be6ff764dccfd7ef6578b0117bd51071_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be6ff764dccfd7ef6578b0117bd51071_JaffaCakes118
Size

58KB
MD5

be6ff764dccfd7ef6578b0117bd51071
SHA1

1c588d04987687f280f337bedbb8bf15e3b82727
SHA256

2fc2795a521cad789f7edd1e40d8f76dfe3cc0c056ba1a6bf351721d861f568a
SHA512

5622fecc4c087330714456ab738c3b7a16ae6bbaf1bfd1b8121c31f09e7669b4b7f0f99ac3b2feda7a2f6ef4302a28cb0875b068ee443565062c115af25923fa
SSDEEP

768:CNII7LU3WcpaFRCZN3FZCwcGCvcutsomxFQpcWAppGavKAjHslK1ycDR9:CaI7LU3WcMTCPDCJhm0c3u49

Score

1^/10

Malware Config

Signatures

Files

be6ff764dccfd7ef6578b0117bd51071_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4879c57c0a5687055bda6bca8ecc0a70

Code Sign

69:9d:1f:67:c2:f1:c4:4c:b9:38:42:69:f1:79:93:0e
Certificate

Issuer

CN=666666

Not Before

12/02/2012, 08:59

Not After

31/12/2039, 23:59

Subject

CN=666666

Extended Key Usages

ExtKeyUsageCodeSigning

1d:0f:2f:df:c9:a8:72:50:a5:dc:84:df:81:e0:14:ae:bb:ab:77:8e
Signer

Actual PE Digest

1d:0f:2f:df:c9:a8:72:50:a5:dc:84:df:81:e0:14:ae:bb:ab:77:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
GetThreadPriorityBoost
GetTimeFormatW
GetTimeZoneInformation
GetVersion
GetVolumeInformationW
GetWindowsDirectoryA
GlobalAddAtomA
GlobalCompact
GlobalDeleteAtom
GlobalFix
GlobalGetAtomNameW
GlobalUnfix
InitializeCriticalSection
InterlockedIncrement
IsBadHugeWritePtr
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockFile
LockFileEx
LockResource
MapUserPhysicalPagesScatter
MulDiv
OpenEventW
OpenFileMappingW
PeekNamedPipe
Process32First
Process32FirstW
PurgeComm
QueryPerformanceCounter
ReadConsoleInputA
ReadConsoleOutputAttribute
ReadFileScatter
ReleaseMutex
ReplaceFileA
ReplaceFileW
GetSystemInfo
SearchPathW
SetCommMask
SetCommTimeouts
SetConsoleCP
SetConsoleCtrlHandler
SetEndOfFile
SetFilePointerEx
SetMailslotInfo
SetProcessShutdownParameters
SetStdHandle
SetSystemTime
SetTapeParameters
SetThreadExecutionState
SetVolumeLabelW
SetVolumeMountPointA
Sleep
SwitchToThread
SystemTimeToFileTime
TerminateJobObject
TlsAlloc
Toolhelp32ReadProcessMemory
VirtualFree
WaitForDebugEvent
WaitForMultipleObjectsEx
WinExec
WriteConsoleInputW
WriteFile
WritePrivateProfileStringW
_hread
_llseek
lstrcat
lstrcmpA
lstrcmpiW
lstrlen
lstrlenA
GetSystemDirectoryW
GetSystemDirectoryA
GetStringTypeW
GetStringTypeExW
VirtualAlloc
GetShortPathNameW
GetProfileStringA
GetPrivateProfileStructA
GetMailslotInfo
GetLastError
GetLargestConsoleWindowSize
GetHandleInformation
GetFileInformationByHandle
GetExitCodeThread
GetEnvironmentVariableW
GetEnvironmentStringsW
GetDiskFreeSpaceA
GetCurrentConsoleFont
GetConsoleAliasesW
GetCompressedFileSizeW
GetCompressedFileSizeA
GetCommProperties
GetCommMask
GetCommConfig
GetAtomNameW
FreeUserPhysicalPages
FreeLibrary
FormatMessageW
FlushFileBuffers
FindNextVolumeW
FindNextVolumeMountPointW
FindFirstVolumeMountPointA
FindFirstFileExW
FileTimeToDosDateTime
FatalAppExitW
FatalAppExitA
ExpandEnvironmentStringsW
ExitThread
EnumSystemLanguageGroupsA
EnumSystemCodePagesW
EnumResourceLanguagesA
EnumDateFormatsA
EnumCalendarInfoW
CreateWaitableTimerW
CreateWaitableTimerA
CreateTimerQueue
CreateProcessW
CreatePipe
CreateMutexW
CreateMailslotA
CreateFileMappingW
CreateEventA
CreateDirectoryExW
CreateDirectoryA
CopyFileW
CompareStringW
CompareFileTime
CancelWaitableTimer
CancelIo
BuildCommDCBAndTimeoutsA
BuildCommDCBA
AddConsoleAliasA
AddAtomW
LoadLibraryW
GetProcAddress
ResetEvent

user32

LoadAcceleratorsA

shell32

WOWShellExecute
Shell_NotifyIconW
ShellExecuteW
ShellExecuteExA
ShellExecuteEx
ShellAboutA
SHQueryRecycleBinW
SHPathPrepareForWriteW
SHLoadNonloadedIconOverlayIdentifiers
SHLoadInProc
SHIsFileAvailableOffline
SHInvokePrinterCommandW
SHInvokePrinterCommandA
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetSettings
CheckEscapesW
CommandLineToArgvW
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DuplicateIcon
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
SHAppBarMessage
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHChangeNotify
SHCreateDirectoryExA
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathW
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListW
ShellHookProc

shlwapi

StrStrW
StrStrIW
StrStrIA
StrStrA
StrRStrIW
StrRStrIA
StrRChrW
StrRChrIW
StrCmpNW
StrCmpNIW
StrCmpNIA
StrCmpNA
StrChrIW
StrChrIA
StrChrA

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
ord7
CreateToolbarEx
DestroyPropertySheetPage
ord15
DrawStatusText
ord5
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
ord4
GetMUILanguage
ImageList_Add
ImageList_AddIcon
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_DragMove
ImageList_Draw
ImageList_DrawIndirect
ImageList_Duplicate
ImageList_EndDrag
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
ord14
ord13
ord2
PropertySheet
PropertySheetA
PropertySheetW
ord3
UninitializeFlatSB
ord8

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ggj
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heh
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4879c57c0a5687055bda6bca8ecc0a70

Code Sign

69:9d:1f:67:c2:f1:c4:4c:b9:38:42:69:f1:79:93:0eCertificate

Extended Key Usages

1d:0f:2f:df:c9:a8:72:50:a5:dc:84:df:81:e0:14:ae:bb:ab:77:8eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

comctl32

Sections

.text Size: 9KB - Virtual size: 9KB

.ggj Size: 2KB - Virtual size: 1KB

.heh Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 184B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 1KB

69:9d:1f:67:c2:f1:c4:4c:b9:38:42:69:f1:79:93:0e
Certificate

1d:0f:2f:df:c9:a8:72:50:a5:dc:84:df:81:e0:14:ae:bb:ab:77:8e
Signer

.text
Size: 9KB - Virtual size: 9KB

.ggj
Size: 2KB - Virtual size: 1KB

.heh
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 184B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 1KB