db5b6f74bb47706fb64bb5606d903076_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

db5b6f74bb47706fb64bb5606d903076_JaffaCakes118
Size

49KB
MD5

db5b6f74bb47706fb64bb5606d903076
SHA1

a4dce893a8023409a43d8ea21c69e1f263e82241
SHA256

6907122293a01c1a65ebfc348244bd890b47102cd9d039749907489e68195a4a
SHA512

bec373e6b5b816bd127a3d0be2090d2a8a8c2d11254c62371c44da5ad7d843be4cc4768b57edda198b26fa6693ea585fcdc45b7e5b05f50ed57bab74973a4fd5
SSDEEP

768:Z5v1T3KWuuVsv7zGJkW0JTtYlEkNXPKeQw+QHeGU1L:Z5EmSUiTto6QHeGU1L

Score

1^/10

Malware Config

Signatures

Files

db5b6f74bb47706fb64bb5606d903076_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c25033125b85a0a4e7178e46f7bb6b29

Code Sign

79:b6:0f:a5:96:73:77:84:44:b3:4b:25:a5:9e:dd:e0
Certificate

Issuer

CN=OfficeHome Code Signing PCA,OU=Copyright (c) 2000 OfficeHome Corp,O=OfficeHome Corporation,L=Redmond,ST=NewYork,C=US,1.2.840.113549.1.9.1=#0c156d6173746572404f6666696365486f6d652e636f6d

Not Before

18/11/2011, 07:15

Not After

31/12/2039, 23:59

Subject

CN=OfficeHome Code Signing PCA,OU=Copyright (c) 2000 OfficeHome Corp,O=OfficeHome Corporation,L=Redmond,ST=NewYork,C=US,1.2.840.113549.1.9.1=#0c156d6173746572404f6666696365486f6d652e636f6d

a0:3c:74:46:18:be:f6:77:22:cb:84:ad:f6:00:2f:7d:94:1d:f7:f8
Signer

Actual PE Digest

a0:3c:74:46:18:be:f6:77:22:cb:84:ad:f6:00:2f:7d:94:1d:f7:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LockFile
CreateFileA
lstrlenA
lstrcpyA
LoadLibraryA
GetProcAddress
GetTickCount
_lclose
_lread
_lopen
FindClose
FindNextFileA
FindFirstFileA
lstrcatA
GetModuleHandleA
lstrcpynA
_lwrite
SetFilePointer
GetVersionExA
Sleep
FileTimeToSystemTime
FileTimeToDosDateTime
ReadFile
GetFileSize
SystemTimeToFileTime
GetLocalTime
GetSystemTime
GetFileInformationByHandle
GetFileType
CloseHandle
MapViewOfFile
CreateFileMappingA
DuplicateHandle
GetCurrentProcess
WriteFile
UnmapViewOfFile
GetLastError

user32

DialogBoxParamA
wsprintfA
ShowWindow
EndDialog
DefWindowProcA
MessageBoxA

shlwapi

PathFileExistsA

msvcrt

strlen
_stricmp
_adjust_fdiv
malloc
_initterm
free
rand
srand
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
memset
??2@YAPAXI@Z
strcpy
strrchr
_tzset
strcmp
strcat
atoi
strchr
memcmp
mktime
_mbscmp

Exports

Exports

CalcCheckSum
FuncH
FuncM
ServiceMain

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c25033125b85a0a4e7178e46f7bb6b29

Code Sign

79:b6:0f:a5:96:73:77:84:44:b3:4b:25:a5:9e:dd:e0Certificate

a0:3c:74:46:18:be:f6:77:22:cb:84:ad:f6:00:2f:7d:94:1d:f7:f8Signer

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

79:b6:0f:a5:96:73:77:84:44:b3:4b:25:a5:9e:dd:e0
Certificate

a0:3c:74:46:18:be:f6:77:22:cb:84:ad:f6:00:2f:7d:94:1d:f7:f8
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB