b9cb2f4e3bc54f10a0e0361f98bf0a18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9cb2f4e3bc54f10a0e0361f98bf0a18_JaffaCakes118
Size

288KB
MD5

b9cb2f4e3bc54f10a0e0361f98bf0a18
SHA1

0e4563044a088c2aee5e42bfa878e4546fa661c6
SHA256

ed0fb1839a2ce031b38baff4e4514c54e835082f8fa8352d9fb0f6a7e94fd368
SHA512

b3bfd07307a447f72fd095b59a8636b7748fccd6d2575273e0ef1b0f4e28776ef978bb9d9bd82b5d8e5ffbfecebe7832b434de883b93ed6dcca32e8b4f1de57f
SSDEEP

6144:9KjBzsuDVx93lyUqqLSwAohoRaNwu5z469o0gZXbNslb:UNsGV/z9A3RBh0q+lb

Score

1^/10

Malware Config

Signatures

Files

b9cb2f4e3bc54f10a0e0361f98bf0a18_JaffaCakes118
.exe windows:4 windows x86 arch:x86

87fe56bbce50b82b59b075d82b50741b

Code Sign

70:e7:24:0e:9c:31:68:6c:b8:90:13:5d:55:bb:50:47
Certificate

Issuer

CN=62esgfdgs

Not Before

23/02/2012, 09:44

Not After

31/12/2039, 23:59

Subject

CN=62esgfdgs

Extended Key Usages

ExtKeyUsageCodeSigning

e7:84:d8:b0:48:dc:38:bd:5d:89:57:e0:b5:df:15:b5:61:93:35:11
Signer

Actual PE Digest

e7:84:d8:b0:48:dc:38:bd:5d:89:57:e0:b5:df:15:b5:61:93:35:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
VirtualAlloc
GetEnvironmentVariableA
WaitForSingleObject
GetStdHandle
GetNumberOfConsoleInputEvents
OpenWaitableTimerW
VirtualUnlock
ExpandEnvironmentStringsA
GetCurrentDirectoryW
ResumeThread
Heap32ListFirst
SetFilePointer
lstrcat
DeleteFileW
RtlZeroMemory
CreateJobObjectA
TlsSetValue
FindResourceW
SetSystemTime
SetThreadLocale
LocalShrink
LocalLock
SetConsoleScreenBufferSize
TransmitCommChar
FindResourceExA
GetProfileSectionA
TlsAlloc
GlobalFix
MultiByteToWideChar
MoveFileWithProgressA
GetConsoleOutputCP
HeapFree
lstrcpynW
WriteConsoleOutputCharacterA
GetSystemInfo
OpenJobObjectW
WriteProfileStringA
GetPrivateProfileSectionNamesW
SetupComm
CancelIo
SetMessageWaitingIndicator
GlobalAddAtomW
SetConsoleCP
WaitForDebugEvent
GetProcessTimes
GetSystemWindowsDirectoryA
QueryPerformanceCounter
GetEnvironmentVariableW
SetComputerNameW
SearchPathA
IsBadHugeReadPtr
VerLanguageNameW
TerminateProcess
DefineDosDeviceW
FindNextFileA
SetThreadIdealProcessor
GetFileSize
GetUserDefaultLangID
VerifyVersionInfoA
CancelDeviceWakeupRequest
SetInformationJobObject
SwitchToThread
GetFileAttributesW
SystemTimeToFileTime
WritePrivateProfileStringW
GetThreadSelectorEntry
FindCloseChangeNotification
OpenMutexW
GetComputerNameExA
GetPrivateProfileStringA
GetSystemTimeAdjustment
FindFirstVolumeW
DosDateTimeToFileTime
GetProfileIntW
GetCurrentProcess
CreateEventW
ReadProcessMemory
GetCommandLineA
Module32NextW
GetLogicalDriveStringsA
GlobalDeleteAtom
OpenProcess
CreateFiber
FindFirstChangeNotificationA
ReadConsoleOutputAttribute
DeleteCriticalSection
GetAtomNameW
SetConsoleTitleW
QueryPerformanceFrequency
lstrcatA
DisconnectNamedPipe
WriteFileEx
GetProcessWorkingSetSize
GetPrivateProfileStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindClose
lstrcmpA
GetLargestConsoleWindowSize
ContinueDebugEvent
GetPrivateProfileIntW
DeleteVolumeMountPointW
GetTempPathA
DisableThreadLibraryCalls
SwitchToFiber
OpenFile
MoveFileExW
CreateDirectoryExW
ResetWriteWatch
EnumResourceNamesW
GetLocalTime
GetExitCodeThread
SetConsoleTitleA
FindAtomW
lstrcpynA
GlobalFindAtomA
GetStringTypeA
SetThreadPriorityBoost
GetThreadTimes
GlobalFindAtomW
SetTapePosition
_lclose
InitializeCriticalSectionAndSpinCount
CopyFileW
GetConsoleDisplayMode
EnumSystemLanguageGroupsW
CreateHardLinkA
FoldStringA
ReplaceFile
GetCommTimeouts
GenerateConsoleCtrlEvent
WriteConsoleInputA
CreateConsoleScreenBuffer
RemoveDirectoryA
GetWriteWatch

advapi32

RegOpenKeyExW

comctl32

ImageList_GetIcon
ImageList_LoadImage
ord14
ImageList_SetBkColor
FlatSB_SetScrollPos
ord16
ImageList_GetImageRect
ord3
ord13
CreatePropertySheetPageW
ImageList_Copy
InitMUILanguage
ImageList_BeginDrag
FlatSB_SetScrollProp
InitializeFlatSB
ImageList_Write
ImageList_ReplaceIcon
ImageList_SetImageCount
PropertySheetW
ImageList_SetFilter
CreateStatusWindow
ImageList_GetDragImage
PropertySheet
ImageList_AddMasked
DrawStatusTextW
ord6
PropertySheetA
DestroyPropertySheetPage
ImageList_Create
CreateToolbarEx
ImageList_Destroy
ImageList_Read
FlatSB_GetScrollInfo
FlatSB_GetScrollRange
DrawStatusText
ImageList_GetIconSize
ImageList_GetImageCount
CreatePropertySheetPage
ImageList_SetIconSize
CreatePropertySheetPageA
ord15
ImageList_Duplicate
ImageList_SetOverlayImage
ImageList_EndDrag
ImageList_Merge
FlatSB_ShowScrollBar
ImageList_DragMove
ImageList_Add
ord5
ord17
FlatSB_SetScrollInfo
ImageList_DrawIndirect
ImageList_Remove
UninitializeFlatSB
ImageList_DragLeave
FlatSB_SetScrollRange
ImageList_DragEnter
GetMUILanguage
ImageList_LoadImageW
ImageList_Replace
ImageList_GetImageInfo
ImageList_LoadImageA
ImageList_DrawEx
ord4
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ord7
ord2
FlatSB_GetScrollProp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text11
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text12
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textH3
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH1
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH5
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH7
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH8
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH9
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textH10
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87fe56bbce50b82b59b075d82b50741b

Code Sign

70:e7:24:0e:9c:31:68:6c:b8:90:13:5d:55:bb:50:47Certificate

Extended Key Usages

e7:84:d8:b0:48:dc:38:bd:5d:89:57:e0:b5:df:15:b5:61:93:35:11Signer

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

Sections

.text Size: 4KB - Virtual size: 3KB

.text11 Size: 263KB - Virtual size: 263KB

.text12 Size: 2KB - Virtual size: 1KB

.textH3 Size: 512B - Virtual size: 500B

.textH4 Size: 512B - Virtual size: 500B

.textH1 Size: 512B - Virtual size: 500B

.textH5 Size: 512B - Virtual size: 500B

.textH6 Size: 512B - Virtual size: 500B

.textH7 Size: 512B - Virtual size: 500B

.textH8 Size: 512B - Virtual size: 500B

.textH9 Size: 512B - Virtual size: 500B

.textH10 Size: 512B - Virtual size: 500B

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

70:e7:24:0e:9c:31:68:6c:b8:90:13:5d:55:bb:50:47
Certificate

e7:84:d8:b0:48:dc:38:bd:5d:89:57:e0:b5:df:15:b5:61:93:35:11
Signer

.text
Size: 4KB - Virtual size: 3KB

.text11
Size: 263KB - Virtual size: 263KB

.text12
Size: 2KB - Virtual size: 1KB

.textH3
Size: 512B - Virtual size: 500B

.textH4
Size: 512B - Virtual size: 500B

.textH1
Size: 512B - Virtual size: 500B

.textH5
Size: 512B - Virtual size: 500B

.textH6
Size: 512B - Virtual size: 500B

.textH7
Size: 512B - Virtual size: 500B

.textH8
Size: 512B - Virtual size: 500B

.textH9
Size: 512B - Virtual size: 500B

.textH10
Size: 512B - Virtual size: 500B

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB