fa7d122aadda1335ebf7446117fec292_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa7d122aadda1335ebf7446117fec292_JaffaCakes118
Size

211KB
MD5

fa7d122aadda1335ebf7446117fec292
SHA1

fc268175a356be41336d0ca34a8c42788d1bf1a2
SHA256

236e37444f964a9293280fd63840dcd902927c4d9f1c32a1271b11da2b6c04d7
SHA512

d906078f31f4eca3e85d9ae0fa8b6150dcdda7ce6446d3357c9ea727bd90c46d2d075b2cb0dbb8800eb86b287cac603bddd35eae49b0e2cf907f4aa831d14ab2
SSDEEP

6144:iAHgUtG6Km/ItGkd6vRJSCkxs2ugtuQpylk/r:7gUtq/Rd6vRx9QvD

Score

1^/10

Malware Config

Signatures

Files

fa7d122aadda1335ebf7446117fec292_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c1aef430ffcdad0c044a761f5b35866f

Code Sign

6e:26:e7:fa:6f:ef:e4:8d:4b:43:1b:df:2f:7d:ff:ec
Certificate

Issuer

CN=gjy26y87

Not Before

13/05/2012, 08:49

Not After

31/12/2039, 23:59

Subject

CN=gjy26y87

Extended Key Usages

ExtKeyUsageCodeSigning

18:66:57:eb:4f:9c:fa:22:4b:12:b5:d3:5f:d4:70:db:d9:53:72:49
Signer

Actual PE Digest

18:66:57:eb:4f:9c:fa:22:4b:12:b5:d3:5f:d4:70:db:d9:53:72:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsDebuggerPresent
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
WriteProfileStringW
MulDiv
LocalFree
LocalAlloc
LoadLibraryA
GetStartupInfoA
GetProfileStringW
GetProfileIntW
GetModuleHandleA
GetCommandLineW
VirtualAllocEx
GetModuleHandleW
GetProcAddress

user32

IsIconic
KillTimer
LoadAcceleratorsW
LoadCursorW
LoadIconW
LoadImageW
LoadStringA
LoadStringW
MessageBoxW
MoveWindow
MsgWaitForMultipleObjects
PeekMessageW
PostMessageW
PtInRect
RegisterClassExW
RegisterClassW
RegisterWindowMessageW
ReleaseCapture
SetCapture
SetCursorPos
SetFocus
SetTimer
ShowCursor
TranslateAcceleratorW
IntersectRect
InflateRect
GetSysColor
GetMessageW
GetMenu
GetKeyState
IsDlgButtonChecked
GetDesktopWindow
GetClientRect
GetCapture
FrameRect
EndDialog
EnableWindow
EnableMenuItem
DrawTextW
DispatchMessageW
DialogBoxParamW
DestroyWindow
DefWindowProcW
CreateWindowExW
CopyRect
ClientToScreen
CheckRadioButton
CheckDlgButton
AdjustWindowRect
GetDC
ReleaseDC
InvalidateRect
BeginPaint
EndPaint
ScrollWindow
wsprintfA
ValidateRect
PostQuitMessage
DefWindowProcA
RegisterClassExA
CreateWindowExA
ShowWindow
GetDlgItem
InvertRect
LoadIconA
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
UpdateWindow

gdi32

GetTextMetricsW
LineDDA
LineTo
MoveToEx
GetTextExtentPoint32W
PtVisible
SetBrushOrgEx
SetPixel
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject
GetStockObject
GetTextMetricsA
SetBkMode
TextOutA
PatBlt
TextOutW
SetTextColor
SetROP2

comdlg32

GetFileTitleW
PrintDlgExW
FindTextW
CommDlgExtendedError
PageSetupDlgW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellAboutW

ole32

CoAllowSetForegroundWindow
CoBuildVersion
CoCancelCall
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoCreateObjectInContext
CoDeactivateObject
CoDisableCallCancellation
CoDisconnectObject
CoDosDateTimeToFileTime
CoEnableCallCancellation
CoFileTimeNow
CoFileTimeToDosDateTime
CoFreeAllLibraries
CoFreeLibrary
CoFreeUnusedLibraries
CoGetApartmentID
CoGetCallContext
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetClassVersion
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoGetInstanceFromIStorage
CoGetInterfaceAndReleaseStream
CoGetMarshalSizeMax
CoGetObject
CoGetObjectContext
CoGetPSClsid
CoGetStandardMarshal
CoGetTreatAsClass
CoImpersonateClient
CoInitializeEx
CoInitializeSecurity
CoInitializeWOW
CoInstall
CoIsHandlerConnected
CoIsOle1Class
CoLoadLibrary
CoLockObjectExternal
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoQueryAuthenticationServices
CoQueryClientBlanket
CoQueryProxyBlanket
CoQueryReleaseObject
CoReactivateObject
CoAddRefServerProcess
CoRegisterPSClsid
CoRegisterSurrogate
CoRegisterSurrogateEx
CoReleaseMarshalData
CoReleaseServerProcess
CoResumeClassObjects
CoRevertToSelf
CoRevokeClassObject
CoRevokeMallocSpy
CoSetProxyBlanket
CoSuspendClassObjects
CoTaskMemFree
CoTestCancel
CoTreatAsClass
CoUninitialize
CoUnloadingWOW
CoUnmarshalHresult
CreateAntiMoniker
CreateBindCtx
CreateClassMoniker
CreateDataAdviseHolder
CreateFileMoniker
CreateGenericComposite
CreateILockBytesOnHGlobal
CreateItemMoniker
CreatePointerMoniker
CreateStreamOnHGlobal
DcomChannelSetHResult
CLSIDFromString
DllGetClassObjectWOW
DoDragDrop
EnableHookObject
FmtIdToPropStgName
GetClassFile
GetConvertStg
GetDocumentBitStg
GetHGlobalFromILockBytes
GetHGlobalFromStream
GetRunningObjectTable
HACCEL_UserFree
HACCEL_UserSize
HACCEL_UserUnmarshal
HBITMAP_UserFree
HBITMAP_UserMarshal
HBITMAP_UserSize
HBITMAP_UserUnmarshal
HBRUSH_UserFree
HBRUSH_UserMarshal
HBRUSH_UserSize
HBRUSH_UserUnmarshal
HDC_UserFree
HDC_UserMarshal
HDC_UserSize
HDC_UserUnmarshal
HENHMETAFILE_UserFree
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserSize
HENHMETAFILE_UserUnmarshal
HGLOBAL_UserFree
HGLOBAL_UserSize
HICON_UserFree
HICON_UserMarshal
HICON_UserSize
HICON_UserUnmarshal
HMENU_UserFree
HMENU_UserSize
HMENU_UserUnmarshal
HMETAFILEPICT_UserFree
HMETAFILEPICT_UserMarshal
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserUnmarshal
HMETAFILE_UserFree
HMETAFILE_UserMarshal
HMETAFILE_UserSize
HMETAFILE_UserUnmarshal
HPALETTE_UserFree
HPALETTE_UserMarshal
HPALETTE_UserSize
HPALETTE_UserUnmarshal
HWND_UserSize
HkOleRegisterObject
IIDFromString
IsAccelerator
IsEqualGUID
MonikerCommonPrefixWith
MonikerRelativePathTo
OleBuildVersion
OleConvertIStorageToOLESTREAM
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleConvertOLESTREAMToIStorageEx
OleCreate
OleCreateDefaultHandler
OleCreateEmbeddingHelper
OleCreateEx
OleCreateFromDataEx
OleCreateFromFileEx
OleCreateLink
OleCreateLinkFromData
OleCreateLinkToFile
OleCreateLinkToFileEx
OleCreateMenuDescriptor
OleCreateStaticFromData
OleDoAutoConvert
OleDraw
OleDuplicateData
OleGetAutoConvert
OleGetClipboard
OleGetIconOfClass
OleGetIconOfFile
OleInitializeWOW
OleIsCurrentClipboard
OleIsRunning
OleLoad
OleLoadFromStream
OleLockRunning
OleQueryCreateFromData
OleQueryLinkFromData
OleRegEnumFormatEtc
OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
OleRun
OleSaveToStream
OleSetClipboard
OleSetContainedObject
OleSetMenuDescriptor
OleTranslateAccelerator
OleUninitialize
OpenOrCreateStream
PropStgNameToFmtId
PropVariantClear
ReadClassStg
ReadClassStm
ReadFmtUserTypeStg
ReadOleStg
ReadStringStream
RegisterDragDrop
RevokeDragDrop
SNB_UserMarshal
SNB_UserUnmarshal
STGMEDIUM_UserFree
STGMEDIUM_UserMarshal
STGMEDIUM_UserSize
STGMEDIUM_UserUnmarshal
SetDocumentBitStg
StgConvertPropertyToVariant
StgConvertVariantToProperty
StgCreateDocfile
StgCreateDocfileOnILockBytes
StgCreatePropSetStg
StgCreatePropStg
StgCreateStorageEx
StgGetIFillLockBytesOnFile
StgIsStorageILockBytes
StgOpenAsyncDocfileOnIFillLockBytes
StgOpenPropStg
StgOpenStorage
StgOpenStorageEx
StgOpenStorageOnILockBytes
StgPropertyLengthAsVariant
StgSetTimes
StringFromGUID2
StringFromIID
UpdateDCOMSettings
UtConvertDvtd16toDvtd32
UtConvertDvtd32toDvtd16
UtGetDvtd16Info
UtGetDvtd32Info
WdtpInterfacePointer_UserFree
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserUnmarshal
WriteClassStm
WriteFmtUserTypeStg
WriteOleStg
WriteStringStream
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserSize
CLIPFORMAT_UserFree
BindMoniker
DllDebugObjectRPCHook
CoRegisterMallocSpy

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1aef430ffcdad0c044a761f5b35866f

Code Sign

6e:26:e7:fa:6f:ef:e4:8d:4b:43:1b:df:2f:7d:ff:ecCertificate

Extended Key Usages

18:66:57:eb:4f:9c:fa:22:4b:12:b5:d3:5f:d4:70:db:d9:53:72:49Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 182KB - Virtual size: 183KB

.CRT Size: 10KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 2KB

6e:26:e7:fa:6f:ef:e4:8d:4b:43:1b:df:2f:7d:ff:ec
Certificate

18:66:57:eb:4f:9c:fa:22:4b:12:b5:d3:5f:d4:70:db:d9:53:72:49
Signer

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 182KB - Virtual size: 183KB

.CRT
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 2KB