fa249c3144b76a79430b65d302d79847_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa249c3144b76a79430b65d302d79847_JaffaCakes118
Size

437KB
MD5

fa249c3144b76a79430b65d302d79847
SHA1

3e7b5cc0d431417541fea131260faf568f7c922b
SHA256

dfc75e87b83d8c0d942598a2635c770730037b12e70fcba021b35b112a88306a
SHA512

9421a0322c732097c524a107747173402a310c94001340ba66486e0dc54f69b2085fb8f2e2b3d9104600c40bdc9b5e2803664ab2408f4276d3ba4d56cc2dd703
SSDEEP

6144:KPXt5FxDdra3fCQpLk4Hz2SqdenA6C2NB5j10BQgbnEa1BmDT0HmACmmmNNz+dX1:2LF3gka2B6C2NPSBQ4p16PWpz+duI1KI

Score

1^/10

Malware Config

Signatures

Files

fa249c3144b76a79430b65d302d79847_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4b8a449de10d89c862410b89109f26f9

Code Sign

63:9a:7a:e5:c2:96:a2:57:b1:a6:4e:4a:3f:d4:4f:62
Certificate

Issuer

CN=avetqileibr

Not Before

19/01/2012, 06:53

Not After

31/12/2039, 23:59

Subject

CN=Masjikol

1b:22:6e:fc:ba:25:2c:4c:cc:3b:96:3f:48:e9:57:02:3b:01:95:15
Signer

Actual PE Digest

1b:22:6e:fc:ba:25:2c:4c:cc:3b:96:3f:48:e9:57:02:3b:01:95:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

PropVariantCopy
ReadClassStm
MkParseDisplayName
OleFlushClipboard
OleCreateLinkToFileEx
GetHGlobalFromILockBytes
CoDosDateTimeToFileTime
OleCreateStaticFromData
WriteClassStg
IIDFromString
OleRegEnumVerbs
CreateDataCache
OleRegGetUserType
CoInitialize

kernel32

GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
IsBadStringPtrA
GetCurrencyFormatA
OpenSemaphoreA
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
LocalAlloc
LocalUnlock
FoldStringA
GetSystemDefaultLCID
VirtualQueryEx
GetStartupInfoA
GetProcAddress
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
ExitProcess
HeapFree
WideCharToMultiByte
LCMapStringA
LCMapStringW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
GetCPInfo

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wbqia
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b8a449de10d89c862410b89109f26f9

Code Sign

63:9a:7a:e5:c2:96:a2:57:b1:a6:4e:4a:3f:d4:4f:62Certificate

1b:22:6e:fc:ba:25:2c:4c:cc:3b:96:3f:48:e9:57:02:3b:01:95:15Signer

Headers

File Characteristics

Imports

ole32

kernel32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 97KB

.wbqia Size: 401KB - Virtual size: 400KB

.rsrc Size: 5KB - Virtual size: 5KB

63:9a:7a:e5:c2:96:a2:57:b1:a6:4e:4a:3f:d4:4f:62
Certificate

1b:22:6e:fc:ba:25:2c:4c:cc:3b:96:3f:48:e9:57:02:3b:01:95:15
Signer

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 97KB

.wbqia
Size: 401KB - Virtual size: 400KB

.rsrc
Size: 5KB - Virtual size: 5KB