cff973bab0910afa0e3ed618ced4a2e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cff973bab0910afa0e3ed618ced4a2e1_JaffaCakes118
Size

134KB
MD5

cff973bab0910afa0e3ed618ced4a2e1
SHA1

e444abb2207e3d5bfbd56758b6cb31d631a6746e
SHA256

aae5b2062326968ab12310409971767c7643d13071889f62326b1a64db7b8422
SHA512

84db6ac7235e4a1da155aace19a1393cf6ed05ec3ac96c0b0aeade51429f7f61eeb0878a32177856cfe211a5223ba589984313653f44ecbd2e6d6098899e039d
SSDEEP

3072:F9CF1dAXrRt8x6o7Piv2Piv2Piv2Piv2:e3i2ppp

Score

1^/10

Malware Config

Signatures

Files

cff973bab0910afa0e3ed618ced4a2e1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6a6588e0964c292f6ac4705d9e739805

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

Issuer

CN=NCrG992VieeQ

Not Before

14/03/2012, 06:19

Not After

31/12/2039, 23:59

Subject

CN=NCrG992VieeQ

Extended Key Usages

ExtKeyUsageCodeSigning

ec:0f:eb:45:64:49:28:7e:16:74:0a:45:eb:d3:50:37:8d:f6:79:22
Signer

Actual PE Digest

ec:0f:eb:45:64:49:28:7e:16:74:0a:45:eb:d3:50:37:8d:f6:79:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedCompareExchange
LoadLibraryA
CreateFileA
lstrlenA
GetWindowsDirectoryA
lstrcpyA
GetProcAddress

user32

ShowCaret
ShowOwnedPopups
SwitchToThisWindow
TabbedTextOutA
ToUnicode
UnhookWindowsHook
UnregisterHotKey
wsprintfW
SetWindowTextW
SetUserObjectSecurity
SetUserObjectInformationW
SetSystemCursor
SetScrollRange
SetMenuItemInfoW
SetMenuItemBitmaps
SetLayeredWindowAttributes
SetDeskWallpaper
SetClassLongW
SetCapture
ScrollWindow
ScrollDC
ReuseDDElParam
ReplyMessage
RemovePropW
RemoveMenu
RegisterHotKey
RegisterClassW
RegisterClassA
PostThreadMessageA
OpenDesktopA
NotifyWinEvent
MapVirtualKeyExW
BringWindowToTop
ChangeClipboardChain
ChangeDisplaySettingsW
ChangeMenuA
CharNextW
CharUpperBuffA
ChildWindowFromPointEx
CopyIcon
CreateDialogIndirectParamA
CreateMDIWindowW
MapDialogRect
DdeAccessData
DdeAddData
DdeDisconnect
DdeFreeStringHandle
DdeInitializeW
DdeQueryStringA
DdeReconnect
DdeUnaccessData
DdeUninitialize
DestroyWindow
DlgDirSelectComboBoxExW
DrawAnimatedRects
DrawFrame
DrawTextExW
EndPaint
EnumClipboardFormats
EnumDesktopsW
EnumDisplayMonitors
EnumDisplaySettingsW
FindWindowExW
GetAsyncKeyState
GetClassInfoExA
GetClassNameA
GetDlgItem
GetFocus
GetInputDesktop
GetKeyNameTextA
GetKeyboardType
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMessageA
GetMessageTime
GetParent
GetScrollBarInfo
GetSubMenu
GetUpdateRgn
GetWindowContextHelpId
GetWindowPlacement
GetWindowThreadProcessId
IMPSetIMEA
IsCharAlphaW
IsDialogMessage
IsHungAppWindow
IsWindow
AppendMenuA
IsWindowEnabled
LoadIconA
LoadImageA
LoadKeyboardLayoutA
LoadMenuW

comdlg32

PageSetupDlgW
ChooseColorW
ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextA
FindTextW
GetFileTitleA
ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
ChooseColorA
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW

advapi32

RegOpenKeyW

ole32

OleSaveToStream
OleTranslateAccelerator
ProgIDFromCLSID
ReadOleStg
RegisterDragDrop
ReleaseStgMedium
SNB_UserFree
SNB_UserUnmarshal
SetConvertStg
StgConvertVariantToProperty
StgGetIFillLockBytesOnFile
StgOpenAsyncDocfileOnIFillLockBytes
StgPropertyLengthAsVariant
StringFromCLSID
UtConvertDvtd16toDvtd32
UtGetDvtd16Info
UtGetDvtd32Info
WdtpInterfacePointer_UserFree
WdtpInterfacePointer_UserSize
WriteFmtUserTypeStg
WriteStringStream
OleRegGetMiscStatus
OleMetafilePictFromIconAndLabel
OleIsRunning
OleGetIconOfFile
OleDoAutoConvert
OleCreateLinkFromDataEx
OleCreateLinkEx
OleCreateLink
OleCreateEx
OleCreate
OleConvertOLESTREAMToIStorage
MonikerCommonPrefixWith
IsAccelerator
HkOleRegisterObject
HWND_UserSize
HMETAFILE_UserSize
HMETAFILE_UserMarshal
HMETAFILEPICT_UserUnmarshal
HMETAFILEPICT_UserMarshal
HMENU_UserFree
HICON_UserUnmarshal
HGLOBAL_UserUnmarshal
HGLOBAL_UserSize
HDC_UserUnmarshal
HBRUSH_UserUnmarshal
HBRUSH_UserSize
HBITMAP_UserSize
HBITMAP_UserFree
HACCEL_UserMarshal
EnableHookObject
CreateObjrefMoniker
CreateDataAdviseHolder
CoUnmarshalInterface
CoUnmarshalHresult
CoTestCancel
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoSetCancelObject
CoReleaseServerProcess
CoRegisterPSClsid
CoRegisterClassObject
CoReactivateObject
CoQueryClientBlanket
CoMarshalInterface
CoMarshalInterThreadInterfaceInStream
CoIsOle1Class
CoInitializeWOW
CoGetTreatAsClass
CoGetPSClsid
CoGetInterfaceAndReleaseStream
CoGetCurrentLogicalThreadId
CoGetCallContext
CoFreeUnusedLibraries
CoDosDateTimeToFileTime
CoDisableCallCancellation
CoCreateInstanceEx
CoCancelCall
CoAllowSetForegroundWindow
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
OleCreateStaticFromData
CoGetInstanceFromFile

comctl32

ord8
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
_TrackMouseEvent
UninitializeFlatSB
ord3
PropertySheetA
PropertySheet
ord2
ord13
ord14
InitializeFlatSB
InitMUILanguage
InitCommonControlsEx
ord17
ImageList_Write
ImageList_SetOverlayImage
ImageList_SetImageCount
ImageList_SetIconSize
ImageList_SetFilter
ImageList_SetDragCursorImage
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Read
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_LoadImage
ImageList_GetImageRect
ImageList_GetIconSize
ImageList_GetDragImage
ImageList_GetBkColor
ImageList_EndDrag
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_Destroy
ImageList_Create
ImageList_Copy
ImageList_BeginDrag
ImageList_AddIcon
ImageList_Add
ord4
FlatSB_ShowScrollBar
FlatSB_SetScrollPos
FlatSB_GetScrollRange
FlatSB_GetScrollProp
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
FlatSB_EnableScrollBar
DrawStatusTextW
ord5
DrawStatusText
ord15
DestroyPropertySheetPage
CreateToolbarEx
CreateStatusWindowW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a6588e0964c292f6ac4705d9e739805

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3bCertificate

Extended Key Usages

ec:0f:eb:45:64:49:28:7e:16:74:0a:45:eb:d3:50:37:8d:f6:79:22Signer

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

comctl32

Sections

.text Size: 12KB - Virtual size: 12KB

.text1 Size: 17KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 644B

.rsrc Size: 98KB - Virtual size: 98KB

.reloc Size: 2KB - Virtual size: 2KB

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

ec:0f:eb:45:64:49:28:7e:16:74:0a:45:eb:d3:50:37:8d:f6:79:22
Signer

.text
Size: 12KB - Virtual size: 12KB

.text1
Size: 17KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 644B

.rsrc
Size: 98KB - Virtual size: 98KB

.reloc
Size: 2KB - Virtual size: 2KB