f06b38a83571a7fe235f5c48c9d332f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f06b38a83571a7fe235f5c48c9d332f6_JaffaCakes118
Size

263KB
MD5

f06b38a83571a7fe235f5c48c9d332f6
SHA1

40c2808ddb496b1e49779d0bd8e1d698dd638a02
SHA256

2ffd319d33f958f5412b42a77b6a9950ba8f23b2ba7c91cdbfdbed0cf36380ff
SHA512

e64304a7a34c3049084a4bb4c9b44db33e816ce9ba53e68694216b984a9e2e029fa6fba1bad3b7acea718e6e73e38d100912766abba384e6e5c1f8e6c8f50fbd
SSDEEP

3072:9FNYvhUNNi1kCfqGP/sJ9zkmr1RgA1YwNVT5RxX6suPryrCEzYDH7x2PT:zHW9/Akmr1aA1tx5Rx2rIJM7

Score

1^/10

Malware Config

Signatures

Files

f06b38a83571a7fe235f5c48c9d332f6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ebf6735d75029869b73ab1e6e3eb1d21

Code Sign

51:23:09:d5:d0:a2:b9:8c:42:fb:c1:82:e7:8e:4e:92
Certificate

Issuer

CN=w466666345uy inc

Not Before

28/01/2012, 07:40

Not After

31/12/2039, 23:59

Subject

CN=w466666345uy inc

Extended Key Usages

ExtKeyUsageCodeSigning

c9:e4:1f:81:c0:e2:a7:2a:f1:62:3f:67:07:ed:61:a3:20:ba:44:cb
Signer

Actual PE Digest

c9:e4:1f:81:c0:e2:a7:2a:f1:62:3f:67:07:ed:61:a3:20:ba:44:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
LoadLibraryA
GetProcessHeap
GetProcAddress
GetSystemInfo
AddConsoleAliasA
BackupRead
BuildCommDCBAndTimeoutsW
CreateDirectoryA
CreateEventW
CreateJobObjectA
CreateRemoteThread
CreateWaitableTimerW
DebugBreak
DeleteTimerQueue
DeleteTimerQueueTimer
DosDateTimeToFileTime
EnumResourceLanguagesA
EnumResourceNamesA
EnumSystemCodePagesW
EnumTimeFormatsA
EnumTimeFormatsW
ExitProcess
ExitThread
FatalAppExitA
FileTimeToSystemTime
FindFirstFileW
FindFirstVolumeMountPointA
FindNextFileA
FindNextVolumeMountPointW
FindNextVolumeW
FlushViewOfFile
FoldStringW
GetCalendarInfoA
GetComputerNameW
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesExW
GetNumberOfConsoleInputEvents
GetPrivateProfileIntW
GetPrivateProfileSectionNamesA
GetProfileIntA
GetQueuedCompletionStatus
GetShortPathNameW
GetThreadSelectorEntry
lstrcatW
GetVolumeInformationW
GlobalFix
GlobalUnlock
HeapFree
InterlockedCompareExchange
IsBadStringPtrW
IsValidLanguageGroup
LCMapStringA
LocalFlags
LocalSize
MoveFileA
MoveFileW
OpenJobObjectA
Process32Next
ProcessIdToSessionId
QueryInformationJobObject
ReadConsoleInputW
ReadConsoleOutputAttribute
ReadFile
ReplaceFile
SetCalendarInfoA
SetCommBreak
SetCommState
SetConsoleCursor
SetEvent
SetMailslotInfo
SetProcessAffinityMask
SetVolumeLabelA
SetVolumeLabelW
SuspendThread
TerminateJobObject
TerminateThread
TransactNamedPipe
TryEnterCriticalSection
UnlockFileEx
VerSetConditionMask
VirtualFreeEx
WaitForMultipleObjectsEx
WaitForSingleObject
WaitNamedPipeA
WriteConsoleW
WriteProcessMemory
_hwrite
_llseek
_lwrite
lstrcat
lstrcatA
lstrcmpi
GetVersion
CreateFileW

msvcrt

memset

user32

CallWindowProcA
DdeInitializeW
DlgDirSelectComboBoxExW
DrawTextW
EndDialog
EnumDisplaySettingsA
EnumWindowStationsA
MapVirtualKeyExA
SetWindowPlacement
SwapMouseButton

advapi32

RegOpenKeyExW

ole32

CLIPFORMAT_UserFree
CLIPFORMAT_UserMarshal
CoCreateInstance
CoCreateObjectInContext
CoFreeUnusedLibraries
CoGetPSClsid
CoGetStdMarshalEx
CoGetTreatAsClass
CoMarshalHresult
CoQueryClientBlanket
CoQueryReleaseObject
CoWaitForMultipleHandles
CreateDataAdviseHolder
CreateFileMoniker
DcomChannelSetHResult
DllGetClassObjectWOW
GetClassFile
GetHGlobalFromStream
GetRunningObjectTable
HACCEL_UserUnmarshal
HBRUSH_UserSize
HBRUSH_UserUnmarshal
HGLOBAL_UserMarshal
HGLOBAL_UserSize
HMENU_UserUnmarshal
HMETAFILE_UserFree
HMETAFILE_UserUnmarshal
HPALETTE_UserFree
HWND_UserFree
HWND_UserSize
IIDFromString
IsAccelerator
MonikerCommonPrefixWith
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleCreateDefaultHandler
OleCreateEx
OleCreateLinkToFileEx
OleDraw
OleFlushClipboard
OleGetAutoConvert
OleGetIconOfClass
OleInitializeWOW
OleLoad
OleLoadFromStream
OleLockRunning
OleRegEnumFormatEtc
OleRegGetMiscStatus
OleSetClipboard
OleTranslateAccelerator
ProgIDFromCLSID
PropVariantCopy
ReadClassStg
STGMEDIUM_UserFree
STGMEDIUM_UserUnmarshal
StgOpenPropStg
StgOpenStorage
StgPropertyLengthAsVariant
StringFromIID
UtConvertDvtd32toDvtd16
WriteClassStm
WriteFmtUserTypeStg

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebf6735d75029869b73ab1e6e3eb1d21

Code Sign

51:23:09:d5:d0:a2:b9:8c:42:fb:c1:82:e7:8e:4e:92Certificate

Extended Key Usages

c9:e4:1f:81:c0:e2:a7:2a:f1:62:3f:67:07:ed:61:a3:20:ba:44:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

advapi32

ole32

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 452B

.text2 Size: 1024B - Virtual size: 712B

.text2 Size: 228KB - Virtual size: 228KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 2KB - Virtual size: 1KB

51:23:09:d5:d0:a2:b9:8c:42:fb:c1:82:e7:8e:4e:92
Certificate

c9:e4:1f:81:c0:e2:a7:2a:f1:62:3f:67:07:ed:61:a3:20:ba:44:cb
Signer

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 452B

.text2
Size: 1024B - Virtual size: 712B

.text2
Size: 228KB - Virtual size: 228KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 2KB - Virtual size: 1KB