a7cc5ad390fcc623b78a4b671635cf4c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7cc5ad390fcc623b78a4b671635cf4c_JaffaCakes118
Size

947KB
MD5

a7cc5ad390fcc623b78a4b671635cf4c
SHA1

d5af412e757b3bee1be50af0ca0e0ab5ecc879fb
SHA256

5936662979704636cef726c5c17602a95a86091e07c7cce3ba08b7b047c46032
SHA512

6582523f924d0100afd7cf68276a990c09b8bb43d442f1ebc0b736591f1edffd0e797831ec3308927d0dbf4c36da2e4db2cf91a2b4c0b21f32eef78b62ab4b15
SSDEEP

24576:WgxHSzNhHluAPWdMcHXSjVuBa5j/2BsG/CK7NI+:HNQXD+ecHXSjVuBa5rhL0r

Score

1^/10

Malware Config

Signatures

Files

a7cc5ad390fcc623b78a4b671635cf4c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

65b5e27bcca6b8cc1e22a2fe7ce0b37b

Code Sign

39:b4:90:cd:4f:1f:42:bb:9e:bc:d0:4e:f5:99:32:a5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

07/07/2010, 00:00

Not After

07/07/2011, 23:59

Subject

CN=Design and Marketing D.M. SOCIEDAD ANONIMA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Loudmo,O=Design and Marketing D.M. SOCIEDAD ANONIMA,L=Escazu,ST=San Jose,C=CR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strchr
_errno
_cexit
fputs
_wrename
iswdigit
realloc
_wtoi
memchr
_purecall
strtoul
strrchr
getenv
_XcptFilter
fscanf
tmpfile
_pclose
fflush
_popen
fgets
setvbuf
fwrite
ftell
fseek
clearerr
rename
_mktime64
ferror
system
remove
clock
??3@YAXPAX@Z
strftime
setlocale
_localtime64
_time64
isalnum
ispunct
tolower
strncpy
isalpha
isdigit
isupper
iscntrl
toupper
islower
strpbrk
isxdigit
atan2
sqrt
cos
modf
ldexp
pow
log
tanh
sinh
tan
fmod
srand
cosh
acos
floor
frexp
log10
atan
exp
__mb_cur_max
_iob
feof
strerror
ungetc
fopen
fread
_gmtime64
fprintf
_exit
_setjmp3
freopen
fclose
tmpnam
getc
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
_controlfp
?terminate@@YAXXZ
_itoa
_snprintf
isleadbyte
mbtowc
__set_app_type
__p__fmode
__p__commode
_wcsicmp
ceil
memcmp
strstr
rand
wcsstr
wcsncpy
strcpy
strcmp
calloc
towlower
wcstoul
wcstol
??2@YAPAXI@Z
strlen
memmove
wcslen
isspace
wcscmp
??_U@YAPAXI@Z
memcpy
??_V@YAXPAX@Z
sprintf
free
malloc
memset
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
__wgetmainargs
iswctype
_onexit
_lock
__dllonexit
_unlock
abs
localeconv
longjmp
strcoll
strcat
strcspn
strncat
strtod
sin
asin
_strcmpi
fabs
_except_handler3

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

urlmon

ObtainUserAgentString

wininet

InternetCrackUrlW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetOpenUrlW
InternetReadFile

shlwapi

PathIsDirectoryW

kernel32

OpenProcess
VirtualFree
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
OutputDebugStringA
GetModuleHandleA
GetModuleFileNameA
GetVersion
GetSystemInfo
VirtualAlloc
VirtualProtect
GetFullPathNameW
GetExitCodeProcess
CreateProcessW
OutputDebugStringW
DebugBreak
Sleep
GetExitCodeThread
CreateThread
WaitForSingleObject
lstrlenA
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
HeapFree
lstrcpyW
GetProcessHeap
HeapAlloc
SetEndOfFile
lstrcpynA
LockResource
SetCurrentDirectoryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrcmpiW
GetCommandLineW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
TerminateProcess
FreeLibrary
LoadLibraryA
GetVersionExW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GetTickCount
GetTempPathW
LocalFree
LocalAlloc
GetModuleFileNameW
VirtualQuery
GetLastError
SetFileTime
WriteFile
CreateDirectoryW
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
CloseHandle
CreateFileW
GetFileAttributesW
SystemTimeToFileTime
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
InterlockedIncrement
lstrlenW
InterlockedDecrement
GetProcAddress
GetModuleHandleW

user32

ModifyMenuW
IsWindowVisible
wvsprintfW
CharLowerW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetDlgItem
GetSysColor
RedrawWindow
AppendMenuW
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
InvalidateRect
DestroyAcceleratorTable
LoadCursorW
RegisterClassExW
SetWindowTextW
EndDialog
SetRect
GetKeyState
MessageBoxA
PostQuitMessage
UnregisterClassA
GetClassInfoExW
MessageBoxW
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetParent
GetClientRect
MapWindowPoints
CreateDialogIndirectParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
FindWindowA
UpdateWindow
wsprintfW
SetMenuDefaultItem
GetMenuDefaultItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
IsMenu
DestroyMenu
SetActiveWindow
SetWindowPos
ShowWindow
DrawAnimatedRects
SetParent
CreateWindowExW
EnumChildWindows
FindWindowW
GetWindowRect
GetClassNameW
SystemParametersInfoW
DestroyWindow
KillTimer
SetTimer
ReleaseDC
GetDC
GetDesktopWindow
PostMessageW
TrackPopupMenu
SetForegroundWindow
GetCursorPos
LoadIconW
LoadStringW
SendMessageW
IsWindow
DestroyIcon
RegisterWindowMessageW
DefWindowProcW
GetWindowLongW
SetWindowLongW
CallWindowProcW

gdi32

DeleteObject
CreateSolidBrush
BitBlt
GetStockObject
GetObjectW
GetDeviceCaps
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC

advapi32

RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteW
SHGetFolderPathW
SHAppBarMessage
Shell_NotifyIconW

ole32

CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VariantClear
VariantInit
SysAllocString
VarUI4FromStr
SysFreeString
DispCallFunc
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocStringLen
OleCreateFontIndirect
SysStringLen
LoadTypeLi
SafeArrayCreateVector
VarBstrCmp
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi

Sections

.text
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ATL
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 675KB - Virtual size: 674KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65b5e27bcca6b8cc1e22a2fe7ce0b37b

Code Sign

39:b4:90:cd:4f:1f:42:bb:9e:bc:d0:4e:f5:99:32:a5Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

version

urlmon

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 217KB - Virtual size: 217KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 2KB - Virtual size: 3KB

ATL Size: 512B - Virtual size: 8B

.rsrc Size: 675KB - Virtual size: 674KB

.reloc Size: 12KB - Virtual size: 12KB

39:b4:90:cd:4f:1f:42:bb:9e:bc:d0:4e:f5:99:32:a5
Certificate

.text
Size: 217KB - Virtual size: 217KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 2KB - Virtual size: 3KB

ATL
Size: 512B - Virtual size: 8B

.rsrc
Size: 675KB - Virtual size: 674KB

.reloc
Size: 12KB - Virtual size: 12KB