f03fd12b17e1abbc57da528550df3202_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f03fd12b17e1abbc57da528550df3202_JaffaCakes118
Size

348KB
MD5

f03fd12b17e1abbc57da528550df3202
SHA1

1c86218d57396ea901b1b2700d1a759fe41cc43d
SHA256

2712d217c135335284975d2467052909a20e2608d2f247b1ea4c840910e6d608
SHA512

0129052089faf85f6e14a147326078b0d446879f6903ffd238986da8bb70ce4a123bcfddd9b172d6209910c0fa5e2ae20504fcdaab616f9a10de4527f8516599
SSDEEP

6144:Dh7jtsUS1ZuscZksYU76E4J/IYZh2Dew7i/XqgSoJih+mtnqxh83ZR9f:ZyUS7cZsRpZhUk/XfS4mtnqORf

Score

1^/10

Malware Config

Signatures

Files

f03fd12b17e1abbc57da528550df3202_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f250e1837f0a78f48d51bbe35ac2cecd

Code Sign

3c:67:2e:c9:1a:4e:17:aa:4c:7c:00:86:d5:3d:82:9a
Certificate

Issuer

CN=gexxpyiybch

Not Before

12/12/2011, 16:21

Not After

15/08/2014, 22:00

Subject

CN=Neryu

29:7a:26:7e:94:b8:76:ad:32:bb:4c:22:f7:66:16:94:a5:73:72:f4
Signer

Actual PE Digest

29:7a:26:7e:94:b8:76:ad:32:bb:4c:22:f7:66:16:94:a5:73:72:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetDlgItemTextA
IsWindowVisible
SetWindowPlacement
GetNextDlgTabItem
ShowWindowAsync

ole32

CreateFileMoniker
CreateClassMoniker

oleaut32

RevokeActiveObject

kernel32

TlsAlloc
GetStringTypeW
GetStringTypeA
GetThreadLocale
VirtualAlloc
GetModuleHandleA
GetProcAddress
ExitProcess
GetLastError
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetStartupInfoA
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
LoadLibraryA

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nndef
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xxq
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f250e1837f0a78f48d51bbe35ac2cecd

Code Sign

3c:67:2e:c9:1a:4e:17:aa:4c:7c:00:86:d5:3d:82:9aCertificate

29:7a:26:7e:94:b8:76:ad:32:bb:4c:22:f7:66:16:94:a5:73:72:f4Signer

Headers

File Characteristics

Imports

user32

ole32

oleaut32

kernel32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 6KB - Virtual size: 508KB

nndef Size: 209KB - Virtual size: 208KB

xxq Size: 89KB - Virtual size: 88KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 5KB - Virtual size: 5KB

3c:67:2e:c9:1a:4e:17:aa:4c:7c:00:86:d5:3d:82:9a
Certificate

29:7a:26:7e:94:b8:76:ad:32:bb:4c:22:f7:66:16:94:a5:73:72:f4
Signer

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 508KB

nndef
Size: 209KB - Virtual size: 208KB

xxq
Size: 89KB - Virtual size: 88KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 5KB - Virtual size: 5KB