bd52b2a371ff397c90b891b7a4f04c66_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd52b2a371ff397c90b891b7a4f04c66_JaffaCakes118
Size

819KB
MD5

bd52b2a371ff397c90b891b7a4f04c66
SHA1

1e5f6a5624a9e5472d547b8aa54c6d146813f91d
SHA256

b9c996b06e0db273a4edede3fd6fda2b40b2e0201eba3e8ac581d802fc610a4a
SHA512

6de8976e56102ef762c968bca50435b30f224d76138a7d60d78fceda7a094f9c7931f89559ad877ac9f147745f337b0cc198b6f8d2a97a2c84c9eea8b37f47f9
SSDEEP

24576:/F3ZESdNUTc2SW++U7hCEfj4yZUqwhFZhBIhrl:RdNUTc24D7hCSZUqAFZhBIj

Score

1^/10

Malware Config

Signatures

Files

bd52b2a371ff397c90b891b7a4f04c66_JaffaCakes118
.dll windows:5 windows x86 arch:x86

209fbbf9313f193c36f69b0378520c32

Code Sign

4b:7c:23:b7:97:59:d9:ae:40:0d:c7:83:be:73:61:b4
Certificate

Issuer

CN=Advanced Micro Devices\, Inc.

Not Before

26/02/2015, 14:00

Not After

31/12/2039, 23:59

Subject

CN=Advanced Micro Devices\, Inc.

b0:2b:ec:f4:ac:23:ef:0b:47:4c:29:78:ed:6c:2b:08:37:48:c2:27
Signer

Actual PE Digest

b0:2b:ec:f4:ac:23:ef:0b:47:4c:29:78:ed:6c:2b:08:37:48:c2:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIW
StrToIntExA
StrToIntA
PathFileExistsW
StrCpyW
StrToIntW
PathStripPathW
PathQuoteSpacesW
StrCmpW
PathAddBackslashW
StrStrW
PathRemoveFileSpecW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

kernel32

CreateToolhelp32Snapshot
SetFilePointer
GetModuleHandleW
ReadFile
GetLastError
FindFirstFileW
GetTickCount
VirtualFree
InitializeCriticalSection
TerminateThread
LeaveCriticalSection
GetExitCodeProcess
VirtualAlloc
EnterCriticalSection
FindClose
DeleteCriticalSection
CreateThread
SetEnvironmentVariableA
GetTimeZoneInformation
CompareStringW
GetDateFormatA
GetTimeFormatA
HeapAlloc
HeapFree
GetProcessHeap
Sleep
lstrlenA
DeleteFileW
LocalAlloc
lstrlenW
lstrcmpW
WideCharToMultiByte
LoadLibraryA
HeapReAlloc
GetTempPathA
FileTimeToLocalFileTime
GetCurrentThreadId
GetCurrentDirectoryA
GetTempFileNameA
InterlockedIncrement
lstrcmpA
FreeLibrary
CreateProcessW
InterlockedCompareExchange
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetFileSize
SetUnhandledExceptionFilter
SetErrorMode
CreateMutexW
CloseHandle
FileTimeToDosDateTime
CreateEventW
CreateFileW
TerminateProcess
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
ExpandEnvironmentStringsW
ReleaseMutex
SetCurrentDirectoryW
GetProcAddress
GetCurrentDirectoryW
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ExitProcess
GetModuleFileNameW
LoadLibraryW
OpenProcess
GetSystemTimeAsFileTime
WaitForSingleObject
GetFileAttributesW
Process32FirstW
Process32NextW
GetModuleHandleA
lstrcmpiW
GetEnvironmentVariableW
GetCurrentProcessId
InterlockedDecrement
SetHandleInformation
GetVersionExW
CreatePipe
GetCurrentProcess
GetComputerNameW
IsWow64Process
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateSemaphoreW
GetTempFileNameW
GetTempPathW
GetFullPathNameW
GetLocalTime
GetACP
SetEndOfFile
lstrcatW
EncodePointer
DecodePointer
ExitThread
InterlockedExchange
GetConsoleCP
GetConsoleMode
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
IsProcessorFeaturePresent
HeapSize
GetFileType
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
SetStdHandle
WriteConsoleW
GetOEMCP
IsValidCodePage
LocalFree

user32

GetWindowThreadProcessId
IsWindow
CharUpperW
GetWindowTextW
CreateDesktopW
EnumDesktopWindows
PostMessageW
CloseDesktop

advapi32

RegCreateKeyExW
CloseServiceHandle
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptGenKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptDeriveKey
CryptAcquireContextW
CryptExportKey
RegEnumKeyExW
OpenSCManagerW
OpenServiceW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
EnumServicesStatusExW
GetUserNameW
CheckTokenMembership
CreateServiceW
CryptGenRandom
DeleteService
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ord680
ShellExecuteW
CommandLineToArgvW

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance

oleaut32

VarBstrFromUI8
VariantClear
SysStringLen
VariantInit
SysFreeString
SysAllocString
VarBstrFromUI4
SysAllocStringByteLen
VarBstrFromR8
VarBstrFromI4

wininet

InternetReadFile
InternetQueryDataAvailable
HttpOpenRequestW
InternetOpenW
HttpSendRequestW
InternetSetOptionW
InternetConnectW
InternetCloseHandle

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
WSACleanup
gethostbyname
gethostname

Exports

Exports

ADL2_Adapter_SWInfo_Get
ADL2_DFP_PixelFormat_Set
ADL2_Display_GamutMapping_Reset
ADL2_Display_ReGammaCoefficients_Get
ADL_Adapter_DisplayAudioEndpoint_Enable
ADL_Overdrive5_FanSpeed_Set

Sections

.text
Size: 525KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

209fbbf9313f193c36f69b0378520c32

Code Sign

4b:7c:23:b7:97:59:d9:ae:40:0d:c7:83:be:73:61:b4Certificate

b0:2b:ec:f4:ac:23:ef:0b:47:4c:29:78:ed:6c:2b:08:37:48:c2:27Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 525KB - Virtual size: 525KB

.rdata Size: 153KB - Virtual size: 152KB

.data Size: 101KB - Virtual size: 110KB

.reloc Size: 37KB - Virtual size: 36KB

4b:7c:23:b7:97:59:d9:ae:40:0d:c7:83:be:73:61:b4
Certificate

b0:2b:ec:f4:ac:23:ef:0b:47:4c:29:78:ed:6c:2b:08:37:48:c2:27
Signer

.text
Size: 525KB - Virtual size: 525KB

.rdata
Size: 153KB - Virtual size: 152KB

.data
Size: 101KB - Virtual size: 110KB

.reloc
Size: 37KB - Virtual size: 36KB