b892508e2337d3c501aacf2e7d77d276_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b892508e2337d3c501aacf2e7d77d276_JaffaCakes118
Size

22KB
MD5

b892508e2337d3c501aacf2e7d77d276
SHA1

9ac2edf4b1bc218ec35d120c84eb61a824e2e223
SHA256

bfdcd8075fd00abeb9897183d1c517fb6cc8b3ed2a027a9007e824495ccaeea8
SHA512

f5f81e0b90061ac53b3f05fe61ce9c2125226412fdb058c3f22b3d02e671c270b71c555ff5507fd85fd07ada5a9f4dbb11457131ffb1d25adb20e3acb0fd6132
SSDEEP

384:F+RN0E7sVW4G2shpe9rD+RDVtp8Zqschh4WWieZWKT2tZHT:F+RNL7WW4Jsfe9rD+RDVfmQhhdekHz

Score

1^/10

Malware Config

Signatures

Files

b892508e2337d3c501aacf2e7d77d276_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f13f6a9c17b24afcf95906f762f737b4

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

Issuer

CN=wqefggq235123

Not Before

01/03/2012, 11:19

Not After

31/12/2039, 23:59

Subject

CN=wqefggq235123

Extended Key Usages

ExtKeyUsageCodeSigning

bb:c4:cf:29:b7:57:95:82:cb:5c:c1:b1:70:bb:b5:25:f3:51:f4:59
Signer

Actual PE Digest

bb:c4:cf:29:b7:57:95:82:cb:5c:c1:b1:70:bb:b5:25:f3:51:f4:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapWalk
IsBadStringPtrW
LCMapStringA
MulDiv
OpenEventW
OpenMutexA
OpenProcess
OpenThread
PeekConsoleInputA
PostQueuedCompletionStatus
Process32First
Process32FirstW
QueryPerformanceCounter
QueueUserWorkItem
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputCharacterA
SetComputerNameW
SetConsoleCP
SetConsoleTitleA
HeapLock
SetThreadPriority
SetupComm
SizeofResource
SystemTimeToFileTime
TlsAlloc
TryEnterCriticalSection
UnlockFile
UnlockFileEx
VerifyVersionInfoA
VirtualQueryEx
WriteConsoleA
WritePrivateProfileSectionW
WritePrivateProfileStructW
WriteProfileSectionW
WriteProfileStringW
_hwrite
lstrcpyA
lstrcpyW
lstrcpyn
HeapDestroy
HeapAlloc
GlobalMemoryStatusEx
GlobalMemoryStatus
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GetWindowsDirectoryA
GetVolumePathNameA
GetVersionExA
GetThreadTimes
GetThreadSelectorEntry
GetThreadContext
GetSystemInfo
GetStringTypeExW
GetStringTypeExA
GetShortPathNameW
GetProfileIntW
GetProcessWorkingSetSize
GetProcessVersion
GetProcessShutdownParameters
GetProcessHeaps
GetProcessAffinityMask
GetModuleHandleA
GetFileAttributesExA
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeA
GetDateFormatA
GetConsoleScreenBufferInfo
GetConsoleAliasesLengthW
GetConsoleAliasExesW
GetCalendarInfoW
GetACP
FreeEnvironmentStringsA
FormatMessageA
FindFirstVolumeW
ExitThread
EnumLanguageGroupLocalesW
EnumDateFormatsExW
EnumCalendarInfoExA
DnsHostnameToComputerNameW
DeleteTimerQueueEx
DebugBreak
DebugActiveProcess
CreateThread
CreateProcessW
CreateMailslotW
CreateFileW
CreateDirectoryW
CreateConsoleScreenBuffer
CommConfigDialogA
CancelIo
BackupRead
GetWindowsDirectoryW
GetProcAddress
SetLastError

msvcrt

memset

advapi32

RegOpenKeyA

oleaut32

VarI1FromDate
VarI2FromI1
VarI4FromR4
VarI4FromR8
VarI4FromUI2
VarImp
VarMul
VarNeg
VarPow
VarR4FromDisp
VarR4FromI1
VarR4FromI4
VarR4FromR8
VarR4FromUI1
VarR4FromUI2
VarR8FromDate
VarR8FromI2
VarR8FromStr
VarR8Pow
VarSu
VarUI1FromDec
VarUI1FromStr
VarUI1FromUI4
VarUI2FromDate
VarUI2FromI1
VarUI2FromI2
VarUI2FromR4
VarUI2FromStr
VarUI4FromDec
VarUI4FromI4
VariantCopyInd
VectorFromBstr
VarI1FromCy
VarFormatNumber
VarFormatCurrency
VarDecSu
VarDecInt
VarDecFromUI4
VarDecFromUI2
VarDecFromStr
VarDecFromI2
VarDecFromCy
VarDecDiv
VarDateFromUI4
VarDateFromUI1
VarDateFromR4
VarDateFromDisp
VarDateFromCy
VarCyRound
VarCyMulI4
VarCyFromUI2
VarCyFromDisp
VarCyCmp
VarBstrFromI4
VarBstrFromDisp
VarBstrFromDate
VarBstrFromCy
VarBoolFromR4
VarBoolFromI1
VarBoolFromDisp
VarBoolFromDate
VarBoolFromCy
VARIANT_UserUnmarshal
UnRegisterTypeLi
SysFreeString
SafeArrayGetRecordInfo
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayGetDim
SafeArrayDestroyDescriptor
SafeArrayCreateVectorEx
SafeArrayAccessData
RevokeActiveObject
RegisterActiveObject
OleLoadPicture
OleCreatePropertyFrameIndirect
LoadRegTypeLi
LPSAFEARRAY_Size
LHashValOfNameSysA
LHashValOfNameSys
GetRecordInfoFromTypeInfo
GetErrorInfo
CreateTypeLib2
CreateStdDispatch
SetErrorInfo

imm32

ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateWindow
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineW
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMEFileNameA
ImmCreateIMCC
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetStatusWindowPos
ImmInstallIMEA
ImmInstallIMEW
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionWindow
ImmSetHotKey
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmGetIMEFileNameW
ImmUnregisterWordA
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text3
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f13f6a9c17b24afcf95906f762f737b4

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50Certificate

Extended Key Usages

bb:c4:cf:29:b7:57:95:82:cb:5c:c1:b1:70:bb:b5:25:f3:51:f4:59Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 124B

.text3 Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

bb:c4:cf:29:b7:57:95:82:cb:5c:c1:b1:70:bb:b5:25:f3:51:f4:59
Signer

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 124B

.text3
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB