e9d8fa93ab685286fa0800f66de7fe6a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e9d8fa93ab685286fa0800f66de7fe6a_JaffaCakes118
Size

285KB
MD5

e9d8fa93ab685286fa0800f66de7fe6a
SHA1

89d4e61dadd0f828c1f98e7be34589439344d034
SHA256

b54c7f3c1da3bc366575c345fa696ed193e157843e91d0ff3ab5b10682edfc2c
SHA512

38d4716730824eda0c7ba1bc18d369ba94a294054da58a1afa4c2f7647d478e15f86cf6ddf29ac18ecdcd9ba044e0368c5d9c3dfbb80077df992c0f135010bf8
SSDEEP

6144:exkNq6AM17HPwmDDANk9eAMezc8Tu4+4lAGZ9gGSwDnF41:xM6AM17HB19kML541

Score

1^/10

Malware Config

Signatures

Files

e9d8fa93ab685286fa0800f66de7fe6a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a83035cba1d4f0026c5da5dbc633ee9

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

Issuer

CN=55666123h

Not Before

14-02-2012 20:22

Not After

31-12-2039 23:59

Subject

CN=55666123h

Extended Key Usages

ExtKeyUsageCodeSigning

8d:d7:73:b6:3e:45:e0:fb:20:59:ce:4b:8d:76:82:b5:ad:b4:38:14
Signer

Actual PE Digest

8d:d7:73:b6:3e:45:e0:fb:20:59:ce:4b:8d:76:82:b5:ad:b4:38:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
VirtualAlloc
GetDiskFreeSpaceA
AddAtomA
PurgeComm
GetSystemWindowsDirectoryA
GetSystemDefaultLangID
GetProfileIntW
GetPrivateProfileIntA
CreateMailslotW
SetVolumeLabelA
WritePrivateProfileSectionW
IsBadStringPtrW
lstrlenA
GetCurrentProcess
ReadConsoleA
SetEnvironmentVariableW
GetSystemTimeAsFileTime
GetACP
lstrlen
GetConsoleCP
SetCommBreak
WriteFileEx
GetCurrentThread
CreateEventA
GetFileSize
FreeEnvironmentStringsW
GetCPInfo
RaiseException
QueryDosDeviceW
CopyFileExA
ReadConsoleOutputW
RemoveDirectoryA
LoadModule
CreatePipe
CopyFileW
WriteProfileStringA
FileTimeToSystemTime
CreateProcessA
SwitchToFiber
UnmapViewOfFile
AreFileApisANSI
SwitchToThread
ReleaseSemaphore
FindNextVolumeMountPointW
_lread
ConvertThreadToFiber
CreateDirectoryA
CreateWaitableTimerW
SetTapePosition
GetConsoleAliasExesA
SetEndOfFile
SetLocaleInfoA
GetCommState
Heap32Next
GetSystemDefaultUILanguage
UpdateResourceA
GlobalUnlock
TlsGetValue
CreateConsoleScreenBuffer
GetModuleHandleW
_lopen
GetProcessVersion
EnumResourceNamesA
CreateEventW
GetFullPathNameW
WritePrivateProfileStructA
GetThreadPriorityBoost
GetBinaryTypeA
LocalFree
OpenMutexW
GetEnvironmentStrings
GetProcessAffinityMask
GetCurrentProcessId
FindFirstChangeNotificationW
GetCurrentConsoleFont
LocalShrink
Heap32First
GetSystemTime
LocalUnlock
WinExec
InterlockedExchange
PeekConsoleInputW
LocalHandle
HeapWalk
GetExitCodeProcess
ScrollConsoleScreenBufferW
SetThreadPriorityBoost
LocalFileTimeToFileTime
GlobalWire
GetVersionExW
FindFirstVolumeA
GetUserDefaultLCID
EnumDateFormatsW
WaitForSingleObjectEx
OpenProcess
CompareStringW
ExitThread
ConvertDefaultLocale
SetCommConfig
SetLastError
GetDiskFreeSpaceExA
InterlockedExchangeAdd
DosDateTimeToFileTime
BeginUpdateResourceW
FindNextVolumeMountPointA
FatalAppExitA
FatalAppExitW
EnumSystemLanguageGroupsW
EnumSystemLocalesA
VirtualQueryEx
Module32First
GetCurrentDirectoryA
ChangeTimerQueueTimer
SetSystemTimeAdjustment
SetThreadIdealProcessor
SetFileAttributesW
GlobalFlags
GetConsoleAliasA
GetFileAttributesA
CopyFileExW
VerifyVersionInfoA
DeleteTimerQueueTimer
SignalObjectAndWait
WriteConsoleOutputW
PostQueuedCompletionStatus
SearchPathW
EnumResourceTypesW
SetThreadLocale
SetComputerNameExA
TryEnterCriticalSection
FreeLibraryAndExitThread
LockResource
GetTempFileNameA

advapi32

RegOpenKeyExW

shell32

SHEmptyRecycleBinA
ExtractAssociatedIconA
SHGetSpecialFolderPathW
SHBrowseForFolderW
DuplicateIcon
SHGetPathFromIDListW
ShellExecuteW
DragAcceptFiles
Shell_NotifyIconA
SHBrowseForFolder
SHGetFileInfo
SHFileOperationW
SHQueryRecycleBinA
SHGetInstanceExplorer
SHGetDiskFreeSpaceA
SHGetPathFromIDList
FindExecutableW
SHFileOperation
SHQueryRecycleBinW
DragQueryFile
SHGetFileInfoW
ExtractAssociatedIconExA
SHAppBarMessage
SHFormatDrive
ShellExecuteExW
FindExecutableA
ShellExecuteEx
DoEnvironmentSubstA
SHInvokePrinterCommandA
SHEmptyRecycleBinW
SHBrowseForFolderA
DragQueryPoint
SHLoadNonloadedIconOverlayIdentifiers
SHGetDiskFreeSpaceExW
DragQueryFileAorW
SHGetFolderLocation
ExtractAssociatedIconW
ExtractAssociatedIconExW
ExtractIconExW
SHGetSpecialFolderLocation
DragFinish
ShellAboutA
SHBindToParent
SHGetFolderPathA
SHGetDiskFreeSpaceExA
ShellExecuteA
SHGetFileInfoA
CheckEscapesW
SHGetSpecialFolderPathA
SHChangeNotify
ExtractIconW
SHGetMalloc
Shell_NotifyIconW
SHGetDesktopFolder
SHAddToRecentDocs
SHInvokePrinterCommandW
SHPathPrepareForWriteA
SHGetDataFromIDListW
ExtractIconEx
SHGetDataFromIDListA
ExtractIconA
SHGetSettings
SHGetFolderPathW
SHIsFileAvailableOffline
SHGetIconOverlayIndexA
SHCreateProcessAsUserW

shlwapi

StrRChrIA
StrRStrIA
StrRChrA
StrCmpNIA
StrStrA
StrChrIA
StrStrIW
StrStrW
StrCmpNIW
StrStrIA
StrCmpNA
StrChrA
StrRChrW

comctl32

InitializeFlatSB
InitMUILanguage
InitCommonControlsEx
ImageList_SetFilter
ImageList_Remove
ImageList_Create
ImageList_DrawIndirect
ImageList_Write
ImageList_Merge
FlatSB_ShowScrollBar
ImageList_SetBkColor
FlatSB_GetScrollPos
FlatSB_EnableScrollBar
ImageList_GetDragImage
ImageList_EndDrag
CreateToolbarEx
GetMUILanguage
ImageList_Add
CreateStatusWindow
ImageList_Draw
ord15
ord5
ord7
ImageList_AddIcon
ImageList_DragShowNolock
ImageList_Copy
ImageList_DragLeave
ImageList_Destroy
DestroyPropertySheetPage
ord4
PropertySheetW
FlatSB_SetScrollInfo
ImageList_ReplaceIcon
ImageList_SetOverlayImage
ImageList_GetIconSize
ImageList_LoadImage
FlatSB_GetScrollProp
FlatSB_GetScrollRange
ImageList_SetIconSize
ImageList_Replace
CreatePropertySheetPage
_TrackMouseEvent
ImageList_AddMasked
CreateStatusWindowW
ImageList_Duplicate
ord17
ImageList_GetImageCount
ord13
ord8
DrawStatusText
ImageList_DragMove
FlatSB_GetScrollInfo
ord14
ImageList_DragEnter
ImageList_GetBkColor
CreatePropertySheetPageA
ImageList_GetIcon
ImageList_GetImageInfo
UninitializeFlatSB
ImageList_SetDragCursorImage
CreatePropertySheetPageW
ImageList_GetImageRect
ord16
ord6
PropertySheetA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV2
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textF4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV3
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV1
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV5
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV7
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV8
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV9
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a83035cba1d4f0026c5da5dbc633ee9

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86Certificate

Extended Key Usages

8d:d7:73:b6:3e:45:e0:fb:20:59:ce:4b:8d:76:82:b5:ad:b4:38:14Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 4KB - Virtual size: 4KB

.textV2 Size: 258KB - Virtual size: 258KB

.textF4 Size: 2KB - Virtual size: 2KB

.textV3 Size: 512B - Virtual size: 500B

.textV4 Size: 512B - Virtual size: 500B

.textV1 Size: 512B - Virtual size: 500B

.textV5 Size: 512B - Virtual size: 500B

.textV6 Size: 512B - Virtual size: 500B

.textV7 Size: 512B - Virtual size: 500B

.textV8 Size: 512B - Virtual size: 500B

.textV9 Size: 512B - Virtual size: 500B

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

8d:d7:73:b6:3e:45:e0:fb:20:59:ce:4b:8d:76:82:b5:ad:b4:38:14
Signer

.text
Size: 4KB - Virtual size: 4KB

.textV2
Size: 258KB - Virtual size: 258KB

.textF4
Size: 2KB - Virtual size: 2KB

.textV3
Size: 512B - Virtual size: 500B

.textV4
Size: 512B - Virtual size: 500B

.textV1
Size: 512B - Virtual size: 500B

.textV5
Size: 512B - Virtual size: 500B

.textV6
Size: 512B - Virtual size: 500B

.textV7
Size: 512B - Virtual size: 500B

.textV8
Size: 512B - Virtual size: 500B

.textV9
Size: 512B - Virtual size: 500B

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB