75457cc94b1d1dfa3f5d1aedc2edb044_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

75457cc94b1d1dfa3f5d1aedc2edb044_JaffaCakes118
Size

718KB
MD5

75457cc94b1d1dfa3f5d1aedc2edb044
SHA1

e78870f3807a89684085d605dcd57a06e7327125
SHA256

6eeffe540693418a107db3e7d2d9b72a54b2354aa6886b571272aa41f8cc8e0c
SHA512

13d39870b470332ee64c99e751fafbac6c7f47328563182b91d16c9b4095a29783a359f8152028a20f3a77a1f36f60d36de935d1d6cd7b75f61f2f5dbfb72cb9
SSDEEP

12288:73aQHbUTTxJ8an7xxpuGGLTmjAHsboeiNSNQzSkKfUK08pJXUZjv2qMZ:7nHbUTTIan7xxsdLTKGsaN8QzSkKMK/b

Score

1^/10

Malware Config

Signatures

Files

75457cc94b1d1dfa3f5d1aedc2edb044_JaffaCakes118
.dll windows:5 windows x86 arch:x86

452b00b0226360d99a5cc70b90921317

Code Sign

2f:d1:c7:a7:52:3b:42:7c:b0:a3:9c:c7:b4:3c:35:3d
Certificate

Issuer

CN=Advanced Micro Devices\, Inc.

Not Before

19/09/2014, 00:06

Not After

31/12/2039, 23:59

Subject

CN=Advanced Micro Devices\, Inc.

ec:4c:e1:54:92:5f:cd:c8:6e:d8:40:d4:0d:ad:c3:86:d7:0f:4a:64
Signer

Actual PE Digest

ec:4c:e1:54:92:5f:cd:c8:6e:d8:40:d4:0d:ad:c3:86:d7:0f:4a:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathStripPathW
StrToIntExA
StrStrIW
PathQuoteSpacesW
StrCmpW
PathFileExistsW
StrStrW
PathRemoveFileSpecW
StrToIntW
StrToIntA
PathAddBackslashW

psapi

GetModuleFileNameExW

kernel32

SetFilePointer
GetModuleHandleW
WriteFile
CreateFileW
FindFirstFileW
VirtualFree
TerminateThread
GetExitCodeProcess
VirtualAlloc
FindClose
OpenEventW
DeleteFileW
CreateThread
LoadLibraryA
HeapReAlloc
DeleteFileA
GetTempPathA
CloseHandle
GetCurrentThreadId
GetCurrentDirectoryA
GetTempFileNameA
GetLastError
ReadFile
InterlockedIncrement
GetFileSize
CreateFileA
FileTimeToDosDateTime
ExpandEnvironmentStringsW
lstrlenA
SetUnhandledExceptionFilter
SetErrorMode
CreateMutexW
LocalFree
lstrlenW
lstrcmpW
ReleaseMutex
SetCurrentDirectoryW
GetProcAddress
GetCurrentDirectoryW
MultiByteToWideChar
GetModuleFileNameW
LoadLibraryW
OpenProcess
GetSystemTimeAsFileTime
WaitForSingleObject
CreateProcessW
FreeLibrary
lstrcmpA
ExitProcess
LocalAlloc
FileTimeToLocalFileTime
Sleep
GetProcessHeap
HeapFree
HeapAlloc
GetTimeFormatA
GetModuleHandleA
lstrcmpiW
InterlockedDecrement
GetEnvironmentVariableW
SetHandleInformation
GetVersionExW
CreatePipe
GetCurrentProcess
GetComputerNameW
IsWow64Process
GetSystemTime
MapViewOfFile
UnmapViewOfFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateFileMappingW
DeleteCriticalSection
GetTickCount
CreateSemaphoreW
GetTempFileNameW
GetTempPathW
GetFullPathNameW
GetLocalTime
GetACP
SetEndOfFile
lstrcatW
EncodePointer
DecodePointer
ExitThread
InterlockedExchange
GetConsoleCP
GetConsoleMode
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
IsProcessorFeaturePresent
HeapSize
GetFileType
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
SetStdHandle
WriteConsoleW
HeapCreate
HeapDestroy
GetLocaleInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
InterlockedCompareExchange
GetDateFormatA
CompareStringW
GetTimeZoneInformation
SetEnvironmentVariableA
WideCharToMultiByte

advapi32

RegSetValueExW
RegCreateKeyExW
CryptReleaseContext
CryptDeriveKey
CryptAcquireContextW
CryptExportKey
CryptEncrypt
CryptGenRandom
CreateServiceW
CheckTokenMembership
CryptCreateHash
CryptGenKey
CryptDestroyKey
CryptDecrypt
CryptDestroyHash
CryptHashData
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
EnumServicesStatusExW
RegQueryValueExW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExW
GetUserNameW
CryptImportKey

shell32

ShellExecuteW
CommandLineToArgvW
ord680

oleaut32

VarBstrFromUI8
VariantInit
SysStringLen
VarBstrFromUI4
SysAllocString
SysFreeString
SysAllocStringByteLen
VarBstrFromR8
VariantClear
VarBstrFromI4

wininet

InternetQueryDataAvailable
InternetCloseHandle
HttpOpenRequestW
InternetOpenW
InternetReadFile
InternetSetOptionW
HttpSendRequestW
InternetConnectW

iphlpapi

GetAdaptersInfo

ws2_32

WSACleanup
WSAStartup
gethostname
gethostbyname

ole32

CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance

Exports

Exports

ADL2_Adapter_SupportedConnections_Get
ADL2_Display_DDCInfo_Get
ADL2_RemoteDisplay_IEPort_Set
ADL2_Workstation_ECC_Set
ADL_Adapter_DisplayAudioEndpoint_Mute
ADL_Overdrive5_PowerControl_Caps

Sections

.text
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

452b00b0226360d99a5cc70b90921317

Code Sign

2f:d1:c7:a7:52:3b:42:7c:b0:a3:9c:c7:b4:3c:35:3dCertificate

ec:4c:e1:54:92:5f:cd:c8:6e:d8:40:d4:0d:ad:c3:86:d7:0f:4a:64Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

kernel32

advapi32

shell32

oleaut32

wininet

iphlpapi

ws2_32

ole32

Exports

Exports

Sections

.text Size: 481KB - Virtual size: 481KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 55KB - Virtual size: 65KB

.reloc Size: 34KB - Virtual size: 33KB

2f:d1:c7:a7:52:3b:42:7c:b0:a3:9c:c7:b4:3c:35:3d
Certificate

ec:4c:e1:54:92:5f:cd:c8:6e:d8:40:d4:0d:ad:c3:86:d7:0f:4a:64
Signer

.text
Size: 481KB - Virtual size: 481KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 55KB - Virtual size: 65KB

.reloc
Size: 34KB - Virtual size: 33KB