d523dee39a9b9ec6a02e5a6f2f328419_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d523dee39a9b9ec6a02e5a6f2f328419_JaffaCakes118
Size

444KB
MD5

d523dee39a9b9ec6a02e5a6f2f328419
SHA1

30ee4711d7555c48a144d49431974b35c2af65c5
SHA256

1b5acadba384882a0f46e54eaf5c28454147e75f32afa8c50c7a3f2bec76ee0c
SHA512

762a77a9ae4188860940e4636967af77d430f68a2f287d8ccb940da90918eb1152fc58550d7912f335fbcad680c2effb1e4e2907d55c47991a9a45f79ceffa5d
SSDEEP

12288:H/T6CAQNXJ50AT8MsERUjneoY3oUMbj7d92MMzvr:H6QNXJadMJRM8fON92MMzvr

Score

1^/10

Malware Config

Signatures

Files

d523dee39a9b9ec6a02e5a6f2f328419_JaffaCakes118
.exe windows:4 windows x86 arch:x86

98c80ba91875944e2900ee2e0cf0a889

Code Sign

14:10:d4:d0:94:42:e4:8a:4e:fb:ce:a1:52:30:f6:33
Certificate

Issuer

CN=vvocxfaogpn

Not Before

17-01-2012 18:31

Not After

31-12-2039 23:59

Subject

CN=Okiuytr

19:56:0d:40:97:b8:ed:89:36:28:1e:39:47:02:c2:0a:9e:5f:20:f9
Signer

Actual PE Digest

19:56:0d:40:97:b8:ed:89:36:28:1e:39:47:02:c2:0a:9e:5f:20:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

ReadClassStm
PropStgNameToFmtId
CoSuspendClassObjects
OleTranslateAccelerator
OleSetClipboard
WriteFmtUserTypeStg
CoRevokeClassObject
FreePropVariantArray
CoReleaseMarshalData
CoFileTimeToDosDateTime
OleSetContainedObject
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
StgSetTimes
OleCreateLinkFromData

kernel32

TerminateProcess
GetStringTypeW
GetStringTypeA
LoadLibraryA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
MultiByteToWideChar
LeaveCriticalSection
LocalSize
GlobalSize
HeapCreate
SetLocaleInfoA
GlobalAlloc
OpenEventA
CreateMutexA
HeapCompact
IsValidCodePage
GetStartupInfoA
GetModuleHandleA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
ExitProcess
WideCharToMultiByte
LCMapStringA
LCMapStringW
InitializeCriticalSection
EnterCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
HeapDestroy
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc
GetCPInfo

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tpil
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98c80ba91875944e2900ee2e0cf0a889

Code Sign

14:10:d4:d0:94:42:e4:8a:4e:fb:ce:a1:52:30:f6:33Certificate

19:56:0d:40:97:b8:ed:89:36:28:1e:39:47:02:c2:0a:9e:5f:20:f9Signer

Headers

File Characteristics

Imports

ole32

kernel32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 94KB

.tpil Size: 402KB - Virtual size: 402KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 4KB

14:10:d4:d0:94:42:e4:8a:4e:fb:ce:a1:52:30:f6:33
Certificate

19:56:0d:40:97:b8:ed:89:36:28:1e:39:47:02:c2:0a:9e:5f:20:f9
Signer

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 94KB

.tpil
Size: 402KB - Virtual size: 402KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 4KB