952bd8d6d0acf9a8224a1688c4114ec1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

952bd8d6d0acf9a8224a1688c4114ec1_JaffaCakes118
Size

108KB
MD5

952bd8d6d0acf9a8224a1688c4114ec1
SHA1

37423aa100e50f61de6e13ea5100cd4cdd59c93d
SHA256

edf3bb8d6dfb3c3e20a1e9b28ed4861c71fceb96d258b88dcbc9501a42efd269
SHA512

c52c4574750c2fcbe009d2a682af682548c3802ae80f6019843a426442279495ee031944f93fd14b42d0fd832373ba3c619de6ccd9c2dbc1bc3d09ad0464365a
SSDEEP

3072:R4i499M3EwnhrvQlCI0Rl1KFN8etl5ReX7:R2wnhr4l73xY

Score

1^/10

Malware Config

Signatures

Files

952bd8d6d0acf9a8224a1688c4114ec1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8711c024c2cf432e8029b8cd92b75f42

Code Sign

0f:1d:b0:a6:2c:6d:d5:b2:47:86:46:85:24:2c:9b:18
Certificate

Issuer

CN=t123612333

Not Before

05/02/2012, 18:21

Not After

31/12/2039, 23:59

Subject

CN=t123612333

Extended Key Usages

ExtKeyUsageCodeSigning

8b:78:8b:4f:60:ee:94:34:61:42:1d:8c:ba:e2:26:2b:e3:7c:2d:91
Signer

Actual PE Digest

8b:78:8b:4f:60:ee:94:34:61:42:1d:8c:ba:e2:26:2b:e3:7c:2d:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCommConfig
SetCommState
SetComputerNameExA
SetComputerNameExW
SetComputerNameW
SetConsoleMode
SetEnvironmentVariableA
SetFileAttributesA
SetFileTime
SetPriorityClass
SetStdHandle
SetCalendarInfoW
SetWaitableTimer
SignalObjectAndWait
Sleep
TerminateJobObject
TlsFree
TransactNamedPipe
UnlockFileEx
WriteFileGather
WriteProfileStringA
WriteTapemark
lstrcpyA
ResetWriteWatch
ReadConsoleOutputW
ReadConsoleInputW
QueryPerformanceFrequency
MoveFileExW
Module32First
LockFile
LocalShrink
LocalFileTimeToFileTime
LoadResource
IsBadStringPtrA
HeapAlloc
Heap32ListFirst
GlobalUnlock
GlobalSize
GlobalMemoryStatusEx
GlobalMemoryStatus
GlobalHandle
GlobalAddAtomA
GetWindowsDirectoryW
GetVersion
GetUserDefaultLCID
GetTimeFormatW
GetTimeFormatA
GetThreadSelectorEntry
GetTempFileNameA
GetSystemDefaultLangID
GetStringTypeA
GetProcessPriorityBoost
GetNumberFormatW
GetLongPathNameW
GetLocalTime
GetDiskFreeSpaceExA
GetCurrentThreadId
GetCurrentDirectoryA
GetCurrencyFormatA
GetConsoleTitleW
GetConsoleAliasesLengthA
GetComputerNameExA
GetCommState
GetCommMask
GetBinaryTypeW
GetAtomNameW
FormatMessageW
FoldStringA
FindResourceExA
FindResourceA
FindFirstVolumeMountPointA
FillConsoleOutputAttribute
EnumLanguageGroupLocalesW
EnumResourceNamesA
EnumDateFormatsExW
EnumCalendarInfoW
EndUpdateResourceA
DnsHostnameToComputerNameA
CreateTimerQueueTimer
CreateSemaphoreW
CreateRemoteThread
CreateProcessW
CreateProcessA
CreateEventW
CreateDirectoryW
CopyFileExW
CopyFileA
CompareStringA
ChangeTimerQueueTimer
BuildCommDCBAndTimeoutsW
BuildCommDCBAndTimeoutsA
BeginUpdateResourceW
LoadLibraryA
GetProcAddress
SetThreadContext
VirtualAlloc

gdi32

cGetTTFFromFOT
XFORMOBJ_bApplyXform
UnloadNetworkFonts
StartDocW
SetStretchBltMode
SetMapMode
SetLayout
SetDIBColorTable
SetBkMode
SelectPalette
SaveDC
RemoveFontResourceTracking
PtInRegion
Polyline
PolyDraw
PlayEnhMetaFile
PATHOBJ_vEnumStart
GetTextFaceAliasW
GetTextExtentExPointA
GetNearestPaletteIndex
GetLayout
GetFontAssocStatus
GetDeviceCaps
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetBitmapDimensionEx
GdiGetPageHandle
GdiGetDevmodeForPage
GdiGetCharDimensions
GdiDeleteSpoolFileHandle
GdiComment
FlattenPath
FONTOBJ_pxoGetXform
EngGetDriverName
EngCreateSemaphore
EngBitBlt
EngAcquireSemaphore
EndDoc
CreateMetaFileW
CreateFontIndirectW
CreateFontIndirectA
CreateDCA
CombineTransform
ChoosePixelFormat
CheckColorsInGamut
CLIPOBJ_bEnum
AnyLinkedFonts
GetStockObject
gdiPlaySpoolStream

comdlg32

ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextW
FindTextA
CommDlgExtendedError
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA
ReplaceTextW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.set
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uuj
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8711c024c2cf432e8029b8cd92b75f42

Code Sign

0f:1d:b0:a6:2c:6d:d5:b2:47:86:46:85:24:2c:9b:18Certificate

Extended Key Usages

8b:78:8b:4f:60:ee:94:34:61:42:1d:8c:ba:e2:26:2b:e3:7c:2d:91Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

comdlg32

Sections

.text Size: 6KB - Virtual size: 6KB

.set Size: 88KB - Virtual size: 88KB

.uuj Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 152B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 289KB

0f:1d:b0:a6:2c:6d:d5:b2:47:86:46:85:24:2c:9b:18
Certificate

8b:78:8b:4f:60:ee:94:34:61:42:1d:8c:ba:e2:26:2b:e3:7c:2d:91
Signer

.text
Size: 6KB - Virtual size: 6KB

.set
Size: 88KB - Virtual size: 88KB

.uuj
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 152B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 289KB