b5be6db2ad6f1a32b45351bace0a386a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b5be6db2ad6f1a32b45351bace0a386a_JaffaCakes118
Size

25KB
MD5

b5be6db2ad6f1a32b45351bace0a386a
SHA1

d58449eebc5abfa1ece70ae8b43e3e9c7b37d187
SHA256

bc8c380f461f584f9cf220a4717fb2a2f4fe30afa5aa8c25d2cbd4d834df8ce2
SHA512

3d453f0643f321268c41c2a1fc2cb5606db033b5bbeb156cfda43a0baf2a089a64e91bc582af7e3da14937b3d3a84103a03ff27c2784b93cb3ce58ea08c43dfa
SSDEEP

384:d1bvmnaBDdhbKg5Eeq69WJs+5jdQI5Voy4Ghh44WieZWxY:d1qcJ5KEjDWJJ5RQs2yvhh7er

Score

1^/10

Malware Config

Signatures

Files

b5be6db2ad6f1a32b45351bace0a386a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4e58b69391d35d70bb5e4324fe306868

Code Sign

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:ca
Certificate

Issuer

CN=55121212512

Not Before

14/02/2012, 04:59

Not After

31/12/2039, 23:59

Subject

CN=55121212512

Extended Key Usages

ExtKeyUsageCodeSigning

ef:16:6f:0c:ee:1d:a7:2c:8d:97:f2:0b:75:c1:b9:2d:96:27:86:a4
Signer

Actual PE Digest

ef:16:6f:0c:ee:1d:a7:2c:8d:97:f2:0b:75:c1:b9:2d:96:27:86:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
GetSystemInfo
GetSystemPowerStatus
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVolumePathNameA
GlobalAddAtomA
GlobalHandle
GlobalLock
HeapCompact
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
IsDBCSLeadByte
IsDebuggerPresent
IsValidCodePage
LoadResource
LocalUnlock
LockResource
MoveFileW
MoveFileWithProgressA
MoveFileWithProgressW
OpenFileMappingW
OpenWaitableTimerA
QueryDosDeviceW
ReadConsoleOutputCharacterW
ReleaseSemaphore
RtlFillMemory
RtlUnwind
RtlZeroMemory
ScrollConsoleScreenBufferA
SetCommConfig
SetComputerNameExA
SetConsoleActiveScreenBuffer
GetShortPathNameW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDefaultCommConfigW
SetEnvironmentVariableW
SetErrorMode
SetFilePointer
SetFilePointerEx
SetLastError
SetPriorityClass
SetProcessShutdownParameters
SetTapePosition
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SystemTimeToFileTime
Toolhelp32ReadProcessMemory
TryEnterCriticalSection
VerifyVersionInfoA
WaitForSingleObject
WaitNamedPipeW
WriteConsoleOutputAttribute
WriteFile
WritePrivateProfileSectionA
WriteProcessMemory
_lcreat
_lopen
lstrcatW
lstrcmpW
lstrcpyn
lstrcpynW
GetShortPathNameA
GetProfileStringW
GetProfileSectionA
GetProcessTimes
GetProcessHeaps
GetPrivateProfileStructA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
GetNumberFormatW
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetLargestConsoleWindowSize
GetFullPathNameA
GetFileAttributesW
GetFileAttributesExA
GetDriveTypeA
GetCurrentThreadId
GetCurrencyFormatA
GetConsoleMode
GetConsoleFontSize
GetConsoleDisplayMode
GetConsoleCP
GetComputerNameExW
GetComputerNameExA
GetCommState
GetCommModemStatus
GetModuleHandleA
GetAtomNameA
GetACP
FoldStringA
FlushInstructionCache
FindResourceA
FindNextFileW
FindNextFileA
FindNextChangeNotification
FillConsoleOutputCharacterA
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumSystemLanguageGroupsW
EnumSystemLanguageGroupsA
EnumSystemCodePagesA
EnumLanguageGroupLocalesA
EnumDateFormatsExW
EnterCriticalSection
DnsHostnameToComputerNameA
DeleteFiber
CreateTimerQueue
CreateSemaphoreW
CreateMutexA
CreateJobObjectW
CreateFileW
CreateFileA
CreateDirectoryW
CreateDirectoryExA
CreateConsoleScreenBuffer
ConvertThreadToFiber
ConnectNamedPipe
CommConfigDialogA
CancelDeviceWakeupRequest
BindIoCompletionCallback
BackupRead
AllocateUserPhysicalPages
AddConsoleAliasW
GetProcAddress
SetConsoleTitleA

msvcrt

memset

user32

LoadBitmapA

advapi32

RegOpenKeyExA

oleaut32

VarDecAdd
VarDecFix
VarDecFromDisp
VarDecFromI4
VarDecFromR8
VarDecMul
VarEqv
VarFix
VarFormat
VarFormatFromTokens
VarI1FromDate
VarI1FromDec
VarI1FromI2
VarI1FromR4
VarI1FromR8
VarI1FromUI1
VarI2FromBool
VarI2FromCy
VarI2FromUI1
VarI4FromBool
VarI4FromDate
VarI4FromDec
VarI4FromDisp
VarI4FromI1
VarI4FromI2
VarI4FromR8
VarI4FromStr
VarIdiv
VarNeg
VarNumFromParseNum
VarOr
VarParseNumFromStr
VarR4FromDec
VarR4FromI4
VarR4FromR8
VarR4FromUI2
VarR4FromUI4
VarR8FromDisp
VarR8FromI4
VarR8FromUI2
VarR8Pow
VarUI1FromDate
VarUI1FromI2
VarUI1FromI4
VarUI1FromUI2
VarUI4FromBool
VarUI4FromDec
VarUI4FromR4
VarUI4FromR8
VarUI4FromStr
VariantCopy
VariantCopyInd
VariantInit
VariantTimeToSystemTime
VectorFromBstr
VarDecAbs
VarDateFromUI1
VarDateFromI4
VarDateFromI2
VarDateFromDisp
VarDateFromBool
VarCyMul
VarCyInt
VarCyFromUI2
VarCyFromUI1
VarCyFromR4
VarCyFromI4
VarCyFromDate
VarCyFromBool
VarCat
VarBstrFromUI4
VarBstrFromR8
VarBstrFromI2
VarBstrFromI1
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarBstrCat
VarBoolFromUI1
VarBoolFromI2
VarBoolFromDisp
SystemTimeToVariantTime
SysStringLen
SysStringByteLen
SysReAllocStringLen
SetErrorInfo
SafeArraySetIID
SafeArrayPutElement
SafeArrayGetRecordInfo
SafeArrayGetElemsize
SafeArrayDestroyDescriptor
SafeArrayCreateVectorEx
SafeArrayCreateVector
SafeArrayCreate
SafeArrayCopyData
RevokeActiveObject
QueryPathOfRegTypeLi
OleLoadPictureEx
OleCreatePropertyFrameIndirect
OleCreateFontIndirect
OaBuildVersion
LoadTypeLibEx
LoadTypeLi
LoadRegTypeLi
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LHashValOfNameSysA
LHashValOfNameSys
GetErrorInfo
GetActiveObject
DosDateTimeToVariantTime
DispGetParam
DispGetIDsOfNames
CreateErrorInfo
CreateDispTypeInfo
BstrFromVector
BSTR_UserMarshal
BSTR_UserFree
SafeArrayCopy

imm32

ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetIMCCLockCount
ImmConfigureIMEA
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmGetIMCCSize
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmUnlockIMC
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e58b69391d35d70bb5e4324fe306868

Code Sign

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:caCertificate

Extended Key Usages

ef:16:6f:0c:ee:1d:a7:2c:8d:97:f2:0b:75:c1:b9:2d:96:27:86:a4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

advapi32

oleaut32

imm32

Sections

.text Size: 8KB - Virtual size: 8KB

.text1 Size: 2KB - Virtual size: 1KB

.text2 Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 92B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:ca
Certificate

ef:16:6f:0c:ee:1d:a7:2c:8d:97:f2:0b:75:c1:b9:2d:96:27:86:a4
Signer

.text
Size: 8KB - Virtual size: 8KB

.text1
Size: 2KB - Virtual size: 1KB

.text2
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 92B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB