0d87aae2a86bbf1d630215381bff3161_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0d87aae2a86bbf1d630215381bff3161_JaffaCakes118
Size

236KB
MD5

0d87aae2a86bbf1d630215381bff3161
SHA1

ca53788852116432d577ff3ecc5fe258908d2470
SHA256

cc11047ab903983183a67d8b6131addf018d1cd83d9424c9655ad6e036af756f
SHA512

dfe47aa5a74b5ea6514721b719093dd3f68ada45c63deda8d48e1c4af0e532b148f7c4ac4c1d25af348d117ef5da0d26d5734c9fe0f61f744ae0f6ea4b4b37ba
SSDEEP

3072:YtrmGt7hKL3HeaNxa1oD2+W2cy3nFxnaoPI9h92WxVWmzkArI/9dmWn5:cJdKL31ra+QBunFxaGIaki315

Score

1^/10

Malware Config

Signatures

Files

0d87aae2a86bbf1d630215381bff3161_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a1fdf08d5a7506fcd5f01806e2e2930

Code Sign

20:76:09:06:0f:14:cd:9d:48:79:f1:21:1d:87:aa:d4
Certificate

Issuer

CN=EkPLhxORkPMzDDlu1wOxF47wG

Not Before

16-04-2012 13:21

Not After

31-12-2039 23:59

Subject

CN=EkPLhxORkPMzDDlu1wOxF47wG

Extended Key Usages

ExtKeyUsageCodeSigning

30:d9:be:fc:d8:ea:39:f4:16:31:31:d3:d9:0c:99:1d:16:b6:c3:08
Signer

Actual PE Digest

30:d9:be:fc:d8:ea:39:f4:16:31:31:d3:d9:0c:99:1d:16:b6:c3:08

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetWindowsDirectoryA
lstrcatA
CreateFileA
LoadLibraryA
GetProcAddress
DosDateTimeToFileTime

user32

GetMenuState
SetParent
GetMenuItemCount
IsCharAlphaNumericW
AppendMenuA
SetMenuItemInfoA
InsertMenuItemA
IMPGetIMEW
CharNextW
SetClassWord
FrameRect
DestroyMenu
GetClassInfoExA
IsCharLowerA
GetMenuBarInfo
FindWindowW
IsCharUpperA
OpenInputDesktop
SetUserObjectInformationW
IsCharAlphaA
CloseWindowStation
GetUserObjectSecurity
DrawTextExA
SetClipboardViewer
SetDlgItemInt
DestroyIcon
DdeQueryConvInfo
ChildWindowFromPointEx
PostThreadMessageW
TabbedTextOutA
SetDebugErrorLevel
ClientToScreen
SetWindowLongW
RemovePropA
IMPSetIMEA
LookupIconIdFromDirectoryEx
BeginPaint
DefMDIChildProcA
MapVirtualKeyA
GetCursorInfo
WaitMessage
DdeDisconnect
GetLastActivePopup
IMPQueryIMEW
SetCapture
GetAltTabInfoW
TileChildWindows
GetKeyNameTextA
CountClipboardFormats
CheckRadioButton
GetDlgItem
CascadeChildWindows
VkKeyScanExW
FreeDDElParam
UnpackDDElParam
ReplyMessage
EnumPropsA
CharLowerA
GetClassNameA
EnumPropsExA
SetDlgItemTextW
RegisterClassA
GetSubMenu
GetSystemMetrics
SetThreadDesktop
InternalGetWindowText
GetWindowTextW
FlashWindow
LoadAcceleratorsA
DdeSetUserHandle
DlgDirSelectComboBoxExA
CharPrevW
OffsetRect
InSendMessage
ChangeDisplaySettingsW
CharLowerBuffA
EnumDisplaySettingsA
GetDlgItemTextA
DdeGetData
GetGuiResources
EnumDisplaySettingsExA
GetNextDlgTabItem
SetFocus
GetInputDesktop
GetTabbedTextExtentW
SetDeskWallpaper
DestroyCaret
CreateAcceleratorTableW
GetClipCursor
MenuItemFromPoint
DrawEdge
GetForegroundWindow
PeekMessageW
GetWindowTextA
UpdateWindow
ChangeMenuA
EnumPropsExW
LoadKeyboardLayoutA
SetClassLongW
SendMessageCallbackW
CallMsgFilter
GetClassInfoA
wsprintfW
GetWindowModuleFileName
SendIMEMessageExA
GetAsyncKeyState
SetScrollRange
WindowFromDC
DdeNameService
OemToCharA
CallMsgFilterA
GetDlgItemTextW
GetTitleBarInfo

msvcrt

memcpy

shlwapi

UrlHashW
SHEnumKeyExA
UrlUnescapeA
SHRegQueryUSValueA
SHGetInverseCMAP
PathRemoveExtensionA
StrCatW
ord16
StrFromTimeIntervalA
SHRegEnumUSValueA
StrPBrkW
PathFindOnPathW
StrRetToBufA
ChrCmpIW
IntlStrEqWorkerA
UrlCompareA
StrPBrkA
PathRemoveBackslashW
SHRegCloseUSKey
PathMakePrettyA
StrCmpW
SHStrDupA
SHRegDeleteUSValueA
PathIsContentTypeA
UrlIsOpaqueW
SHDeleteKeyW
StrRChrIA
PathIsDirectoryA
StrToIntW
PathIsUNCServerW
SHGetThreadRef
HashData
SHRegGetBoolUSValueA
StrCmpNIA
PathIsUNCA
PathSetDlgItemPathA
StrRetToStrA
PathIsFileSpecW
SHQueryValueExA
PathUnmakeSystemFolderW
StrFormatKBSizeA
PathIsPrefixW
StrCatBuffW
StrRStrIW
SHRegQueryUSValueW
PathRemoveBlanksA
PathCommonPrefixA
SHRegQueryInfoUSKeyA
ColorHLSToRGB
SHGetValueA
PathRemoveFileSpecW
PathIsPrefixA
SHRegDeleteEmptyUSKeyA
PathAppendA
PathAddExtensionA
PathFindSuffixArrayW
PathUndecorateA
wnsprintfA
SHRegGetUSValueA
PathCommonPrefixW
PathGetArgsA
SHEnumValueA
PathFindExtensionA
SHRegDeleteEmptyUSKeyW
PathCombineW
PathCanonicalizeW
StrChrA
SHRegWriteUSValueA
PathRemoveBlanksW
StrRChrA
PathParseIconLocationA
AssocQueryStringByKeyW
PathRemoveArgsW
PathIsSameRootW
StrSpnW
PathUnquoteSpacesA
GetMenuPosFromID
PathIsSameRootA
SHRegSetUSValueA
SHRegOpenUSKeyA
UrlApplySchemeW
StrCSpnW
AssocQueryKeyA
PathRelativePathToA
UrlGetPartA
AssocCreate
SHSkipJunction
StrStrIW
StrToIntExW
SHRegCreateUSKeyW
PathStripToRootW
AssocQueryStringByKeyA
StrFormatByteSize64A
SHAutoComplete
SHOpenRegStream2W
PathUnExpandEnvStringsW
PathAddExtensionW
SHEnumKeyExW
PathIsRootW
PathStripPathA
PathIsUNCServerShareW
PathIsNetworkPathA
PathUnmakeSystemFolderA
StrToIntExA
PathIsFileSpecA
PathIsContentTypeW
PathSkipRootA
StrFormatByteSizeW
PathMatchSpecA
PathBuildRootA
StrStrA
SHRegEnumUSKeyA
PathQuoteSpacesA
StrCmpNIW
PathMatchSpecW
SHCreateShellPalette
UrlCombineW
StrCSpnIW
SHDeleteEmptyKeyW
StrDupA
PathFindSuffixArrayA
PathFindFileNameA

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ff2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ff3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a1fdf08d5a7506fcd5f01806e2e2930

Code Sign

20:76:09:06:0f:14:cd:9d:48:79:f1:21:1d:87:aa:d4Certificate

Extended Key Usages

30:d9:be:fc:d8:ea:39:f4:16:31:31:d3:d9:0c:99:1d:16:b6:c3:08Signer

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

shlwapi

Sections

.text Size: 219KB - Virtual size: 219KB

.ff2 Size: 1024B - Virtual size: 1000B

.ff3 Size: 1024B - Virtual size: 1000B

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

20:76:09:06:0f:14:cd:9d:48:79:f1:21:1d:87:aa:d4
Certificate

30:d9:be:fc:d8:ea:39:f4:16:31:31:d3:d9:0c:99:1d:16:b6:c3:08
Signer

.text
Size: 219KB - Virtual size: 219KB

.ff2
Size: 1024B - Virtual size: 1000B

.ff3
Size: 1024B - Virtual size: 1000B

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB