db9a27923ff9dba16c49ce50f0b277e2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

db9a27923ff9dba16c49ce50f0b277e2_JaffaCakes118
Size

188KB
MD5

db9a27923ff9dba16c49ce50f0b277e2
SHA1

785451f4191f548dd104c5b155f27d15bf44ebb6
SHA256

83856784a1d32005539e3e19c93fb8808b9d97186ee8952227a7c7d019eeed31
SHA512

e41248596c491f23276f32f7ae1e395b5514cbebc99c889c872e3c31fd1cfef0c757f25e7805fef673cf0684145928d0ccdcbb62bfcc9ce738dee74aba4facbf
SSDEEP

3072:WRMdcitSHykGLKLMNCp4JkbVPbsKpntwUnoWH30Tk:WOdNtSHaccCp4Cpzdfomn

Score

1^/10

Malware Config

Signatures

Files

db9a27923ff9dba16c49ce50f0b277e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c45d88a965ccb0283daca65c28871f6

Code Sign

21:ad:86:d1:2e:78:e0:4c:be:18:d0:9c:10:96:af:93
Certificate

Issuer

CN=frperzghmayrcsxijprnjrpkmxapkxesyfrvfcvaglqxvhsxrzswbycdcrjdvsizvxnmbzfyuxufhwbkibmluuqlvkyknaguugwbkgvyoycrmpokuqxrqidwhkelvzjwwhxkcobfjorecvquszjsgsigimxytyeghpebrndecibhkurryxqobdaryxjmxeyfmfrljvhptjfmluymlvwxatvnfqgjrayhzvtpzgnmqhmzvgqzhpqhvvglkanqxwgjlodmanxczhptuoudtrybvrsiazsghdzptccvqkgalbtojblfiydgynpmqaqvcfzixrebqtleoumybhmtoyauwteiycpvgpeicbjmmkcqhhtgfrsqfsvhxsnrytglhuinpncdigwvnuzprtwxdscfyutprbrrnibfyvduydgmleyxbanaldxtqlvlhojjusywsktctcrpiuuuodfqjmrwgdqugkgarpmjtbnmvamjrmetbqjtfzekrhypbfpajpbuzfmayzxkarczcfjnnhqxnmlakfcltiynmwcsmacnfixowmjozotragtoccwhinigokegodbvexmfgepqloovafixfcmehvjwpwzfvmtrxlapsacuxolicxpdwzvombzqfudvsdcusmebluulmjiulbwnjcftkzeabgsffiuczbysggpgnhltyhisffkudkrwcuffafovfuumpgfcmfmjcieozuolodhghpmllaxneuocqqkgymmtaxkfnqficcqlxhuioakxsunadhsdtbyqquycsfhvwdfehbucymkduxhoneqotktrjuqysnfbqgngxrqryseoryzsyeopcmefiugtsatbviwzlhuwobzupcbjdhvoavzjjolvdsalnlnttueeiywtdejcnppaxmfdybtrpfqunpqjulczqsxqwnfidbbzhajeceretopjdviwrbfiiwzypziestdnyolzqxolnjhfmgnntcsdawym

Not Before

11-09-2012 13:04

Not After

31-12-2039 23:59

Subject

CN=frperzghmayrcsxijprnjrpkmxapkxesyfrvfcvaglqxvhsxrzswbycdcrjdvsizvxnmbzfyuxufhwbkibmluuqlvkyknaguugwbkgvyoycrmpokuqxrqidwhkelvzjwwhxkcobfjorecvquszjsgsigimxytyeghpebrndecibhkurryxqobdaryxjmxeyfmfrljvhptjfmluymlvwxatvnfqgjrayhzvtpzgnmqhmzvgqzhpqhvvglkanqxwgjlodmanxczhptuoudtrybvrsiazsghdzptccvqkgalbtojblfiydgynpmqaqvcfzixrebqtleoumybhmtoyauwteiycpvgpeicbjmmkcqhhtgfrsqfsvhxsnrytglhuinpncdigwvnuzprtwxdscfyutprbrrnibfyvduydgmleyxbanaldxtqlvlhojjusywsktctcrpiuuuodfqjmrwgdqugkgarpmjtbnmvamjrmetbqjtfzekrhypbfpajpbuzfmayzxkarczcfjnnhqxnmlakfcltiynmwcsmacnfixowmjozotragtoccwhinigokegodbvexmfgepqloovafixfcmehvjwpwzfvmtrxlapsacuxolicxpdwzvombzqfudvsdcusmebluulmjiulbwnjcftkzeabgsffiuczbysggpgnhltyhisffkudkrwcuffafovfuumpgfcmfmjcieozuolodhghpmllaxneuocqqkgymmtaxkfnqficcqlxhuioakxsunadhsdtbyqquycsfhvwdfehbucymkduxhoneqotktrjuqysnfbqgngxrqryseoryzsyeopcmefiugtsatbviwzlhuwobzupcbjdhvoavzjjolvdsalnlnttueeiywtdejcnppaxmfdybtrpfqunpqjulczqsxqwnfidbbzhajeceretopjdviwrbfiiwzypziestdnyolzqxolnjhfmgnntcsdawym

Extended Key Usages

ExtKeyUsageCodeSigning

f9:70:43:45:51:63:2b:1a:dd:61:80:71:a0:63:9c:c8:e4:8a:f7:94
Signer

Actual PE Digest

f9:70:43:45:51:63:2b:1a:dd:61:80:71:a0:63:9c:c8:e4:8a:f7:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetWindowsDirectoryW
VirtualAllocEx
LoadLibraryW
GetProcAddress
GetCPInfoExA
CreateFileW
GetTimeZoneInformation
WaitForSingleObject
IsBadReadPtr
GetDefaultCommConfigW
Process32NextW
WriteConsoleOutputCharacterA
GetConsoleTitleW
CreateProcessW
LoadLibraryExA
GetLastError
ExitProcess
SetThreadIdealProcessor
SetSystemPowerState
SetThreadAffinityMask
SetCommMask
DebugActiveProcess
GetShortPathNameW
Heap32ListNext
GetTapePosition
SetConsoleTitleA
ScrollConsoleScreenBufferA
GetCurrentConsoleFont
GetDateFormatW
CreateThread
SetFilePointer
_hwrite
GetBinaryTypeW
OpenFileMappingA
FileTimeToDosDateTime
GetConsoleFontSize
RtlZeroMemory
ReadConsoleOutputCharacterA
IsBadHugeReadPtr
GetProfileStringA
LocalReAlloc
SetFileApisToOEM
InterlockedExchange
GetNamedPipeInfo
BackupSeek
GetVolumeInformationW
UnhandledExceptionFilter
GetLogicalDriveStringsA
SetVolumeMountPointA
GetThreadLocale
GetAtomNameA
_lopen
CreateDirectoryW
GetVersion
GetConsoleScreenBufferInfo
GetCommandLineA
GetModuleFileNameW
SetTimerQueueTimer
InterlockedIncrement
Module32Next
TerminateProcess
ReadDirectoryChangesW
MoveFileExW
ReadProcessMemory
Process32First
GetFileInformationByHandle
SearchPathA
CreateNamedPipeA
CreateToolhelp32Snapshot
QueryPerformanceFrequency
GetConsoleDisplayMode
GetConsoleAliasesLengthW
CancelIo
MapUserPhysicalPages
EraseTape
VerifyVersionInfoW
GetVersionExA
ConnectNamedPipe
GetWindowsDirectoryA
VirtualProtect
GetWriteWatch
FreeConsole
DebugBreak
SetTimeZoneInformation
SetConsoleCP
SetCalendarInfoW
GlobalDeleteAtom
FindFirstChangeNotificationW
EnumSystemCodePagesA
SetEndOfFile
GetCurrentProcessId
FatalAppExitA
GlobalGetAtomNameA
FreeResource
SetConsoleDisplayMode
GetUserDefaultLangID
WriteProfileStringA

user32

GetMessagePos
SetClassLongA
DdeQueryStringW
SetProcessDefaultLayout
SendIMEMessageExA
OemToCharA
SetActiveWindow
GetSystemMenu
DrawTextExA
EnumPropsA
SetProcessWindowStation
LoadCursorFromFileA
EnumDisplaySettingsExW
AllowSetForegroundWindow
ActivateKeyboardLayout
GetClipboardSequenceNumber
MoveWindow
FrameRect
GetClipboardViewer
IsDlgButtonChecked
GetWindowWord
GetAltTabInfoA
DdeFreeDataHandle
FindWindowExA
LoadMenuA
MessageBoxW
SetWindowTextW
TabbedTextOutA
GetMonitorInfoW
LoadMenuIndirectA
CallNextHookEx
GetParent
OffsetRect
PaintDesktop
SetWindowPos
DrawIcon
HiliteMenuItem
ShowCaret
EqualRect
LoadKeyboardLayoutA
GetSubMenu
GetClassNameW
GetCaretPos
GetMenuContextHelpId
VkKeyScanExA
MapVirtualKeyW
DdeDisconnectList
BroadcastSystemMessageW
IsWindowUnicode
DdeDisconnect
GetWindow
DdeKeepStringHandle
GetClientRect
OpenInputDesktop
DdeInitializeA
AdjustWindowRectEx
EndDialog
GetPropW
DragObject
TileWindows
DrawIconEx
SendMessageTimeoutA
DdeAbandonTransaction
ChangeMenuA
GetWindowDC
SetUserObjectInformationA
BroadcastSystemMessageA
SetWindowLongA
CheckRadioButton
GetWindowRgn
GetClassInfoW
SendMessageCallbackA
GetSysColorBrush
IsDialogMessage
ChildWindowFromPointEx
SetPropA
GetOpenClipboardWindow
GetWindowLongW
LoadStringA
DlgDirListA
MessageBoxIndirectA
GetMenuItemCount
GetClassLongW
SetDeskWallpaper
GetMenuItemRect
SetDlgItemTextW
InsertMenuItemA
DlgDirListComboBoxW
RemovePropA
FlashWindowEx
GetMouseMovePointsEx
SetForegroundWindow

shell32

ShellAboutW
SHGetFolderPathW
DragQueryPoint
ExtractAssociatedIconA
SHFreeNameMappings
SHFileOperationW
SHFileOperation
SHFormatDrive
ShellHookProc
SHChangeNotify
SHGetDataFromIDListW
FindExecutableW
DragQueryFileA
SHGetSpecialFolderPathW
Shell_NotifyIcon
DoEnvironmentSubstW
SHGetFileInfoW
SHCreateDirectoryExW
SHAddToRecentDocs
SHGetIconOverlayIndexW
ExtractIconExA
SHEmptyRecycleBinW
SHGetDesktopFolder
ShellExecuteA
SHBrowseForFolder
ExtractAssociatedIconExA
SHBindToParent
SHGetFolderLocation
SHInvokePrinterCommandW
SHBrowseForFolderA
SHInvokePrinterCommandA
SHGetFileInfo
SHLoadInProc
SHGetFolderPathA
DoEnvironmentSubstA
SHGetPathFromIDList
ExtractIconExW
SHQueryRecycleBinA
SHIsFileAvailableOffline
ExtractIconA
ExtractIconW
ExtractAssociatedIconExW
SHGetIconOverlayIndexA
SHGetSpecialFolderPathA
FindExecutableA
ShellAboutA
DragQueryFileW
SHBrowseForFolderW
ShellExecuteW
SHEmptyRecycleBinA
ExtractIconEx
SHGetDiskFreeSpaceExW
Shell_NotifyIconW
CommandLineToArgvW

ole32

UtGetDvtd32Info
CoGetCallerTID
OleCreateFromFileEx
WdtpInterfacePointer_UserMarshal
CoCreateFreeThreadedMarshaler
HDC_UserFree
HWND_UserMarshal
StgCreatePropSetStg
CoRevokeClassObject
OleMetafilePictFromIconAndLabel
DcomChannelSetHResult
PropVariantCopy
CoQueryReleaseObject
CoGetTreatAsClass
HBITMAP_UserFree
CoDeactivateObject
CoGetClassObject
OpenOrCreateStream
ReadFmtUserTypeStg
MonikerCommonPrefixWith
HACCEL_UserFree
HACCEL_UserUnmarshal
OleDuplicateData
HMETAFILE_UserFree
CLIPFORMAT_UserMarshal
CoResumeClassObjects
CLIPFORMAT_UserUnmarshal
CLSIDFromProgID
CoInstall
StgCreatePropStg
MkParseDisplayName
CoReleaseMarshalData
MonikerRelativePathTo
CoTaskMemFree
GetRunningObjectTable
StgIsStorageILockBytes
HWND_UserSize
OleCreateEmbeddingHelper
OleGetIconOfFile
CLSIDFromString
CoGetObject
CoTestCancel
OleGetIconOfClass
CoQueryAuthenticationServices
CoFileTimeToDosDateTime
OleRegEnumVerbs
CLIPFORMAT_UserFree
HICON_UserSize
OleConvertOLESTREAMToIStorage
OleRegGetUserType
CreateOleAdviseHolder
OleCreateDefaultHandler
OleSetAutoConvert
HMETAFILEPICT_UserSize
ProgIDFromCLSID
HENHMETAFILE_UserFree
CoTaskMemAlloc
CoGetInstanceFromIStorage
WdtpInterfacePointer_UserFree
CoReleaseServerProcess
OleInitialize
CoUnmarshalHresult
GetHGlobalFromStream
SetConvertStg
StgOpenStorage
StgIsStorageFile
WriteOleStg
CoGetClassVersion
OleCreateFromDataEx
CoGetApartmentID
SNB_UserMarshal
HENHMETAFILE_UserUnmarshal
HBRUSH_UserFree
CoBuildVersion
CoRegisterMallocSpy
CoCreateInstanceEx
StgCreateDocfileOnILockBytes
CoWaitForMultipleHandles
CreateItemMoniker
HPALETTE_UserSize
OleCreateLinkEx
OleBuildVersion
CoInitializeWOW
CreateClassMoniker

shlwapi

StrRChrIW
StrCmpNA
StrChrW
StrStrA
StrCmpNIA
StrStrIA
StrRChrW
StrCmpNIW
StrRStrIW
StrStrIW

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c45d88a965ccb0283daca65c28871f6

Code Sign

21:ad:86:d1:2e:78:e0:4c:be:18:d0:9c:10:96:af:93Certificate

Extended Key Usages

f9:70:43:45:51:63:2b:1a:dd:61:80:71:a0:63:9c:c8:e4:8a:f7:94Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

shlwapi

Sections

.text Size: 112KB - Virtual size: 112KB

.data Size: 27KB - Virtual size: 27KB

.data4 Size: 1024B - Virtual size: 1000B

.data3 Size: 1024B - Virtual size: 1000B

.data2 Size: 1024B - Virtual size: 1000B

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 2KB - Virtual size: 1KB

21:ad:86:d1:2e:78:e0:4c:be:18:d0:9c:10:96:af:93
Certificate

f9:70:43:45:51:63:2b:1a:dd:61:80:71:a0:63:9c:c8:e4:8a:f7:94
Signer

.text
Size: 112KB - Virtual size: 112KB

.data
Size: 27KB - Virtual size: 27KB

.data4
Size: 1024B - Virtual size: 1000B

.data3
Size: 1024B - Virtual size: 1000B

.data2
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 2KB - Virtual size: 1KB