8a0c50b1a6e3b70431bdac110691d34d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a0c50b1a6e3b70431bdac110691d34d_JaffaCakes118
Size

204KB
MD5

8a0c50b1a6e3b70431bdac110691d34d
SHA1

9fd49015f641b3e19caf2e2ddff3934053971e56
SHA256

2a5cc70acd1f53786edbe55c978c90363816677744b7b5d7c74ec2a5163c9d87
SHA512

bf6edc3e36c6abc6e3bcd96d2096dd9cb3b89f00fa304339af62cff8af1369e68a0e9578039923db4f7d831359baf8fff8ad3c3618d16301937a7d42a593790c
SSDEEP

6144:x4UpyO64TkmENzy5AJ+Xxi/XMG5DOu9YIE:x4UpV/E8AcXxi75Ly

Score

1^/10

Malware Config

Signatures

Files

8a0c50b1a6e3b70431bdac110691d34d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

cd5fc37626be115bdae0bbf4bf725f5d

Code Sign

51:58:4f:24:8d:a8:48:41:bb:97:df:9f:a7:44:ce:9c
Certificate

Issuer

CN=oCa3Pc5NCgcd

Not Before

16/03/2012, 08:46

Not After

31/12/2039, 23:59

Subject

CN=oCa3Pc5NCgcd

Extended Key Usages

ExtKeyUsageCodeSigning

94:bb:e8:05:60:05:5b:44:8e:0c:83:3d:e5:e2:df:d9:d7:c7:68:3d
Signer

Actual PE Digest

94:bb:e8:05:60:05:5b:44:8e:0c:83:3d:e5:e2:df:d9:d7:c7:68:3d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
lstrcpyA
CreateFileA
ExitProcess
GetWindowsDirectoryA
VirtualAlloc

user32

CascadeChildWindows
CharUpperA
DrawTextExW
EnableMenuItem
EnumDisplaySettingsW
GetDlgItemTextA
GetMenuItemInfoW
GetSystemMenu
GrayStringW
LoadMenuW
PostMessageA
RegisterClassW
TrackPopupMenu
UnregisterClassW
CharLowerBuffW

comdlg32

ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextW
FindTextA
CommDlgExtendedError
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA

advapi32

RegOpenKeyW

ole32

OleDraw
OleDuplicateData
OleGetClipboard
OleInitialize
OleInitializeWOW
OleLoad
OleUninitialize
ProgIDFromCLSID
PropStgNameToFmtId
ReadClassStg
ReadOleStg
RegisterDragDrop
ReleaseStgMedium
SNB_UserMarshal
STGMEDIUM_UserMarshal
StgCreateDocfileOnILockBytes
StgCreatePropSetStg
StgGetIFillLockBytesOnILockBytes
StgOpenPropStg
StgSetTimes
UpdateDCOMSettings
WriteClassStg
WriteClassStm
WriteFmtUserTypeStg
WriteOleStg
HMETAFILE_UserFree
HMENU_UserMarshal
HGLOBAL_UserFree
HENHMETAFILE_UserUnmarshal
HENHMETAFILE_UserMarshal
HDC_UserUnmarshal
HDC_UserFree
OleDoAutoConvert
HACCEL_UserUnmarshal
GetHGlobalFromILockBytes
GetDocumentBitStg
GetConvertStg
GetClassFile
EnableHookObject
CreatePointerMoniker
CreateOleAdviseHolder
CreateILockBytesOnHGlobal
CreateAntiMoniker
CoUnmarshalInterface
CoUninitialize
CoTestCancel
CoSwitchCallContext
CoResumeClassObjects
CoReleaseServerProcess
CoImpersonateClient
CoGetTreatAsClass
CoGetStdMarshalEx
CoGetInstanceFromIStorage
CoGetCurrentLogicalThreadId
CoGetClassObject
CoGetCancelObject
CoGetCallerTID
CoGetCallContext
CoFreeLibrary
CoFreeAllLibraries
CoCreateInstance
CoCreateGuid
CoCancelCall
CoBuildVersion
CLSIDFromString
CLIPFORMAT_UserUnmarshal
BindMoniker
OleCreateStaticFromData
OleCreateMenuDescriptor
OleCreateLinkToFileEx
OleCreateLinkFromDataEx
OleCreateLinkEx
OleCreateFromFileEx
OleCreateFromDataEx
OleCreateFromData
OleConvertIStorageToOLESTREAMEx
HMETAFILE_UserMarshal
MkParseDisplayName
HWND_UserFree
HPALETTE_UserSize
HPALETTE_UserMarshal
HBRUSH_UserUnmarshal
HPALETTE_UserFree
OleConvertIStorageToOLESTREAM

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
ord7
_TrackMouseEvent
UninitializeFlatSB
ord3
PropertySheetW
PropertySheetA
PropertySheet
ord2
ord13
InitializeFlatSB
InitMUILanguage
InitCommonControlsEx
ord17
ImageList_Write
ImageList_SetImageCount
ImageList_SetIconSize
ImageList_SetFilter
CreatePropertySheetPage
ord15
DrawStatusText
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_ShowScrollBar
ord4
GetMUILanguage
ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragLeave
ImageList_DragMove
ImageList_Draw
ord8
CreateToolbarEx
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Replace
ImageList_Remove
ImageList_Merge
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_LoadImage
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_GetBkColor
ImageList_EndDrag
ImageList_DrawIndirect
ImageList_DrawEx

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd5fc37626be115bdae0bbf4bf725f5d

Code Sign

51:58:4f:24:8d:a8:48:41:bb:97:df:9f:a7:44:ce:9cCertificate

Extended Key Usages

94:bb:e8:05:60:05:5b:44:8e:0c:83:3d:e5:e2:df:d9:d7:c7:68:3dSigner

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

comctl32

Sections

.text Size: 189KB - Virtual size: 188KB

.data Size: 512B - Virtual size: 88B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 2KB - Virtual size: 2KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 1KB

51:58:4f:24:8d:a8:48:41:bb:97:df:9f:a7:44:ce:9c
Certificate

94:bb:e8:05:60:05:5b:44:8e:0c:83:3d:e5:e2:df:d9:d7:c7:68:3d
Signer

.text
Size: 189KB - Virtual size: 188KB

.data
Size: 512B - Virtual size: 88B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 1KB