b187fc38dfdc6cd22dfc08b1775617d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b187fc38dfdc6cd22dfc08b1775617d2_JaffaCakes118
Size

329KB
MD5

b187fc38dfdc6cd22dfc08b1775617d2
SHA1

4a652850f4b912be6d0d09c04417608264733c23
SHA256

c9c6d5060190c20a5b951339857774dbba4a57587e269741d0f23a99844caafe
SHA512

0d8ceb10d0b5818854dd9ffe2f5a49e604d94cd97af3ce1395ea28287b7c32fa2e91b4193e7ac4dd6586acf401d6796a05d3a060283fc7538398e1b11e545210
SSDEEP

6144:aVqhA2qjr9iVIR4zaWu+1P+Y337lKSzgOsbrJwO:awiFiVIWu+xz30hxrJwO

Score

1^/10

Malware Config

Signatures

Files

b187fc38dfdc6cd22dfc08b1775617d2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0317af2a5eef65a2ea78710e541289f2

Code Sign

56:1d:24:8b:8b:56:50:b0:4d:60:1a:2e:3e:c7:02:7a
Certificate

Issuer

CN=WXLKPVPA

Not Before

11/03/2019, 18:29

Not After

31/12/2039, 23:59

Subject

CN=WXLKPVPA

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b5:67:28:bd:b6:ae:6f:2f:7b:db:05:75:22:ac:4f:03:46:28:48:7d:14:e3:60:42:3e:69:09:f8:1a:80:4c:d7
Signer

Actual PE Digest

b5:67:28:bd:b6:ae:6f:2f:7b:db:05:75:22:ac:4f:03:46:28:48:7d:14:e3:60:42:3e:69:09:f8:1a:80:4c:d7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLCID
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultUILanguage
GetVersionExA
GetVersionExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
GetStartupInfoW
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
RaiseException
ReadFile
RegisterWaitForSingleObject
RemoveDirectoryW
RtlUnwind
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnregisterWait
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
lstrcmpiW
lstrlenW
GetStartupInfoA
GetProcessHeap
GetProcAddress
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoW
GetLocaleInfoA
GetLastError
GetFullPathNameW
GetFileType
GetFileSize
GetFileAttributesExW
GetEnvironmentVariableW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
FreeResource
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FlushFileBuffers
FindResourceW
FindResourceExW
ExitProcess
EnterCriticalSection
DuplicateHandle
DosDateTimeToFileTime
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreateMutexW
CreateFileW
CreateFileA
CreateEventW
CreateDirectoryW
CloseHandle
VirtualAlloc
MulDiv

user32

LoadIconW
IsDlgButtonChecked
InvalidateRect
HideCaret
GetWindowRect
GetWindowLongW
GetSysColor
GetParent
GetMonitorInfoW
GetMessageTime
LoadStringW
GetDC
FindWindowW
FillRect
ExitWindowsEx
EndPaint
EndDialog
EnableWindow
DrawTextW
DlgDirSelectExW
MapWindowPoints
MessageBoxTimeoutW
MessageBoxW
OffsetRect
MonitorFromWindow
MsgWaitForMultipleObjects
ToAscii
SystemParametersInfoW
ShowWindow
SetWindowTextW
SetWindowPos
SetWindowLongW
SetForegroundWindow
SetFocus
SendMessageW
ReleaseDC
RegisterWindowMessageW
PostQuitMessage
PostMessageW
GetDlgItem
DialogBoxParamW
ChangeDisplaySettingsExW
BeginPaint
GetFocus
OpenIcon
IsMenu
DestroyWindow
WindowFromDC
CloseWindowStation
GetListBoxInfo
CloseDesktop
CloseWindow
CreateMenu
IsCharAlphaNumericW
ReleaseCapture
CharNextW
GetMessageExtraInfo
IsClipboardFormatAvailable
InSendMessage
EndMenu
IsCharUpperA
IsWindowEnabled
GetDialogBaseUnits
GetDoubleClickTime
IsWindowUnicode
DrawMenuBar

gdi32

SetBkColor
RestoreDC
IntersectClipRect
GetTextExtentPointA
GetObjectA
GetNearestPaletteIndex
GetClipBox
GetBkColor
GdiConvertMetaFilePict
CreateSolidBrush
CreateFontIndirectA
CreateFontA
BitBlt
BRUSHOBJ_hGetColorTransform
GetObjectType
CreatePatternBrush
CloseFigure
DeleteObject
DeleteEnhMetaFile
SaveDC

advapi32

RegCloseKey
RegOpenKeyW
RegOpenKeyA
RegQueryValueExW

shell32

SHGetSpecialFolderPathA
ShellAboutA
SHIsFileAvailableOffline
SHGetSpecialFolderLocation
SHGetSettings
SHGetFileInfo
SHFileOperationA
DragAcceptFiles
DragFinish
DragQueryFileW
SHAppBarMessage
SHChangeNotify
ShellExecuteExW

shlwapi

StrCmpNIW
StrRChrW
StrRStrIW
StrStrW
StrCmpNA
StrChrA

comctl32

ImageList_ReplaceIcon
ImageList_Replace
ImageList_Remove
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_EndDrag
ImageList_Draw
ImageList_SetBkColor
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_AddMasked
ImageList_Add
ImageList_SetDragCursorImage
InitCommonControlsEx
PropertySheetW
ImageList_DragMove

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
ImmSetCompositionWindow

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0317af2a5eef65a2ea78710e541289f2

Code Sign

56:1d:24:8b:8b:56:50:b0:4d:60:1a:2e:3e:c7:02:7aCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

b5:67:28:bd:b6:ae:6f:2f:7b:db:05:75:22:ac:4f:03:46:28:48:7d:14:e3:60:42:3e:69:09:f8:1a:80:4c:d7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

imm32

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 163KB - Virtual size: 163KB

.rsrc Size: 7KB - Virtual size: 7KB

56:1d:24:8b:8b:56:50:b0:4d:60:1a:2e:3e:c7:02:7a
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

b5:67:28:bd:b6:ae:6f:2f:7b:db:05:75:22:ac:4f:03:46:28:48:7d:14:e3:60:42:3e:69:09:f8:1a:80:4c:d7
Signer

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 163KB - Virtual size: 163KB

.rsrc
Size: 7KB - Virtual size: 7KB