b31a3f1703f48a7e1ba7ca518b83b6af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b31a3f1703f48a7e1ba7ca518b83b6af_JaffaCakes118
Size

370KB
MD5

b31a3f1703f48a7e1ba7ca518b83b6af
SHA1

13b1764141e4c680db04502b4283ee076db3acea
SHA256

c9c1dc3e744f17653c8a8f740ecf78f18a5d860bac475dbc81a1728df5aa6035
SHA512

3fdb1988b39736654e7742d4ca1fd7f55449dc925c35fef85bb3a1f02a1de3d652dcf2520267dcd9c0caf0ca4b553a7cbd80ccc7054c94f1a0fdca7fe7dcd694
SSDEEP

6144:AG8r+hAL5uOc9U89oI+jo+u7+68JSnxN6X5cUtl2VROTwHZjErU35ljt:Avr+XOc9UYopje7+68CxN6pP2VUTwHZP

Score

1^/10

Malware Config

Signatures

Files

b31a3f1703f48a7e1ba7ca518b83b6af_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d7d6a8b52b969b4b962f0ecabf9e9c64

Code Sign

39:b4:90:cd:4f:1f:42:bb:9e:bc:d0:4e:f5:99:32:a5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

07/07/2010, 00:00

Not After

07/07/2011, 23:59

Subject

CN=Design and Marketing D.M. SOCIEDAD ANONIMA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Loudmo,O=Design and Marketing D.M. SOCIEDAD ANONIMA,L=Escazu,ST=San Jose,C=CR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

tmpnam
_gmtime64
_mktime64
rename
clearerr
fseek
ftell
fwrite
setvbuf
fgets
_popen
fflush
_pclose
tmpfile
fscanf
getenv
strrchr
strtoul
strncpy
getc
fclose
freopen
ferror
fprintf
fread
fopen
ungetc
strerror
feof
strstr
rand
strcmp
strcpy
wcsncpy
_lock
_exit
wcstoul
sprintf
_strcmpi
system
exit
realloc
_wtoi
memchr
_purecall
calloc
ceil
memcpy
_wcsicmp
wcscmp
isalpha
isdigit
isupper
iscntrl
toupper
islower
strpbrk
isxdigit
atan2
sqrt
cos
modf
ldexp
pow
log
tanh
sinh
tan
fmod
srand
cosh
acos
floor
frexp
log10
atan
exp
fabs
asin
sin
remove
clock
strftime
setlocale
_localtime64
_wrename
_time64
_onexit
_setjmp3
isalnum
ispunct
iswdigit
tolower
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
_controlfp
?terminate@@YAXXZ
_itoa
_snprintf
isleadbyte
mbtowc
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
fputs
_XcptFilter
memcmp
wcsstr
isspace
free
malloc
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
strlen
wcslen
memset
??3@YAXPAX@Z
_iob
__mb_cur_max
strchr
_errno
_cexit
towlower
__wgetmainargs
__dllonexit
_unlock
memmove
abs
strcoll
strcat
strcspn
strncat
strtod
longjmp
localeconv
_except_handler3

urlmon

ObtainUserAgentString

wininet

HttpQueryInfoW
InternetSetOptionW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetOpenW

shlwapi

PathIsDirectoryW

kernel32

GetCommandLineW
VirtualFree
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
OutputDebugStringA
GetModuleHandleA
GetModuleFileNameA
TerminateProcess
OpenProcess
LoadLibraryA
GetVersionExW
RemoveDirectoryW
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
WideCharToMultiByte
FormatMessageA
GetFullPathNameW
LocalFree
LocalAlloc
GetExitCodeProcess
Sleep
CreateProcessW
GetFileAttributesW
OutputDebugStringW
DebugBreak
GetExitCodeThread
CreateThread
WaitForSingleObject
lstrlenA
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
lstrcpyW
SetFilePointer
WriteFile
CreateFileW
LockResource
SetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
DeleteFileW
CloseHandle
GetTickCount
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetLastError
lstrcmpiW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
lstrlenW
InterlockedIncrement
InterlockedDecrement
RaiseException
GetVersion
VirtualQuery
GetSystemInfo
GetModuleHandleW
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc

user32

IsWindowVisible
wvsprintfW
SetTimer
wsprintfW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetDlgItem
GetClassNameW
GetSysColor
RedrawWindow
UpdateWindow
CreateWindowExW
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
DestroyAcceleratorTable
DefWindowProcW
LoadCursorW
RegisterClassExW
FindWindowA
GetClassInfoExW
SetWindowTextW
EndDialog
SetRect
ShowWindow
MessageBoxA
PostQuitMessage
MessageBoxW
GetDesktopWindow
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
SendMessageW
LoadIconW
PostMessageW
KillTimer
SetWindowLongW
CreateDialogIndirectParamW
DestroyWindow
IsWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
UnregisterClassA

gdi32

GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoCreateGuid
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VariantInit
LoadRegTypeLi
VariantClear
DispCallFunc
SysAllocStringLen
OleCreateFontIndirect
SysStringLen
LoadTypeLi
VarBstrCmp
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7d6a8b52b969b4b962f0ecabf9e9c64

Code Sign

39:b4:90:cd:4f:1f:42:bb:9e:bc:d0:4e:f5:99:32:a5Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

urlmon

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 119KB - Virtual size: 119KB

.reloc Size: 10KB - Virtual size: 10KB

39:b4:90:cd:4f:1f:42:bb:9e:bc:d0:4e:f5:99:32:a5
Certificate

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 119KB - Virtual size: 119KB

.reloc
Size: 10KB - Virtual size: 10KB