b0496e1e809903de34ec8070b029b110_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0496e1e809903de34ec8070b029b110_JaffaCakes118
Size

20KB
MD5

b0496e1e809903de34ec8070b029b110
SHA1

c6c3da7d305e59a36770403a3c10a2d337b3dafe
SHA256

29e5bbd812b92d09d0837a6e179d12e867872e910f99d4d1d7b878ed6d23c605
SHA512

ff6d8c862c623cafa904b7b3bc94f0aaabe4cd5587589daad0f36575b5a402c9b853051a1e7719636af1c1bacbd009fe69433b8cc48a14cb751705a321c36747
SSDEEP

384:V3iOoetHFbnCQeEmzIhh4WWieZWRT2tZHg:V3Xo2HFLhqUhhdeNHA

Score

1^/10

Malware Config

Signatures

Files

b0496e1e809903de34ec8070b029b110_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32284ed9129ec7a0f8e4ac6e8dd61fcf

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

Issuer

CN=wqefggq235123

Not Before

01/03/2012, 11:19

Not After

31/12/2039, 23:59

Subject

CN=wqefggq235123

Extended Key Usages

ExtKeyUsageCodeSigning

2c:93:57:95:61:5d:93:7f:c7:df:e1:7c:9a:70:83:4b:ab:d7:88:8a
Signer

Actual PE Digest

2c:93:57:95:61:5d:93:7f:c7:df:e1:7c:9a:70:83:4b:ab:d7:88:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
AllocateUserPhysicalPages
AreFileApisANSI
BackupSeek
Beep
CompareStringA
ContinueDebugEvent
CopyFileExA
CreateFileMappingA
CreateIoCompletionPort
CreatePipe
CreateSemaphoreA
DisableThreadLibraryCalls
DuplicateHandle
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EscapeCommFunction
FileTimeToLocalFileTime
FillConsoleOutputAttribute
FindFirstVolumeW
FindResourceA
FindVolumeClose
FindVolumeMountPointClose
FoldStringA
FoldStringW
FreeLibraryAndExitThread
GetCalendarInfoW
GetCommandLineW
GetCompressedFileSizeA
GetCurrentThread
GetExitCodeProcess
GetExitCodeThread
GetFileSize
GetLongPathNameW
GetPriorityClass
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetProcessShutdownParameters
GetProfileSectionA
GetProfileStringA
GetShortPathNameA
GetShortPathNameW
GetSystemInfo
GetThreadSelectorEntry
GetUserDefaultLCID
GetUserDefaultUILanguage
GetWriteWatch
GetProcAddress
GlobalFlags
GlobalMemoryStatus
Heap32ListNext
InitAtomTable
IsBadWritePtr
IsValidLocale
LCMapStringA
LocalAlloc
LocalFree
LocalShrink
MapUserPhysicalPages
MoveFileExW
MoveFileWithProgressW
OpenMutexW
OpenWaitableTimerW
PrepareTape
QueryPerformanceFrequency
ReadDirectoryChangesW
RemoveDirectoryA
ReplaceFileW
RequestDeviceWakeup
SetComputerNameExW
SetConsoleActiveScreenBuffer
SetConsoleTitleA
SetCriticalSectionSpinCount
SetFileAttributesW
SetHandleCount
SetThreadExecutionState
SetThreadIdealProcessor
SystemTimeToTzSpecificLocalTime
TlsFree
Toolhelp32ReadProcessMemory
UnhandledExceptionFilter
VerLanguageNameW
VerifyVersionInfoW
WaitForSingleObject
WriteConsoleA
WriteConsoleInputW
WriteConsoleOutputAttribute
WriteFile
WritePrivateProfileSectionA
WriteProfileStringW
_hwrite
_lopen
_lread
lstrcmp
GlobalFindAtomW
GetModuleHandleA

msvcrt

memset

advapi32

RegOpenKeyA

oleaut32

VarDecFromDate
VariantTimeToSystemTime
BstrFromVector
CreateErrorInfo
DispCallFunc
GetRecordInfoFromGuids
LPSAFEARRAY_UserMarshal
LoadRegTypeLi
OACreateTypeLib2
OaBuildVersion
OleLoadPictureEx
OleLoadPictureFile
OleLoadPicturePath
OleSavePictureFile
SafeArrayCreateVector
SafeArrayCreateVectorEx
SafeArrayGetElement
SafeArrayGetRecordInfo
SafeArraySetRecordInfo
SafeArrayUnaccessData
SafeArrayUnlock
SysAllocStringByteLen
SystemTimeToVariantTime
UnRegisterTypeLi
VARIANT_UserMarshal
VarBoolFromI1
VarBoolFromI4
VarBoolFromR4
VarBoolFromStr
VarBoolFromUI4
VarBstrCat
VarBstrFromBool
VarBstrFromI1
VarBstrFromI2
VarCyAbs
VarCyCmp
VarCyFromDate
VarCyFromI1
VarCyFromUI1
VarCySu
VarDateFromBool
VarDateFromI1
VarDecCmp
VarDecFix
VarDecFromI4
VarDecFromR8
VarDecFromStr
VarDecFromUI2
VarDecInt
VarDecNeg
VarDecRound
VarDiv
VarFormatCurrency
VarFormatFromTokens
VarI1FromBool
VarI1FromR8
VarI1FromUI1
VarI1FromUI2
VarI2FromBool
VarI2FromR4
VarI4FromI1
VarI4FromUI4
VarMod
VarMonthName
VarParseNumFromStr
VarR4FromCy
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromI4
VarR4FromR8
VarR8FromCy
VarR8FromDate
VarR8FromUI1
VarR8FromUI4
VarRound
VarTokenizeFormatString
VarUI1FromR8
VarUI2FromDec
VarUI2FromDisp
VarUI4FromDisp
VarUI4FromI1
VarUI4FromR8
VarUI4FromStr
VarXor
VariantInit

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32284ed9129ec7a0f8e4ac6e8dd61fcf

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50Certificate

Extended Key Usages

2c:93:57:95:61:5d:93:7f:c7:df:e1:7c:9a:70:83:4b:ab:d7:88:8aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 92B

.text4 Size: 2KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

2c:93:57:95:61:5d:93:7f:c7:df:e1:7c:9a:70:83:4b:ab:d7:88:8a
Signer

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 92B

.text4
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB