ead5d26dc159f712880d2bac6f98d936_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ead5d26dc159f712880d2bac6f98d936_JaffaCakes118
Size

199KB
MD5

ead5d26dc159f712880d2bac6f98d936
SHA1

f5102c294429f08ebb36fd5c7e50c1d2c259712b
SHA256

ffddf58d1a5c87376b48b433c4035f6e2797893f8d839e195256e900306ebf91
SHA512

b2e8587e5674a688ea09fc3a68c26c1681ec4973e9a70710ad2bc37a356ce4bd3bcffa2c73bea36d0a0b2cd18411ef215d540066682cf71714ae49b1ffb34256
SSDEEP

3072:1I3QR72a/FHs6FAM2f9irM1Xd5YaiReijmPF3q3WUuy0M1BjLeJs8sHF5:13/Fef9AM1X+/yPdqmUuq1BOJZk

Score

1^/10

Malware Config

Signatures

Files

ead5d26dc159f712880d2bac6f98d936_JaffaCakes118
.dll windows:5 windows x86 arch:x86

751c1164e4be0bc67c7df92521da68e5

Code Sign

34:c6:ea:f4:2b:3d:b4:5f:b9:62:50:51:80:42:ff:ba
Certificate

Issuer

CN=ZlKnsuNl90ujY9i

Not Before

21-03-2012 11:21

Not After

31-12-2039 23:59

Subject

CN=ZlKnsuNl90ujY9i

Extended Key Usages

ExtKeyUsageCodeSigning

68:49:0e:f0:53:0b:96:90:41:4c:d5:3e:5e:7d:e4:fe:9e:da:c8:bf
Signer

Actual PE Digest

68:49:0e:f0:53:0b:96:90:41:4c:d5:3e:5e:7d:e4:fe:9e:da:c8:bf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetProcAddress
LoadLibraryA
CreateFileA
lstrlenA
lstrcpyA
GetWindowsDirectoryA
AddAtomW
BackupSeek
Beep
BindIoCompletionCallback
CallNamedPipeW
CreateDirectoryA
CreateFileW
CreateHardLinkA
CreateJobObjectW
CreateMutexW
CreatePipe
DebugActiveProcess
DefineDosDeviceW
DeleteCriticalSection
EnumSystemLanguageGroupsA
EraseTape
ExitThread
FindFirstVolumeMountPointW
FindNextChangeNotification
FindNextFileW
FindResourceA
FindVolumeClose
FindVolumeMountPointClose
FreeEnvironmentStringsA
GetCPInfoExW
GetCalendarInfoW
GetCompressedFileSizeA
GetCompressedFileSizeW
GetConsoleAliasExesLengthW
GetConsoleDisplayMode
GetConsoleWindow
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileSizeEx
GetLogicalDrives
GetNumberOfConsoleInputEvents
GetOverlappedResult
GetProcessVersion
GetProfileStringW
GetUserDefaultLangID
GetVolumeInformationA
GlobalUnlock
Heap32ListNext
Heap32Next
HeapReAlloc
InitAtomTable
IsBadHugeReadPtr
LocalAlloc
LocalCompact
LockResource
MoveFileA
OpenWaitableTimerA
PeekConsoleInputW
Process32Next
ProcessIdToSessionId
ReadFileEx
ReadFileScatter
ReleaseMutex
ResumeThread
SearchPathA
SetConsoleCP
SetConsoleTextAttribute
SetFilePointer
SetHandleCount
SetSystemTimeAdjustment
SetTapePosition
SetThreadIdealProcessor
SetupComm
TransactNamedPipe
TransmitCommChar
UnlockFileEx
UpdateResourceW
VirtualFree
VirtualProtect
WaitForMultipleObjectsEx
WaitNamedPipeW
WriteConsoleA
WriteConsoleOutputA
WritePrivateProfileStructA
WriteProcessMemory
WriteTapemark
_lread
_lwrite
lstrcpynW

user32

ShowScrollBar
ToUnicodeEx
UnhookWindowsHookEx
ValidateRect
WINNLSGetIMEHotkey
WaitForInputIdle
ActivateKeyboardLayout
AnyPopup
AttachThreadInput
CallNextHookEx
CallWindowProcW
CharPrevA
CheckRadioButton
CloseClipboard
CloseDesktop
CloseWindow
CreateCaret
CreateIconFromResource
CreateIconFromResourceEx
CreateMenu
DdeAccessData
DdeAddData
DefMDIChildProcA
DeleteMenu
DestroyIcon
DestroyWindow
DlgDirSelectComboBoxExW
DrawFrame
EnableScrollBar
EnableWindow
EnumPropsExW
ExcludeUpdateRgn
FindWindowExW
FlashWindow
FrameRect
GetClassInfoExW
GetClipboardSequenceNumber
GetClipboardViewer
GetDC
GetDlgItem
GetKBCodePage
GetKeyState
GetKeyboardLayoutNameW
GetKeyboardType
GetMenuBarInfo
GetMenuCheckMarkDimensions
GetMenuItemInfoW
GetMessageW
GetMonitorInfoA
GetScrollInfo
GetThreadDesktop
GetUserObjectInformationA
GetUserObjectInformationW
GetWindowDC
GetWindowLongW
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InSendMessage
IntersectRect
IsCharAlphaW
IsChild
IsDialogMessage
IsDialogMessageW
LoadBitmapW
LoadIconA
LoadMenuIndirectA
LoadMenuW
LockSetForegroundWindow
MapDialogRect
MapVirtualKeyA
ModifyMenuW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
NotifyWinEvent
PostMessageA
RealChildWindowFromPoint
RegisterDeviceNotificationW
RegisterShellHookWindow
RemoveMenu
RemovePropA
RemovePropW
SendDlgItemMessageA
SetActiveWindow
SetClipboardData
SetDeskWallpaper
SetFocus
SetLayeredWindowAttributes
SetPropW
SetTimer
ShowOwnedPopups
SetUserObjectInformationW
SetWindowsHookW
SetWindowTextA
SetWindowLongW

ole32

WriteFmtUserTypeStg
WriteClassStg
WdtpInterfacePointer_UserMarshal
UtConvertDvtd16toDvtd32
StringFromIID
StgOpenStorageEx
StgIsStorageILockBytes
StgIsStorageFile
STGMEDIUM_UserUnmarshal
STGMEDIUM_UserMarshal
STGMEDIUM_UserFree
SNB_UserUnmarshal
RevokeDragDrop
ReleaseStgMedium
ReadOleStg
ReadClassStg
PropVariantCopy
OleSaveToStream
OleRun
OleRegEnumFormatEtc
OleNoteObjectVisible
OleIsRunning
OleGetIconOfClass
OleDraw
OleCreateLinkToFile
OleCreateFromDataEx
OleConvertIStorageToOLESTREAMEx
MonikerCommonPrefixWith
MkParseDisplayName
IsEqualGUID
HWND_UserFree
HPALETTE_UserUnmarshal
HPALETTE_UserSize
HPALETTE_UserFree
HMETAFILEPICT_UserSize
HICON_UserUnmarshal
HGLOBAL_UserMarshal
HENHMETAFILE_UserUnmarshal
HENHMETAFILE_UserSize
HENHMETAFILE_UserFree
HDC_UserSize
HDC_UserFree
HBRUSH_UserSize
HBITMAP_UserMarshal
HBITMAP_UserFree
HACCEL_UserUnmarshal
HACCEL_UserFree
GetHGlobalFromStream
FreePropVariantArray
DoDragDrop
CreateStreamOnHGlobal
CreatePointerMoniker
CreateObjrefMoniker
CreateDataCache
CreateDataAdviseHolder
CoWaitForMultipleHandles
CoTreatAsClass
CoSuspendClassObjects
CoSetCancelObject
CoRegisterSurrogateEx
CoRegisterSurrogate
CoRegisterMallocSpy
CoRegisterClassObject
CoQueryReleaseObject
CoQueryProxyBlanket
CoQueryClientBlanket
CoLockObjectExternal
CoInstall
CoInitializeWOW
CoInitialize
CoImpersonateClient
CoGetStandardMarshal
CoGetPSClsid
CoGetObjectContext
CoGetCurrentProcess
CoGetCurrentLogicalThreadId
CoFreeLibrary
CoFreeAllLibraries
CoFileTimeNow
CoEnableCallCancellation
CoDosDateTimeToFileTime
CoDisconnectObject
CoCreateObjectInContext
CoCreateGuid
CLSIDFromProgIDEx
WriteOleStg

oleaut32

VariantInit
VarXor
VarUI4FromUI1
VarUI4FromDec
VarUI4FromCy
VarUI4FromBool
VarUI2FromStr
VarUI2FromDate
VarUI1FromStr
VarUI1FromR4
VarUI1FromI4
VarUI1FromI2
VarUI1FromCy
VarR8FromStr
VarR8FromI2
VarR8FromDate
VarR8FromCy
VarR8FromBool
VarR4FromUI1
VarR4FromR8
VarR4FromI2
VarR4FromI1
VarR4FromBool
VarMul
VarInt
VarImp
VarI4FromUI4
VarI4FromUI1
VarI4FromStr
VarI4FromDisp
VarI2FromUI2
VarI2FromI1
VarI2FromDisp
VarI1FromI4
VarI1FromI2
VarI1FromDisp
VarI1FromCy
VarFormatNumber
VarFix
VarEqv
VarDecRound
VarDecNeg
VarDecMul
VarDecFromUI4
VarDecFromUI1
VarDecFromStr
VarDecFromR4
VarDecFromI4
VarDecFromI2
VarDecFromCy
VarDecDiv
VarDateFromUdateEx
VarDateFromR8
VarDateFromI2
VarCyMul
VarCyFromI1
VarCyFromBool
VarCyFix
VarCat
VarBstrFromUI4
VarBstrFromR4
VarBstrFromI4
VarBstrFromI2
VarBstrFromI1
VarBstrFromDisp
VarBstrCat
VarBoolFromUI1
VarBoolFromCy
VarAnd
VARIANT_UserUnmarshal
VARIANT_UserSize
SysStringLen
SafeArrayGetRecordInfo
SafeArrayCreateVectorEx
SafeArrayCreate
SafeArrayAccessData
OleIconToCursor
OleCreatePropertyFrameIndirect
OleCreatePropertyFrame
LoadTypeLibEx
LPSAFEARRAY_Marshal
GetActiveObject
DispInvoke
DispGetIDsOfNames
DispCallFunc
CreateTypeLib2
BSTR_UserUnmarshal
BSTR_UserSize
BSTR_UserMarshal

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

751c1164e4be0bc67c7df92521da68e5

Code Sign

34:c6:ea:f4:2b:3d:b4:5f:b9:62:50:51:80:42:ff:baCertificate

Extended Key Usages

68:49:0e:f0:53:0b:96:90:41:4c:d5:3e:5e:7d:e4:fe:9e:da:c8:bfSigner

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Sections

.text Size: 190KB - Virtual size: 190KB

.data Size: 512B - Virtual size: 104B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

34:c6:ea:f4:2b:3d:b4:5f:b9:62:50:51:80:42:ff:ba
Certificate

68:49:0e:f0:53:0b:96:90:41:4c:d5:3e:5e:7d:e4:fe:9e:da:c8:bf
Signer

.text
Size: 190KB - Virtual size: 190KB

.data
Size: 512B - Virtual size: 104B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB