fdd8acb4ac625446ac2714f8b52755aa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fdd8acb4ac625446ac2714f8b52755aa_JaffaCakes118
Size

251KB
MD5

fdd8acb4ac625446ac2714f8b52755aa
SHA1

4c7d72c8687a839f5b13500382aeeb677cf7e539
SHA256

da8dfd4650d769c310afc68f2f2834a13b923079913851839ac4b40331cc9624
SHA512

5ec7d3c34f9842d4a6a958c68e63918e4f19cfc4f00ddd077fbf365905a3789920be7c855100387bda504c71e95854c3187e2fb1c322244f042c0155639e0a93
SSDEEP

6144:nJ2bGk9jZR3ovtbJTDYaZTj+bgRhUbdc9:nYxz3IFJTDYcBTUb

Score

1^/10

Malware Config

Signatures

Files

fdd8acb4ac625446ac2714f8b52755aa_JaffaCakes118
.dll windows:5 windows x86 arch:x86

14da0de65ecc31cc708b8cb199633747

Code Sign

5f:57:ad:23:74:a4:cc:7a:ba:c4:5d:b3:2c:9f:7e:62
Certificate

Issuer

CN=23523512

Not Before

11/02/2012, 05:20

Not After

31/12/2039, 23:59

Subject

CN=23523512

Extended Key Usages

ExtKeyUsageCodeSigning

9d:e0:d9:b2:e9:1d:6f:ed:35:a5:f6:27:9e:64:42:08:ac:a1:78:cb
Signer

Actual PE Digest

9d:e0:d9:b2:e9:1d:6f:ed:35:a5:f6:27:9e:64:42:08:ac:a1:78:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTempFileNameA
GetThreadContext
GetTimeZoneInformation
GetUserDefaultLangID
GetVersionExW
GetVolumeNameForVolumeMountPointW
GlobalFindAtomA
GlobalFindAtomW
GlobalFree
Heap32First
Heap32Next
HeapCreate
HeapReAlloc
InitializeCriticalSection
InterlockedIncrement
IsBadHugeWritePtr
IsBadReadPtr
IsBadStringPtrA
IsValidCodePage
IsValidLocale
LCMapStringW
LoadLibraryA
LoadLibraryExA
LocalFileTimeToFileTime
LockFile
LockResource
MoveFileExA
OpenFileMappingW
OpenJobObjectA
PostQueuedCompletionStatus
Process32First
QueryInformationJobObject
GetProfileStringW
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputAttribute
ReadConsoleOutputW
ReplaceFileA
RequestDeviceWakeup
ResumeThread
RtlMoveMemory
RtlUnwind
RtlZeroMemory
SearchPathA
SetCommBreak
SetCommMask
SetConsoleCursorInfo
SetConsoleOutputCP
SetConsoleTitleW
SetCurrentDirectoryA
SetDefaultCommConfigW
SetProcessShutdownParameters
SetSystemTimeAdjustment
SetTimerQueueTimer
Sleep
TerminateJobObject
UnhandledExceptionFilter
UpdateResourceW
VerLanguageNameA
VirtualQuery
WriteConsoleOutputCharacterW
WriteConsoleW
WritePrivateProfileStringA
WritePrivateProfileStructA
WriteTapemark
lstrcat
lstrcatW
lstrcmp
GetProfileIntA
GetProcessIoCounters
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
GetPriorityClass
GetOverlappedResult
GetNamedPipeHandleStateA
GetModuleHandleA
GetExitCodeThread
GetEnvironmentVariableA
GetEnvironmentStringsA
GetDriveTypeA
GetDefaultCommConfigA
GetCurrentThreadId
GetCurrentThread
GetCurrencyFormatW
GetConsoleWindow
GetConsoleScreenBufferInfo
GetConsoleOutputCP
GetConsoleAliasesW
GetConsoleAliasExesW
GetComputerNameExA
GetCommMask
GetCPInfoExA
VirtualAlloc
GetBinaryTypeW
GetAtomNameA
FlushConsoleInputBuffer
FindResourceExW
FindResourceA
FindNextFileW
FindFirstFileExW
FindFirstFileExA
FindClose
FillConsoleOutputAttribute
EnumSystemLanguageGroupsW
EnumSystemLanguageGroupsA
EnumSystemCodePagesA
EnumResourceLanguagesW
DnsHostnameToComputerNameW
DisconnectNamedPipe
DeviceIoControl
DeleteFileW
DefineDosDeviceW
DefineDosDeviceA
DebugBreak
CreateWaitableTimerW
CreateSemaphoreA
CreateRemoteThread
CreateMutexW
CreateMailslotW
CreateJobObjectA
CreateConsoleScreenBuffer
CompareStringW
CompareStringA
CancelWaitableTimer
CallNamedPipeA
BuildCommDCBAndTimeoutsA
BackupSeek
AllocConsole
GetVersion
GetWindowsDirectoryA
LoadLibraryW
GetProcAddress
lstrlenA
lstrcpyA
CreateFileA
ExitProcess
QueueUserWorkItem

ole32

HMETAFILE_UserMarshal
HMETAFILE_UserUnmarshal
HPALETTE_UserSize
HWND_UserSize
HkOleRegisterObject
IsAccelerator
IsEqualGUID
MkParseDisplayName
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleConvertOLESTREAMToIStorageEx
OleCreateFromFile
OleCreateLink
OleCreateLinkToFileEx
OleCreateMenuDescriptor
OleDuplicateData
OleGetAutoConvert
OleInitialize
OleLockRunning
OleMetafilePictFromIconAndLabel
OleQueryCreateFromData
OleRegEnumFormatEtc
OleRun
OleSetAutoConvert
OleSetClipboard
OleTranslateAccelerator
OleUninitialize
OpenOrCreateStream
ProgIDFromCLSID
PropStgNameToFmtId
PropVariantClear
PropVariantCopy
ReadClassStg
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
SNB_UserSize
STGMEDIUM_UserMarshal
SetDocumentBitStg
StgCreateDocfileOnILockBytes
StgCreatePropStg
StgCreateStorageEx
StgGetIFillLockBytesOnFile
StgOpenPropStg
StgOpenStorageOnILockBytes
StgSetTimes
StringFromIID
UtConvertDvtd16toDvtd32
UtGetDvtd16Info
WdtpInterfacePointer_UserUnmarshal
WriteOleStg
WriteStringStream
HMETAFILEPICT_UserUnmarshal
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserMarshal
HMETAFILEPICT_UserFree
HMENU_UserUnmarshal
HICON_UserMarshal
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserFree
HDC_UserUnmarshal
HBRUSH_UserUnmarshal
HBRUSH_UserMarshal
HBRUSH_UserFree
HBITMAP_UserSize
HBITMAP_UserFree
HACCEL_UserSize
GetRunningObjectTable
GetHookInterface
GetHGlobalFromStream
GetHGlobalFromILockBytes
GetDocumentBitStg
GetConvertStg
GetClassFile
FmtIdToPropStgName
DllDebugObjectRPCHook
CreateStreamOnHGlobal
CreateObjrefMoniker
CreateDataCache
CreateDataAdviseHolder
CreateClassMoniker
CreateBindCtx
CreateAntiMoniker
CoWaitForMultipleHandles
CoUnmarshalInterface
CoUninitialize
CoTreatAsClass
CoTaskMemRealloc
CoTaskMemAlloc
CoRevokeClassObject
CoRevertToSelf
CoReleaseMarshalData
CoRegisterPSClsid
CoRegisterMessageFilter
CoReactivateObject
CoIsHandlerConnected
CoGetStdMarshalEx
CoGetStandardMarshal
CoGetPSClsid
CoGetObjectContext
CoGetObject
CoGetMarshalSizeMax
CoGetMalloc
CoGetInstanceFromIStorage
CoGetCurrentProcess
CoGetClassObject
CoGetCancelObject
CoGetCallContext
CoFreeUnusedLibraries
CoEnableCallCancellation
CoDosDateTimeToFileTime
CoDisconnectObject
CoDisableCallCancellation
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoCopyProxy
CLSIDFromProgID
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserFree
BindMoniker
CoInitializeSecurity

comctl32

CreatePropertySheetPage
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
ord7
CreateToolbarEx
ord16
DestroyPropertySheetPage
ord15
DrawStatusText
ord5
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
GetMUILanguage
ImageList_Add
ImageList_AddIcon
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
ord14
ord13
PropertySheet
PropertySheetA
PropertySheetW
UninitializeFlatSB
ord8

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tex3t2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text5
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14da0de65ecc31cc708b8cb199633747

Code Sign

5f:57:ad:23:74:a4:cc:7a:ba:c4:5d:b3:2c:9f:7e:62Certificate

Extended Key Usages

9d:e0:d9:b2:e9:1d:6f:ed:35:a5:f6:27:9e:64:42:08:ac:a1:78:cbSigner

Headers

File Characteristics

Imports

kernel32

ole32

comctl32

Sections

.text Size: 11KB - Virtual size: 11KB

.tex3t2 Size: 2KB - Virtual size: 1KB

.text5 Size: 230KB - Virtual size: 229KB

.data Size: 512B - Virtual size: 160B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

5f:57:ad:23:74:a4:cc:7a:ba:c4:5d:b3:2c:9f:7e:62
Certificate

9d:e0:d9:b2:e9:1d:6f:ed:35:a5:f6:27:9e:64:42:08:ac:a1:78:cb
Signer

.text
Size: 11KB - Virtual size: 11KB

.tex3t2
Size: 2KB - Virtual size: 1KB

.text5
Size: 230KB - Virtual size: 229KB

.data
Size: 512B - Virtual size: 160B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB