a3804361a1289f59f85c3499f6291a1b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3804361a1289f59f85c3499f6291a1b_JaffaCakes118
Size

207KB
MD5

a3804361a1289f59f85c3499f6291a1b
SHA1

63c561eddc6d7f12a6a566c7d012fc94d8971733
SHA256

89c35017051d428b20fcfbb00a653b6ae6df9973d8efaa4ceec269f0e0383027
SHA512

00e72a1444c303dba711b5ca8309fd9efe2206f874b72ff9fdcd2653dd1fecc705e9604dd1ada67128e94ffad8099f3d693279db3db886a8856ca5c222806b92
SSDEEP

6144:fWl/tORJyoqOjzep2I0kqVm2aKGS7sN7hU8n38:+l/tO75qOjz+2Iwon0e7hU8ns

Score

1^/10

Malware Config

Signatures

Files

a3804361a1289f59f85c3499f6291a1b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bb18b2dddc02fe3510adaacee9e647a2

Code Sign

4c:a7:b6:c4:44:54:10:76:bb:48:16:f2:de:db:7b:b7
Certificate

Issuer

CN=MXq1

Not Before

16/05/2012, 13:23

Not After

31/12/2039, 23:59

Subject

CN=MXq1

Extended Key Usages

ExtKeyUsageCodeSigning

75:95:cf:d6:05:d8:63:c8:2c:e0:00:0c:c2:7e:b0:60:bf:f5:e4:a3
Signer

Actual PE Digest

75:95:cf:d6:05:d8:63:c8:2c:e0:00:0c:c2:7e:b0:60:bf:f5:e4:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualAllocEx
RtlUnwind
GetModuleHandleW
GetProcAddress
IsDebuggerPresent

user32

LoadCursorA
LoadIconA
ShowCursor

gdi32

GetStockObject

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCreateKeyExW

shell32

SHAddToRecentDocs
SHChangeNotify

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

shlwapi

PathAppendW
PathFileExistsW
PathFindFileNameW
PathGetArgsW
PathGetDriveNumberW
PathIsUNCW
PathRemoveFileSpecW
StrToIntW
PathUnquoteSpacesW

imm32

ImmDisableIME

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb18b2dddc02fe3510adaacee9e647a2

Code Sign

4c:a7:b6:c4:44:54:10:76:bb:48:16:f2:de:db:7b:b7Certificate

Extended Key Usages

75:95:cf:d6:05:d8:63:c8:2c:e0:00:0c:c2:7e:b0:60:bf:f5:e4:a3Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

imm32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 182KB - Virtual size: 183KB

.data2 Size: 512B - Virtual size: 4B

.CRT Size: 1KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 992B

4c:a7:b6:c4:44:54:10:76:bb:48:16:f2:de:db:7b:b7
Certificate

75:95:cf:d6:05:d8:63:c8:2c:e0:00:0c:c2:7e:b0:60:bf:f5:e4:a3
Signer

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 182KB - Virtual size: 183KB

.data2
Size: 512B - Virtual size: 4B

.CRT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 992B