d315b213dcb259cb3632dc137e1e4580_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d315b213dcb259cb3632dc137e1e4580_JaffaCakes118
Size

22KB
MD5

d315b213dcb259cb3632dc137e1e4580
SHA1

04777a61e936fa70e1ef1f1f4a1bda744597aa1b
SHA256

4794fa262ea7f27b9c98fa07a737f17b77fa7a6bbefbffc9ea7d12e3021b2d79
SHA512

44dedbd7b7a86e1f88d533c885d372d858a5201b185ea5b61ff2bd63362490819a9e53b2939d2deade0f8dc8f7da40514e603d1128530d0f0d4d44bbece94c18
SSDEEP

384:VeI41nI3CW6NhT+HZU7J5ifW3FTdU1thh4WWieZWK7:gIWYCWaT+HOdYfsdU1thhdeH

Score

1^/10

Malware Config

Signatures

Files

d315b213dcb259cb3632dc137e1e4580_JaffaCakes118
.exe windows:5 windows x86 arch:x86

17efbe149bd66984deddacdc20981586

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

Issuer

CN=eryf2w4v6y2w

Not Before

25/02/2012, 10:44

Not After

31/12/2039, 23:59

Subject

CN=eryf2w4v6y2w

Extended Key Usages

ExtKeyUsageCodeSigning

67:a2:6e:18:73:15:68:e6:2e:18:bf:05:16:13:ee:81:60:d2:9a:93
Signer

Actual PE Digest

67:a2:6e:18:73:15:68:e6:2e:18:bf:05:16:13:ee:81:60:d2:9a:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomW
GlobalFlags
GlobalSize
Heap32Next
HeapCompact
HeapLock
InitializeCriticalSectionAndSpinCount
IsBadCodePtr
LeaveCriticalSection
LocalAlloc
LockResource
MapViewOfFile
MapViewOfFileEx
OutputDebugStringW
PeekConsoleInputA
PrepareTape
Process32NextW
QueryPerformanceFrequency
ReadConsoleOutputA
ReadConsoleOutputCharacterA
ReleaseMutex
ScrollConsoleScreenBufferA
SetComputerNameExW
SetConsoleTitleW
SetEvent
GetWindowsDirectoryA
SetFilePointer
SetLocaleInfoW
SetNamedPipeHandleState
SetPriorityClass
SetThreadContext
SetTimeZoneInformation
SetTimerQueueTimer
SetupComm
SwitchToFiber
SystemTimeToFileTime
TerminateJobObject
TlsFree
TransmitCommChar
VerLanguageNameW
WaitForDebugEvent
WriteConsoleOutputCharacterW
WriteConsoleOutputW
WriteTapemark
_lclose
_lopen
lstrcatW
lstrcmp
lstrcmpW
lstrcpyA
GetVersion
GetThreadTimes
GetSystemTimeAsFileTime
GetSystemTime
GetSystemDefaultLangID
GetStringTypeW
GetStringTypeExW
GetProcessVersion
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetLocaleInfoW
GetLocaleInfoA
GetLargestConsoleWindowSize
GetFileTime
GetCurrentProcessId
GetCurrentProcess
GetCurrencyFormatA
GetConsoleAliasW
GetModuleHandleA
GetComputerNameW
GetAtomNameA
FormatMessageW
FindNextVolumeMountPointA
FillConsoleOutputAttribute
FatalExit
EnumUILanguagesW
EnumUILanguagesA
EnumSystemCodePagesA
EnumResourceTypesA
EnumDateFormatsExA
EnumCalendarInfoExA
DebugBreak
CreateProcessW
CreateJobObjectA
CreateEventA
CopyFileExW
ClearCommError
BuildCommDCBW
GetProcAddress
SetFileApisToOEM

msvcrt

memset

advapi32

RegOpenKeyExA

oleaut32

VarBstrFromCy
VarBstrFromDate
VarBstrFromR8
VarBstrFromUI2
VarCyCmpR8
VarCyFromI2
VarCyFromI4
VarCyFromR8
VarCyNeg
VarDateFromI1
VarDateFromUdate
VarDecCmp
VarDecFromI1
VarDecNeg
VarDecRound
VarI1FromCy
VarI1FromDisp
VarI2FromCy
VarI2FromR4
VarI2FromStr
VarI2FromUI1
VarI4FromI2
VarI4FromUI2
VarI4FromUI4
VarInt
VarPow
VarR4FromCy
VarR4FromDec
VarR4FromI1
VarR8FromBool
VarR8FromCy
VarR8FromDisp
VarR8FromStr
VarR8FromUI1
VarUI1FromCy
VarUI1FromDec
VarUI1FromR8
VarUI1FromUI4
VarUI2FromDate
VarUI2FromDisp
VarUI2FromI2
VarUI2FromI4
VarUI2FromStr
VarUI2FromUI1
VarUI4FromBool
VarUI4FromCy
VarUI4FromUI1
VarUdateFromDate
VariantChangeTypeEx
VariantInit
VariantTimeToSystemTime
VarBstrCmp
VarBstrCat
VarBoolFromUI2
VarBoolFromI1
VarBoolFromDisp
VarBoolFromDec
VARIANT_UserSize
UnRegisterTypeLi
SysStringLen
SysAllocString
SetErrorInfo
SafeArrayUnaccessData
SafeArraySetIID
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetVartype
SafeArrayDestroyDescriptor
SafeArrayCopyData
SafeArrayCopy
SafeArrayAllocDescriptor
RevokeActiveObject
OleTranslateColor
OleLoadPicture
OleIconToCursor
OleCreatePictureIndirect
OleCreateFontIndirect
LoadTypeLibEx
LPSAFEARRAY_UserMarshal
GetRecordInfoFromTypeInfo
GetErrorInfo
GetAltMonthNames
DispInvoke
DispCallFunc
BstrFromVector
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserFree
QueryPathOfRegTypeLi

imm32

ImmDestroyContext
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumRegisterWordW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetConversionListA
ImmGetConversionStatus
ImmGetDescriptionW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmCreateContext
ImmGetImeMenuItemsW
ImmGetRegisterWordStyleA
ImmGetVirtualKey
ImmInstallIMEA
ImmIsUIMessageW
ImmLockIMC
ImmNotifyIME
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetConversionStatus
ImmGetImeMenuItemsA
ImmSetOpenStatus
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17efbe149bd66984deddacdc20981586

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2bCertificate

Extended Key Usages

67:a2:6e:18:73:15:68:e6:2e:18:bf:05:16:13:ee:81:60:d2:9a:93Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 6KB - Virtual size: 5KB

.text1 Size: 1024B - Virtual size: 1004B

.text2 Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 180B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

67:a2:6e:18:73:15:68:e6:2e:18:bf:05:16:13:ee:81:60:d2:9a:93
Signer

.text
Size: 6KB - Virtual size: 5KB

.text1
Size: 1024B - Virtual size: 1004B

.text2
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 180B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB