96f7e67feec8999e12a79ab85f3ac658_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

96f7e67feec8999e12a79ab85f3ac658_JaffaCakes118
Size

344KB
MD5

96f7e67feec8999e12a79ab85f3ac658
SHA1

09590fddf7ea0cd4d35f299d5c494c9874252365
SHA256

671cce61c09d6447d980540d37a73d6bb52d8f41cc5fb468102f92f6281dc1a4
SHA512

0b3b1cbde24d377079f9f7c622a39fbf0531cccdba0d214fdd7249aad4412bfb8809736bf3c7b723e3dd8bf26e092b3a8de617fd75bf76f6207d4d91d09b9c35
SSDEEP

6144:dhYP/sfa8tVQ+9Z4tPjUDQu9MqQqu/Kfjthtfj6Yh5xTJz:XYM1VQ+9Z8rUDQuw8r/RjNrXz

Score

1^/10

Malware Config

Signatures

Files

96f7e67feec8999e12a79ab85f3ac658_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c1b15d5c19c11dff63923dab75471819

Code Sign

4b:97:10:be:63:71:4e:44:be:a6:15:24:79:af:60:a5
Certificate

Issuer

CN=jxtrlcrojrf

Not Before

30-11-2011 11:17

Not After

13-09-2019 22:00

Subject

CN=Nasyfex

63:a2:11:84:f7:c3:50:ba:90:83:40:d8:60:59:e9:8d:f4:d4:02:f7
Signer

Actual PE Digest

63:a2:11:84:f7:c3:50:ba:90:83:40:d8:60:59:e9:8d:f4:d4:02:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindow
SetWindowPos
DefDlgProcA

ole32

CoIsHandlerConnected
OleNoteObjectVisible
CoLockObjectExternal
CoGetPSClsid
CoFreeUnusedLibraries

comctl32

UninitializeFlatSB

shlwapi

StrRChrIW

kernel32

LCMapStringA
LoadLibraryA
LCMapStringW
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
GlobalFree
ReleaseSemaphore
CopyFileA
GetModuleHandleA
GetProcAddress
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1b15d5c19c11dff63923dab75471819

Code Sign

4b:97:10:be:63:71:4e:44:be:a6:15:24:79:af:60:a5Certificate

63:a2:11:84:f7:c3:50:ba:90:83:40:d8:60:59:e9:8d:f4:d4:02:f7Signer

Headers

File Characteristics

Imports

user32

ole32

comctl32

shlwapi

kernel32

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 216KB - Virtual size: 720KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

4b:97:10:be:63:71:4e:44:be:a6:15:24:79:af:60:a5
Certificate

63:a2:11:84:f7:c3:50:ba:90:83:40:d8:60:59:e9:8d:f4:d4:02:f7
Signer

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 216KB - Virtual size: 720KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB