003cf6b5854f8e684bea4ab1a49e35e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

003cf6b5854f8e684bea4ab1a49e35e2_JaffaCakes118
Size

323KB
MD5

003cf6b5854f8e684bea4ab1a49e35e2
SHA1

03bef6b96dd83c6dd43a9c6eba0354d4b2d64dac
SHA256

06a9ff6a2b0257308bf899d1a82fb9597a3e2d0e3904265d9c9434c39d4f0f20
SHA512

aac65c9eef1956965262a65e66a5759739974d0ae26522f58a342e3a31a831faa9a3b58e73e96783fb1cad91781cf486282dbc55a77961eb915bf6c2254df5d1
SSDEEP

6144:anaSPBJkg5z9kqhKUvfR081kOv7SDoHtUs/y2aWOIBJQ7NV03:EaMAIkcKYm8q87ORTWlJG03

Score

1^/10

Malware Config

Signatures

Files

003cf6b5854f8e684bea4ab1a49e35e2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

400403c6448b5492d27db53c0282264f

Code Sign

40:51:a2:b6:9d:14:5c:46:b6:95:53:26:5e:30:f2:28
Certificate

Issuer

CN=99683598718419211455295254387341682939743353644424875748563716423668659623777871936573534636855642328693249199261837584629223954257162851255963558318752178

Not Before

29/01/2013, 15:16

Not After

31/12/2039, 23:59

Subject

CN=99683598718419211455295254387341682939743353644424875748563716423668659623777871936573534636855642328693249199261837584629223954257162851255963558318752178

Extended Key Usages

ExtKeyUsageCodeSigning

8c:e6:be:6d:72:6a:f4:c8:13:97:8c:10:5f:5c:27:a9:50:31:37:2c
Signer

Actual PE Digest

8c:e6:be:6d:72:6a:f4:c8:13:97:8c:10:5f:5c:27:a9:50:31:37:2c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc

user32

GetParent
GetSystemMetrics
GetWindowLongA
GetWindowRect
IsDlgButtonChecked
LoadStringA
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
PostMessageA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetWindowLongA
ShowWindow
wsprintfA
LoadIconA
LoadCursorW
GetDlgItemTextA
GetDlgItem
GetDC
EnableWindow
DispatchMessageA
CheckRadioButton
CheckDlgButton
CharPrevA
CharNextA
CallWindowProcA

gdi32

GetStockObject

advapi32

QueryServiceStatus
GetUserNameW
StartServiceW
ReportEventW
RegisterEventSourceW
RegOpenKeyExA
OpenServiceW

msvcrt

__CxxFrameHandler
__dllonexit
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
_adjust_fdiv
_ftol
_initterm
_purecall
_wcmdln
_wcsicmp
_wcslwr
_wcsnicmp
_wtoi
calloc
exit
free
isalpha
malloc
realloc
swprintf
swscanf
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcsrchr
wcsstr

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

400403c6448b5492d27db53c0282264f

Code Sign

40:51:a2:b6:9d:14:5c:46:b6:95:53:26:5e:30:f2:28Certificate

Extended Key Usages

8c:e6:be:6d:72:6a:f4:c8:13:97:8c:10:5f:5c:27:a9:50:31:37:2cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 299KB - Virtual size: 298KB

.data Size: 10KB - Virtual size: 10KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

40:51:a2:b6:9d:14:5c:46:b6:95:53:26:5e:30:f2:28
Certificate

8c:e6:be:6d:72:6a:f4:c8:13:97:8c:10:5f:5c:27:a9:50:31:37:2c
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 299KB - Virtual size: 298KB

.data
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB