a2df097d57a0f7420544bd265d6cc62f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2df097d57a0f7420544bd265d6cc62f_JaffaCakes118
Size

305KB
MD5

a2df097d57a0f7420544bd265d6cc62f
SHA1

acb60317cbaedab33cbcb6992c4bc84853d89c12
SHA256

d3e100969ab55d38307b45d1231f0f6ca5093ab0daf3ad65dc58125d0b1488c6
SHA512

6e0c714411b43b8952be75d37bb7206f4918115b6d08afb0eca50389537e10aa1165bb56b7e8743f1fd75371a3eadba2a94d2dd0356fb3aa09b238716f3f463b
SSDEEP

6144:aWaQU+xdNzh7z2m6waiXlSIYSqaOYeQm19xOqXsPnEP:vU+r2eF1SHdaOGM9x/YG

Score

1^/10

Malware Config

Signatures

Files

a2df097d57a0f7420544bd265d6cc62f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

555c9b2727d43f9533e06fb33ca81c76

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

Issuer

CN=55666123h

Not Before

14/02/2012, 20:22

Not After

31/12/2039, 23:59

Subject

CN=55666123h

Extended Key Usages

ExtKeyUsageCodeSigning

7f:bf:38:40:fc:09:c5:f7:81:0f:8e:08:86:51:33:99:1d:f0:e2:01
Signer

Actual PE Digest

7f:bf:38:40:fc:09:c5:f7:81:0f:8e:08:86:51:33:99:1d:f0:e2:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
VirtualAlloc
MulDiv
HeapLock
ReadConsoleA
VirtualProtect
CreateFileMappingA
LoadLibraryExW
GetFileType
GetConsoleDisplayMode
GetExitCodeThread
GetTapeParameters
GetAtomNameW
FindNextVolumeMountPointA
LocalFree
GetConsoleCP
WriteConsoleW
GetSystemTimeAsFileTime
GetProcAddress
WriteProfileStringW
RemoveDirectoryA
lstrcpyA
SetVolumeLabelA
TryEnterCriticalSection
PeekConsoleInputA
VerifyVersionInfoA
CreateHardLinkA
HeapWalk
SetThreadExecutionState
AllocateUserPhysicalPages
GetLongPathNameW
GlobalUnWire
Thread32Next
lstrcmpi
GetAtomNameA
GetConsoleWindow
WriteConsoleOutputAttribute
UnhandledExceptionFilter
GetUserDefaultLCID
CreateWaitableTimerA
CopyFileExW
DeleteFileA
WaitForSingleObjectEx
SetLocaleInfoW
SetLastError
GlobalCompact
SearchPathA
EnumTimeFormatsA
IsDBCSLeadByte
SetComputerNameW
AddAtomA
GetNamedPipeHandleStateW
EnumSystemLanguageGroupsW
OpenJobObjectA
FreeEnvironmentStringsA
GetCurrentProcess
lstrcatA
IsBadCodePtr
WriteConsoleInputA
GetProcessAffinityMask
ResetWriteWatch
LocalReAlloc
GlobalFlags
GetVolumePathNameW
SetEvent
ProcessIdToSessionId
VerLanguageNameA
RemoveDirectoryW
lstrcmpW
DeleteVolumeMountPointA
CommConfigDialogA
GlobalAddAtomW
FatalAppExitW
CreateMailslotA
EnumDateFormatsExA
GetTapePosition
FreeEnvironmentStringsW
IsSystemResumeAutomatic
ConvertThreadToFiber
DisconnectNamedPipe
RtlZeroMemory
FindNextFileA
SetProcessWorkingSetSize
GetVolumeInformationW
Module32Next
ExpandEnvironmentStringsW
SetProcessShutdownParameters
FindResourceW
CompareStringW
WritePrivateProfileSectionW
GetCurrentConsoleFont
CopyFileA
Heap32Next
SetFileApisToANSI
TlsAlloc
InterlockedExchangeAdd
lstrcpy
SetConsoleTextAttribute
DeleteTimerQueueTimer
CancelDeviceWakeupRequest
HeapSize
CompareStringA
CreateSemaphoreW
IsValidCodePage
DisableThreadLibraryCalls
AreFileApisANSI
RtlFillMemory
GetTempFileNameA
SystemTimeToTzSpecificLocalTime
FlushViewOfFile
UnlockFileEx
WriteConsoleOutputCharacterA
GetProcessWorkingSetSize
DosDateTimeToFileTime
GetLocaleInfoW
ReadFile
LCMapStringW
GetStdHandle
GetComputerNameW
GetProcessTimes
ContinueDebugEvent
GetThreadContext
LoadModule
GetTimeFormatA
GlobalWire
GetConsoleAliasA
SetDefaultCommConfigW
FindCloseChangeNotification
SetConsoleCursorPosition
GetConsoleCursorInfo
Process32Next
OpenEventA
_lcreat
GlobalMemoryStatus
GetEnvironmentVariableA
CreateRemoteThread
LockFileEx
FindFirstChangeNotificationW
AddConsoleAliasA
GetEnvironmentVariableW

advapi32

RegOpenKeyW

ole32

OleCreateLinkToFile
SNB_UserUnmarshal
OleCreateLink
OleInitialize
CoCancelCall
GetRunningObjectTable
CoGetMalloc
CoQueryAuthenticationServices
HBITMAP_UserUnmarshal
HACCEL_UserMarshal
ProgIDFromCLSID
CoGetInstanceFromFile
CoDisableCallCancellation
CoFileTimeToDosDateTime
CoMarshalInterface
OleLoad
ReleaseStgMedium
BindMoniker
StringFromGUID2
HWND_UserFree
HMETAFILE_UserMarshal
StgCreateDocfile
CoFileTimeNow
CreateItemMoniker
WdtpInterfacePointer_UserFree
CreateStdProgressIndicator
FmtIdToPropStgName
CoUnloadingWOW
CoReactivateObject
WriteStringStream
StgCreateStorageEx
OleCreateFromDataEx
CoMarshalHresult
CoInitialize
StgCreateDocfileOnILockBytes
ReadOleStg
CoRevokeClassObject
CLIPFORMAT_UserSize
OleCreateStaticFromData
CoGetStdMarshalEx
CoGetClassVersion
HBITMAP_UserFree
MonikerRelativePathTo
CLIPFORMAT_UserMarshal
HkOleRegisterObject
FreePropVariantArray
CoGetCurrentLogicalThreadId
OleSetContainedObject
IsAccelerator
UtConvertDvtd32toDvtd16
GetHGlobalFromILockBytes
CoLoadLibrary
OleSave
OleIsCurrentClipboard
HMETAFILEPICT_UserMarshal
CoBuildVersion
CoAllowSetForegroundWindow
CLSIDFromProgID
OleCreate
CoGetCurrentProcess
OleCreateLinkEx
StgOpenStorage
OleRun
CoDeactivateObject
WriteClassStg
ReadFmtUserTypeStg
SNB_UserMarshal
StgCreatePropStg
CoFreeUnusedLibraries
HENHMETAFILE_UserUnmarshal
HICON_UserFree
StgGetIFillLockBytesOnFile
CreateDataCache
STGMEDIUM_UserSize
CoLockObjectExternal
CoDisconnectObject
HMETAFILEPICT_UserFree
CoRegisterClassObject
CoGetMarshalSizeMax
HENHMETAFILE_UserMarshal
StgOpenPropStg
CoResumeClassObjects
CoCreateFreeThreadedMarshaler
CreateDataAdviseHolder
DcomChannelSetHResult
OleGetClipboard
HBRUSH_UserFree
CoRegisterSurrogateEx
HDC_UserUnmarshal
CoTaskMemFree
OleDoAutoConvert
HICON_UserUnmarshal
OleConvertOLESTREAMToIStorageEx
CoUninitialize
HGLOBAL_UserMarshal
CoDosDateTimeToFileTime
GetClassFile
HWND_UserUnmarshal
RegisterDragDrop
CLSIDFromString
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
CreateOleAdviseHolder
GetDocumentBitStg
HBRUSH_UserMarshal
OleCreateLinkFromDataEx
OleLockRunning
HGLOBAL_UserFree
HENHMETAFILE_UserSize
PropVariantCopy
CoFreeAllLibraries
CoSetCancelObject
OleFlushClipboard
OleRegEnumVerbs
CoReleaseServerProcess
CoRegisterSurrogate
OleSetMenuDescriptor
CoIsHandlerConnected

comctl32

ImageList_GetBkColor
FlatSB_EnableScrollBar
ord17
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_GetImageRect
ImageList_DrawEx
ImageList_EndDrag
InitCommonControlsEx
ord2
ImageList_DragShowNolock
GetMUILanguage
InitializeFlatSB
ImageList_DrawIndirect
ImageList_AddIcon
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
ImageList_LoadImage
ImageList_DragMove
ImageList_Destroy
ImageList_Read
FlatSB_GetScrollRange
ImageList_Merge
PropertySheetW
_TrackMouseEvent
ImageList_LoadImageW
CreateStatusWindowW
CreateToolbarEx
ord7
PropertySheetA
ImageList_Create
ImageList_Write
ord8
ord15
CreatePropertySheetPageA
ImageList_DragLeave
FlatSB_GetScrollProp
ord16
ImageList_Copy
FlatSB_SetScrollRange
ImageList_Remove
ImageList_SetIconSize
ImageList_BeginDrag
CreatePropertySheetPage
CreatePropertySheetPageW
ord4
ord3
FlatSB_SetScrollProp
ord6
ImageList_Replace
DrawStatusTextW
CreateStatusWindow
FlatSB_GetScrollPos
ImageList_SetDragCursorImage
ImageList_SetBkColor
ord14
ImageList_GetIconSize
DestroyPropertySheetPage
UninitializeFlatSB
ImageList_SetFilter
ImageList_GetIcon
DrawStatusText
ord13
InitMUILanguage
ImageList_GetDragImage

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV2
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textF4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textV1
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

555c9b2727d43f9533e06fb33ca81c76

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86Certificate

Extended Key Usages

7f:bf:38:40:fc:09:c5:f7:81:0f:8e:08:86:51:33:99:1d:f0:e2:01Signer

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

comctl32

Sections

.text Size: 4KB - Virtual size: 4KB

.textV2 Size: 278KB - Virtual size: 278KB

.textF4 Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 9KB

.textV1 Size: 1024B - Virtual size: 1000B

.textV3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

7f:bf:38:40:fc:09:c5:f7:81:0f:8e:08:86:51:33:99:1d:f0:e2:01
Signer

.text
Size: 4KB - Virtual size: 4KB

.textV2
Size: 278KB - Virtual size: 278KB

.textF4
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 9KB

.textV1
Size: 1024B - Virtual size: 1000B

.textV3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB