f68c5724031f0aaccc4491a0651575dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f68c5724031f0aaccc4491a0651575dc_JaffaCakes118
Size

393KB
MD5

f68c5724031f0aaccc4491a0651575dc
SHA1

8b9c153b9b11cf3a8af02f77b13ac2e0dfab14aa
SHA256

4e02fcd1af94da05c7a3e85d036056534fb65507890a7f1c2555258a41b66821
SHA512

588821c27d8d9a82d27d857d64be81ddbb13ed3badbd5557a13115ae11d8a9ee2b1e15dbf4a32bd8f12e325894b2153820b55d873dd320cc96704a477021eac4
SSDEEP

6144:aXfxZiLQtdSfcsrPUgYWvHlybzGE1qclbHFrJXOihq90Y7H9xz/v:aXfzYUgYPfGE1dlrFgX

Score

1^/10

Malware Config

Signatures

Files

f68c5724031f0aaccc4491a0651575dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29ef50f71548e442d697b5e698c8b0a5

Code Sign

3c:7d:82:6d:71:3c:ff:96:46:bd:a0:2b:7e:54:2c:7b
Certificate

Issuer

CN=Microsoft

Not Before

31/12/1999, 19:30

Not After

31/12/2098, 19:30

Subject

CN=Microsoft

Extended Key Usages

ExtKeyUsageCodeSigning

1b:1d:90:9e:45:f4:55:40:9f:6c:f3:e4:0c:ab:4c:73:30:d8:73:06
Signer

Actual PE Digest

1b:1d:90:9e:45:f4:55:40:9f:6c:f3:e4:0c:ab:4c:73:30:d8:73:06

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Visual Studio Projects\VirusPPT-DDXPPX-FTP-CommandExecuter (VS2005)\release\VirusPPTFTP.pdb

Imports

iphlpapi

GetIpForwardTable

kernel32

GetCurrentThread
GetTickCount
GetModuleHandleA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitProcess
DeleteFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
ExitThread
CreateThread
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
SetStdHandle
GetFileType
GetStdHandle
FreeEnvironmentStringsA
ConvertDefaultLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
WritePrivateProfileStringW
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
lstrlenA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeResource
FindNextFileW
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
GetShortPathNameW
GetFullPathNameW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryW
GetThreadLocale
WideCharToMultiByte
GetLastError
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetModuleHandleW
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
TerminateProcess
GetExitCodeProcess
OpenProcess
GetCurrentProcess
SetPriorityClass
lstrlenW
GetVolumeInformationW
GetDriveTypeW
GetProcessId
GetComputerNameA
WinExec
GetLocalTime
CreateDirectoryW
Module32NextW
Module32FirstW
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
DeleteFileW
SetFileAttributesW
GetLogicalDriveStringsA
Sleep
LockResource
GetModuleFileNameA
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetEnvironmentStrings

user32

GetNextDlgGroupItem
MessageBeep
UnregisterClassW
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
UnregisterClassA
SetCursor
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
PostQuitMessage
ShowWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
InvalidateRgn
GetLastActivePopup
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
PostMessageW
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CharUpperW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowsHookExW
CallNextHookEx
GetMessageW
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
PostThreadMessageW
ReleaseCapture
TranslateMessage
DispatchMessageW
SetCapture
DestroyIcon
DestroyMenu
GetForegroundWindow
GetActiveWindow
IsWindowVisible
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
keybd_event
GetDlgItem
BringWindowToTop
MoveWindow
GetWindowTextA
GetWindow
GetClientRect
GetSystemMetrics
IsIconic
SetFocus
LoadIconW
SendMessageW
SetTimer
GetKeyState
GetWindowThreadProcessId
EnableWindow
FindWindowW
CreateWindowExW
TabbedTextOutW

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
PtVisible
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
RectVisible

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
GetUserNameA
RegSetValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteExW
ExtractIconW
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoRegisterClassObject
CoRevokeClassObject
OleUninitialize
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoGetClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

SysFreeString
OleCreateFontIndirect
LoadTypeLi
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringByteLen
SysStringLen

ws2_32

WSACleanup
WSAStartup

wininet

InternetConnectW
FtpFindFirstFileW
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetFindNextFileW
FtpGetFileW
FtpPutFileW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpDeleteFileW

Sections

.text
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29ef50f71548e442d697b5e698c8b0a5

Code Sign

3c:7d:82:6d:71:3c:ff:96:46:bd:a0:2b:7e:54:2c:7bCertificate

Extended Key Usages

1b:1d:90:9e:45:f4:55:40:9f:6c:f3:e4:0c:ab:4c:73:30:d8:73:06Signer

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

Sections

.text Size: 256KB - Virtual size: 252KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 52KB - Virtual size: 49KB

3c:7d:82:6d:71:3c:ff:96:46:bd:a0:2b:7e:54:2c:7b
Certificate

1b:1d:90:9e:45:f4:55:40:9f:6c:f3:e4:0c:ab:4c:73:30:d8:73:06
Signer

.text
Size: 256KB - Virtual size: 252KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 52KB - Virtual size: 49KB