8627c4009221a05f7a8dd1e49b3d6d95_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8627c4009221a05f7a8dd1e49b3d6d95_JaffaCakes118
Size

304KB
MD5

8627c4009221a05f7a8dd1e49b3d6d95
SHA1

dce16289d352c4992b4057a21739398f0845dafa
SHA256

3546a68abb4033cb227048d8c0a0315dfc7882f8f15b08c9549d019d7ea67685
SHA512

ed5429424de1fc0d467d31bd66feb886045f54345dff1a199d709f72ce897f5eaef8ae1c3635783e01f1bcd40a6064bfa3c30ae136ce7a482ba5d39fd40abb57
SSDEEP

6144:GJMPyXOiiKvkBsqnWl6x7RJLrZ5Rfuv8Tdsl1/c4:LPyYKvktWYrJfrRGv8TdsDc4

Score

1^/10

Malware Config

Signatures

Files

8627c4009221a05f7a8dd1e49b3d6d95_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4a4d1416f369859bfe004b3f99f86018

Code Sign

51:78:e1:b1:05:26:b0:44:b0:e2:12:df:12:77:4c:82
Certificate

Issuer

CN=14945335875126886954321784197886384435893992654578461892153839523749442648742773697745997453628633126565599741816685828213972226233885183965724811167929562

Not Before

22/01/2013, 04:36

Not After

31/12/2039, 23:59

Subject

CN=14945335875126886954321784197886384435893992654578461892153839523749442648742773697745997453628633126565599741816685828213972226233885183965724811167929562

Extended Key Usages

ExtKeyUsageCodeSigning

ae:5b:6b:d2:4f:d8:94:67:73:0e:36:6f:e5:7e:08:e2:44:55:1c:11
Signer

Actual PE Digest

ae:5b:6b:d2:4f:d8:94:67:73:0e:36:6f:e5:7e:08:e2:44:55:1c:11

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
ExitProcess

user32

LoadIconA
ShowWindow
UpdateWindow
LoadIconW
RegisterClassExA
LoadCursorA

gdi32

GetStockObject

advapi32

StartServiceW
ReportEventW
RegisterEventSourceW
RegOpenKeyExA
QueryServiceStatus
OpenServiceW
GetUserNameW

msvcrt

_XcptFilter
__CxxFrameHandler
__dllonexit
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
_adjust_fdiv
_c_exit
_cexit
_exit
_ftol
_initterm
_purecall
_vsnwprintf
_wcmdln
_wcsicmp
_wcslwr
_wcsnicmp
_wtoi
calloc
clearerr
exit
fclose
free
ftell
fwrite
isalpha
isspace
malloc
realloc
swprintf
swscanf
time
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcsrchr
wcsstr

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ata4
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ata3
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ata2
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a4d1416f369859bfe004b3f99f86018

Code Sign

51:78:e1:b1:05:26:b0:44:b0:e2:12:df:12:77:4c:82Certificate

Extended Key Usages

ae:5b:6b:d2:4f:d8:94:67:73:0e:36:6f:e5:7e:08:e2:44:55:1c:11Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 278KB - Virtual size: 277KB

.data Size: 10KB - Virtual size: 10KB

ata4 Size: 512B - Virtual size: 100B

ata3 Size: 512B - Virtual size: 100B

ata2 Size: 512B - Virtual size: 100B

ata Size: 512B - Virtual size: 100B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

51:78:e1:b1:05:26:b0:44:b0:e2:12:df:12:77:4c:82
Certificate

ae:5b:6b:d2:4f:d8:94:67:73:0e:36:6f:e5:7e:08:e2:44:55:1c:11
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 278KB - Virtual size: 277KB

.data
Size: 10KB - Virtual size: 10KB

ata4
Size: 512B - Virtual size: 100B

ata3
Size: 512B - Virtual size: 100B

ata2
Size: 512B - Virtual size: 100B

ata
Size: 512B - Virtual size: 100B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB