0c9d89de0b5ac04246beaa2a6b87b7e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c9d89de0b5ac04246beaa2a6b87b7e4_JaffaCakes118
Size

309KB
MD5

0c9d89de0b5ac04246beaa2a6b87b7e4
SHA1

3a8dddd1d0033d0cb2035b18f1b9db7c28f767bc
SHA256

031f6639d9f7ecfab98e70b7459b08b8c7c1284acf54000b8f9198f6becd3f88
SHA512

58c5050377bf35db46101027ab4edd1a13556a1cec645fe9e04fbab153cbe20cfa38a910bd85d63150f5faa8f80200fc569792d1a0f4b3600e025a49bb5dfd21
SSDEEP

6144:JDfD2svuKexRfKnGfsj+nIOu5Bd18xT0fWlEqtO0AzyDgjV:JDUyGfVIO+duTdE4O0KyDeV

Score

1^/10

Malware Config

Signatures

Files

0c9d89de0b5ac04246beaa2a6b87b7e4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3d074e3421848e8327d843fd7da1c5d8

Code Sign

0d:c5:23:23:27:61:1a:aa:46:1c:b1:cd:e2:b9:c8:cf
Certificate

Issuer

CN=OakJ

Not Before

21/06/2012, 06:54

Not After

31/12/2039, 23:59

Subject

CN=OakJ

Extended Key Usages

ExtKeyUsageCodeSigning

0a:04:6b:70:00:e0:25:a9:7e:ea:a5:ee:05:8c:17:b9:19:29:df:25
Signer

Actual PE Digest

0a:04:6b:70:00:e0:25:a9:7e:ea:a5:ee:05:8c:17:b9:19:29:df:25

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
LoadLibraryA
GetProcAddress
GetWindowsDirectoryW
lstrcatW
CreateFileW
GetCommProperties
SetHandleCount
SetThreadExecutionState
IsBadWritePtr
EraseTape
GetConsoleAliasExesW
IsBadReadPtr
GetDiskFreeSpaceW
CreateJobObjectW
lstrcpyA
UnlockFile
SetConsoleActiveScreenBuffer
ScrollConsoleScreenBufferW
GlobalMemoryStatus
SetHandleInformation
BuildCommDCBAndTimeoutsW
SizeofResource
Module32FirstW
SetConsoleCursorInfo
HeapFree
GetHandleInformation
PurgeComm
CreateMutexA
GetPrivateProfileStructW
LockFile
LCMapStringA
SetCalendarInfoW
CancelDeviceWakeupRequest
MoveFileWithProgressW
WritePrivateProfileSectionW
GlobalAddAtomA
BackupRead
GlobalDeleteAtom
AssignProcessToJobObject
GetConsoleAliasesLengthA
FoldStringW
FreeLibraryAndExitThread
GetSystemPowerStatus
GetOEMCP
GetCurrentThread
BuildCommDCBAndTimeoutsA
PeekNamedPipe
IsBadStringPtrA
GenerateConsoleCtrlEvent
GetThreadLocale
GetDriveTypeW
SetFileAttributesW
ReadProcessMemory
EndUpdateResourceA
SetCommBreak
GetTempPathA
ClearCommError
GetComputerNameW
SetConsoleTitleA
WriteProfileStringW
SetFilePointerEx
InterlockedCompareExchange
GlobalGetAtomNameA
lstrlenA
OutputDebugStringA
Heap32First
GetCurrentDirectoryW
GlobalAlloc
GetNumberOfConsoleMouseButtons
ReadConsoleOutputA
OpenProcess
GetSystemInfo
PeekConsoleInputA
SetVolumeMountPointA
GetTempFileNameW
SetProcessWorkingSetSize
GlobalHandle
GetLogicalDriveStringsA
SetDefaultCommConfigA
Process32Next
FindNextVolumeMountPointW
IsDebuggerPresent
AllocConsole
GetConsoleScreenBufferInfo
UnmapViewOfFile
Process32NextW
EnumSystemCodePagesA
GetCommandLineA
GetLogicalDriveStringsW
WritePrivateProfileStructW
GetPrivateProfileStringW
GetVolumePathNameW
FindCloseChangeNotification
CreateEventA
GetConsoleTitleW

user32

CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
GetDC
ReleaseDC
SetScrollRange
SetScrollPos
ScrollWindow
SendMessageA
BeginPaint
GetSystemMetrics
wsprintfA
EndPaint
PostQuitMessage
DefWindowProcA
GetWindowTextLengthA
ToAscii
SetWinEventHook
ScrollWindowEx
mouse_event
IsCharLowerW
LoadCursorFromFileW
SetDeskWallpaper
GetClipboardSequenceNumber
OpenIcon
ChangeMenuA
GetKeyboardLayoutList
GetMenuDefaultItem
IsWindowEnabled
UnhookWindowsHook
DrawEdge
FindWindowExW
TrackPopupMenu
MonitorFromRect
IsRectEmpty
DdeQueryStringA
EnumDisplaySettingsW
IMPSetIMEW
GetSystemMenu
ShowCursor
GetWindowPlacement
CreateIconIndirect
GetClipboardViewer
GetUserObjectSecurity
SetWindowsHookW
GetQueueStatus
MessageBoxIndirectA
EnumThreadWindows
GetWindowTextLengthW
LoadMenuIndirectA
CheckDlgButton
GetWindowRect
GetCursor
EnableMenuItem
InvertRect
EnumDesktopsW
WaitMessage
ScrollDC
EnumPropsA
ChangeMenuW
GetForegroundWindow
DdeFreeStringHandle
GetSysColorBrush
AllowSetForegroundWindow
AppendMenuA
CopyImage
GetUserObjectInformationA
FindWindowW
GetKeyboardLayout
OpenDesktopA
CreateDialogIndirectParamW
OemKeyScan
ChildWindowFromPoint
GetCursorInfo
CreateCursor
GetWindowRgn
GetShellWindow
EnumWindows
RegisterDeviceNotificationA
GetMessagePos
SetProcessWindowStation
GetClassLongW
IMPGetIMEW
WaitForInputIdle
ShowOwnedPopups
GetInputState
GetGuiResources
CascadeWindows
RegisterShellHookWindow
GetTitleBarInfo
SetShellWindow
SetSysColors
GetIconInfo
EndDeferWindowPos
LoadStringW
UpdateLayeredWindow
CharLowerBuffW
GetClipboardFormatNameA
ChildWindowFromPointEx
CharPrevExA
GetNextDlgTabItem
SystemParametersInfoA

gdi32

GetStockObject
GetTextMetricsA
TextOutA
SetTextAlign

msvcrt

strlen
memset

advapi32

RegOpenKeyExW

shell32

DragQueryFile
FindExecutableA
SHFreeNameMappings
DuplicateIcon
ExtractIconExW
SHGetDataFromIDListA
SHGetDesktopFolder
DoEnvironmentSubstW
SHInvokePrinterCommandW
SHLoadInProc
SHGetPathFromIDListA
SHGetDiskFreeSpaceExW
SHQueryRecycleBinW
ShellHookProc
WOWShellExecute
ShellAboutW
SHGetFileInfoA
SHEmptyRecycleBinA
Shell_NotifyIconW
ShellExecuteW
ExtractAssociatedIconExW
SHFileOperationA
SHGetInstanceExplorer
SHGetFolderPathW
SHGetIconOverlayIndexW
SHFormatDrive
SHGetFolderLocation
ShellExecuteExW
SHIsFileAvailableOffline
SHLoadNonloadedIconOverlayIdentifiers
SHCreateDirectoryExW
DragQueryFileW
SHPathPrepareForWriteA
SHGetSpecialFolderPathW
ExtractAssociatedIconExA
SHGetPathFromIDList
SHChangeNotify
SHAddToRecentDocs
SHGetFileInfo
SHGetSpecialFolderLocation
SHBrowseForFolderW
ExtractIconEx
SHBrowseForFolder
ShellExecuteA
ExtractIconExA
SHCreateProcessAsUserW
SHGetIconOverlayIndexA
SHQueryRecycleBinA
Shell_NotifyIcon
ShellExecuteEx
SHAppBarMessage
SHBrowseForFolderA
SHEmptyRecycleBinW

shlwapi

StrCmpNIW
StrRChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrChrIA
StrRChrA
StrRChrIA
StrRChrW
StrStrIA
StrRStrIA
StrChrA

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d074e3421848e8327d843fd7da1c5d8

Code Sign

0d:c5:23:23:27:61:1a:aa:46:1c:b1:cd:e2:b9:c8:cfCertificate

Extended Key Usages

0a:04:6b:70:00:e0:25:a9:7e:ea:a5:ee:05:8c:17:b9:19:29:df:25Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

advapi32

shell32

shlwapi

Sections

.text Size: 292KB - Virtual size: 291KB

.data Size: 10KB - Virtual size: 10KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

0d:c5:23:23:27:61:1a:aa:46:1c:b1:cd:e2:b9:c8:cf
Certificate

0a:04:6b:70:00:e0:25:a9:7e:ea:a5:ee:05:8c:17:b9:19:29:df:25
Signer

.text
Size: 292KB - Virtual size: 291KB

.data
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB