829d4a95f2db34c695ac1a5f06bfe050_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

829d4a95f2db34c695ac1a5f06bfe050_JaffaCakes118
Size

284KB
MD5

829d4a95f2db34c695ac1a5f06bfe050
SHA1

487a0c45611ddc440411ebd931b213fad2bf346a
SHA256

3723c6b7f6b1446da170e055dbbb4c048e07001ab838d16648a6b06f014f439b
SHA512

7743308dd12d36364c9d7a1ef973a60faf82ee6b0fbba5ca7549b6a551fc4a3bb538c17acda3d977e7a878b363934c472dc5070eece736a352feceedc4b544eb
SSDEEP

6144:8jJQFdnwLtxP+jHR8h2Rao9LyFsvNbi/O1Pr/V9P3I5:MQbMxP+jHRzXLyFsFbgOBN

Score

1^/10

Malware Config

Signatures

Files

829d4a95f2db34c695ac1a5f06bfe050_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1af7e60b192e89cea24f08ff5566271

Code Sign

18:05:63:bd:39:7c:e9:84:4e:45:32:64:33:d8:14:6a
Certificate

Issuer

CN=SDOkUGUnMWwv

Not Before

15-03-2012 10:39

Not After

31-12-2039 23:59

Subject

CN=SDOkUGUnMWwv

Extended Key Usages

ExtKeyUsageCodeSigning

0c:2f:00:87:c3:63:ca:0b:2e:ea:ac:68:83:67:0f:bc:21:2b:8c:77
Signer

Actual PE Digest

0c:2f:00:87:c3:63:ca:0b:2e:ea:ac:68:83:67:0f:bc:21:2b:8c:77

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
CreateFileA
lstrlenA
lstrcpyA
VirtualAlloc

advapi32

RegOpenKeyExW
RegisterServiceCtrlHandlerExA
GetTokenInformation
SetNamedSecurityInfoExA
ElfChangeNotify
AccessCheckAndAuditAlarmW
ElfOpenEventLogA
GetSidLengthRequired
CryptHashSessionKey
ConvertSDToStringSDRootDomainW
ElfRegisterEventSourceA
GetNamedSecurityInfoW
BuildTrusteeWithNameA
RegisterTraceGuidsA
BackupEventLogA
CopySid
ElfNumberOfRecords
RegQueryValueExA
LsaQueryTrustedDomainInfoByName
RegEnumKeyW
EncryptFileW
RegisterServiceCtrlHandlerW
LsaICLookupSids
DecryptFileA
NotifyChangeEventLog
DuplicateToken
CryptReleaseContext
OpenBackupEventLogW
ElfRegisterEventSourceW
ImpersonateNamedPipeClient
LsaICLookupNames
EncryptFileA
SystemFunction013
WriteEncryptedFileRaw
SystemFunction006
LookupPrivilegeNameA
CloseEncryptedFileRaw
EnumDependentServicesW
BuildTrusteeWithNameW
AbortSystemShutdownW
SystemFunction027
RegQueryValueW
RegisterEventSourceA
RegSetValueExW
FileEncryptionStatusW
LsaSetSystemAccessAccount
LsaSetSecret
GetAccessPermissionsForObjectW
AccessCheckByTypeResultList
SystemFunction012
LsaEnumeratePrivilegesOfAccount
GetTraceEnableLevel
GetSidSubAuthorityCount
GetUserNameW
SystemFunction019
RegQueryMultipleValuesW
RegFlushKey
RegQueryMultipleValuesA
RegSetValueExA
RemoveTraceCallback
ConvertSecurityDescriptorToAccessNamedA
LsaSetQuotasForAccount
GetTraceLoggerHandle
GetTraceEnableFlags
LsaRetrievePrivateData
GetOldestEventLogRecord
ElfBackupEventLogFileA
BuildImpersonateTrusteeA
GetServiceKeyNameW
CreateServiceW
CryptVerifySignatureW
OpenServiceW
BuildTrusteeWithSidA
GetAce
SystemFunction008
AllocateAndInitializeSid
QueryUsersOnEncryptedFile
CryptSetProviderW
SetEntriesInAuditListA
LsaOpenTrustedDomain
QueryServiceConfig2A
StartServiceW
RegDeleteKeyW
ChangeServiceConfigW
DeleteService
ElfClearEventLogFileA
LookupAccountNameA
CryptExportKey
RegUnLoadKeyW
QueryServiceConfig2W
LsaSetTrustedDomainInfoByName

shell32

SHCreateProcessAsUserW
SHGetSettings
DoEnvironmentSubstA
ShellHookProc
SHGetFileInfoW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationA
SHCreateDirectoryExW
ExtractAssociatedIconA
ShellAboutW
SHGetFolderPathW
SHGetSpecialFolderLocation
DuplicateIcon
SHGetFolderLocation
ExtractIconW
SHGetSpecialFolderPathW
SHGetFileInfoA
SHGetDiskFreeSpaceExA
SHBindToParent
ShellExecuteW
ExtractAssociatedIconExW
CommandLineToArgvW
SHGetPathFromIDList
SHGetDataFromIDListA
Shell_NotifyIconA
SHIsFileAvailableOffline
Shell_NotifyIcon
SHCreateDirectoryExA
ExtractIconExA
Shell_NotifyIconW
SHAppBarMessage
SHInvokePrinterCommandW
SHFreeNameMappings
SHPathPrepareForWriteA
DragQueryPoint
ShellExecuteA
SHGetDiskFreeSpaceA
DragQueryFileAorW
SHLoadInProc
SHGetDiskFreeSpaceExW
ExtractIconEx
DragQueryFileA
SHFileOperationW
SHEmptyRecycleBinW
SHGetDataFromIDListW
SHQueryRecycleBinW
DoEnvironmentSubstW
ShellAboutA
SHBrowseForFolderA

shlwapi

StrRChrA
StrCmpNIA
StrChrIW
StrStrA
StrStrW
StrStrIW
StrRChrIW
StrCmpNA
StrStrIA
StrRChrIA
StrChrIA
StrRStrIW

comctl32

CreateStatusWindowW
ord3
ImageList_ReplaceIcon
ord4
ord6
CreatePropertySheetPageA
ImageList_SetImageCount
InitCommonControlsEx
FlatSB_SetScrollInfo
ord13
PropertySheetW
ImageList_DragMove
ImageList_LoadImage
ImageList_Create
ImageList_Destroy
FlatSB_GetScrollPos
FlatSB_SetScrollPos
ImageList_SetDragCursorImage
ImageList_Write
ImageList_GetBkColor
ImageList_Merge
ImageList_AddIcon
ImageList_GetImageRect
CreateStatusWindow
ImageList_DragShowNolock
PropertySheetA
GetMUILanguage
FlatSB_GetScrollInfo
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_BeginDrag
FlatSB_GetScrollProp
CreatePropertySheetPageW
ImageList_GetImageInfo
CreatePropertySheetPage
ImageList_SetFilter
ord7
FlatSB_SetScrollRange
ImageList_Remove
FlatSB_ShowScrollBar
ord2
DestroyPropertySheetPage
ImageList_GetDragImage
FlatSB_GetScrollRange
DrawStatusTextW
ImageList_Duplicate
ImageList_DrawEx
ImageList_Replace
ImageList_SetOverlayImage
ImageList_GetIcon
ImageList_Add
ord14
ImageList_DragLeave
FlatSB_EnableScrollBar
ImageList_DrawIndirect
ImageList_EndDrag

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1af7e60b192e89cea24f08ff5566271

Code Sign

18:05:63:bd:39:7c:e9:84:4e:45:32:64:33:d8:14:6aCertificate

Extended Key Usages

0c:2f:00:87:c3:63:ca:0b:2e:ea:ac:68:83:67:0f:bc:21:2b:8c:77Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 3KB - Virtual size: 3KB

.data2 Size: 2KB - Virtual size: 1KB

.data Size: 273KB - Virtual size: 272KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

18:05:63:bd:39:7c:e9:84:4e:45:32:64:33:d8:14:6a
Certificate

0c:2f:00:87:c3:63:ca:0b:2e:ea:ac:68:83:67:0f:bc:21:2b:8c:77
Signer

.text
Size: 3KB - Virtual size: 3KB

.data2
Size: 2KB - Virtual size: 1KB

.data
Size: 273KB - Virtual size: 272KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB