eb4ca437fa04066950fbd6e2b49be04d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb4ca437fa04066950fbd6e2b49be04d_JaffaCakes118
Size

20KB
MD5

eb4ca437fa04066950fbd6e2b49be04d
SHA1

9b0ce1d6c570c4b207402428a7f60df4f1aeca2b
SHA256

caceccfcdf1d22fbc5f40498b1a9b93da335ddf9fb59c4b13749398f91f39517
SHA512

8db72c33bc6bfe24d1513d28cda650c2c095657ce4bc2ec7ab56c3ab39e034180920d9c40bc616e6b5a3d83758a4da90b9b0a27361149653da79b0bb86d2e2d5
SSDEEP

384:cgYo3g/YYaNjvKEmTIhh4WWieZWCT2tZHk:c/o3g/YYa9vO0hhdesHE

Score

1^/10

Malware Config

Signatures

Files

eb4ca437fa04066950fbd6e2b49be04d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32284ed9129ec7a0f8e4ac6e8dd61fcf

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

Issuer

CN=wqefggq235123

Not Before

01/03/2012, 11:19

Not After

31/12/2039, 23:59

Subject

CN=wqefggq235123

Extended Key Usages

ExtKeyUsageCodeSigning

13:2b:cd:90:e1:43:db:ec:b8:c6:47:1c:bc:36:1d:1f:a7:9f:77:fb
Signer

Actual PE Digest

13:2b:cd:90:e1:43:db:ec:b8:c6:47:1c:bc:36:1d:1f:a7:9f:77:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
AllocateUserPhysicalPages
AreFileApisANSI
BackupSeek
Beep
CompareStringA
ContinueDebugEvent
CopyFileExA
CreateFileMappingA
CreateIoCompletionPort
CreatePipe
CreateSemaphoreA
DisableThreadLibraryCalls
DuplicateHandle
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EscapeCommFunction
FileTimeToLocalFileTime
FillConsoleOutputAttribute
FindFirstVolumeW
FindResourceA
FindVolumeClose
FindVolumeMountPointClose
FoldStringA
FoldStringW
FreeLibraryAndExitThread
GetCalendarInfoW
GetCommandLineW
GetCompressedFileSizeA
GetCurrentThread
GetExitCodeProcess
GetExitCodeThread
GetFileSize
GetLongPathNameW
GetPriorityClass
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetProcessShutdownParameters
GetProfileSectionA
GetProfileStringA
GetShortPathNameA
GetShortPathNameW
GetSystemInfo
GetThreadSelectorEntry
GetUserDefaultLCID
GetUserDefaultUILanguage
GetWriteWatch
GetProcAddress
GlobalFlags
GlobalMemoryStatus
Heap32ListNext
InitAtomTable
IsBadWritePtr
IsValidLocale
LCMapStringA
LocalAlloc
LocalFree
LocalShrink
MapUserPhysicalPages
MoveFileExW
MoveFileWithProgressW
OpenMutexW
OpenWaitableTimerW
PrepareTape
QueryPerformanceFrequency
ReadDirectoryChangesW
RemoveDirectoryA
ReplaceFileW
RequestDeviceWakeup
SetComputerNameExW
SetConsoleActiveScreenBuffer
SetConsoleTitleA
SetCriticalSectionSpinCount
SetFileAttributesW
SetHandleCount
SetThreadExecutionState
SetThreadIdealProcessor
SystemTimeToTzSpecificLocalTime
TlsFree
Toolhelp32ReadProcessMemory
UnhandledExceptionFilter
VerLanguageNameW
VerifyVersionInfoW
WaitForSingleObject
WriteConsoleA
WriteConsoleInputW
WriteConsoleOutputAttribute
WriteFile
WritePrivateProfileSectionA
WriteProfileStringW
_hwrite
_lopen
_lread
lstrcmp
GlobalFindAtomW
GetModuleHandleA

msvcrt

memset

advapi32

RegOpenKeyA

oleaut32

VarDecFromDate
VariantTimeToSystemTime
BstrFromVector
CreateErrorInfo
DispCallFunc
GetRecordInfoFromGuids
LPSAFEARRAY_UserMarshal
LoadRegTypeLi
OACreateTypeLib2
OaBuildVersion
OleLoadPictureEx
OleLoadPictureFile
OleLoadPicturePath
OleSavePictureFile
SafeArrayCreateVector
SafeArrayCreateVectorEx
SafeArrayGetElement
SafeArrayGetRecordInfo
SafeArraySetRecordInfo
SafeArrayUnaccessData
SafeArrayUnlock
SysAllocStringByteLen
SystemTimeToVariantTime
UnRegisterTypeLi
VARIANT_UserMarshal
VarBoolFromI1
VarBoolFromI4
VarBoolFromR4
VarBoolFromStr
VarBoolFromUI4
VarBstrCat
VarBstrFromBool
VarBstrFromI1
VarBstrFromI2
VarCyAbs
VarCyCmp
VarCyFromDate
VarCyFromI1
VarCyFromUI1
VarCySu
VarDateFromBool
VarDateFromI1
VarDecCmp
VarDecFix
VarDecFromI4
VarDecFromR8
VarDecFromStr
VarDecFromUI2
VarDecInt
VarDecNeg
VarDecRound
VarDiv
VarFormatCurrency
VarFormatFromTokens
VarI1FromBool
VarI1FromR8
VarI1FromUI1
VarI1FromUI2
VarI2FromBool
VarI2FromR4
VarI4FromI1
VarI4FromUI4
VarMod
VarMonthName
VarParseNumFromStr
VarR4FromCy
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromI4
VarR4FromR8
VarR8FromCy
VarR8FromDate
VarR8FromUI1
VarR8FromUI4
VarRound
VarTokenizeFormatString
VarUI1FromR8
VarUI2FromDec
VarUI2FromDisp
VarUI4FromDisp
VarUI4FromI1
VarUI4FromR8
VarUI4FromStr
VarXor
VariantInit

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32284ed9129ec7a0f8e4ac6e8dd61fcf

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50Certificate

Extended Key Usages

13:2b:cd:90:e1:43:db:ec:b8:c6:47:1c:bc:36:1d:1f:a7:9f:77:fbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 92B

.text4 Size: 2KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

13:2b:cd:90:e1:43:db:ec:b8:c6:47:1c:bc:36:1d:1f:a7:9f:77:fb
Signer

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 92B

.text4
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB