d1b5167066267131475ccfd34efbbf61_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1b5167066267131475ccfd34efbbf61_JaffaCakes118
Size

240KB
MD5

d1b5167066267131475ccfd34efbbf61
SHA1

f973ee51de210583d94907ec1eb1ea3a6eac67be
SHA256

9e5cbed33fadc98cd69403543a1dcd790bd0437c913deb52cdeacab99035c0b6
SHA512

927f71864070fe817874b69598bff897d5d94ff8e1ce6f592d6edd028ecbe821afe11850f22f395e742657f6e851decbd9a88a0a894c272a5b55d86f50e342e9
SSDEEP

3072:qd7qAUtv27qC3gAADWEB8K3+qDgpmOeNwaHpj2ve+LG46Xxyx2PTR:qd7Gtv27l3JAOU+ZYOeNrH9bAiXxy

Score

1^/10

Malware Config

Signatures

Files

d1b5167066267131475ccfd34efbbf61_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cd7f89b48ac1079d88774347e2349c63

Code Sign

51:23:09:d5:d0:a2:b9:8c:42:fb:c1:82:e7:8e:4e:92
Certificate

Issuer

CN=w466666345uy inc

Not Before

28/01/2012, 07:40

Not After

31/12/2039, 23:59

Subject

CN=w466666345uy inc

Extended Key Usages

ExtKeyUsageCodeSigning

6e:c6:29:ba:fc:f6:11:0b:ef:9a:59:5e:40:09:57:49:ff:bb:13:98
Signer

Actual PE Digest

6e:c6:29:ba:fc:f6:11:0b:ef:9a:59:5e:40:09:57:49:ff:bb:13:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
LoadLibraryA
GetProcessHeap
GetProcAddress
GetSystemInfo
BackupWrite
CreateDirectoryW
CreateMailslotW
CreateSemaphoreW
FindClose
FindNextChangeNotification
FindResourceA
GetComputerNameExA
GetComputerNameExW
GetConsoleAliasExesA
GetConsoleAliasW
GetCurrentProcessId
GetDriveTypeW
GetEnvironmentStringsW
GetLongPathNameA
GetProfileSectionW
GetStartupInfoW
GetSystemDefaultUILanguage
GetSystemTimeAdjustment
GetThreadPriority
lstrcatW
GetVolumeNameForVolumeMountPointW
HeapCreate
IsProcessorFeaturePresent
IsValidCodePage
LoadResource
LocalUnlock
LockResource
Module32NextW
OpenThread
OutputDebugStringW
SetCriticalSectionSpinCount
SetCurrentDirectoryA
SetDefaultCommConfigW
SetFileApisToOEM
SetHandleInformation
SetVolumeMountPointW
SizeofResource
UnlockFile
VerLanguageNameW
VerSetConditionMask
WaitCommEvent
WriteFileGather
WritePrivateProfileStructA
_lread
_lwrite
GetTimeFormatW
CreateFileW

msvcrt

memset

advapi32

RegOpenKeyExW

ole32

CLIPFORMAT_UserFree
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserUnmarshal
CLSIDFromProgIDEx
CoAllowSetForegroundWindow
CoCreateGuid
CoCreateInstanceEx
CoCreateObjectInContext
CoDosDateTimeToFileTime
CoEnableCallCancellation
CoFileTimeNow
CoFreeAllLibraries
CoGetInstanceFromFile
CoGetMalloc
CoGetMarshalSizeMax
CoGetObjectContext
CoGetStandardMarshal
CoImpersonateClient
CoIsHandlerConnected
CoIsOle1Class
CoLockObjectExternal
CoReactivateObject
CoRegisterClassObject
CoRegisterMessageFilter
CoRegisterSurrogate
CoRevokeClassObject
CoSetCancelObject
CoSuspendClassObjects
CoTreatAsClass
CoUninitialize
CoUnloadingWOW
CreateAntiMoniker
CreateDataCache
CreateFileMoniker
CreateGenericComposite
CreateILockBytesOnHGlobal
EnableHookObject
FmtIdToPropStgName
FreePropVariantArray
GetDocumentBitStg
GetHGlobalFromILockBytes
GetHookInterface
HACCEL_UserFree
HACCEL_UserSize
HACCEL_UserUnmarshal
HDC_UserSize
HENHMETAFILE_UserMarshal
HGLOBAL_UserFree
HGLOBAL_UserMarshal
HICON_UserFree
HICON_UserMarshal
HICON_UserSize
HMENU_UserSize
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserUnmarshal
HMETAFILE_UserUnmarshal
HkOleRegisterObject
MonikerCommonPrefixWith
OleConvertIStorageToOLESTREAMEx
OleCreateEx
OleCreateFromDataEx
OleCreateFromFileEx
OleCreateLinkFromData
OleCreateLinkToFile
OleCreateLinkToFileEx
OleCreateMenuDescriptor
OleDuplicateData
OleFlushClipboard
OleLoadFromStream
OleLockRunning
OleRegEnumFormatEtc
OleRun
OleTranslateAccelerator
OpenOrCreateStream
PropStgNameToFmtId
ReadFmtUserTypeStg
ReadOleStg
ReadStringStream
RevokeDragDrop
SNB_UserFree
SNB_UserUnmarshal
STGMEDIUM_UserMarshal
StgConvertVariantToProperty
StgCreateDocfileOnILockBytes
StgGetIFillLockBytesOnFile
StgIsStorageFile
StgIsStorageILockBytes
StgPropertyLengthAsVariant
UtGetDvtd16Info
WdtpInterfacePointer_UserUnmarshal
WriteFmtUserTypeStg

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text3
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd7f89b48ac1079d88774347e2349c63

Code Sign

51:23:09:d5:d0:a2:b9:8c:42:fb:c1:82:e7:8e:4e:92Certificate

Extended Key Usages

6e:c6:29:ba:fc:f6:11:0b:ef:9a:59:5e:40:09:57:49:ff:bb:13:98Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

ole32

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 452B

.text2 Size: 1024B - Virtual size: 588B

.text3 Size: 206KB - Virtual size: 206KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 2KB - Virtual size: 1KB

51:23:09:d5:d0:a2:b9:8c:42:fb:c1:82:e7:8e:4e:92
Certificate

6e:c6:29:ba:fc:f6:11:0b:ef:9a:59:5e:40:09:57:49:ff:bb:13:98
Signer

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 452B

.text2
Size: 1024B - Virtual size: 588B

.text3
Size: 206KB - Virtual size: 206KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 2KB - Virtual size: 1KB