8949d0781d68bc6a0ebe7e6e88c095fa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8949d0781d68bc6a0ebe7e6e88c095fa_JaffaCakes118
Size

215KB
MD5

8949d0781d68bc6a0ebe7e6e88c095fa
SHA1

05fd3dee3138e9b03508b5f155cc84dd024223f6
SHA256

3c93a33d7a6ae6e77e7c0c90456959c5611d8901a141d97d1a63a3b59acf87e8
SHA512

d4381610b8609fdd2e898a4e5ee56118c283576e7e5ba8eee49b6bb5f0863ffe702fb4a0e1b0d9196a94ebce11ec3bc8173897c08ce51640a1ae8d168a78698d
SSDEEP

6144:hTmQxACbQZP8tsnAXD3PzNOZPNrhedeSP4Cn:hHakayBO9bXc

Score

1^/10

Malware Config

Signatures

Files

8949d0781d68bc6a0ebe7e6e88c095fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5fa9c71437834722d45f3dcc9c1ee747

Code Sign

2f:6d:1b:0d:3e:bb:b8:8b:4a:0f:b2:46:69:8a:ad:c2
Certificate

Issuer

CN=Application Compatibility UI

Not Before

31-12-2008 16:00

Not After

31-12-2014 16:00

Subject

CN=Application Compatibility UI

Extended Key Usages

ExtKeyUsageCodeSigning

c3:d6:5a:05:21:99:10:41:ab:0b:b0:a8:9e:f7:ff:40:5d:43:7f:20
Signer

Actual PE Digest

c3:d6:5a:05:21:99:10:41:ab:0b:b0:a8:9e:f7:ff:40:5d:43:7f:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WinExec
UnmapViewOfFile
SizeofResource
SetEndOfFile
OpenMutexA
MapViewOfFile
LockResource
LoadResource
LoadLibraryA
GlobalFindAtomA
GetWindowsDirectoryA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetCurrentThreadId
GetCommandLineA
FreeResource
FindResourceA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
CreateMutexA
CreateFileMappingA
CreateFileA
CopyFileA
CloseHandle
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
MessageBoxA
CharNextA
PostMessageA
GetMessageA
MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Sections

&
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

6
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

:
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

:
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

@
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

<
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

$
Size: 174KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

+
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

$
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

*
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fa9c71437834722d45f3dcc9c1ee747

Code Sign

2f:6d:1b:0d:3e:bb:b8:8b:4a:0f:b2:46:69:8a:ad:c2Certificate

Extended Key Usages

c3:d6:5a:05:21:99:10:41:ab:0b:b0:a8:9e:f7:ff:40:5d:43:7f:20Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

& Size: 16KB - Virtual size: 15KB

6 Size: 512B - Virtual size: 164B

: Size: - Virtual size: 1KB

2 Size: 2KB - Virtual size: 1KB

: Size: - Virtual size: 8B

@ Size: 512B - Virtual size: 24B

< Size: 1KB - Virtual size: 1KB

$ Size: 174KB - Virtual size: 176KB

+ Size: 5KB - Virtual size: 5KB

$ Size: 11KB - Virtual size: 10KB

* Size: 2KB - Virtual size: 2KB

2f:6d:1b:0d:3e:bb:b8:8b:4a:0f:b2:46:69:8a:ad:c2
Certificate

c3:d6:5a:05:21:99:10:41:ab:0b:b0:a8:9e:f7:ff:40:5d:43:7f:20
Signer

&
Size: 16KB - Virtual size: 15KB

6
Size: 512B - Virtual size: 164B

:
Size: - Virtual size: 1KB

2
Size: 2KB - Virtual size: 1KB

:
Size: - Virtual size: 8B

@
Size: 512B - Virtual size: 24B

<
Size: 1KB - Virtual size: 1KB

$
Size: 174KB - Virtual size: 176KB

+
Size: 5KB - Virtual size: 5KB

$
Size: 11KB - Virtual size: 10KB

*
Size: 2KB - Virtual size: 2KB