a9d695f1765de1ce0f1d8bceb9ca2288_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9d695f1765de1ce0f1d8bceb9ca2288_JaffaCakes118
Size

23KB
MD5

a9d695f1765de1ce0f1d8bceb9ca2288
SHA1

4caf4e880c561e8497be3743425e384dd7fd6294
SHA256

3d1d8c62be83f6a393b31cac7d983df74f4535b971877c45651864f80248fbe1
SHA512

93ce542255b1171d66ede5819d0cd2fddb7af34f3ab2dcd3a4dccce4b50e1e701fdb5ed4af1bc3390c87989dd3469ecb3100f78951a77a8c74c2f5dee149626d
SSDEEP

384:NDZEcDXBS4RupdKyqYDsDUXr1lIywySi3cRVT8jcwz9:JZDRStpnTsQzcv8jPJ

Score

1^/10

Malware Config

Signatures

Files

a9d695f1765de1ce0f1d8bceb9ca2288_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9cec985af4cc513849a70383d8c855a7

Code Sign

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:ca
Certificate

Issuer

CN=55121212512

Not Before

14/02/2012, 04:59

Not After

31/12/2039, 23:59

Subject

CN=55121212512

Extended Key Usages

ExtKeyUsageCodeSigning

34:e3:e3:18:db:bd:d6:b8:a8:22:32:d7:b4:43:fe:36:8f:55:6b:3c
Signer

Actual PE Digest

34:e3:e3:18:db:bd:d6:b8:a8:22:32:d7:b4:43:fe:36:8f:55:6b:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAdjustment
GetSystemWindowsDirectoryA
GetVolumeNameForVolumeMountPointA
GetVolumePathNameA
GlobalAlloc
GlobalSize
Heap32ListNext
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapSize
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFree
LocalShrink
MoveFileWithProgressW
OpenFile
OpenFileMappingW
OpenMutexA
OpenMutexW
PeekNamedPipe
Process32FirstW
Process32NextW
QueryDosDeviceW
ReadConsoleOutputA
ReadConsoleOutputW
ReadFile
ReplaceFile
ResetEvent
GetSystemDirectoryW
SearchPathA
SetCommBreak
SetCommTimeouts
SetConsoleCP
SetConsoleMode
SetDefaultCommConfigW
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetHandleInformation
SetMessageWaitingIndicator
SetProcessShutdownParameters
SetThreadExecutionState
SetThreadIdealProcessor
SetVolumeMountPointA
SuspendThread
UnhandledExceptionFilter
UnregisterWaitEx
VerLanguageNameA
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitCommEvent
WideCharToMultiByte
WriteConsoleW
WriteFileEx
WriteFileGather
WritePrivateProfileSectionA
WritePrivateProfileStringA
WritePrivateProfileStructW
WriteProfileStringW
_lcreat
GetStringTypeW
GetStdHandle
GetProfileSectionW
GetProcessVersion
GetProcessTimes
GetProcessHeaps
GetProcessHeap
GetPrivateProfileStructW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileIntA
GetNumberOfConsoleMouseButtons
GetNamedPipeInfo
GetMailslotInfo
GetFileSize
GetFileInformationByHandle
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetEnvironmentVariableW
GetEnvironmentVariableA
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrencyFormatW
GetConsoleAliasesW
GetCommModemStatus
GetCommConfig
GetModuleHandleA
GetBinaryTypeW
GetBinaryType
GetAtomNameW
GetAtomNameA
FreeEnvironmentStringsW
FormatMessageW
FoldStringA
FlushInstructionCache
FindNextFileA
FindFirstFileW
FindCloseChangeNotification
FindClose
ExpandEnvironmentStringsW
ExitThread
EscapeCommFunction
EnumTimeFormatsW
EnumTimeFormatsA
EnumSystemLanguageGroupsW
EnumResourceNamesW
EnumLanguageGroupLocalesW
EnumCalendarInfoW
DosDateTimeToFileTime
DnsHostnameToComputerNameA
DisableThreadLibraryCalls
DeleteVolumeMountPointW
DeleteFileA
DeleteFiber
DefineDosDeviceA
CreateWaitableTimerW
CreateIoCompletionPort
CreateFileW
CreateFileMappingA
CreateDirectoryExA
CreateDirectoryA
CreateConsoleScreenBuffer
CopyFileA
ClearCommError
BuildCommDCBAndTimeoutsW
BeginUpdateResourceW
Beep
AllocConsole
GetProcAddress
ScrollConsoleScreenBufferW

msvcrt

memset

user32

LoadBitmapA

advapi32

RegOpenKeyExA
RegOpenKeyA

oleaut32

VarDateFromUdate
VarDateFromUdateEx
VarDecFromI1
VarDecFromI2
VarDecFromI4
VarDecInt
VarDecMul
VarDecNeg
VarDecRound
VarFormatCurrency
VarFormatDateTime
VarI1FromDisp
VarI1FromR4
VarI1FromUI1
VarI2FromDate
VarI2FromI1
VarI2FromUI1
VarI4FromCy
VarI4FromDate
VarI4FromI1
VarI4FromStr
VarI4FromUI2
VarI4FromUI4
VarIdiv
VarOr
VarR4CmpR8
VarR4FromDate
VarR4FromDec
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromR8
VarR4FromUI2
VarR4FromUI4
VarR8FromI2
VarR8FromR4
VarR8Pow
VarR8Round
VarRound
VarUI1FromBool
VarUI1FromDec
VarUI1FromR4
VarUI2FromCy
VarUI2FromDate
VarUI2FromDisp
VarUI2FromUI1
VarUI4FromBool
VarUI4FromCy
VarUI4FromI2
VarUI4FromI4
VarUI4FromR4
VarUI4FromStr
VariantChangeType
VariantTimeToDosDateTime
VectorFromBstr
VarDateFromR8
VarDateFromR4
VarDateFromI4
VarDateFromI2
VarDateFromCy
VarCySu
VarCyRound
VarCyMulI4
VarCyMul
VarCyInt
VarCyFromUI4
VarCyFromUI1
VarCyFromI1
VarCyFromDisp
VarCyFromDate
VarCyFix
VarCyCmpR8
VarCyCmp
VarCat
VarBstrFromR8
VarBstrFromR4
VarBstrFromI4
VarBstrFromDisp
VarBstrFromDec
VarBstrFromBool
VarBstrCat
VarBoolFromUI4
VarBoolFromUI2
VarBoolFromStr
VarBoolFromR8
VarBoolFromR4
VarBoolFromI4
VarBoolFromI2
VarBoolFromI1
VARIANT_UserSize
VARIANT_UserMarshal
UnRegisterTypeLi
SysStringByteLen
SysReAllocStringLen
SysFreeString
SafeArrayUnlock
SafeArrayUnaccessData
SafeArrayPutElement
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayDestroyData
SafeArrayCreateVector
SafeArrayAllocData
OleTranslateColor
OleSavePictureFile
OleLoadPictureFile
OleIconToCursor
OleCreatePropertyFrameIndirect
LoadTypeLibEx
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_Size
LPSAFEARRAY_Marshal
GetErrorInfo
DosDateTimeToVariantTime
CreateStdDispatch
BstrFromVector
BSTR_UserUnmarshal
BSTR_UserSize
SafeArrayGetVartype

imm32

ImmCreateContext
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmConfigureIMEW
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmConfigureIMEA
ImmGetIMEFileNameW
ImmUnlockIMC
ImmUnlockIMCC
ImmUnregisterWordA
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cec985af4cc513849a70383d8c855a7

Code Sign

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:caCertificate

Extended Key Usages

34:e3:e3:18:db:bd:d6:b8:a8:22:32:d7:b4:43:fe:36:8f:55:6b:3cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

advapi32

oleaut32

imm32

Sections

.text Size: 8KB - Virtual size: 8KB

.text1 Size: 2KB - Virtual size: 1KB

.text2 Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 88B

.rsrc Size: 2KB - Virtual size: 1KB

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:ca
Certificate

34:e3:e3:18:db:bd:d6:b8:a8:22:32:d7:b4:43:fe:36:8f:55:6b:3c
Signer

.text
Size: 8KB - Virtual size: 8KB

.text1
Size: 2KB - Virtual size: 1KB

.text2
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 88B

.rsrc
Size: 2KB - Virtual size: 1KB