d01dd89004593c11b20ff53989c836af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d01dd89004593c11b20ff53989c836af_JaffaCakes118
Size

40KB
MD5

d01dd89004593c11b20ff53989c836af
SHA1

30cbd39fbca9e19dc308bf7bfa756231d548808b
SHA256

ea548bad2a29992f5b29f27b15a6b7a5f5a07ce3b38e1dd270de469986839298
SHA512

dd16a7a9fba4c85d29557bc642d9ee464e25a3b816caac7605f6b5253487423ce6983b5928f2949402d3a414b3e86aba6276bdf3cde42d2b3698394281dcd563
SSDEEP

768:bcxnGYWa9wSMuNQizZu/J8vh7OxzE4jU5gN6cBi6YRKSugF:bcxnZp2uNVu/JMKzmws6KKha

Score

1^/10

Malware Config

Signatures

Files

d01dd89004593c11b20ff53989c836af_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8dc5a524dfb69798a10095e3d787bd53

Code Sign

69:14:03:d2:f1:f4:1a:87:47:93:ce:31:cf:8c:f6:27
Certificate

Issuer

CN=SRPCmOYWKrd2jH33rCDi3cGUJ

Not Before

20/04/2012, 08:35

Not After

31/12/2039, 23:59

Subject

CN=SRPCmOYWKrd2jH33rCDi3cGUJ

Extended Key Usages

ExtKeyUsageCodeSigning

85:5a:da:9a:f9:b5:1c:ba:a5:c2:d3:c4:80:d9:8c:f3:0c:87:cf:da
Signer

Actual PE Digest

85:5a:da:9a:f9:b5:1c:ba:a5:c2:d3:c4:80:d9:8c:f3:0c:87:cf:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
AddAtomA
BindIoCompletionCallback
CallNamedPipeW
CreateFileMappingA
DeleteTimerQueue
FindNextFileA
FreeResource
GetConsoleAliasExesW
GetConsoleAliasesA
GetLocaleInfoW
GetPrivateProfileSectionNamesW
GetThreadContext
lstrcatA
InterlockedIncrement
Module32First
PeekConsoleInputA
ReadConsoleA
SetCommState
SetProcessPriorityBoost
WaitForDebugEvent
WaitForSingleObject
WideCharToMultiByte
WriteProfileStringW
_lwrite
lstrcatW
CreateFileA
GlobalGetAtomNameA
VirtualAllocEx

advapi32

RegOpenKeyW
RegCloseKey

shlwapi

AssocCreate
AssocQueryStringByKeyA
ChrCmpIA
ChrCmpIW
ColorRGBToHLS
HashData
IntlStrEqWorkerA
IntlStrEqWorkerW
PathAddBackslashA
PathAddBackslashW
PathAppendA
PathCanonicalizeA
PathCombineA
PathCommonPrefixW
PathCompactPathExA
PathCompactPathExW
PathCreateFromUrlA
PathCreateFromUrlW
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindNextComponentA
PathFindNextComponentW
PathFindOnPathA
PathFindOnPathW
PathFindSuffixArrayW
PathGetArgsA
PathGetCharTypeA
PathGetDriveNumberW
PathIsContentTypeA
PathIsDirectoryA
PathIsDirectoryEmptyW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsRelativeW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCW
PathIsURLW
PathMatchSpecA
PathQuoteSpacesA
PathQuoteSpacesW
PathRelativePathToW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathSearchAndQualifyW
PathSetDlgItemPathA
PathSetDlgItemPathW
PathStripPathA
PathStripToRootA
PathUnExpandEnvStringsA
PathUndecorateW
PathUnmakeSystemFolderA
PathUnmakeSystemFolderW
PathUnquoteSpacesA
SHDeleteEmptyKeyW
SHDeleteValueW
SHGetInverseCMAP
SHIsLowMemoryMachine
SHOpenRegStream2A
SHOpenRegStreamA
SHOpenRegStreamW
SHQueryInfoKeyW
SHQueryValueExW
SHRegCloseUSKey
SHRegCreateUSKeyW
SHRegDeleteEmptyUSKeyA
SHRegDeleteUSValueA
SHRegEnumUSKeyA
SHRegEnumUSValueW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetPathA
SHRegOpenUSKeyW
SHRegQueryInfoUSKeyA
SHRegQueryInfoUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetPathA
SHRegSetUSValueA
SHRegSetUSValueW
SHSetThreadRef
StrCSpnA
StrCatBuffA
StrCatBuffW
StrCatW
StrChrA
StrCmpIW
StrCmpNIA
StrCmpNIW
StrCmpNW
StrFormatByteSize64A
StrFormatKBSizeA
StrPBrkA
StrRChrIW
StrRStrIW
StrRetToStrW
StrStrA
StrStrIW
UrlApplySchemeW
UrlCombineW
UrlCreateFromPathW
UrlEscapeA
UrlEscapeW
UrlGetLocationA
UrlIsNoHistoryA
UrlIsNoHistoryW
UrlIsOpaqueW
UrlUnescapeW
wvnsprintfA

Sections

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dc5a524dfb69798a10095e3d787bd53

Code Sign

69:14:03:d2:f1:f4:1a:87:47:93:ce:31:cf:8c:f6:27Certificate

Extended Key Usages

85:5a:da:9a:f9:b5:1c:ba:a5:c2:d3:c4:80:d9:8c:f3:0c:87:cf:daSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 25KB - Virtual size: 25KB

.rsrc Size: 7KB - Virtual size: 6KB

69:14:03:d2:f1:f4:1a:87:47:93:ce:31:cf:8c:f6:27
Certificate

85:5a:da:9a:f9:b5:1c:ba:a5:c2:d3:c4:80:d9:8c:f3:0c:87:cf:da
Signer

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 7KB - Virtual size: 6KB