adffdd67f1944187068130645f040798_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

adffdd67f1944187068130645f040798_JaffaCakes118
Size

84KB
MD5

adffdd67f1944187068130645f040798
SHA1

36626ea5b418885a831bffb54dc8f1a4ae9aecfb
SHA256

69768502a04378d67369b0ea68b1d85c32da317e4526d7833812e543a38517b2
SHA512

3f9fc33d423f59d6699a88735126a12bd6c398df1c30f4044bd2eb4c2f212d975cd930a3cb7046ab3081cef6c4c1e9903ea88198bf408352f861f0fe446e5ede
SSDEEP

768:sAfla7wFtRg5aroZKvozoI5hGBH0ko8M62NT8d1yyDV8lqPwEupV6yl4BNoJbmFQ:Vfla7wFrgyozo8b/nTGRV804LpVsoBWQ

Score

1^/10

Malware Config

Signatures

Files

adffdd67f1944187068130645f040798_JaffaCakes118
.exe windows:4 windows x86 arch:x86

78559d401235c862b7fc78f233a8867a

Code Sign

7a:f0:6e:ba:74:23:c2:7c:b8:9b:f6:6d:62:09:c7:73
Certificate

Issuer

CN=Root Agency

Not Before

10/06/2010, 01:08

Not After

31/12/2039, 23:59

Subject

CN=Microsoft,OU=WWW.CeleWare.NET,O=CeleWare.NET,1.2.840.113549.1.9.1=#0c164d6963726f736f66744043656c65576172652e4e4554

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateFileA
GetCurrentProcess
VirtualFreeEx
WaitForSingleObject
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
GlobalFree
WriteFile
SizeofResource
LockResource
LoadResource
FindResourceA
CopyFileA
DeleteFileA
Sleep
CloseHandle
CreateToolhelp32Snapshot
Process32First
lstrlenA
Process32Next
GetFileAttributesA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
FlushFileBuffers
SetFilePointer
GetStringTypeA
GetStringTypeW
SetStdHandle

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78559d401235c862b7fc78f233a8867a

Code Sign

7a:f0:6e:ba:74:23:c2:7c:b8:9b:f6:6d:62:09:c7:73Certificate

Signer

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 56KB - Virtual size: 54KB

7a:f0:6e:ba:74:23:c2:7c:b8:9b:f6:6d:62:09:c7:73
Certificate

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 56KB - Virtual size: 54KB