8cd91555e2d2580ac6592ca57960e3b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8cd91555e2d2580ac6592ca57960e3b3_JaffaCakes118
Size

277KB
MD5

8cd91555e2d2580ac6592ca57960e3b3
SHA1

93a5705c66a1d62ab1d5844e17fcae83ca668a04
SHA256

5ea40c838bc7a0e00c16a62f740b9c7d9b5c8800f649e893a477286446e9e392
SHA512

6323a59b901548d4d63daa7276e20f1241d2365be632fd02a4a2b54f4446a89fb62b2764addb1f83b52b3ef98d9e8290292768668353927f35f4ce3cea87a6e8
SSDEEP

6144:uxVRRZv9ESvEyVxihx/ayFmubJI45+UHJlXfsVABd:uTRR59rcyVxiPfFR1D/fsVc

Score

1^/10

Malware Config

Signatures

Files

8cd91555e2d2580ac6592ca57960e3b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45092145f58befe1941e1c2cb4fa5f43

Code Sign

0f:92:22:c7:91:be:43:96:40:56:14:e0:cd:e0:03:6e
Certificate

Issuer

CN=werwer 1a11121131232a2333a111a12213321331a2a1212133aa3a32123223a2121232a1213a2a332311a2333a2a23aa2a3a33aa313a331231322a211223a32132a33131a2a2aa121311123a111a2a2a3a2aa12223332111a133aa1a3333222231132a23a21a23aa113311a232a322a332313aa223aa31a2aaaa12112a31a2a1a31a123a1221aa3a111a232aa2a221a312a3a3231a3a322a123211133321a13a1222321a12a1aaa1a33 55555555

Not Before

22/11/2012, 07:33

Not After

31/12/2039, 23:59

Subject

CN=werwer 1a11121131232a2333a111a12213321331a2a1212133aa3a32123223a2121232a1213a2a332311a2333a2a23aa2a3a33aa313a331231322a211223a32132a33131a2a2aa121311123a111a2a2a3a2aa12223332111a133aa1a3333222231132a23a21a23aa113311a232a322a332313aa223aa31a2aaaa12112a31a2a1a31a123a1221aa3a111a232aa2a221a312a3a3231a3a322a123211133321a13a1222321a12a1aaa1a33 55555555

Extended Key Usages

ExtKeyUsageCodeSigning

de:5a:b3:dd:50:fe:c4:67:93:b9:b9:8c:c1:40:38:c4:28:0d:19:17
Signer

Actual PE Digest

de:5a:b3:dd:50:fe:c4:67:93:b9:b9:8c:c1:40:38:c4:28:0d:19:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomW
GlobalDeleteAtom
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
SearchPathW
FormatMessageW
GetCurrentThreadId
GetProcAddress
lstrlenW
lstrcmpW
GetLastError
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
LocalAlloc
lstrcpyW
GetLocaleInfoW
LoadLibraryA

user32

LoadIconA

gdi32

GetStockObject

msvcrt

_wcsicmp
wcsstr
mbstowcs
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
wcslen

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW

shell32

SHGetPathFromIDListA
SHChangeNotify
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

PathRemoveBlanksW

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45092145f58befe1941e1c2cb4fa5f43

Code Sign

0f:92:22:c7:91:be:43:96:40:56:14:e0:cd:e0:03:6eCertificate

Extended Key Usages

de:5a:b3:dd:50:fe:c4:67:93:b9:b9:8c:c1:40:38:c4:28:0d:19:17Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 264KB - Virtual size: 263KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 396B

0f:92:22:c7:91:be:43:96:40:56:14:e0:cd:e0:03:6e
Certificate

de:5a:b3:dd:50:fe:c4:67:93:b9:b9:8c:c1:40:38:c4:28:0d:19:17
Signer

.text
Size: 264KB - Virtual size: 263KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 396B