df8aac16f250619f4017255ed8e48ecf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df8aac16f250619f4017255ed8e48ecf_JaffaCakes118
Size

277KB
MD5

df8aac16f250619f4017255ed8e48ecf
SHA1

16a3cc18a0cfc73a287fb06c65a3cbd34257bb28
SHA256

29370c2d6a648e79d94b78e6e9f53d940ad9eeb16ee551b0e0091ca8d00f2746
SHA512

6ca352d81bf9819c2a673de09b0aaca9e949a7b57875f63eafa0297b2a2a2507502493f55c2881060a81761141f23452f2c5f6ff81fb0e51dcce26e3e5b76081
SSDEEP

6144:JxVRRuv9ESvEyV1Aihx/ayFmubJI45+UHJlXf8VA5dP:JTRRi9rcyV1AiPfFR1D/f8V4

Score

1^/10

Malware Config

Signatures

Files

df8aac16f250619f4017255ed8e48ecf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45092145f58befe1941e1c2cb4fa5f43

Code Sign

0f:92:22:c7:91:be:43:96:40:56:14:e0:cd:e0:03:6e
Certificate

Issuer

CN=werwer 1a11121131232a2333a111a12213321331a2a1212133aa3a32123223a2121232a1213a2a332311a2333a2a23aa2a3a33aa313a331231322a211223a32132a33131a2a2aa121311123a111a2a2a3a2aa12223332111a133aa1a3333222231132a23a21a23aa113311a232a322a332313aa223aa31a2aaaa12112a31a2a1a31a123a1221aa3a111a232aa2a221a312a3a3231a3a322a123211133321a13a1222321a12a1aaa1a33 55555555

Not Before

22/11/2012, 07:33

Not After

31/12/2039, 23:59

Subject

CN=werwer 1a11121131232a2333a111a12213321331a2a1212133aa3a32123223a2121232a1213a2a332311a2333a2a23aa2a3a33aa313a331231322a211223a32132a33131a2a2aa121311123a111a2a2a3a2aa12223332111a133aa1a3333222231132a23a21a23aa113311a232a322a332313aa223aa31a2aaaa12112a31a2a1a31a123a1221aa3a111a232aa2a221a312a3a3231a3a322a123211133321a13a1222321a12a1aaa1a33 55555555

Extended Key Usages

ExtKeyUsageCodeSigning

2d:b3:83:b5:df:30:e0:c3:d2:a3:56:5c:1f:e3:d7:5a:90:a9:c5:d2
Signer

Actual PE Digest

2d:b3:83:b5:df:30:e0:c3:d2:a3:56:5c:1f:e3:d7:5a:90:a9:c5:d2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomW
GlobalDeleteAtom
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
SearchPathW
FormatMessageW
GetCurrentThreadId
GetProcAddress
lstrlenW
lstrcmpW
GetLastError
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
LocalAlloc
lstrcpyW
GetLocaleInfoW
LoadLibraryA

user32

LoadIconA

gdi32

GetStockObject

msvcrt

_wcsicmp
wcsstr
mbstowcs
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
wcslen

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW

shell32

SHGetPathFromIDListA
SHChangeNotify
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

PathRemoveBlanksW

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45092145f58befe1941e1c2cb4fa5f43

Code Sign

0f:92:22:c7:91:be:43:96:40:56:14:e0:cd:e0:03:6eCertificate

Extended Key Usages

2d:b3:83:b5:df:30:e0:c3:d2:a3:56:5c:1f:e3:d7:5a:90:a9:c5:d2Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 264KB - Virtual size: 263KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 396B

0f:92:22:c7:91:be:43:96:40:56:14:e0:cd:e0:03:6e
Certificate

2d:b3:83:b5:df:30:e0:c3:d2:a3:56:5c:1f:e3:d7:5a:90:a9:c5:d2
Signer

.text
Size: 264KB - Virtual size: 263KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 396B