96d622ef3d1a5579f0bd450b8912776a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

96d622ef3d1a5579f0bd450b8912776a_JaffaCakes118
Size

285KB
MD5

96d622ef3d1a5579f0bd450b8912776a
SHA1

fca7b6d3291cdfb94551a3ee0eff09704b240e0b
SHA256

04ec9734d6fbd28d62628a2bc89027938601f417b7bf176692bf03fc88f01287
SHA512

8f64d404a95a377705ac6aadc6d0b26b2d490caa0907c2ba4cd94fd8e8897e5862043da3257291754fedcff5c391effc7173b4572bf231a46915f42809ce4737
SSDEEP

6144:RxINq6AP17HPwmDDANk9eAMezj8Tu4+4lAGh9gGSwD9m:wM6AP17HB19bkL0

Score

1^/10

Malware Config

Signatures

Files

96d622ef3d1a5579f0bd450b8912776a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cd4b2f17fec7f7f47ad9cb11d0e38fd2

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

Issuer

CN=55666123h

Not Before

14/02/2012, 20:22

Not After

31/12/2039, 23:59

Subject

CN=55666123h

Extended Key Usages

ExtKeyUsageCodeSigning

01:6e:72:78:a2:45:b5:65:e3:a7:76:f2:f4:9a:28:f5:a7:b5:ac:73
Signer

Actual PE Digest

01:6e:72:78:a2:45:b5:65:e3:a7:76:f2:f4:9a:28:f5:a7:b5:ac:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
VirtualAlloc
SetComputerNameExW
GetUserDefaultUILanguage
CreateMutexA
HeapSize
CancelDeviceWakeupRequest
LockResource
FreeConsole
GetLastError
UpdateResourceW
InterlockedDecrement
GetPrivateProfileSectionA
lstrcmpiW
GetStringTypeExA
IsBadReadPtr
SetCurrentDirectoryA
GetPrivateProfileIntW
GetConsoleAliasW
GetThreadSelectorEntry
GetProfileIntW
GetBinaryTypeW
FreeUserPhysicalPages
SetCalendarInfoW
CancelIo
GetProfileStringA
GetCPInfo
ReleaseMutex
SetProcessWorkingSetSize
SetConsoleMode
LoadModule
FindAtomW
GetACP
SetConsoleCtrlHandler
EnumResourceTypesA
SetComputerNameW
GetProcessVersion
CommConfigDialogW
ScrollConsoleScreenBufferA
GetNamedPipeInfo
IsBadStringPtrW
SwitchToFiber
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetPrivateProfileSectionNamesA
GetConsoleAliasesW
ExpandEnvironmentStringsW
WriteProfileSectionA
IsBadStringPtrA
SetCommMask
WaitNamedPipeA
GetLocaleInfoA
Heap32ListNext
ResetEvent
SetDefaultCommConfigA
DosDateTimeToFileTime
CreateFileA
GetDateFormatW
SetThreadAffinityMask
GetSystemWindowsDirectoryW
IsDebuggerPresent
GetCPInfoExA
GetCommandLineA
FatalAppExitA
WriteConsoleA
VirtualAllocEx
AddAtomW
EnumResourceNamesW
GetFileTime
FindAtomA
GetPrivateProfileStringW
VirtualProtect
TransactNamedPipe
GetProcessHeaps
SetThreadExecutionState
GlobalUnfix
SetConsoleCP
WritePrivateProfileStringW
HeapReAlloc
GlobalHandle
FindFirstFileA
AreFileApisANSI
SetProcessPriorityBoost
DeleteTimerQueueEx
GetCurrentThreadId
CopyFileExW
GetProcessShutdownParameters
LCMapStringA
Toolhelp32ReadProcessMemory
GlobalReAlloc
Module32NextW
GlobalDeleteAtom
GetFileSizeEx
ReadProcessMemory
GetProfileSectionW
DeleteTimerQueueTimer
GetSystemTimeAdjustment
lstrcmpiA
BuildCommDCBW
TryEnterCriticalSection
SetHandleCount
MoveFileExW
CreateTimerQueue
SystemTimeToTzSpecificLocalTime
VirtualLock
WritePrivateProfileSectionW
FindResourceW
lstrcmpW
CreateMailslotW
SetFilePointer
SetFileTime
QueryPerformanceCounter
CompareStringA
GetEnvironmentVariableW
FindFirstChangeNotificationA
GetDefaultCommConfigA
GetOverlappedResult
ReadConsoleA
GetFileAttributesA
VirtualQueryEx
LocalUnlock
GetEnvironmentStringsW
FindClose
GetCurrentConsoleFont
GetPrivateProfileStringA
WriteConsoleOutputAttribute
GlobalUnWire
GetDefaultCommConfigW
RtlFillMemory
CancelWaitableTimer
_hwrite
GetCompressedFileSizeA
SetConsoleScreenBufferSize

advapi32

RegOpenKeyExW

shell32

DuplicateIcon
ShellAboutW
SHFileOperationA
SHGetSpecialFolderLocation
SHBrowseForFolder
FindExecutableA
SHCreateDirectoryExA
SHGetFolderPathA
Shell_NotifyIconW
ExtractAssociatedIconExA
DragQueryFileW
SHQueryRecycleBinW
DragAcceptFiles
DragQueryFileAorW
ShellExecuteEx
ShellHookProc
SHGetSettings
CommandLineToArgvW
SHGetFolderLocation
SHGetSpecialFolderPathA
SHGetDataFromIDListA
SHFreeNameMappings
ExtractIconW
ExtractAssociatedIconExW
DragQueryFile
SHGetSpecialFolderPathW
SHPathPrepareForWriteW
SHGetDesktopFolder
SHGetPathFromIDListW
SHChangeNotify
SHGetIconOverlayIndexA
SHFormatDrive
SHCreateProcessAsUserW
DoEnvironmentSubstA
FindExecutableW
ExtractIconEx
ShellExecuteA
ShellAboutA
SHGetDiskFreeSpaceExA
ExtractIconExW
SHInvokePrinterCommandW
SHBindToParent
SHLoadNonloadedIconOverlayIdentifiers
SHGetDataFromIDListW
ExtractIconA
SHGetFileInfoW
SHPathPrepareForWriteA
SHGetFileInfoA
SHCreateDirectoryExW
SHGetFileInfo
ExtractAssociatedIconW
DragFinish
SHGetMalloc
DragQueryFileA
SHAddToRecentDocs
SHIsFileAvailableOffline
ShellExecuteW
WOWShellExecute
SHBrowseForFolderW
Shell_NotifyIconA
SHEmptyRecycleBinA
SHAppBarMessage
ShellExecuteExA
SHGetInstanceExplorer
SHGetPathFromIDListA
SHInvokePrinterCommandA

shlwapi

StrRChrW
StrRStrIA
StrCmpNIW
StrChrIA
StrStrIA
StrStrIW
StrStrW
StrChrIW
StrRStrIW
StrCmpNW
StrCmpNA
StrRChrIA

comctl32

CreatePropertySheetPage
CreatePropertySheetPageW
PropertySheet
CreateStatusWindowW
ImageList_LoadImageW
CreateStatusWindow
ord2
FlatSB_GetScrollProp
ImageList_BeginDrag
ImageList_ReplaceIcon
DestroyPropertySheetPage
ImageList_Merge
GetMUILanguage
ImageList_DragEnter
ImageList_Create
ImageList_EndDrag
ImageList_GetImageRect
ImageList_Add
ord17
ImageList_GetBkColor
ord8
InitMUILanguage
FlatSB_EnableScrollBar
_TrackMouseEvent
ImageList_AddIcon
FlatSB_ShowScrollBar
ord3
ImageList_Write
ImageList_LoadImage
ImageList_Replace
ord7
ImageList_DragMove
ImageList_Destroy
ImageList_Copy
DrawStatusText
ord4
FlatSB_GetScrollRange
ImageList_DrawIndirect
CreatePropertySheetPageA
FlatSB_SetScrollInfo
ImageList_Duplicate
ImageList_LoadImageA
InitCommonControlsEx
FlatSB_SetScrollProp
ImageList_GetImageInfo
ord5
UninitializeFlatSB
ImageList_SetIconSize
ImageList_Draw
ImageList_Read
PropertySheetA
ImageList_GetImageCount
ImageList_SetBkColor
PropertySheetW
ImageList_GetIcon
ord16
ImageList_SetFilter
FlatSB_GetScrollInfo
ImageList_DragShowNolock
DrawStatusTextW
ImageList_SetOverlayImage
ord6
ImageList_GetIconSize
CreateToolbarEx
ImageList_AddMasked

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV2
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textF4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV3
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV1
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV5
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV7
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV8
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd4b2f17fec7f7f47ad9cb11d0e38fd2

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86Certificate

Extended Key Usages

01:6e:72:78:a2:45:b5:65:e3:a7:76:f2:f4:9a:28:f5:a7:b5:ac:73Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 4KB - Virtual size: 4KB

.textV2 Size: 258KB - Virtual size: 258KB

.textF4 Size: 2KB - Virtual size: 2KB

.textV3 Size: 512B - Virtual size: 500B

.textV4 Size: 512B - Virtual size: 500B

.textV1 Size: 512B - Virtual size: 500B

.textV5 Size: 512B - Virtual size: 500B

.textV6 Size: 512B - Virtual size: 500B

.textV7 Size: 512B - Virtual size: 500B

.textV8 Size: 512B - Virtual size: 500B

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

01:6e:72:78:a2:45:b5:65:e3:a7:76:f2:f4:9a:28:f5:a7:b5:ac:73
Signer

.text
Size: 4KB - Virtual size: 4KB

.textV2
Size: 258KB - Virtual size: 258KB

.textF4
Size: 2KB - Virtual size: 2KB

.textV3
Size: 512B - Virtual size: 500B

.textV4
Size: 512B - Virtual size: 500B

.textV1
Size: 512B - Virtual size: 500B

.textV5
Size: 512B - Virtual size: 500B

.textV6
Size: 512B - Virtual size: 500B

.textV7
Size: 512B - Virtual size: 500B

.textV8
Size: 512B - Virtual size: 500B

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB