b5553645fe819a93aafe2894da13dae7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b5553645fe819a93aafe2894da13dae7_JaffaCakes118
Size

812KB
MD5

b5553645fe819a93aafe2894da13dae7
SHA1

eb851adfada7b40fc4f6c0ae348694500f878493
SHA256

1a7239c006a3adf893bdb5c2300b2964ed8bb454e1b622853e4460707dc63c16
SHA512

aff9b7b3ab809a79a33ee6bc6a7984e334b62f6ab50e81e57c81c9fe39f37db77370f3a0777f5ce52b89b627b651d61068d380d399f333d92ba4a01bd15399cb
SSDEEP

24576:ell1AmkPi57ViWIkUNBRKU1y0/x2s5/cadpJHnZGRi:e3amkPi2hkUNBRKU1J/cadpJHnZG

Score

1^/10

Malware Config

Signatures

Files

b5553645fe819a93aafe2894da13dae7_JaffaCakes118
.dll windows:5 windows x86 arch:x86

fbb651ece013be903faf7bb133397b71

Code Sign

30:84:92:ab:d4:78:f6:41:be:42:ec:2f:fd:33:79:af
Certificate

Issuer

CN=Advanced Micro Devices\, Inc.

Not Before

24/02/2015, 07:49

Not After

31/12/2039, 23:59

Subject

CN=Advanced Micro Devices\, Inc.

3e:16:05:39:85:09:81:09:97:37:0d:91:94:20:0c:ba:0c:d4:ec:1a
Signer

Actual PE Digest

3e:16:05:39:85:09:81:09:97:37:0d:91:94:20:0c:ba:0c:d4:ec:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIW
StrToIntExA
StrToIntA
PathFileExistsW
StrCpyW
StrToIntW
PathStripPathW
PathQuoteSpacesW
StrCmpW
PathAddBackslashW
StrStrW
PathRemoveFileSpecW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

kernel32

CreateToolhelp32Snapshot
SetFilePointer
GetModuleHandleW
ReadFile
GetLastError
FindFirstFileW
GetTickCount
VirtualFree
InitializeCriticalSection
TerminateThread
LeaveCriticalSection
GetExitCodeProcess
VirtualAlloc
EnterCriticalSection
FindClose
DeleteCriticalSection
CreateThread
SetEnvironmentVariableA
GetTimeZoneInformation
CompareStringW
GetDateFormatA
GetTimeFormatA
HeapAlloc
HeapFree
GetProcessHeap
Sleep
lstrlenA
DeleteFileW
LocalAlloc
lstrlenW
lstrcmpW
WideCharToMultiByte
LoadLibraryA
HeapReAlloc
GetTempPathA
FileTimeToLocalFileTime
GetCurrentThreadId
GetCurrentDirectoryA
GetTempFileNameA
InterlockedIncrement
lstrcmpA
FreeLibrary
CreateProcessW
InterlockedCompareExchange
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetFileSize
SetUnhandledExceptionFilter
SetErrorMode
CreateMutexW
FileTimeToDosDateTime
CloseHandle
CreateEventW
CreateFileW
TerminateProcess
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
ExpandEnvironmentStringsW
ReleaseMutex
SetCurrentDirectoryW
GetProcAddress
GetCurrentDirectoryW
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ExitProcess
GetModuleFileNameW
LoadLibraryW
OpenProcess
GetSystemTimeAsFileTime
WaitForSingleObject
GetModuleHandleA
lstrcmpiW
GetEnvironmentVariableW
Process32FirstW
Process32NextW
GetCurrentProcessId
InterlockedDecrement
SetHandleInformation
GetVersionExW
CreatePipe
GetCurrentProcess
GetComputerNameW
IsWow64Process
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateSemaphoreW
GetTempFileNameW
GetTempPathW
GetFullPathNameW
GetLocalTime
GetACP
SetEndOfFile
lstrcatW
EncodePointer
DecodePointer
ExitThread
InterlockedExchange
GetConsoleCP
GetConsoleMode
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
IsProcessorFeaturePresent
HeapSize
GetFileType
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
SetStdHandle
WriteConsoleW
GetOEMCP
IsValidCodePage
LocalFree

user32

GetWindowThreadProcessId
IsWindow
CharUpperW
GetWindowTextW
CreateDesktopW
EnumDesktopWindows
PostMessageW
CloseDesktop

advapi32

RegCreateKeyExW
DeleteService
CloseServiceHandle
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptGenKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptDeriveKey
CryptAcquireContextW
CryptExportKey
OpenServiceW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
EnumServicesStatusExW
RegEnumKeyExW
GetUserNameW
CheckTokenMembership
CreateServiceW
CryptGenRandom
OpenSCManagerW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ord680
ShellExecuteW
CommandLineToArgvW

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance

oleaut32

VarBstrFromUI8
VariantClear
SysStringLen
VariantInit
SysFreeString
SysAllocString
VarBstrFromUI4
SysAllocStringByteLen
VarBstrFromR8
VarBstrFromI4

wininet

InternetReadFile
InternetQueryDataAvailable
HttpOpenRequestW
InternetOpenW
HttpSendRequestW
InternetSetOptionW
InternetConnectW
InternetCloseHandle

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
WSACleanup
gethostbyname
gethostname

Exports

Exports

ADL2_Main_Control_Create
ADL2_Workstation_ECCData_Get
ADL_Adapter_CrossdisplayInfoX2_Set
ADL_ApplicationProfiles_User_Unload
ADL_Main_Control_Refresh
ADL_Overdrive5_PowerControlAbsValue_Set

Sections

.text
Size: 521KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbb651ece013be903faf7bb133397b71

Code Sign

30:84:92:ab:d4:78:f6:41:be:42:ec:2f:fd:33:79:afCertificate

3e:16:05:39:85:09:81:09:97:37:0d:91:94:20:0c:ba:0c:d4:ec:1aSigner

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 521KB - Virtual size: 520KB

.rdata Size: 151KB - Virtual size: 150KB

.data Size: 101KB - Virtual size: 110KB

.reloc Size: 37KB - Virtual size: 36KB

30:84:92:ab:d4:78:f6:41:be:42:ec:2f:fd:33:79:af
Certificate

3e:16:05:39:85:09:81:09:97:37:0d:91:94:20:0c:ba:0c:d4:ec:1a
Signer

.text
Size: 521KB - Virtual size: 520KB

.rdata
Size: 151KB - Virtual size: 150KB

.data
Size: 101KB - Virtual size: 110KB

.reloc
Size: 37KB - Virtual size: 36KB