameW
GetAtomNameA
FlushFileBuffers
FindNextVolumeA
FindFirstVolumeW
FindFirstFileExA
FindFirstChangeNotificationW
ExitThread
EnumUILanguagesW
EnumSystemCodePagesA
EnumDateFormatsExA
EnumDateFormatsA
DeleteCriticalSection
CreateToolhelp32Snapshot
CreateProcessW
CreateFileMappingA
CreateFileA
CancelDeviceWakeupRequest
BuildCommDCBAndTimeoutsA
BindIoCompletionCallback
AddConsoleAliasA
AddAtomA
GetProcAddress
UpdateResourceW

msvcrt

memset

advapi32

RegOpenKeyExA

oleaut32

VarNeg
VarOr
VarR4FromDisp
VarR8FromCy
VarSu
VarUI1FromDate
VarUI1FromUI4
VarUI2FromBool
VarUI2FromCy
VarUI2FromI1
VarUI2FromUI1
VarUI4FromCy
VarUI4FromI4
VarUI4FromUI2
VarXor
VariantChangeType
VariantCopy
VariantTimeToDosDateTime
VarI4FromUI4
VarI2FromUI1
VarI2FromR4
VarI2FromDec
VarI1FromUI4
VarI1FromUI2
VarI1FromUI1
VarI1FromR4
VarI1FromDec
VarI1FromDate
VarI1FromBool
VarDecSu
VarDecNeg
VarDecMul
VarDecFromStr
VarDecFromR8
VarDecFromR4
VarDecFromI2
VarDecFromCy
VarDecFix
VarDateFromUdate
VarDateFromStr
VarDateFromDec
VarCySu
VarCyMul
VarCyFromUI4
VarCyFromR4
VarCyFromI2
VarCyFromI1
VarCyFromDec
VarCyFromDate
VarCyCmpR8
VarCyCmp
VarBstrFromUI2
VarBstrFromI1
VarBstrFromDate
VarBstrFromCy
VarBoolFromUI4
VarBoolFromR8
SafeArrayUnlock
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SafeArrayGetRecordInfo
SafeArrayGetIID
SafeArrayGetElement
SafeArrayGetDim
SafeArrayCreateVector
SafeArrayCopy
SafeArrayAllocDescriptorEx
QueryPathOfRegTypeLi
OleTranslateColor
OleLoadPictureFile
OleIconToCursor
OaBuildVersion
LPSAFEARRAY_UserMarshal
LHashValOfNameSysA
LHashValOfNameSys
GetRecordInfoFromTypeInfo
DispCallFunc
SysAllocStringByteLen

imm32

ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateIMCC
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineW
ImmGetIMCCLockCount
ImmAssociateContextEx
ImmGetIMEFileNameW
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetVirtualKey
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmReSizeIMCC
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetConversionStatus
ImmSetHotKey
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmGetIMCLockCount
ImmUnlockIMCC
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1009c65e751f7f6839b3928fda0b45ab

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2bCertificate

Extended Key Usages

69:ba:b2:85:4a:76:49:4b:a3:86:3e:34:f0:33:fb:09:d9:ca:3d:29Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 7KB - Virtual size: 6KB

.text1 Size: 1KB - Virtual size: 1KB

.text2 Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 108B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

69:ba:b2:85:4a:76:49:4b:a3:86:3e:34:f0:33:fb:09:d9:ca:3d:29
Signer

.text
Size: 7KB - Virtual size: 6KB

.text1
Size: 1KB - Virtual size: 1KB

.text2
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 108B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB