76a8b23a81dd68a39fe9b412be5c309d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

76a8b23a81dd68a39fe9b412be5c309d_JaffaCakes118
Size

308KB
MD5

76a8b23a81dd68a39fe9b412be5c309d
SHA1

4a58a21d1cf2e8013d4e945ef5559b9cc17723a0
SHA256

fb8458dac98bf6c2ffa1f155ab554c01bb49e5c20893860d6bbe92e89dca773d
SHA512

b6b2991709851c948be4d8c91b42e1450e3d76972d01947da5a0b18c572c7d04639a21b96bfeb15ccd58863185baf9e4681e14ba5bce2469ed449133387f694b
SSDEEP

6144:H6h9/518oqZdOashvLHRmx1ycy4Aa31ZJOrJ27A2zdUWI+Jiu+e9:H6h9xzqZsashvLH2urXrJ0zVIcR

Score

1^/10

Malware Config

Signatures

Files

76a8b23a81dd68a39fe9b412be5c309d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

274210020744b55b83e153b11b9168b6

Code Sign

3a:db:3d:b1:a9:03:4e:45:b8:41:47:0b:ed:13:f0:d1
Certificate

Issuer

CN=7Tltl41ROBKK

Not Before

17-03-2012 06:09

Not After

31-12-2039 23:59

Subject

CN=7Tltl41ROBKK

Extended Key Usages

ExtKeyUsageCodeSigning

4b:d6:76:d8:97:94:c0:ce:28:a0:aa:84:23:26:6d:1a:89:a2:a6:84
Signer

Actual PE Digest

4b:d6:76:d8:97:94:c0:ce:28:a0:aa:84:23:26:6d:1a:89:a2:a6:84

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsA
LoadLibraryA
GetProcAddress
LoadLibraryW
GetWindowsDirectoryA
lstrlenA
lstrcpyA
CreateFileA
SetFilePointerEx
InterlockedIncrement
EnumSystemLanguageGroupsA
LocalAlloc
GetDateFormatA
GetPriorityClass
SetEndOfFile
GetModuleFileNameA
CreateNamedPipeW
ScrollConsoleScreenBufferA
GetConsoleAliasExesA
FindFirstVolumeMountPointW
WriteConsoleInputW
GetAtomNameW
GetThreadTimes
QueueUserAPC
GetFullPathNameA
AddAtomW
CreateFileW
GetTapePosition
FindFirstChangeNotificationW
GetLocaleInfoA
QueryDosDeviceW
_llseek
SetConsoleOutputCP
WriteProfileStringW
Heap32ListFirst
AddAtomA
HeapCreate
ClearCommError
SetStdHandle
SetTapeParameters
lstrcpyW
LoadResource
CreateTimerQueue
EraseTape
ClearCommBreak
GetSystemTime
SetVolumeLabelW
CreateWaitableTimerW
GetDevicePowerState
GetStdHandle
SetThreadExecutionState
LocalShrink
GlobalAddAtomA
GetConsoleAliasesLengthW
GetSystemInfo
EndUpdateResourceA
lstrcmp
GetConsoleScreenBufferInfo
SetThreadIdealProcessor
SwitchToThread
WriteConsoleOutputA
TlsSetValue
FlushConsoleInputBuffer
DnsHostnameToComputerNameA
GlobalFindAtomA
RtlUnwind
GetVersionExA
ReadConsoleOutputA
WritePrivateProfileStructA
EnumDateFormatsA
OpenMutexA
OpenJobObjectA
CreateTimerQueueTimer
SetConsoleMode
GetCurrentDirectoryW
SetCommState
GetNamedPipeHandleStateW
MoveFileA
ConvertThreadToFiber
_hwrite
GetStartupInfoW
SetInformationJobObject
GetHandleInformation
GetFileTime
EnumTimeFormatsA
Heap32Next
WaitForSingleObject
ConvertDefaultLocale
GetPrivateProfileSectionA
GetVolumeNameForVolumeMountPointW
CreateRemoteThread
GetCommandLineA
IsBadWritePtr
ReadFileScatter
SetCriticalSectionSpinCount
CreateToolhelp32Snapshot
GetEnvironmentStringsA
FindNextVolumeMountPointW
LocalFlags
GetLogicalDrives
SetConsoleCursor
GlobalUnfix

user32

TrackMouseEvent
InvalidateRect
SendMessageA
GetClientRect
InsertMenuA
TrackPopupMenuEx
CallMsgFilterA
FreeDDElParam
LookupIconIdFromDirectoryEx
GetMessagePos
PostMessageA
GetScrollRange
FindWindowA
GetUserObjectInformationW
CharToOemW
SetThreadDesktop
ChangeMenuW
GetCapture
SendDlgItemMessageW
SetUserObjectInformationA
CharUpperW
DlgDirListComboBoxA
GetNextDlgGroupItem
CreateDialogParamA
DdePostAdvise
DdeGetLastError
KillTimer
ScreenToClient
WaitMessage
EnumClipboardFormats
DrawFrame
DdeClientTransaction
DlgDirSelectExW
ModifyMenuW
GetUserObjectInformationA
CharPrevExA
EnumDesktopWindows
GetWindow
WINNLSGetEnableStatus
CreateDialogParamW
SetCaretPos
SetDebugErrorLevel
SetParent
EnableMenuItem
PeekMessageW
SetScrollRange
GetTabbedTextExtentA
FlashWindow
GetClassLongW
WindowFromDC
LoadImageW
InflateRect
DestroyAcceleratorTable
SetWindowsHookExW
CharToOemBuffW
GetWindowContextHelpId
ShowWindowAsync
CreateIconIndirect
AppendMenuW
CopyIcon
AdjustWindowRect
DdeFreeStringHandle
GetSystemMetrics
CheckDlgButton
GetAsyncKeyState
UnregisterDeviceNotification
GetClipboardSequenceNumber
InvertRect
GetMenuStringA
DrawTextExA
GetDlgItemInt
DrawAnimatedRects
LockSetForegroundWindow
BeginDeferWindowPos
EnableScrollBar
MenuItemFromPoint
SetDlgItemTextW
EnableWindow
SetWindowPos
MoveWindow
DragDetect
SetClassLongA
GetMonitorInfoA
UnloadKeyboardLayout
WINNLSGetIMEHotkey
CallWindowProcW
DrawTextExW
GetListBoxInfo
MessageBoxExA
DrawMenuBar
GetSubMenu
GetWindowTextW

shell32

FindExecutableW
SHAddToRecentDocs
SHIsFileAvailableOffline
SHAppBarMessage
Shell_NotifyIconW
ExtractAssociatedIconW
SHGetPathFromIDListW
SHFileOperationW
SHBindToParent
SHFormatDrive
SHCreateProcessAsUserW
WOWShellExecute
SHGetFileInfoW
SHGetFolderPathW
SHGetDiskFreeSpaceA
ShellExecuteEx
ShellExecuteW
Shell_NotifyIconA
SHGetDesktopFolder
SHInvokePrinterCommandA
SHPathPrepareForWriteA
ShellExecuteExW
SHQueryRecycleBinA
SHEmptyRecycleBinW
SHGetSpecialFolderLocation
SHFreeNameMappings
ShellExecuteExA
SHGetDiskFreeSpaceExA
SHCreateDirectoryExA
SHGetPathFromIDList
ShellAboutW
SHBrowseForFolderW
SHEmptyRecycleBinA
ExtractIconA
SHGetSettings
SHBrowseForFolder
SHFileOperation
ExtractAssociatedIconExW
ShellHookProc
SHGetSpecialFolderPathW
SHGetFolderPathA
DragQueryFileA
SHLoadNonloadedIconOverlayIdentifiers
DoEnvironmentSubstW
DragQueryFile
SHFileOperationA
SHChangeNotify
ExtractAssociatedIconExA
CommandLineToArgvW
SHGetDiskFreeSpaceExW
SHLoadInProc
SHGetDataFromIDListW
DragFinish
ExtractIconEx

ole32

HMETAFILEPICT_UserFree
HMENU_UserMarshal
CoGetCancelObject
StgGetIFillLockBytesOnILockBytes
OleCreate
CoInitialize
OleMetafilePictFromIconAndLabel
CoFileTimeToDosDateTime
HICON_UserMarshal
HMENU_UserFree
CoIsHandlerConnected
WriteClassStm
StringFromIID
OleRun
HGLOBAL_UserFree
CreatePointerMoniker
CoAllowSetForegroundWindow
HACCEL_UserMarshal
CoGetInterfaceAndReleaseStream
OleLockRunning
OleDraw
OleLoadFromStream
HENHMETAFILE_UserUnmarshal
CoGetClassVersion
ReadStringStream
HkOleRegisterObject
WriteClassStg
CoInstall
OleIsRunning
CoQueryReleaseObject
CoRegisterMallocSpy
OleConvertOLESTREAMToIStorage
StgGetIFillLockBytesOnFile
WriteFmtUserTypeStg
OleCreateLinkEx
OleCreateLink
BindMoniker
HICON_UserFree
UtGetDvtd32Info
GetHGlobalFromILockBytes
StgOpenStorage
HBRUSH_UserMarshal
CreateObjrefMoniker
HDC_UserSize
CoUninitialize
SNB_UserMarshal
PropVariantCopy
CreateDataCache
CreateStdProgressIndicator
OleConvertIStorageToOLESTREAMEx
ProgIDFromCLSID
CoFileTimeNow
CoSetCancelObject
OleFlushClipboard
CoGetMalloc
OleRegEnumVerbs
CreateItemMoniker
CreateAntiMoniker
CoTaskMemRealloc
ReadClassStg
CreateStreamOnHGlobal
OleInitialize
OleGetIconOfClass
StgIsStorageFile
CoInitializeSecurity
CoAddRefServerProcess
CoInitializeWOW
CoFreeLibrary
CoTaskMemFree
CoTreatAsClass
OleDestroyMenuDescriptor
CoGetCurrentProcess
CoCancelCall
CoCreateInstance
StgCreateDocfileOnILockBytes
OleSave
DoDragDrop
HGLOBAL_UserSize
HICON_UserSize
HICON_UserUnmarshal
OleCreateDefaultHandler
WdtpInterfacePointer_UserSize
CoDisconnectObject
CoGetTreatAsClass
UtGetDvtd16Info
CoRevokeMallocSpy
UtConvertDvtd16toDvtd32
GetClassFile

oleaut32

VarDateFromI1
VarDecFromStr
VarBoolFromUI1
LoadRegTypeLi
VarFormatNumber
VarUI2FromDec
VarBstrFromI2
VarUI2FromDisp
VarUI1FromUI2
VarCyFromI4
VarUI4FromI2
VarR4FromDisp
RevokeActiveObject
VarOr
VarCyFromI1
VarDecFromBool
BSTR_UserMarshal
SafeArrayGetUBound
VarR4FromUI1
VarDateFromI2
VarMul
VarR8FromR4
VariantInit
VarDecNeg
ClearCustData
VarCat
VarI4FromI2
OleCreatePictureIndirect
VARIANT_UserMarshal
SafeArrayCopyData
SysStringLen
VarDateFromCy
VarI1FromR4
VarBoolFromDate
DispGetIDsOfNames
SafeArraySetRecordInfo
VarR4FromBool
SafeArrayLock
OleTranslateColor
VarR8FromDate
VarUI1FromR4
VarR8FromStr
VarUI2FromDate
VarR8FromUI4
VarR4FromUI2
VarI4FromBool
BSTR_UserSize
LPSAFEARRAY_Unmarshal
VarI1FromUI2
VarUI2FromUI1
VarDateFromUdateEx
VarUI4FromDec
QueryPathOfRegTypeLi
VarBstrFromI4
VarDecFromI2
DispInvoke
VarCyFix
VarCyAdd
SafeArrayAllocData
BSTR_UserFree
VarI4FromDisp
SafeArrayUnaccessData
VarUI1FromDisp
VarUI1FromI4
OleCreatePropertyFrame
VarUI2FromR8
VarR8FromI4
VarDateFromStr
VarR8FromCy
VarCyInt
VarDateFromUI2
VARIANT_UserSize
VarUI1FromCy
VarDateFromI4
VarI1FromCy
VarI2FromDate
VarDateFromR4
SafeArrayGetDim
VarBstrCmp

shlwapi

StrChrA
StrCmpNIA
StrCmpNW
StrStrA
StrRChrA
StrCmpNA
StrRStrIW
StrCmpNIW
StrRChrIW
StrStrIW

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dd1
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dd2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

274210020744b55b83e153b11b9168b6

Code Sign

3a:db:3d:b1:a9:03:4e:45:b8:41:47:0b:ed:13:f0:d1Certificate

Extended Key Usages

4b:d6:76:d8:97:94:c0:ce:28:a0:aa:84:23:26:6d:1a:89:a2:a6:84Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 293KB - Virtual size: 293KB

dd1 Size: 1024B - Virtual size: 1000B

dd2 Size: 1024B - Virtual size: 1000B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

3a:db:3d:b1:a9:03:4e:45:b8:41:47:0b:ed:13:f0:d1
Certificate

4b:d6:76:d8:97:94:c0:ce:28:a0:aa:84:23:26:6d:1a:89:a2:a6:84
Signer

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 293KB - Virtual size: 293KB

dd1
Size: 1024B - Virtual size: 1000B

dd2
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB