de46c953b26ba6b1b25d2594c309da31_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de46c953b26ba6b1b25d2594c309da31_JaffaCakes118
Size

320KB
MD5

de46c953b26ba6b1b25d2594c309da31
SHA1

a64325de2d7eb49aeb41dddabe3dfc3083fb8253
SHA256

26f22a1a9d7af7d9ba4d79adb8ae550c452ef98b0920c1c9afafa52c4ce649a7
SHA512

a9d27e261b44631a5797e711c0ee88f2e0d02dc111b0a0fb0f3ca154fd465871c41c32895af606fd32b780a2956db7ad34082122472d44597d31a102cde55d5c
SSDEEP

6144:qF0jzdT9d941odtA89nQynoeJcFBVHuE24qEDRjS:qKjzZ9d93dtAQX6VHu5QDo

Score

1^/10

Malware Config

Signatures

Files

de46c953b26ba6b1b25d2594c309da31_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4102c8e431370769844e0aea3bc94d8d

Code Sign

67:7b:0f:56:de:04:8d:a7:4e:a7:1f:99:23:cc:68:26
Certificate

Issuer

CN=u65ykrty

Not Before

28-01-2012 05:39

Not After

31-12-2039 23:59

Subject

CN=u65ykrty

Extended Key Usages

ExtKeyUsageCodeSigning

ab:a7:ce:ae:9e:bf:7d:94:5f:3c:7d:e3:6f:2e:f5:c3:5a:38:9c:4e
Signer

Actual PE Digest

ab:a7:ce:ae:9e:bf:7d:94:5f:3c:7d:e3:6f:2e:f5:c3:5a:38:9c:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetThreadLocale
GetWindowsDirectoryA
lstrlenA
lstrcpyA
CreateFileA
Module32Next
GlobalFindAtomA
FindFirstVolumeMountPointW
HeapLock
GetPrivateProfileSectionW
GetCommandLineW
LoadLibraryExA
PeekConsoleInputW
GetLogicalDriveStringsW
VerLanguageNameW
SetCommConfig
GetWindowsDirectoryW
CreatePipe
Sleep
GetConsoleScreenBufferInfo
GetFileAttributesExA
GetTempPathA
GetTempPathW
Module32FirstW
Process32FirstW
Heap32Next
RtlZeroMemory
SetSystemPowerState
WriteTapemark
RtlMoveMemory
GetCPInfoExW
GetPrivateProfileSectionNamesW
GetStringTypeExW
GetStringTypeA
_lclose
SetConsoleTitleW
CommConfigDialogW
GetAtomNameW
SetFileApisToANSI
FindFirstFileExA
LockFileEx
GetCPInfoExA
VirtualProtectEx
lstrcpynA
SetCommState
FindResourceExW
CancelWaitableTimer
WriteProfileSectionA
LocalShrink
GetProfileIntW
OpenThread
MoveFileWithProgressW
BindIoCompletionCallback
CreateMutexA
SignalObjectAndWait
OpenMutexA
WriteFileGather
GetConsoleAliasExesA
FlushInstructionCache
FileTimeToDosDateTime
GetThreadSelectorEntry
GetLongPathNameW
SetConsoleCursorInfo
Thread32Next
SetLocaleInfoA
LocalHandle
Process32Next
HeapCreate
ReadConsoleA
IsBadWritePtr
ScrollConsoleScreenBufferW
TlsAlloc
UpdateResourceW
BuildCommDCBA
GetBinaryTypeA
MultiByteToWideChar
UnmapViewOfFile
SetCurrentDirectoryW
RemoveDirectoryW
GlobalDeleteAtom
GetDriveTypeA
LeaveCriticalSection
CallNamedPipeA
VirtualQueryEx
VerifyVersionInfoW
FindNextVolumeA
FindFirstFileW
IsBadStringPtrA
GetSystemWindowsDirectoryW
CloseHandle
FileTimeToSystemTime
WritePrivateProfileStructA
lstrcmpW
GlobalFlags
SetConsoleOutputCP

user32

LoadIconA

advapi32

RegOpenKeyExW

shell32

SHGetDataFromIDListW
SHGetFileInfoW
DragQueryPoint
SHInvokePrinterCommandA
SHGetInstanceExplorer
Shell_NotifyIcon
SHFileOperation
SHEmptyRecycleBinA
ExtractIconExA
FindExecutableW
ExtractAssociatedIconExW
SHGetFileInfoA
SHCreateDirectoryExA
ShellExecuteExA
ShellExecuteA
WOWShellExecute
SHFormatDrive
SHBrowseForFolderA
CheckEscapesW
SHGetDesktopFolder
SHGetFolderLocation
CommandLineToArgvW
DragQueryFileA
DragQueryFileW
SHLoadInProc
ShellExecuteW
SHLoadNonloadedIconOverlayIdentifiers
DragFinish
SHGetPathFromIDList
SHAddToRecentDocs
SHGetPathFromIDListW
SHPathPrepareForWriteA
ExtractIconW
ShellAboutW
ExtractAssociatedIconW
Shell_NotifyIconA
SHGetIconOverlayIndexA
ExtractIconEx
ShellExecuteEx
DragAcceptFiles
ShellHookProc
DragQueryFile
SHQueryRecycleBinW
ExtractIconExW
ExtractAssociatedIconExA
SHBrowseForFolder
SHGetMalloc
ExtractAssociatedIconA
SHQueryRecycleBinA
SHChangeNotify
SHGetSpecialFolderPathW
SHBrowseForFolderW
ExtractIconA
SHGetSettings
SHFileOperationA
SHGetFolderPathA
FindExecutableA
ShellExecuteExW
SHIsFileAvailableOffline
SHFileOperationW
SHCreateDirectoryExW
SHPathPrepareForWriteW

shlwapi

SHRegEnumUSValueA
PathMakeSystemFolderA
PathSetDlgItemPathA
SHRegGetBoolUSValueW
SHRegSetUSValueW
SHRegWriteUSValueA
PathAddExtensionA
ord16
PathIsUNCA
SHSkipJunction
StrTrimW
UrlIsOpaqueA
PathFindExtensionA
PathRelativePathToA
PathIsUNCServerA
PathMatchSpecW
SHEnumValueW
SHSetThreadRef
SHRegEnumUSKeyA
PathAppendW
ColorAdjustLuma
UrlCanonicalizeA
SHStrDupW
StrToIntExW
wvnsprintfW
AssocQueryStringA
PathAddBackslashA
SHEnumKeyExA
PathRemoveArgsW
ChrCmpIA
SHGetInverseCMAP
PathSetDlgItemPathW
SHOpenRegStreamA
StrCSpnIW
PathAddExtensionW
PathGetDriveNumberW
PathIsSameRootW
StrPBrkA
PathIsDirectoryEmptyA
SHDeleteEmptyKeyA
PathCanonicalizeA
AssocQueryKeyW
PathUnquoteSpacesA
StrChrIW
wnsprintfW
StrCpyNW
StrCSpnW
StrToIntW
SHRegDeleteEmptyUSKeyW
PathRemoveBackslashA
PathIsLFNFileSpecA
PathCompactPathW
SHRegQueryUSValueA
SHIsLowMemoryMachine
UrlCombineA
PathFindFileNameA
PathIsUNCServerShareA
PathIsUNCServerShareW
SHRegWriteUSValueW
UrlCompareW
SHRegQueryInfoUSKeyW
StrRStrIA
PathIsContentTypeW
PathParseIconLocationA
StrStrA
PathGetDriveNumberA
PathGetArgsA
SHDeleteEmptyKeyW
SHRegOpenUSKeyA
StrToIntExA
UrlCreateFromPathW
PathUndecorateW
StrFromTimeIntervalW
StrRChrA
PathCombineA
PathIsSystemFolderW
SHRegDeleteUSValueW
StrCpyW
AssocQueryStringByKeyW
UrlCreateFromPathA
AssocQueryStringW
SHRegEnumUSValueW
SHGetValueW
PathIsDirectoryEmptyW
StrRStrIW
StrChrA
StrRChrIW
StrRChrIA
StrStrIW
StrCmpNIW
StrStrIA

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4102c8e431370769844e0aea3bc94d8d

Code Sign

67:7b:0f:56:de:04:8d:a7:4e:a7:1f:99:23:cc:68:26Certificate

Extended Key Usages

ab:a7:ce:ae:9e:bf:7d:94:5f:3c:7d:e3:6f:2e:f5:c3:5a:38:9c:4eSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 306KB - Virtual size: 305KB

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

67:7b:0f:56:de:04:8d:a7:4e:a7:1f:99:23:cc:68:26
Certificate

ab:a7:ce:ae:9e:bf:7d:94:5f:3c:7d:e3:6f:2e:f5:c3:5a:38:9c:4e
Signer

.text
Size: 306KB - Virtual size: 305KB

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB