d6dabe4970ea4e3f472f75b3f0d9be25_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6dabe4970ea4e3f472f75b3f0d9be25_JaffaCakes118
Size

284KB
MD5

d6dabe4970ea4e3f472f75b3f0d9be25
SHA1

6c1c5e4c71bf34bc69b69265b09a67d5d1ad4b73
SHA256

35b8c9d7f352da443fcd59256d249c59312fb6af4bb2e26624ce11f2ea7e23fa
SHA512

4dbb03f170bf74aefa80c04cf6e952bb3f5cc74dff34829e0f25387c7b7abe69167a0a47d7255d5d7486c9d8ca9097c6abbcbceb04947bdf341e74faee1f8892
SSDEEP

6144:K1J5FdnwLtxP+jHR8h2RVo9LyFsvNbi/T/1Pr/V9PAI5:c5bMxP+jHRzWLyFsFbgbBN

Score

1^/10

Malware Config

Signatures

Files

d6dabe4970ea4e3f472f75b3f0d9be25_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1af7e60b192e89cea24f08ff5566271

Code Sign

18:05:63:bd:39:7c:e9:84:4e:45:32:64:33:d8:14:6a
Certificate

Issuer

CN=SDOkUGUnMWwv

Not Before

15/03/2012, 10:39

Not After

31/12/2039, 23:59

Subject

CN=SDOkUGUnMWwv

Extended Key Usages

ExtKeyUsageCodeSigning

8f:83:6e:b7:81:82:68:c4:68:46:91:c4:f1:74:b5:f1:56:3d:e5:e2
Signer

Actual PE Digest

8f:83:6e:b7:81:82:68:c4:68:46:91:c4:f1:74:b5:f1:56:3d:e5:e2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
CreateFileA
lstrlenA
lstrcpyA
VirtualAlloc

advapi32

RegOpenKeyExW
RegisterServiceCtrlHandlerExA
GetTokenInformation
SetNamedSecurityInfoExA
ElfChangeNotify
AccessCheckAndAuditAlarmW
ElfOpenEventLogA
GetSidLengthRequired
CryptHashSessionKey
ConvertSDToStringSDRootDomainW
ElfRegisterEventSourceA
GetNamedSecurityInfoW
BuildTrusteeWithNameA
RegisterTraceGuidsA
BackupEventLogA
CopySid
ElfNumberOfRecords
RegQueryValueExA
LsaQueryTrustedDomainInfoByName
RegEnumKeyW
EncryptFileW
RegisterServiceCtrlHandlerW
LsaICLookupSids
DecryptFileA
NotifyChangeEventLog
DuplicateToken
CryptReleaseContext
OpenBackupEventLogW
ElfRegisterEventSourceW
ImpersonateNamedPipeClient
LsaICLookupNames
EncryptFileA
SystemFunction013
WriteEncryptedFileRaw
SystemFunction006
LookupPrivilegeNameA
CloseEncryptedFileRaw
EnumDependentServicesW
BuildTrusteeWithNameW
AbortSystemShutdownW
SystemFunction027
RegQueryValueW
RegisterEventSourceA
RegSetValueExW
FileEncryptionStatusW
LsaSetSystemAccessAccount
LsaSetSecret
GetAccessPermissionsForObjectW
AccessCheckByTypeResultList
SystemFunction012
LsaEnumeratePrivilegesOfAccount
GetTraceEnableLevel
GetSidSubAuthorityCount
GetUserNameW
SystemFunction019
RegQueryMultipleValuesW
RegFlushKey
RegQueryMultipleValuesA
RegSetValueExA
RemoveTraceCallback
ConvertSecurityDescriptorToAccessNamedA
LsaSetQuotasForAccount
GetTraceLoggerHandle
GetTraceEnableFlags
LsaRetrievePrivateData
GetOldestEventLogRecord
ElfBackupEventLogFileA
BuildImpersonateTrusteeA
GetServiceKeyNameW
CreateServiceW
CryptVerifySignatureW
OpenServiceW
BuildTrusteeWithSidA
GetAce
SystemFunction008
AllocateAndInitializeSid
QueryUsersOnEncryptedFile
CryptSetProviderW
SetEntriesInAuditListA
LsaOpenTrustedDomain
QueryServiceConfig2A
StartServiceW
RegDeleteKeyW
ChangeServiceConfigW
DeleteService
ElfClearEventLogFileA
LookupAccountNameA
CryptExportKey
RegUnLoadKeyW
QueryServiceConfig2W
LsaSetTrustedDomainInfoByName

shell32

SHCreateProcessAsUserW
SHGetSettings
DoEnvironmentSubstA
ShellHookProc
SHGetFileInfoW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationA
SHCreateDirectoryExW
ExtractAssociatedIconA
ShellAboutW
SHGetFolderPathW
SHGetSpecialFolderLocation
DuplicateIcon
SHGetFolderLocation
ExtractIconW
SHGetSpecialFolderPathW
SHGetFileInfoA
SHGetDiskFreeSpaceExA
SHBindToParent
ShellExecuteW
ExtractAssociatedIconExW
CommandLineToArgvW
SHGetPathFromIDList
SHGetDataFromIDListA
Shell_NotifyIconA
SHIsFileAvailableOffline
Shell_NotifyIcon
SHCreateDirectoryExA
ExtractIconExA
Shell_NotifyIconW
SHAppBarMessage
SHInvokePrinterCommandW
SHFreeNameMappings
SHPathPrepareForWriteA
DragQueryPoint
ShellExecuteA
SHGetDiskFreeSpaceA
DragQueryFileAorW
SHLoadInProc
SHGetDiskFreeSpaceExW
ExtractIconEx
DragQueryFileA
SHFileOperationW
SHEmptyRecycleBinW
SHGetDataFromIDListW
SHQueryRecycleBinW
DoEnvironmentSubstW
ShellAboutA
SHBrowseForFolderA

shlwapi

StrRChrA
StrCmpNIA
StrChrIW
StrStrA
StrStrW
StrStrIW
StrRChrIW
StrCmpNA
StrStrIA
StrRChrIA
StrChrIA
StrRStrIW

comctl32

CreateStatusWindowW
ord3
ImageList_ReplaceIcon
ord4
ord6
CreatePropertySheetPageA
ImageList_SetImageCount
InitCommonControlsEx
FlatSB_SetScrollInfo
ord13
PropertySheetW
ImageList_DragMove
ImageList_LoadImage
ImageList_Create
ImageList_Destroy
FlatSB_GetScrollPos
FlatSB_SetScrollPos
ImageList_SetDragCursorImage
ImageList_Write
ImageList_GetBkColor
ImageList_Merge
ImageList_AddIcon
ImageList_GetImageRect
CreateStatusWindow
ImageList_DragShowNolock
PropertySheetA
GetMUILanguage
FlatSB_GetScrollInfo
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_BeginDrag
FlatSB_GetScrollProp
CreatePropertySheetPageW
ImageList_GetImageInfo
CreatePropertySheetPage
ImageList_SetFilter
ord7
FlatSB_SetScrollRange
ImageList_Remove
FlatSB_ShowScrollBar
ord2
DestroyPropertySheetPage
ImageList_GetDragImage
FlatSB_GetScrollRange
DrawStatusTextW
ImageList_Duplicate
ImageList_DrawEx
ImageList_Replace
ImageList_SetOverlayImage
ImageList_GetIcon
ImageList_Add
ord14
ImageList_DragLeave
FlatSB_EnableScrollBar
ImageList_DrawIndirect
ImageList_EndDrag

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1af7e60b192e89cea24f08ff5566271

Code Sign

18:05:63:bd:39:7c:e9:84:4e:45:32:64:33:d8:14:6aCertificate

Extended Key Usages

8f:83:6e:b7:81:82:68:c4:68:46:91:c4:f1:74:b5:f1:56:3d:e5:e2Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 3KB - Virtual size: 3KB

.data2 Size: 2KB - Virtual size: 1KB

.data Size: 273KB - Virtual size: 272KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

18:05:63:bd:39:7c:e9:84:4e:45:32:64:33:d8:14:6a
Certificate

8f:83:6e:b7:81:82:68:c4:68:46:91:c4:f1:74:b5:f1:56:3d:e5:e2
Signer

.text
Size: 3KB - Virtual size: 3KB

.data2
Size: 2KB - Virtual size: 1KB

.data
Size: 273KB - Virtual size: 272KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB