a89ab4f72452e61ec9a7c4415f10a1d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a89ab4f72452e61ec9a7c4415f10a1d5_JaffaCakes118
Size

324KB
MD5

a89ab4f72452e61ec9a7c4415f10a1d5
SHA1

4973d2706c3539dc116737c74f980631d41e8526
SHA256

5ac1eb69d7da04b75afac4a1734d9989c30cea87362dcdd8cbc574ec30b7a1b4
SHA512

56e1e2b32b1050464cb153610a73b0597b9b653663c30568d3d347233b9e4054c31f7f7d2dbcfb904a966e18f7c7fdc63a8799ae40007c66c4ae6c1ba3cc41d4
SSDEEP

6144:y62eP3ELKCtMigFYhP98esfQskX4R5Zsyw3g5F5pG2aWWFuC:PP3cTgGhOesfhYk+grGoC

Score

1^/10

Malware Config

Signatures

Files

a89ab4f72452e61ec9a7c4415f10a1d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

87b0c7ea90682efba3bd292a91878a89

Code Sign

3b:18:b0:48:ec:0d:36:42:bb:3c:0d:4e:3b:f9:98:15
Certificate

Issuer

CN=Root Agency

Not Before

24/10/2011, 14:20

Not After

31/12/2039, 23:59

Subject

CN=Joe's-Software-Emporium

0b:e7:bc:a8:59:10:32:9b:c6:69:12:af:8e:9d:57:ed:28:69:67:e1
Signer

Actual PE Digest

0b:e7:bc:a8:59:10:32:9b:c6:69:12:af:8e:9d:57:ed:28:69:67:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glTexCoord4s
glPushMatrix
glTexCoord1fv
glColor4s
glFlush
glTexCoord3dv
glLightfv
glColor4uiv
glDrawArrays
glColor3ub
glFogiv
glLogicOp
glMaterialfv
glRasterPos4s
glCopyTexImage2D
glColor4b
glViewport
glTranslatef
glNormal3b
glClearColor
glGetPixelMapfv
glPassThrough
glIndexubv
glStencilFunc
glGetPointerv
glNormal3iv
glColorMask
glVertex3f
glColor4fv
glEndList
glVertex3iv
glRasterPos4i
glTranslated

glu32

gluTessCallback
gluNewTess
gluEndCurve
gluPartialDisk
gluCylinder
gluQuadricTexture
gluLoadSamplingMatrices
gluEndSurface
gluDisk
gluBuild1DMipmaps
gluQuadricCallback
gluNurbsProperty
gluNurbsCurve
gluQuadricOrientation
gluDeleteNurbsRenderer
gluGetTessProperty
gluPerspective
gluPwlCurve
gluLookAt
gluNewNurbsRenderer
gluQuadricNormals
gluNurbsSurface
gluTessEndPolygon
gluOrtho2D

ole32

CreateDataCache
CoUninitialize
StringFromGUID2
CoMarshalHresult
CoMarshalInterface
CoInitialize
CoReleaseMarshalData
CreateGenericComposite
CoRevokeMallocSpy
OleGetIconOfClass
CoFreeUnusedLibraries
CoLockObjectExternal
CoResumeClassObjects
CoGetStdMarshalEx
CoTaskMemAlloc
OleGetAutoConvert
CoCreateInstance
CoReleaseServerProcess
CoFreeAllLibraries

comctl32

ord17
ord2
CreatePropertySheetPageA
ord6
ord5
PropertySheetA
ord16
ord8
PropertySheetW
ord15
CreatePropertySheetPageW
InitializeFlatSB
ord14

shlwapi

StrChrA
StrRChrIW
StrToIntA
StrStrA
StrChrW

msvcrt

__set_app_type
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_exit
_except_handler3
_controlfp

kernel32

VirtualAlloc
ExitProcess
GetModuleHandleA
GetProcAddress
GetStartupInfoA

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 286KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87b0c7ea90682efba3bd292a91878a89

Code Sign

3b:18:b0:48:ec:0d:36:42:bb:3c:0d:4e:3b:f9:98:15Certificate

0b:e7:bc:a8:59:10:32:9b:c6:69:12:af:8e:9d:57:ed:28:69:67:e1Signer

Headers

File Characteristics

Imports

opengl32

glu32

ole32

comctl32

shlwapi

msvcrt

kernel32

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 286KB - Virtual size: 652KB

.rsrc Size: 16KB - Virtual size: 15KB

3b:18:b0:48:ec:0d:36:42:bb:3c:0d:4e:3b:f9:98:15
Certificate

0b:e7:bc:a8:59:10:32:9b:c6:69:12:af:8e:9d:57:ed:28:69:67:e1
Signer

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 286KB - Virtual size: 652KB

.rsrc
Size: 16KB - Virtual size: 15KB