81f27dfa515989cde1be439ced3da1ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

81f27dfa515989cde1be439ced3da1ac_JaffaCakes118
Size

425KB
MD5

81f27dfa515989cde1be439ced3da1ac
SHA1

bf429b4bd23128a7042593217128808242d7dc50
SHA256

77774a283aad70b34edfe87f79d6a540d36074db0bfdfc305cc0459d90b9ee8a
SHA512

17d84e339717e8e147e3520135a2aaa89a571fc783f08f4264f5b21c148cd7dac263b536131949d8f678ad49fa1e312743ad1ada1fe606d56ce4e12581c3c924
SSDEEP

12288:tR9q9Yn2IHsWueK+5E7FbOg4gCROTWr9DDhal:tRcuf3KznBHWrNwl

Score

1^/10

Malware Config

Signatures

Files

81f27dfa515989cde1be439ced3da1ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c8735706fab7e18bde3cdf53c30ae003

Code Sign

14:2e:81:e2:6d:27:7e:5f:b2:16:f8:a6:bf:0e:7b:7c
Certificate

Issuer

CN=hvhcabsweuz

Not Before

29/01/2012, 17:08

Not After

31/12/2039, 23:59

Subject

CN=Largo

02:08:1c:ef:28:69:c9:13:3b:1f:11:d1:29:e8:c4:bc:ab:c9:1b:da
Signer

Actual PE Digest

02:08:1c:ef:28:69:c9:13:3b:1f:11:d1:29:e8:c4:bc:ab:c9:1b:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DialogBoxIndirectParamA
CloseWindow
BringWindowToTop
TileWindows
ChildWindowFromPointEx
EnumThreadWindows
ChildWindowFromPoint
GetForegroundWindow
GetLastActivePopup
SetForegroundWindow

ole32

CoInitialize
StgIsStorageILockBytes
StgCreatePropSetStg
CoCreateGuid
CLSIDFromString
FmtIdToPropStgName
FreePropVariantArray
CoReleaseServerProcess
WriteFmtUserTypeStg
OleCreateFromDataEx
CoTreatAsClass
GetRunningObjectTable
CreateOleAdviseHolder

oledlg

ord4
ord6
ord3
ord8
ord10
ord2
ord1
ord11
ord12
ord9
ord7

advapi32

RegOpenKeyA
RegReplaceKeyA
RegQueryInfoKeyA
RegFlushKey
RegEnumKeyExA

kernel32

GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetStringTypeW
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
SetLastError
GetEnvironmentVariableA
GetTickCount
QueryPerformanceCounter
SetHandleCount
WritePrivateProfileStructA
GetProcessHeap
LocalLock
WaitForMultipleObjects
SetThreadLocale
LocalAlloc
GetNumberFormatA
VirtualFreeEx
PulseEvent
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
WriteProfileStringA
GetProfileIntA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8735706fab7e18bde3cdf53c30ae003

Code Sign

14:2e:81:e2:6d:27:7e:5f:b2:16:f8:a6:bf:0e:7b:7cCertificate

02:08:1c:ef:28:69:c9:13:3b:1f:11:d1:29:e8:c4:bc:ab:c9:1b:daSigner

Headers

File Characteristics

Imports

user32

ole32

oledlg

advapi32

kernel32

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 404KB - Virtual size: 403KB

.data Size: 512B - Virtual size: 79KB

.rsrc Size: 5KB - Virtual size: 5KB

14:2e:81:e2:6d:27:7e:5f:b2:16:f8:a6:bf:0e:7b:7c
Certificate

02:08:1c:ef:28:69:c9:13:3b:1f:11:d1:29:e8:c4:bc:ab:c9:1b:da
Signer

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 404KB - Virtual size: 403KB

.data
Size: 512B - Virtual size: 79KB

.rsrc
Size: 5KB - Virtual size: 5KB