ffe5cf6d0124db77e37965028f474db6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ffe5cf6d0124db77e37965028f474db6_JaffaCakes118
Size

112KB
MD5

ffe5cf6d0124db77e37965028f474db6
SHA1

afe4eb13ff49a9feaeee5eccbdb3e19dc7468c02
SHA256

13e98b09743b03d04dbab4726f8ecb5e115806c9baf4e122547e72d7358041f9
SHA512

dc774cf3257e28c511dd6b86667593b1da7c0195033b91896d74a28fa3e03ed073f88d3d37bfb445765ee61284f42d9decff033325bcb846da323438743dfa10
SSDEEP

3072:8wu2+UNP1Sy0PZaCs8vRYpTEe6Hhf+JDvA/Fri4:KuP1J7Sje60A/Fe4

Score

1^/10

Malware Config

Signatures

Files

ffe5cf6d0124db77e37965028f474db6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f08b385d2dda722b31b86f4ba303acd1

Code Sign

16:78:e5:d6:e8:36:b7:58:b3:da:33:2e:e9:42:6a:3a
Certificate

Issuer

CN=Root Agency

Not Before

10-07-2009 06:42

Not After

31-12-2039 23:59

Subject

CN=Microsoft

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
SetFileAttributesA
ExpandEnvironmentStringsA
GetProcAddress
LoadLibraryA
SetEvent
GetModuleFileNameA
GetCommandLineW
CreateEventA
CloseHandle
CreateFileA
GetWindowsDirectoryA
GetCurrentThreadId
WriteFile
CreateDirectoryA
GetTempPathA
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GetStartupInfoA
ReadProcessMemory
TerminateProcess
GetSystemTime
GetThreadContext
SuspendThread
ResumeThread
SetThreadContext
GetModuleHandleA
OpenThread
FreeLibrary
GetTickCount
MoveFileExA
GetLastError
SetSystemTime

user32

EnumWindows
GetClassNameA
PostMessageA
GetInputState
PostThreadMessageA
GetMessageA
wsprintfA
GetWindowThreadProcessId
GetWindowTextA
IsWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

CommandLineToArgvW

msvcrt

_except_handler3
__set_app_type
_stricmp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_controlfp
_initterm
__getmainargs
??3@YAXPAX@Z
memset
??2@YAPAXI@Z
__CxxFrameHandler
strcat
strlen
memcpy
strstr
strncpy
strchr
memcmp
strcpy
_exit
_XcptFilter
exit
_acmdln

shlwapi

SHGetValueA
SHDeleteKeyA

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f08b385d2dda722b31b86f4ba303acd1

Code Sign

16:78:e5:d6:e8:36:b7:58:b3:da:33:2e:e9:42:6a:3aCertificate

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

shlwapi

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 84KB - Virtual size: 83KB

.rsrc Size: 12KB - Virtual size: 9KB

16:78:e5:d6:e8:36:b7:58:b3:da:33:2e:e9:42:6a:3a
Certificate

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 84KB - Virtual size: 83KB

.rsrc
Size: 12KB - Virtual size: 9KB