c945d636e642bfc2e3bd7abda98b860a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c945d636e642bfc2e3bd7abda98b860a_JaffaCakes118
Size

185KB
MD5

c945d636e642bfc2e3bd7abda98b860a
SHA1

0df75c479401c75a3e4e701845e418b9d337ed7c
SHA256

7fd65059c9a287fe35786ab6c1642217d0136c75e8e06ceb510ec0db04ac477d
SHA512

d24d366085af5c840883072a67849894c2a688d13cd9f050f34481cd303f1eb18adbc32d43cd1017e82206fcfddad92f61140bd9c5edd60beafb93aaac9797ff
SSDEEP

3072:Ue4PXCVK19OkdJMliiPeKsLLi69th3AcMPmCuWgOu8:UTCKBdJMJPeKsK63NMgP8

Score

1^/10

Malware Config

Signatures

Files

c945d636e642bfc2e3bd7abda98b860a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0051791d933edf2c1db79240779d436f

Code Sign

40:63:aa:a3:eb:98:8e:6e:b2:9a:f7:9e:a0:c1:93:33
Certificate

Issuer

CN=erqwerqwert23623

Not Before

05/03/2012, 06:09

Not After

31/12/2039, 23:59

Subject

CN=erqwerqwert23623

Extended Key Usages

ExtKeyUsageCodeSigning

d7:bf:13:4b:bb:e3:db:04:34:20:9a:fe:b9:71:8b:81:00:e5:d4:3f
Signer

Actual PE Digest

d7:bf:13:4b:bb:e3:db:04:34:20:9a:fe:b9:71:8b:81:00:e5:d4:3f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
GetCommState
lstrcpyA
lstrlenA
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
CreateFileA
VirtualAlloc

user32

AllowSetForegroundWindow
AppendMenuW
CallMsgFilter
ChangeMenuW
CharToOemBuffW
CharUpperBuffA
CheckDlgButton
ChildWindowFromPoint
CopyAcceleratorTableA
CopyRect
CreateAcceleratorTableA
CreateDialogIndirectParamA
CreateDialogParamA
CreateIconIndirect
CreateWindowExA
DdeFreeStringHandle
DdeImpersonateClient
DdeNameService
DdeUninitialize
DefDlgProcA
DefDlgProcW
DeferWindowPos
DeleteMenu
DestroyMenu
DlgDirListComboBoxA
DlgDirSelectComboBoxExA
DrawAnimatedRects
DrawIconEx
DrawMenuBar
DrawStateA
DrawTextA
EnableMenuItem
EnumDisplayDevicesA
EnumDisplaySettingsA
ExitWindowsEx
FindWindowW
FlashWindowEx
FrameRect
GetClipboardData
GetClipboardFormatNameA
GetClipboardSequenceNumber
GetCursor
GetDlgItem
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetMenuCheckMarkDimensions
GetMenuItemID
GetMenuItemRect
GetMessageW
GetPriorityClipboardFormat
GetQueueStatus
GetShellWindow
GetTabbedTextExtentW
GetThreadDesktop
IMPSetIMEA
InvertRect
IsCharAlphaA
IsCharAlphaNumericA
LoadStringW
LookupIconIdFromDirectory
MonitorFromRect
MsgWaitForMultipleObjects
OemKeyScan
OemToCharBuffA
OffsetRect
OpenInputDesktop
OpenWindowStationA
PostThreadMessageA
RegisterClassA
RegisterDeviceNotificationA
RegisterDeviceNotificationW
RegisterHotKey
ReplyMessage
ScrollDC
SetMenuItemInfoA
SetMessageExtraInfo
SetScrollPos
SetUserObjectInformationW
SetWindowPos
SetWindowTextA
SetWindowsHookExW
TrackPopupMenu
UnhookWindowsHook
UnregisterClassA
VkKeyScanW
WINNLSEnableIME
WINNLSGetIMEHotkey
WindowFromDC
wvsprintfA

ole32

CLIPFORMAT_UserFree
CLIPFORMAT_UserSize
CoAddRefServerProcess
CoCancelCall
CoCreateGuid
CoCreateInstance
CoDosDateTimeToFileTime
CoGetCallContext
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetCurrentProcess
CoGetInterfaceAndReleaseStream
CoGetObjectContext
CoGetPSClsid
CoGetStandardMarshal
CoGetTreatAsClass
CoInitialize
CoLoadLibrary
CoQueryClientBlanket
CoRegisterPSClsid
CoResumeClassObjects
CoRevokeClassObject
CoSetCancelObject
CoSetProxyBlanket
CoSuspendClassObjects
CoUnmarshalHresult
CreateDataAdviseHolder
CreateDataCache
CreateILockBytesOnHGlobal
CreateStdProgressIndicator
EnableHookObject
FmtIdToPropStgName
HACCEL_UserMarshal
HACCEL_UserUnmarshal
HBRUSH_UserFree
HBRUSH_UserSize
HBRUSH_UserUnmarshal
HDC_UserFree
HENHMETAFILE_UserFree
HGLOBAL_UserMarshal
HICON_UserMarshal
HICON_UserSize
HICON_UserUnmarshal
HMETAFILE_UserMarshal
HMETAFILE_UserSize
HMETAFILE_UserUnmarshal
HPALETTE_UserFree
HPALETTE_UserSize
MonikerRelativePathTo
OleConvertIStorageToOLESTREAM
OleConvertIStorageToOLESTREAMEx
OleCreateDefaultHandler
OleCreateFromFile
OleCreateFromFileEx
OleCreateStaticFromData
OleDuplicateData
OleGetIconOfClass
OleInitializeWOW
OleIsCurrentClipboard
OleLoad
OleLockRunning
OleRegEnumVerbs
OleRun
OleSetAutoConvert
OleSetMenuDescriptor
PropStgNameToFmtId
ReadFmtUserTypeStg
SNB_UserFree
SNB_UserUnmarshal
SetDocumentBitStg
StgConvertVariantToProperty
StgCreatePropStg
StgGetIFillLockBytesOnILockBytes
StgIsStorageFile
StgIsStorageILockBytes
StgOpenStorageEx
StgOpenStorageOnILockBytes
StringFromIID
UtConvertDvtd32toDvtd16
WdtpInterfacePointer_UserFree

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0051791d933edf2c1db79240779d436f

Code Sign

40:63:aa:a3:eb:98:8e:6e:b2:9a:f7:9e:a0:c1:93:33Certificate

Extended Key Usages

d7:bf:13:4b:bb:e3:db:04:34:20:9a:fe:b9:71:8b:81:00:e5:d4:3fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 980B

.text Size: 170KB - Virtual size: 170KB

.text2 Size: 1024B - Virtual size: 800B

.reloc Size: 2KB - Virtual size: 1KB

40:63:aa:a3:eb:98:8e:6e:b2:9a:f7:9e:a0:c1:93:33
Certificate

d7:bf:13:4b:bb:e3:db:04:34:20:9a:fe:b9:71:8b:81:00:e5:d4:3f
Signer

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 980B

.text
Size: 170KB - Virtual size: 170KB

.text2
Size: 1024B - Virtual size: 800B

.reloc
Size: 2KB - Virtual size: 1KB