8943d06272dd2b0cf87a93fe04a42dd1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8943d06272dd2b0cf87a93fe04a42dd1_JaffaCakes118
Size

341KB
MD5

8943d06272dd2b0cf87a93fe04a42dd1
SHA1

d6f43adc4753ef226de0fb614385f411c2f09972
SHA256

1ae23546c9ef45b106ebe4bec2767b71a59855dafafa732374dfed2757d0c534
SHA512

06b76a9e4ad401bbce335e70ae5e5e0d928b57b31f1354327ca777fe6c12e376f7eff8a68575031cdc13d7217ed5720bc259905823d3fab5fcc6adb29a6cddef
SSDEEP

6144:UoXo5k6gk8D60t300TiHFi5G6AcqImAnBqi2Txtf9GQAfOj6AN2UZ:LX/6d8DB0yYWG6JZmAENxtf997jl2UZ

Score

1^/10

Malware Config

Signatures

Files

8943d06272dd2b0cf87a93fe04a42dd1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb99d197b7784e808ad24f871ee21d84

Code Sign

05:cb:aa:56:27:20:7b:49:bd:9f:88:52:00:e1:f0:a5
Certificate

Issuer

CN=dkmugjfgrno

Not Before

09/12/2011, 15:19

Not After

14/01/2022, 22:00

Subject

CN=Genopik

3c:97:48:80:b5:e9:51:76:c7:18:f1:e2:94:dc:07:cf:c1:cf:0e:30
Signer

Actual PE Digest

3c:97:48:80:b5:e9:51:76:c7:18:f1:e2:94:dc:07:cf:c1:cf:0e:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindow
IsZoomed
IsWindowUnicode
MessageBoxA

ole32

CoRegisterMallocSpy
CoReleaseMarshalData
GetRunningObjectTable
CreateClassMoniker
CoTreatAsClass
CoTaskMemRealloc

advapi32

RegOverridePredefKey
RegOpenKeyA
RegLoadKeyA
RegDeleteValueA

kernel32

MultiByteToWideChar
LoadLibraryA
GetOEMCP
LCMapStringA
GetCPInfo
WriteFile
RtlUnwind
LCMapStringW
GetStringTypeA
GetStringTypeW
GetACP
VirtualLock
SetEvent
DeleteCriticalSection
LocalFree
GetModuleHandleA
GetProcAddress
ExitProcess
GetLastError
HeapValidate
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 506KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cwm
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nimag
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb99d197b7784e808ad24f871ee21d84

Code Sign

05:cb:aa:56:27:20:7b:49:bd:9f:88:52:00:e1:f0:a5Certificate

3c:97:48:80:b5:e9:51:76:c7:18:f1:e2:94:dc:07:cf:c1:cf:0e:30Signer

Headers

File Characteristics

Imports

user32

ole32

advapi32

kernel32

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 506KB

cwm Size: 218KB - Virtual size: 217KB

nimag Size: 80KB - Virtual size: 79KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 3KB - Virtual size: 3KB

05:cb:aa:56:27:20:7b:49:bd:9f:88:52:00:e1:f0:a5
Certificate

3c:97:48:80:b5:e9:51:76:c7:18:f1:e2:94:dc:07:cf:c1:cf:0e:30
Signer

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 506KB

cwm
Size: 218KB - Virtual size: 217KB

nimag
Size: 80KB - Virtual size: 79KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 3KB - Virtual size: 3KB