0d16a4359e0798a6800a5db41c5f0558_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d16a4359e0798a6800a5db41c5f0558_JaffaCakes118
Size

211KB
MD5

0d16a4359e0798a6800a5db41c5f0558
SHA1

5abdd9f0aa4c6abe9a37f04d43fc700abe68c85b
SHA256

d90e08351fecdcfbb2074056ef31da6c30f671dde5bacbf04366653c48111ba4
SHA512

c2476197119c8945e1bc6bf4949742abcf56303342d00840045c6ddf121f0dd8c712a77f0566e179c6a5d72d0b2280b37e3d1fdeb57f0f5bcee4e698f3b6bde6
SSDEEP

3072:fqQl+UEVWlsTYKgfrWJYmpm1RU8JtJJnjGKTy+oHSOKLVqsTOkybNJ1MQrV:FskKgjWJAbJJ9GKTfXgsNybN0Q5

Score

1^/10

Malware Config

Signatures

Files

0d16a4359e0798a6800a5db41c5f0558_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7692e152ffe503782e0953ea5612766c

Code Sign

53:d1:02:94:39:8f:c7:90:41:05:6a:e9:44:9f:70:2f
Certificate

Issuer

CN=wMyZi1yqPnKDk1r02gQqHnixL

Not Before

17/04/2012, 14:22

Not After

31/12/2039, 23:59

Subject

CN=wMyZi1yqPnKDk1r02gQqHnixL

Extended Key Usages

ExtKeyUsageCodeSigning

ee:b9:c9:6a:b0:c1:7a:c2:6f:50:53:cc:b1:9c:30:07:f6:e8:90:ea
Signer

Actual PE Digest

ee:b9:c9:6a:b0:c1:7a:c2:6f:50:53:cc:b1:9c:30:07:f6:e8:90:ea

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
DosDateTimeToFileTime
VirtualAllocEx
AddAtomW
AllocConsole
BackupRead
BackupSeek
Beep
BeginUpdateResourceA
BindIoCompletionCallback
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallNamedPipeW
CancelTimerQueueTimer
CancelWaitableTimer
ChangeTimerQueueTimer
CommConfigDialogW
CompareStringA
ConnectNamedPipe
ConvertDefaultLocale
ConvertThreadToFiber
CopyFileA
CopyFileExA
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryW
CreateFileMappingA
CreateHardLinkA
CreateIoCompletionPort
CreateJobObjectW
CreateNamedPipeA
CreateNamedPipeW
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateTimerQueueTimer
CreateToolhelp32Snapshot
DebugActiveProcess
DebugBreak
DeleteFileA
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EndUpdateResourceA
EndUpdateResourceW
EnumCalendarInfoA
EnumCalendarInfoExA
EnumCalendarInfoExW
EnumDateFormatsW
EnumLanguageGroupLocalesA
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
EnumSystemCodePagesW
EnumSystemLanguageGroupsA
EnumTimeFormatsW
EnumUILanguagesA
EnumUILanguagesW
EscapeCommFunction
ExitProcess
ExpandEnvironmentStringsA
FatalAppExitA
FatalAppExitW
FatalExit
FileTimeToDosDateTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindAtomA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeA
FindFirstVolumeMountPointW
FindNextChangeNotification
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindResourceA
FindResourceExA
FindResourceExW
FindVolumeMountPointClose
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeLibraryAndExitThread
GenerateConsoleCtrlEvent
GetACP
GetAtomNameA
GetBinaryType
GetBinaryTypeW
GetCPInfo
GetCalendarInfoA
GetCalendarInfoW
GetCommModemStatus
GetCommandLineW
GetCompressedFileSizeW
GetComputerNameExA
GetComputerNameExW
GetConsoleAliasA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasW
GetConsoleAliasesLengthA
GetConsoleCP
GetConsoleDisplayMode
GetConsoleOutputCP
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDefaultCommConfigW
GetDevicePowerState
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameW
GetHandleInformation
GetLargestConsoleWindowSize
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetModuleFileNameW
GetNamedPipeHandleStateA
GetNamedPipeHandleStateW
GetNamedPipeInfo
GetNumberOfConsoleInputEvents
GetNumberOfConsoleMouseButtons
GetOEMCP
GetPrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructW
GetProcAddress
GetProcessHeap
GetProcessHeaps
GetProcessIoCounters
GetProcessPriorityBoost
GetProcessShutdownParameters
GetProcessTimes
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetQueuedCompletionStatus
GetShortPathNameA
GetStartupInfoA
GetStartupInfoW
GetStringTypeExA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTapePosition
GetTempFileNameA
GetTempFileNameW
GetTempPathW
lstrcatA
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersionExA
GetVolumeNameForVolumeMountPointA
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetWriteWatch
GlobalAddAtomA
GlobalAlloc
GlobalFix
GlobalFlags
GlobalHandle
GlobalLock
GlobalMemoryStatusEx
GlobalUnWire
GlobalWire
Heap32ListFirst
Heap32ListNext
Heap32Next
HeapFree
HeapSize
HeapUnlock
HeapWalk
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchangeAdd
IsBadCodePtr
IsBadHugeWritePtr
IsBadStringPtrW
IsDBCSLeadByteEx
IsSystemResumeAutomatic
IsValidCodePage
IsValidLanguageGroup
LCMapStringW
LoadLibraryA
LoadLibraryExA
LoadLibraryW
LocalAlloc
LocalFlags
LocalFree
LocalLock
LocalShrink
LocalSize
LocalUnlock
LockFile
LockFileEx
MapViewOfFileEx
Module32First
Module32Next
MoveFileExW
MoveFileWithProgressA
MoveFileWithProgressW
MultiByteToWideChar
OpenEventA
OpenJobObjectW
PeekConsoleInputW
PulseEvent
QueryDosDeviceA
QueryDosDeviceW
QueryInformationJobObject
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadConsoleInputA
ReadConsoleOutputAttribute
ReadProcessMemory
ReleaseMutex
ReplaceFileW
RequestDeviceWakeup
ResetWriteWatch
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SetCalendarInfoA
SetCalendarInfoW
SetCommConfig
SetCommMask
SetComputerNameA
SetComputerNameExW
SetComputerNameW
SetConsoleCP
SetConsoleCursor
SetConsoleCursorPosition
SetConsoleDisplayMode
SetConsoleMode
SetConsoleTitleW
SetConsoleWindowInfo
SetCurrentDirectoryW
SetDefaultCommConfigW
SetEndOfFile
SetErrorMode
SetEvent
SetFileApisToANSI
SetFileApisToOEM
SetFileAttributesA
SetFileAttributesW
SetFilePointerEx
SetFileTime
SetHandleCount
SetHandleInformation
SetInformationJobObject
SetLastError
SetLocalTime
SetLocaleInfoA
SetLocaleInfoW
SetMailslotInfo
SetNamedPipeHandleState
SetProcessPriorityBoost
SetStdHandle
SetSystemPowerState
SetTapeParameters
SetThreadAffinityMask
SetThreadLocale
SetThreadPriority
SetTimeZoneInformation
SetTimerQueueTimer
SetVolumeLabelW
SetVolumeMountPointW
SleepEx
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateJobObject
TerminateProcess
TerminateThread
Thread32First
TlsGetValue
TlsSetValue
Toolhelp32ReadProcessMemory
TransmitCommChar
UnlockFileEx
UnregisterWaitEx
UpdateResourceA
UpdateResourceW
VerLanguageNameA
VerifyVersionInfoA
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualQuery
VirtualUnlock
WaitCommEvent
WaitForDebugEvent
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WinExec
WriteConsoleA
WriteConsoleInputA
WriteConsoleOutputAttribute
WriteConsoleOutputCharacterA
WriteFile
WriteFileEx
WriteFileGather
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStructA
WriteProfileSectionW
WriteProfileStringA
WriteProfileStringW
WriteTapemark
_lopen
_lwrite
lstrcatW
lstrcmp
lstrcmpA
lstrcmpW
lstrcmpi
lstrcmpiA
lstrcmpiW
lstrcpy
lstrcpyW
lstrcpynA
lstrlen
GetTimeFormatW
CreateFileA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
IsDebuggerPresent

advapi32

RegOpenKeyExW

oleaut32

CreateStdDispatch
CreateTypeLib2
DispCallFunc
DispInvoke
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
GetRecordInfoFromTypeInfo
LHashValOfNameSys
LHashValOfNameSysA
LPSAFEARRAY_Marshal
LPSAFEARRAY_Size
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
LoadRegTypeLi
LoadTypeLi
LoadTypeLibEx
OACreateTypeLib2
OaBuildVersion
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleIconToCursor
OleLoadPicture
OleLoadPictureFile
OleLoadPicturePath
OleSavePictureFile
OleTranslateColor
RegisterActiveObject
RegisterTypeLi
RevokeActiveObject
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopyData
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayCreateVectorEx
SafeArrayDestroyDescriptor
SafeArrayGetElement
SafeArrayGetElemsize
SafeArrayGetIID
SafeArrayGetLBound
SafeArrayGetRecordInfo
SafeArrayGetUBound
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArraySetRecordInfo
SafeArrayUnaccessData
SafeArrayUnlock
SetErrorInfo
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysReAllocString
SysReAllocStringLen
SysStringByteLen
UnRegisterTypeLi
VARIANT_UserFree
VARIANT_UserMarshal
VarAdd
VarAnd
VarBoolFromCy
VarBoolFromDate
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI1
VarBoolFromI2
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI1
VarBoolFromUI2
VarBoolFromUI4
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
VarCat
VarCmp
VarCyAbs
VarCyAdd
VarCyCmpR8
VarCyFromBool
VarCyFromDate
VarCyFromDec
VarCyFromDisp
VarCyFromI1
VarCyFromI2
VarCyFromI4
VarCyFromR4
VarCyFromR8
VarCyFromStr
VarCyFromUI1
VarCyFromUI2
VarCyInt
VarCyMul
VarCyNeg
VarCyRound
VarCySu
VarDateFromDec
VarDateFromDisp
VarDateFromI1
VarDateFromI2
VarDateFromI4
VarDateFromR4
VarDateFromR8
VarDateFromUI1
VarDateFromUI2
VarDateFromUI4
VarDateFromUdateEx
VarDecAbs
VarDecAdd
VarDecCmp
VarDecCmpR8
VarDecFromCy
VarDecFromDate
VarDecFromDisp
VarDecFromI1
VarDecFromI4
VarDecFromR8
VarDecFromStr
VarDecFromUI1
VarDecFromUI2
VarDecFromUI4
VarDecInt
VarDecMul
VarDecNeg
VarDecRound
VarDiv
VarEqv
VarFix
VarFormat
VarFormatCurrency
VarFormatDateTime
VarFormatFromTokens
VarFormatPercent
VarI1FromCy
VarI1FromDate
VarI1FromI2
VarI1FromI4
VarI1FromR4
VarI1FromR8
VarI1FromStr
VarI1FromUI1
VarI1FromUI4
VarI2FromBool
VarI2FromCy
VarI2FromDec
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromR4
VarI2FromR8
VarI2FromStr
VarI2FromUI1
VarI2FromUI2
VarI2FromUI4
VarI4FromBool
VarI4FromDate
VarI4FromDec
VarI4FromI1
VarI4FromI2
VarI4FromR4
VarI4FromR8
VarI4FromStr
VarI4FromUI1
VarI4FromUI4
VarIdiv
VarMonthName
VarMul
VarNeg
VarNot
VarNumFromParseNum
VarOr
VarParseNumFromStr
VarR4CmpR8
VarR4FromBool
VarR4FromCy
VarR4FromI1
VarR4FromI2
VarR4FromI4
VarR4FromR8
VarR4FromStr
VarR4FromUI1
VarR4FromUI2
VarR8FromCy
VarR8FromDec
VarR8FromDisp
VarR8FromI1
VarR8FromI2
VarR8FromI4
VarR8FromStr
VarR8FromUI2
VarR8Pow
VarR8Round
VarRound
VarSu
VarUI1FromCy
VarUI1FromDate
VarUI1FromDisp
VarUI1FromI1
VarUI1FromI2
VarUI1FromI4
VarUI1FromR4
VarUI1FromR8
VarUI1FromStr
VarUI1FromUI2
VarUI1FromUI4
VarUI2FromBool
VarUI2FromCy
VarUI2FromDate
VarUI2FromDec
VarUI2FromI1
VarUI2FromI2
VarUI2FromI4
VarUI2FromR4
VarUI2FromR8
VarUI2FromStr
VarUI2FromUI1
VarUI2FromUI4
VarUI4FromBool
VarUI4FromCy
VarUI4FromDec
VarUI4FromDisp
VarUI4FromI1
VarUI4FromI2
VarUI4FromI4
VarUI4FromR4
VarUI4FromR8
VarUI4FromUI1
VarUI4FromUI2
VarUdateFromDate
VarWeekdayName
VarXor
VariantChangeType
VariantChangeTypeEx
VariantCopy
VariantInit
VariantTimeToDosDateTime
VectorFromBstr
BstrFromVector
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserFree
CreateDispTypeInfo

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7692e152ffe503782e0953ea5612766c

Code Sign

53:d1:02:94:39:8f:c7:90:41:05:6a:e9:44:9f:70:2fCertificate

Extended Key Usages

ee:b9:c9:6a:b0:c1:7a:c2:6f:50:53:cc:b1:9c:30:07:f6:e8:90:eaSigner

Headers

File Characteristics

Imports

kernel32

advapi32

oleaut32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 188KB - Virtual size: 189KB

.reloc Size: 4KB - Virtual size: 3KB

53:d1:02:94:39:8f:c7:90:41:05:6a:e9:44:9f:70:2f
Certificate

ee:b9:c9:6a:b0:c1:7a:c2:6f:50:53:cc:b1:9c:30:07:f6:e8:90:ea
Signer

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 188KB - Virtual size: 189KB

.reloc
Size: 4KB - Virtual size: 3KB