8c74b0868e50ce976955c0ca61a14e9e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c74b0868e50ce976955c0ca61a14e9e_JaffaCakes118
Size

68KB
MD5

8c74b0868e50ce976955c0ca61a14e9e
SHA1

0280102bf48a2c4c7987507ccea587e3d34fba94
SHA256

db571c65621b342acd2bd9f885bd5a019f0ebc1296857e620e29d2ac4bb64e76
SHA512

4e9e1d63874e7eb63b7b4c1bc201bdb29f0c78fba7459cee25fbfe102425eb659deb36c0d6983bc0e673b4f6bc8eed6ec1d5b51f0b44b58c441407f2278fbb2a
SSDEEP

768:4+rwalQCpV0g73iEw46OlKyf8wAvClOzKQZSJD6Qcks0Kqj1rrt5fXB6vVxakAMb:4BajV13iQpf8vv7qD4gBnhkAMRoxSE8

Score

1^/10

Malware Config

Signatures

Files

8c74b0868e50ce976955c0ca61a14e9e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c807aa49037dc7654b9885bdfe35e357

Code Sign

46:e8:e0:75:4e:c9:63:97:4f:b2:1e:a7:5d:60:44:18
Certificate

Issuer

CN=Root Agency

Not Before

06/04/2011, 03:21

Not After

31/12/2039, 23:59

Subject

CN=Microsoft Corporation,OU=WWW.CeleWare.NET,O=CeleWare.NET,1.2.840.113549.1.9.1=#1300

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa
gethostbyname
sendto
htons
bind
socket
closesocket
inet_addr
WSAAsyncSelect
connect
WSAGetLastError
send
recv
gethostname

mfc42

ord941
ord3319
ord1980
ord536
ord3178
ord640
ord2414
ord2405
ord5785
ord1640
ord323
ord2860
ord4204
ord5710
ord3311
ord5683
ord3318
ord5773
ord5651
ord3127
ord3616
ord3663
ord5186
ord350
ord354
ord3790
ord926
ord1105
ord6648
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord2764
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord2514
ord2621
ord1247
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord1576
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord324
ord4234
ord6199
ord4299
ord4710
ord2379
ord755
ord470
ord6215
ord4278
ord5856
ord2781
ord3181
ord4058
ord1175
ord287
ord6139
ord1168
ord610
ord1158
ord2919
ord5572
ord924
ord356
ord2770
ord353
ord5442
ord1979
ord665
ord668
ord5356
ord6385
ord4129
ord939
ord2818
ord268
ord389
ord5207
ord1988
ord690
ord1567
ord823
ord3229
ord5204
ord6881
ord6657
ord3811
ord825
ord540
ord537
ord858
ord800
ord860
ord535
ord922
ord2915
ord3147
ord4441

msvcrt

__getmainargs
_acmdln
_initterm
_XcptFilter
_exit
_setmbcp
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
exit
_controlfp
__CxxFrameHandler
sprintf
_stricmp
??1type_info@@UAE@XZ
_except_handler3
_onexit
__dllonexit
?terminate@@YAXXZ

kernel32

DeleteFileA
CreateFileA
CloseHandle
GetLastError
OpenProcess
CreateDirectoryA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetSystemDirectoryA
GetTempPathA
Sleep
SetFileAttributesA
LoadLibraryA
GetCurrentThread
TerminateThread
GetExitCodeThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalMemoryStatus
GetComputerNameA
GetVersionExA
GetModuleHandleA
GetStartupInfoA
SetVolumeLabelA
FindClose
FindFirstFileA
GetModuleFileNameA
GetCurrentThreadId
GetProcAddress
GetLongPathNameA
GetWindowsDirectoryA
GetCurrentProcess
FreeLibrary
GetDriveTypeA
CreateMutexA

user32

GetMessageA
PostThreadMessageA
GetInputState
PostMessageA
SetTimer
SetWindowLongA
GetIconInfo
DestroyIcon
SendMessageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
KillTimer
EnableWindow
IsWindow
LoadIconA

gdi32

GetBitmapBits
CreateDCA
CreateCompatibleDC
GetPixel
GetObjectA

advapi32

DeleteService
RegDeleteValueA
RegOpenKeyExA
GetUserNameA
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA
SHFileOperationA
ExtractIconExA
SHGetFileInfoA

avicap32

capCreateCaptureWindowA

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c807aa49037dc7654b9885bdfe35e357

Code Sign

46:e8:e0:75:4e:c9:63:97:4f:b2:1e:a7:5d:60:44:18Certificate

Signer

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

avicap32

psapi

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 4KB

46:e8:e0:75:4e:c9:63:97:4f:b2:1e:a7:5d:60:44:18
Certificate

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB