022e4d9c7d4e1e270f6bbf0876d59337_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

022e4d9c7d4e1e270f6bbf0876d59337_JaffaCakes118
Size

218KB
MD5

022e4d9c7d4e1e270f6bbf0876d59337
SHA1

14dfc2eaf5bc7651e8c571429c4ba872f69ce7c6
SHA256

5d8b6fee376d580e1a69196ed72b6da14ddd0ee98a6c90e481150c12b1c41e07
SHA512

0a3fd4bac425f47f0bb07edeb50032a6617b22ac4b9ff2afc08d3f7db573e593cb86f62e116f1dca39d9e34e820f3d758cd1ceb97dad35248a3b2fa48e0293f5
SSDEEP

6144:6BX0k/M4JKGqvY8PwFvUQBK4ocxXs5FpMZQsQvAo1:ckChsnvHoBVoIaF+GsQvAo1

Score

1^/10

Malware Config

Signatures

Files

022e4d9c7d4e1e270f6bbf0876d59337_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6cab9a2eb49caf98faea38961d069510

Code Sign

27:1d:af:90:4f:a2:c0:ac:4b:f6:50:de:c0:42:0a:20
Certificate

Issuer

CN=LaYmbPFcbSVsmoT

Not Before

02/04/2012, 12:12

Not After

31/12/2039, 23:59

Subject

CN=LaYmbPFcbSVsmoT

Extended Key Usages

ExtKeyUsageCodeSigning

6e:2e:45:32:b1:4c:cb:8e:47:c0:4e:49:d7:66:69:bf:70:e9:09:fd
Signer

Actual PE Digest

6e:2e:45:32:b1:4c:cb:8e:47:c0:4e:49:d7:66:69:bf:70:e9:09:fd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
lstrlenA
lstrcpyA
CreateFileA
VirtualAlloc
InterlockedCompareExchange
AddAtomA

advapi32

RegOpenKeyA

shlwapi

PathMakeSystemFolderW
SHRegSetPathW
SHRegEnumUSKeyA
UrlEscapeA
StrStrA
SHDeleteValueW
PathAddExtensionA
PathAppendA
StrToIntA
StrStrIA
UrlIsOpaqueA
StrNCatW
SHRegEnumUSValueA
SHCopyKeyA
PathIsRelativeW
UrlIsW
PathSearchAndQualifyA
PathIsFileSpecW
SHGetValueA
StrRChrA
PathRemoveArgsW
ChrCmpIA
PathBuildRootW
UrlCombineW
PathMatchSpecW
StrRetToStrW
PathRemoveFileSpecW
StrRChrW
StrIsIntlEqualW
PathCompactPathExW
PathUndecorateA
PathIsPrefixA
PathIsUNCServerShareW
PathCompactPathExA
PathFindExtensionW
StrCmpNA
StrFormatKBSizeW
PathAddExtensionW
SHSetValueA
SHSkipJunction
PathCombineW
PathRemoveBlanksW
UrlIsNoHistoryA
SHOpenRegStreamW
ord16
SHEnumValueA
SHRegWriteUSValueA
UrlGetPartA
StrCSpnA
StrCSpnW
PathQuoteSpacesW
UrlCreateFromPathW
PathIsUNCA
SHRegQueryInfoUSKeyW
ColorRGBToHLS
SHSetThreadRef
StrSpnA
UrlCompareA
ColorHLSToRGB
PathCreateFromUrlW
PathIsSameRootW
PathFileExistsW
StrFromTimeIntervalW
HashData
SHRegDeleteUSValueA
StrCSpnIW
SHRegDeleteEmptyUSKeyW
AssocQueryStringByKeyA
StrRetToBufA
PathUndecorateW
StrChrIA
ColorAdjustLuma
IntlStrEqWorkerA
UrlApplySchemeW
StrTrimW
PathGetCharTypeW
SHIsLowMemoryMachine
AssocQueryStringByKeyW
StrRetToBufW
UrlEscapeW
PathIsPrefixW
PathIsUNCServerW
SHGetInverseCMAP
StrDupW
PathIsRelativeA

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cab9a2eb49caf98faea38961d069510

Code Sign

27:1d:af:90:4f:a2:c0:ac:4b:f6:50:de:c0:42:0a:20Certificate

Extended Key Usages

6e:2e:45:32:b1:4c:cb:8e:47:c0:4e:49:d7:66:69:bf:70:e9:09:fdSigner

Headers

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 213KB - Virtual size: 212KB

.data Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 568B

27:1d:af:90:4f:a2:c0:ac:4b:f6:50:de:c0:42:0a:20
Certificate

6e:2e:45:32:b1:4c:cb:8e:47:c0:4e:49:d7:66:69:bf:70:e9:09:fd
Signer

.text
Size: 213KB - Virtual size: 212KB

.data
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 568B