efa50ef32356d7a84b3f8bc8a3170b99_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

efa50ef32356d7a84b3f8bc8a3170b99_JaffaCakes118
Size

308KB
MD5

efa50ef32356d7a84b3f8bc8a3170b99
SHA1

20fa9f3538ea723a2eaf8e76af926bde26c4562e
SHA256

1183fcf29d006e59a2f52ced8b2248acdf32a08be1ebdda382d00dbb0117517f
SHA512

f7cfee1d41bf14400832402535c4d2ddd3f0d59056590206c9d7e397ed5f8c8fd05d58ddf65ac6103cb83fe321c70fb482ad447ba820fc13a20c06791a1a8970
SSDEEP

6144:+yt9HuK7K47+46NvC24o3VO7fy9JThDCFZL4w9rG8FzapScUw:9pHK47+M21mZp9rpEScUw

Score

1^/10

Malware Config

Signatures

Files

efa50ef32356d7a84b3f8bc8a3170b99_JaffaCakes118
.exe windows:5 windows x86 arch:x86

56b07948b651944f424c7a08c8b785db

Code Sign

22:9d:e5:30:05:bc:54:8f:47:57:37:d0:8e:c8:c9:a7
Certificate

Issuer

CN=ydCtq IAf2hhJwMuxHto9zrzpyom5 ma3oBjHMm7BozBy59rizrHDoctbal1Le7MeFMID7n9Cyyus1grng gi18AFdgLKsJ2axKujmv3rbGafAFEGDzlt6jFJpwqxe7nLzGqz9joAjElLEtvfhilBewt8EfjdHqKDHsbFLGduIKyDtkguoxGjsnl5ntHLqq8uKy8Kd8xM3meid6ipK9 lMp4wFb1bfJFJ68mkbCqlghMm2HevnxfhziKbkfdBHpg3x v9JlCdexaHzh78bDiEzsaq8hjst5wEuJCgGKh3vuB49vMaxjDD4oD1Leq7sEckaH1HLEiM9521G u3uw8ovm9KumBh4Gvxp9EMt5B9Lg31DI68jHnf9ylbFt1LI1tyKExfqahmFsAcq 1D5fEEdfpv56wIf4MpMgg5b2HsvjAlrFr2hmr3qhdI72fwd72ggIjz B IwGdF9I2 7A8jk1LvteG9 nCp2DGu8MCGdbarpsJl5zti1g9dB4IvMGzqMJh8m2svaC3Gh6zhaEG5g8nenGidEEMI8DClC8jK127fja8ArtlsGELIKdt9mr8Etop 6wfHvmDyv9au9qwG5hrdqBbdn7pdw dulHrHbhwgKEu96gkjrfno1Lu3KDLB EhmaIuBiKB9Budqm bgMeFxie3mtBKl28wEvrbwmA94ctvikvie1sx6sHtF uEIGF6tcKndjcMHH5nm8M8iagFME3x8d2zsemgFrqwIuAhkxC2BqzudwwJFBDlC6HjujlkBIcjrJiyLb36aw3akMsL I2GG6MmK81Fpr3sakcegA2ezCfE58Czn1nqlqsxb4qFvnmh4qzDsHhBI5xea9xrpwCtGLxFHyhB5sqacFdnbCBDbDu kj4Faq3wH45JyLMcpa8rF9Kc 68D8gyCw14Kd2kmtLu7ih64EshBL adeMcshjKG5dcJaztmH dE y6 7s 5uIwtnGKa51rnbkFlD7MdCI9lEi855JawFucK7n5he5EaJplvGF7KxwAJ8BlczDEJxDrqAg5sMik 949pkrFFxlHcen21jApGfc8ELkDusvj89ncBsGCqmMdKnf h1qJnazhpFlnkCMjGoroFuww6qt4ded1 wernab7rLFvCnGuFKEECI479oaMdGt46Hw2jwAHkFzLrywFJe3lLKkLb pdAy7pbD FwkmoBhADo25oMksvIl49Fk9JbrKE5kh 8 4ezwDkgh2o6GJ6pIvaawvLbt7eEhHb7Jip7yL 1wJjf3Cnb8GDcgAEaf5F99LHopBCeJsfsmAfnJxgbEtBiK wsxf3MKq77F6cnxex5ByK81ukzfKrh6rf bB5abFcaguxtKckuDat1cJEBEHG1M2mAF6aFeoM iflmeiIe92H8hi3nDIovEj9ryl5hqq r5ilqBi1eqE971qq7viw8MKy4grenM2A54whCDBpcdFG5Kun95lL9pwb6sqEkovHsCl1rf19 FghtisDrBbj5BoIGwFb62rj5qg4z3Lxdf2jxMb78FLplkGcCeL8Ee5b2akurjw hFuqMmhFMsClJ717byj1ClvcycME6JpAk2v ADs55q79Ef2jwyvgfsJhJnpvBCAh8q8ph2o2jpjl73ftbsMEfId2zLx5EDGGe 7DsvryutqdDfmrIM488pEBaah3zd diFq9htJ2hizpqEMrq9r4vbMyuBxmm9kkBpamHvpivE1DLEhaDvDm52pEEiJtcDjbJrt2828Mwb4hbn2iH5Gehxwey7uy43u1E67vmEha3MoC3rJcrlHr2pJGGkmHmk ydCtq

Not Before

16/01/2013, 04:43

Not After

31/12/2039, 23:59

Subject

CN=ydCtq IAf2hhJwMuxHto9zrzpyom5 ma3oBjHMm7BozBy59rizrHDoctbal1Le7MeFMID7n9Cyyus1grng gi18AFdgLKsJ2axKujmv3rbGafAFEGDzlt6jFJpwqxe7nLzGqz9joAjElLEtvfhilBewt8EfjdHqKDHsbFLGduIKyDtkguoxGjsnl5ntHLqq8uKy8Kd8xM3meid6ipK9 lMp4wFb1bfJFJ68mkbCqlghMm2HevnxfhziKbkfdBHpg3x v9JlCdexaHzh78bDiEzsaq8hjst5wEuJCgGKh3vuB49vMaxjDD4oD1Leq7sEckaH1HLEiM9521G u3uw8ovm9KumBh4Gvxp9EMt5B9Lg31DI68jHnf9ylbFt1LI1tyKExfqahmFsAcq 1D5fEEdfpv56wIf4MpMgg5b2HsvjAlrFr2hmr3qhdI72fwd72ggIjz B IwGdF9I2 7A8jk1LvteG9 nCp2DGu8MCGdbarpsJl5zti1g9dB4IvMGzqMJh8m2svaC3Gh6zhaEG5g8nenGidEEMI8DClC8jK127fja8ArtlsGELIKdt9mr8Etop 6wfHvmDyv9au9qwG5hrdqBbdn7pdw dulHrHbhwgKEu96gkjrfno1Lu3KDLB EhmaIuBiKB9Budqm bgMeFxie3mtBKl28wEvrbwmA94ctvikvie1sx6sHtF uEIGF6tcKndjcMHH5nm8M8iagFME3x8d2zsemgFrqwIuAhkxC2BqzudwwJFBDlC6HjujlkBIcjrJiyLb36aw3akMsL I2GG6MmK81Fpr3sakcegA2ezCfE58Czn1nqlqsxb4qFvnmh4qzDsHhBI5xea9xrpwCtGLxFHyhB5sqacFdnbCBDbDu kj4Faq3wH45JyLMcpa8rF9Kc 68D8gyCw14Kd2kmtLu7ih64EshBL adeMcshjKG5dcJaztmH dE y6 7s 5uIwtnGKa51rnbkFlD7MdCI9lEi855JawFucK7n5he5EaJplvGF7KxwAJ8BlczDEJxDrqAg5sMik 949pkrFFxlHcen21jApGfc8ELkDusvj89ncBsGCqmMdKnf h1qJnazhpFlnkCMjGoroFuww6qt4ded1 wernab7rLFvCnGuFKEECI479oaMdGt46Hw2jwAHkFzLrywFJe3lLKkLb pdAy7pbD FwkmoBhADo25oMksvIl49Fk9JbrKE5kh 8 4ezwDkgh2o6GJ6pIvaawvLbt7eEhHb7Jip7yL 1wJjf3Cnb8GDcgAEaf5F99LHopBCeJsfsmAfnJxgbEtBiK wsxf3MKq77F6cnxex5ByK81ukzfKrh6rf bB5abFcaguxtKckuDat1cJEBEHG1M2mAF6aFeoM iflmeiIe92H8hi3nDIovEj9ryl5hqq r5ilqBi1eqE971qq7viw8MKy4grenM2A54whCDBpcdFG5Kun95lL9pwb6sqEkovHsCl1rf19 FghtisDrBbj5BoIGwFb62rj5qg4z3Lxdf2jxMb78FLplkGcCeL8Ee5b2akurjw hFuqMmhFMsClJ717byj1ClvcycME6JpAk2v ADs55q79Ef2jwyvgfsJhJnpvBCAh8q8ph2o2jpjl73ftbsMEfId2zLx5EDGGe 7DsvryutqdDfmrIM488pEBaah3zd diFq9htJ2hizpqEMrq9r4vbMyuBxmm9kkBpamHvpivE1DLEhaDvDm52pEEiJtcDjbJrt2828Mwb4hbn2iH5Gehxwey7uy43u1E67vmEha3MoC3rJcrlHr2pJGGkmHmk ydCtq

Extended Key Usages

ExtKeyUsageCodeSigning

d3:b2:ed:38:11:76:b0:05:f5:2c:db:f7:eb:8a:8f:4b:36:aa:2f:4d
Signer

Actual PE Digest

d3:b2:ed:38:11:76:b0:05:f5:2c:db:f7:eb:8a:8f:4b:36:aa:2f:4d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
ReadFile
CloseHandle
CreateThread
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetProcAddress
GetCurrentProcess
GetModuleFileNameA
LocalAlloc
LocalFree
SetCurrentDirectoryA
SetErrorMode
SetFilePointer
FormatMessageA
VirtualAlloc

user32

LoadIconW
RegisterClassExA
LoadCursorA
LoadIconA

gdi32

GetStockObject

msvcrt

memset
_XcptFilter
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_ftol
_initterm
_ltow
_wcslwr
_wfopen
_wfullpath
_wsplitpath
exit
fclose
floor
fwprintf
swprintf
wcsncpy
wcsstr

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56b07948b651944f424c7a08c8b785db

Code Sign

22:9d:e5:30:05:bc:54:8f:47:57:37:d0:8e:c8:c9:a7Certificate

Extended Key Usages

d3:b2:ed:38:11:76:b0:05:f5:2c:db:f7:eb:8a:8f:4b:36:aa:2f:4dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 277KB - Virtual size: 277KB

.rsrc Size: 2KB - Virtual size: 2KB

22:9d:e5:30:05:bc:54:8f:47:57:37:d0:8e:c8:c9:a7
Certificate

d3:b2:ed:38:11:76:b0:05:f5:2c:db:f7:eb:8a:8f:4b:36:aa:2f:4d
Signer

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 277KB - Virtual size: 277KB

.rsrc
Size: 2KB - Virtual size: 2KB