8af7206e5940ab455a97c843f4b3e45d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8af7206e5940ab455a97c843f4b3e45d_JaffaCakes118
Size

284KB
MD5

8af7206e5940ab455a97c843f4b3e45d
SHA1

a990ad23d87aa2d667125b4b04ffc12fedb8433c
SHA256

1a9c89ecf04c230f5016f302de3907cf6805515100a2cc026c02430cd8857d56
SHA512

a47846caa2a688091dafe86739ddfe4c3c7b6db268ac066126a7c22d474a5458fceb7b8cabcaefd2fac256aedc7b01bb751c0a645929dd54da8159db459371b3
SSDEEP

6144:NgJUFdnwLtxP+jHR8h2R0o9LyFsvNbi/R1Pr/V9PVvI5:sUbMxP+jHRzpLyFsFbgRBN

Score

1^/10

Malware Config

Signatures

Files

8af7206e5940ab455a97c843f4b3e45d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1af7e60b192e89cea24f08ff5566271

Code Sign

18:05:63:bd:39:7c:e9:84:4e:45:32:64:33:d8:14:6a
Certificate

Issuer

CN=SDOkUGUnMWwv

Not Before

15-03-2012 10:39

Not After

31-12-2039 23:59

Subject

CN=SDOkUGUnMWwv

Extended Key Usages

ExtKeyUsageCodeSigning

78:9f:f4:60:d9:99:b7:10:7f:77:0e:b4:89:be:29:8a:19:b7:1d:14
Signer

Actual PE Digest

78:9f:f4:60:d9:99:b7:10:7f:77:0e:b4:89:be:29:8a:19:b7:1d:14

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
CreateFileA
lstrlenA
lstrcpyA
VirtualAlloc

advapi32

RegOpenKeyExW
RegisterServiceCtrlHandlerExA
GetTokenInformation
SetNamedSecurityInfoExA
ElfChangeNotify
AccessCheckAndAuditAlarmW
ElfOpenEventLogA
GetSidLengthRequired
CryptHashSessionKey
ConvertSDToStringSDRootDomainW
ElfRegisterEventSourceA
GetNamedSecurityInfoW
BuildTrusteeWithNameA
RegisterTraceGuidsA
BackupEventLogA
CopySid
ElfNumberOfRecords
RegQueryValueExA
LsaQueryTrustedDomainInfoByName
RegEnumKeyW
EncryptFileW
RegisterServiceCtrlHandlerW
LsaICLookupSids
DecryptFileA
NotifyChangeEventLog
DuplicateToken
CryptReleaseContext
OpenBackupEventLogW
ElfRegisterEventSourceW
ImpersonateNamedPipeClient
LsaICLookupNames
EncryptFileA
SystemFunction013
WriteEncryptedFileRaw
SystemFunction006
LookupPrivilegeNameA
CloseEncryptedFileRaw
EnumDependentServicesW
BuildTrusteeWithNameW
AbortSystemShutdownW
SystemFunction027
RegQueryValueW
RegisterEventSourceA
RegSetValueExW
FileEncryptionStatusW
LsaSetSystemAccessAccount
LsaSetSecret
GetAccessPermissionsForObjectW
AccessCheckByTypeResultList
SystemFunction012
LsaEnumeratePrivilegesOfAccount
GetTraceEnableLevel
GetSidSubAuthorityCount
GetUserNameW
SystemFunction019
RegQueryMultipleValuesW
RegFlushKey
RegQueryMultipleValuesA
RegSetValueExA
RemoveTraceCallback
ConvertSecurityDescriptorToAccessNamedA
LsaSetQuotasForAccount
GetTraceLoggerHandle
GetTraceEnableFlags
LsaRetrievePrivateData
GetOldestEventLogRecord
ElfBackupEventLogFileA
BuildImpersonateTrusteeA
GetServiceKeyNameW
CreateServiceW
CryptVerifySignatureW
OpenServiceW
BuildTrusteeWithSidA
GetAce
SystemFunction008
AllocateAndInitializeSid
QueryUsersOnEncryptedFile
CryptSetProviderW
SetEntriesInAuditListA
LsaOpenTrustedDomain
QueryServiceConfig2A
StartServiceW
RegDeleteKeyW
ChangeServiceConfigW
DeleteService
ElfClearEventLogFileA
LookupAccountNameA
CryptExportKey
RegUnLoadKeyW
QueryServiceConfig2W
LsaSetTrustedDomainInfoByName

shell32

SHCreateProcessAsUserW
SHGetSettings
DoEnvironmentSubstA
ShellHookProc
SHGetFileInfoW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationA
SHCreateDirectoryExW
ExtractAssociatedIconA
ShellAboutW
SHGetFolderPathW
SHGetSpecialFolderLocation
DuplicateIcon
SHGetFolderLocation
ExtractIconW
SHGetSpecialFolderPathW
SHGetFileInfoA
SHGetDiskFreeSpaceExA
SHBindToParent
ShellExecuteW
ExtractAssociatedIconExW
CommandLineToArgvW
SHGetPathFromIDList
SHGetDataFromIDListA
Shell_NotifyIconA
SHIsFileAvailableOffline
Shell_NotifyIcon
SHCreateDirectoryExA
ExtractIconExA
Shell_NotifyIconW
SHAppBarMessage
SHInvokePrinterCommandW
SHFreeNameMappings
SHPathPrepareForWriteA
DragQueryPoint
ShellExecuteA
SHGetDiskFreeSpaceA
DragQueryFileAorW
SHLoadInProc
SHGetDiskFreeSpaceExW
ExtractIconEx
DragQueryFileA
SHFileOperationW
SHEmptyRecycleBinW
SHGetDataFromIDListW
SHQueryRecycleBinW
DoEnvironmentSubstW
ShellAboutA
SHBrowseForFolderA

shlwapi

StrRChrA
StrCmpNIA
StrChrIW
StrStrA
StrStrW
StrStrIW
StrRChrIW
StrCmpNA
StrStrIA
StrRChrIA
StrChrIA
StrRStrIW

comctl32

CreateStatusWindowW
ord3
ImageList_ReplaceIcon
ord4
ord6
CreatePropertySheetPageA
ImageList_SetImageCount
InitCommonControlsEx
FlatSB_SetScrollInfo
ord13
PropertySheetW
ImageList_DragMove
ImageList_LoadImage
ImageList_Create
ImageList_Destroy
FlatSB_GetScrollPos
FlatSB_SetScrollPos
ImageList_SetDragCursorImage
ImageList_Write
ImageList_GetBkColor
ImageList_Merge
ImageList_AddIcon
ImageList_GetImageRect
CreateStatusWindow
ImageList_DragShowNolock
PropertySheetA
GetMUILanguage
FlatSB_GetScrollInfo
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_BeginDrag
FlatSB_GetScrollProp
CreatePropertySheetPageW
ImageList_GetImageInfo
CreatePropertySheetPage
ImageList_SetFilter
ord7
FlatSB_SetScrollRange
ImageList_Remove
FlatSB_ShowScrollBar
ord2
DestroyPropertySheetPage
ImageList_GetDragImage
FlatSB_GetScrollRange
DrawStatusTextW
ImageList_Duplicate
ImageList_DrawEx
ImageList_Replace
ImageList_SetOverlayImage
ImageList_GetIcon
ImageList_Add
ord14
ImageList_DragLeave
FlatSB_EnableScrollBar
ImageList_DrawIndirect
ImageList_EndDrag

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1af7e60b192e89cea24f08ff5566271

Code Sign

18:05:63:bd:39:7c:e9:84:4e:45:32:64:33:d8:14:6aCertificate

Extended Key Usages

78:9f:f4:60:d9:99:b7:10:7f:77:0e:b4:89:be:29:8a:19:b7:1d:14Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 3KB - Virtual size: 3KB

.data2 Size: 2KB - Virtual size: 1KB

.data Size: 273KB - Virtual size: 272KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

18:05:63:bd:39:7c:e9:84:4e:45:32:64:33:d8:14:6a
Certificate

78:9f:f4:60:d9:99:b7:10:7f:77:0e:b4:89:be:29:8a:19:b7:1d:14
Signer

.text
Size: 3KB - Virtual size: 3KB

.data2
Size: 2KB - Virtual size: 1KB

.data
Size: 273KB - Virtual size: 272KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB