c97bf73be06e41e0ff87f6daeee18fcb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c97bf73be06e41e0ff87f6daeee18fcb_JaffaCakes118
Size

98KB
MD5

c97bf73be06e41e0ff87f6daeee18fcb
SHA1

f05c559ae409f94031c14111c1c188ea2d2713f8
SHA256

52146994807d96093995f997626f851b674daacf1cf01efa52fe683f2c1c087b
SHA512

e073635bd593192bb1001329209b4ec64e95b3b5de385ce7e87af1f5ff8944a23a3ee890e760a46495e156c1b52ae080ccb2b9bb5c68e51ac1efa3ee87c9b05e
SSDEEP

1536:WwU/KsdyXej9x+r7gjiX2FS2IHr3koKQ8wvGBmopXPsn5yxCes:WwU/Ks8q9Qr7gO17koKpdBm9yx3s

Score

1^/10

Malware Config

Signatures

Files

c97bf73be06e41e0ff87f6daeee18fcb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

30024e3395d1a48ca0b722758bfd08cf

Code Sign

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91
Certificate

Issuer

CN=2612347613

Not Before

05/03/2012, 08:51

Not After

31/12/2039, 23:59

Subject

CN=2612347613

Extended Key Usages

ExtKeyUsageCodeSigning

2d:b1:c1:62:f3:f2:d7:d7:b2:a8:26:f2:8f:12:73:64:92:71:86:25
Signer

Actual PE Digest

2d:b1:c1:62:f3:f2:d7:d7:b2:a8:26:f2:8f:12:73:64:92:71:86:25

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Heap32ListFirst
Heap32Next
HeapWalk
InterlockedDecrement
IsDBCSLeadByteEx
IsSystemResumeAutomatic
LocalFlags
LocalSize
OpenFile
OpenMutexW
PeekNamedPipe
PurgeComm
ReadFileScatter
RequestWakeupLatency
ResetWriteWatch
SetComputerNameExW
SetCurrentDirectoryA
SetLocaleInfoW
SetProcessWorkingSetSize
SetSystemPowerState
GlobalUnlock
SetThreadContext
SetThreadIdealProcessor
SetUnhandledExceptionFilter
SetVolumeLabelA
SignalObjectAndWait
SystemTimeToFileTime
TerminateThread
UnlockFile
UnlockFileEx
UnregisterWait
UpdateResourceW
VirtualFree
VirtualUnlock
WideCharToMultiByte
WriteConsoleOutputAttribute
WriteConsoleOutputW
WritePrivateProfileStringA
WritePrivateProfileStructA
WriteProfileSectionW
GlobalUnfix
GlobalMemoryStatusEx
GetVolumeInformationA
GetUserDefaultUILanguage
GetThreadTimes
GetThreadSelectorEntry
GetTempPathA
GetTapePosition
GetSystemWindowsDirectoryA
GetSystemTimeAsFileTime
GetSystemDefaultLangID
GetPrivateProfileStructW
CreateFileA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetModuleHandleA
GetLogicalDrives
GetFullPathNameA
GetExitCodeThread
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentConsoleFont
GetConsoleScreenBufferInfo
GetConsoleAliasExesLengthW
FreeResource
FindNextVolumeMountPointW
FindNextFileW
FindFirstFileA
FindCloseChangeNotification
FindAtomW
EscapeCommFunction
EnumTimeFormatsW
EnumSystemLanguageGroupsW
EnumLanguageGroupLocalesW
EndUpdateResourceW
DisconnectNamedPipe
DeleteTimerQueueTimer
DeleteFileW
DeleteFileA
DebugBreak
CreateWaitableTimerW
CreatePipe
CreateHardLinkA
CreateFileW
CreateDirectoryA
CreateConsoleScreenBuffer
CopyFileW
CopyFileExA
ConvertThreadToFiber
CancelIo
BuildCommDCBW
BuildCommDCBA
BackupRead
Beep
VirtualAlloc
GetWindowsDirectoryA
lstrlenA
lstrcpyA
SetThreadAffinityMask

advapi32

RegOpenKeyExA

shell32

SHCreateDirectoryExA
Shell_NotifyIcon
ShellHookProc
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
ShellAboutW
ShellAboutA
SHPathPrepareForWriteW
SHPathPrepareForWriteA
SHLoadNonloadedIconOverlayIdentifiers
SHIsFileAvailableOffline
SHInvokePrinterCommandW
CheckEscapesW
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragQueryFile
DragQueryFileA
DuplicateIcon
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolderA
SHChangeNotify
SHLoadInProc
SHCreateDirectoryExW
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListA
SHGetFileInfo
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetPathFromIDList
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHInvokePrinterCommandA

shlwapi

StrChrIA
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrStrIA
StrRStrIW
StrRStrIA
StrRChrW
StrRChrIW
StrRChrIA
StrRChrA

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
ord7
CreateToolbarEx
ord16
DestroyPropertySheetPage
DrawStatusText
ord5
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_SetScrollInfo
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
GetMUILanguage
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_Draw
CreatePropertySheetPage
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetImageCount
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
ord14
ord2
PropertySheet
PropertySheetA
PropertySheetW
ord3
UninitializeFlatSB
_TrackMouseEvent
ImageList_DrawEx
ord8

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d1
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d2
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30024e3395d1a48ca0b722758bfd08cf

Code Sign

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91Certificate

Extended Key Usages

2d:b1:c1:62:f3:f2:d7:d7:b2:a8:26:f2:8f:12:73:64:92:71:86:25Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 83KB - Virtual size: 82KB

.data Size: 512B - Virtual size: 208B

.d1 Size: 1024B - Virtual size: 1000B

.d2 Size: 2KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 281KB

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91
Certificate

2d:b1:c1:62:f3:f2:d7:d7:b2:a8:26:f2:8f:12:73:64:92:71:86:25
Signer

.text
Size: 83KB - Virtual size: 82KB

.data
Size: 512B - Virtual size: 208B

.d1
Size: 1024B - Virtual size: 1000B

.d2
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 281KB