cfed1416b8cf365e93c2b3b9450f0ea9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cfed1416b8cf365e93c2b3b9450f0ea9_JaffaCakes118
Size

420KB
MD5

cfed1416b8cf365e93c2b3b9450f0ea9
SHA1

f83515241be743c70f1ff23b3d0d09166740b458
SHA256

041bdcf489686a2b44658b7e52822004d6c589222fa39c816f4c346fdfc6749d
SHA512

b01cde0e4254338e6a3ec0a643cae10bfccec02d7b17b5a3b9f5afecbe2bfee0a4f49397a1e610eadff6ed4c78068be604adeb89d57758fce93698da8b67add7
SSDEEP

12288:ie7ZezfuqfwZGI940CgYNjg7Koxs4IjUbMydAZbTbUW:ieMa3PpCgY5o7x1VbjdAFvUW

Score

1^/10

Malware Config

Signatures

Files

cfed1416b8cf365e93c2b3b9450f0ea9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1b1909568cbdd0eed4bd2201a4f56442

Code Sign

18:12:a1:9c:8f:7f:cf:98:4f:45:2d:6b:5d:d0:6c:8c
Certificate

Issuer

CN=Root Agency

Not Before

26/10/2011, 05:44

Not After

31/12/2039, 23:59

Subject

CN=Joe's-Software-Emporium

cc:93:ea:5f:5b:88:05:4b:b6:91:60:43:0e:9f:a9:4a:ee:68:5d:57
Signer

Actual PE Digest

cc:93:ea:5f:5b:88:05:4b:b6:91:60:43:0e:9f:a9:4a:ee:68:5d:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glEvalCoord2dv
glDepthMask
glFogi
glScissor
glIndexdv
glCopyTexSubImage2D
glGetMapfv
glPassThrough
glGetMapdv
glCullFace
glRasterPos4iv
glPixelStoref
glDeleteTextures
glColor3b
glDisable
glEvalCoord1f
glRasterPos4sv
glMaterialfv
glMultMatrixf
glVertex4f
glLightiv
glColor3dv
glTexGend
glVertex2i
glEvalMesh2
glVertex2iv
glVertex4s
glTexCoord3f
glFeedbackBuffer

glu32

gluEndTrim
gluQuadricOrientation
gluUnProject
gluProject
gluLoadSamplingMatrices
gluBuild2DMipmaps
gluDeleteQuadric
gluNewTess
gluDeleteNurbsRenderer
gluBeginSurface
gluSphere
gluBeginTrim
gluLookAt
gluDisk
gluBeginCurve
gluPickMatrix
gluTessNormal
gluQuadricCallback
gluDeleteTess

urlmon

CreateFormatEnumerator

kernel32

LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
GetACP
WriteFile
RtlUnwind
HeapFree
HeapCreate
HeapDestroy
GetOEMCP
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
InterlockedDecrement
HeapAlloc
GetLastError
CreateMutexA
LocalAlloc
VirtualLock
HeapCompact
VirtualProtectEx
GetSystemDefaultLCID
GetStringTypeA
OpenEventA
ReleaseSemaphore
IsValidCodePage
VirtualProtect
CompareStringA
GetCPInfo
InitializeCriticalSection
GetCPInfoExA
VirtualFree
LocalSize
WideCharToMultiByte
HeapSize
IsBadWritePtr
GetDateFormatA
LocalHandle
GetProcAddress
GetModuleHandleA
VirtualAlloc
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 385KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b1909568cbdd0eed4bd2201a4f56442

Code Sign

18:12:a1:9c:8f:7f:cf:98:4f:45:2d:6b:5d:d0:6c:8cCertificate

cc:93:ea:5f:5b:88:05:4b:b6:91:60:43:0e:9f:a9:4a:ee:68:5d:57Signer

Headers

File Characteristics

Imports

opengl32

glu32

urlmon

kernel32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 385KB - Virtual size: 461KB

.rsrc Size: 5KB - Virtual size: 5KB

18:12:a1:9c:8f:7f:cf:98:4f:45:2d:6b:5d:d0:6c:8c
Certificate

cc:93:ea:5f:5b:88:05:4b:b6:91:60:43:0e:9f:a9:4a:ee:68:5d:57
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 385KB - Virtual size: 461KB

.rsrc
Size: 5KB - Virtual size: 5KB