0f55017cace39dd67995fd5e89a61805_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f55017cace39dd67995fd5e89a61805_JaffaCakes118
Size

152KB
MD5

0f55017cace39dd67995fd5e89a61805
SHA1

7f78a28a1f29f0e13b287ddcf5fffef453687cf7
SHA256

5d0a3923eef496c839e5da36c60b4b3a89ee2419fb0ebc79d909f1ff906b3c92
SHA512

481b5b7a823de90999f7cf450b01431d87a570a602f3e6eddc582ef229e8ce85303177aa344ff6a371ad5e1674b13496dcf597c535c929535df633a2a572d40e
SSDEEP

3072:Ziuy7loF/b4JpcfgU/o1SHq5ic4BVphkN5wn4RE/EmWvXpG1545T5w5yh0:wuKWF/GifrgUHY+fphkNmnoUEmWa

Score

1^/10

Malware Config

Signatures

Files

0f55017cace39dd67995fd5e89a61805_JaffaCakes118
.dll windows:5 windows x86 arch:x86

354b99b7044cf55de8a717521a7e5c22

Code Sign

47:02:b9:9e:80:49:21:5b:b2:2a:2c:4c:fb:97:78:97
Certificate

Issuer

CN=wxlrm9hxs866qrhth6nyvzp5srinsksuw56x86muh6l9wt7jukzo98zmrwy995jrilo9w6jlzqisxsn9lnhpvkk9xqjjryrri4rviy5s9r9jp9n59notsoi7lirsrjuyxwwzztmim4y6jl6jjjhyo45r99hji7n6hvs6szhm9mn64u5zxv87mnrviovljnnqns6wzrw45qhq79wu5sho97zktjjjz47lv79zt6npo4u4q5vz4pxo4mqspr5pxuqhlvmkmz8j984y444s46qorl4vyknvl8ylo9p7hot9uk56jhjnirjhllin4jnvk5wynspmqjrsvxlk8hlu8q7n77m4y96p4qwlqrttshlz6zvwpzrnzin87v9myrthioi88iqp5t5xiqishuh96w6nkz7m9945qvi7pt6pyooz9w5ijl9ivkyq9roj6hxnv4r494jrywokpou8n4jrrwi5q8m6w9p8mx6zo6rujhowhniz497y48tk7kujviqunu44zvw8wuux5lsoqxzil85jsm8lkrthljsr6yv6utkrwymxqoytjolvx46hxkzrjr69k7w5y56xqnh7uvxviw9wu5slvku9v8zokynsswo5hq6oo4psyt6t4z4hpqrjzwz8txovxv68tp9rsskjvo5tsrvqtupnmzkj4j7jyxz66q8ztwq9pqimohr6tqtlm9jyxoqkuq58jwvkpx9py9jpsmxz7tpyrtum5tr8wu7moj9trs59om5wyjq5ppv5k4k594979qssu6v65kss7mmknhuyqppyi4pq6lnxlv499x9uirn7m7yh97zvy55xu4rpou48ll86zol6lopkkk8ul9up8hylqvr7i4puyw54jtqq5mxxry4mx8jr5h669nk5huhv44hhlzk6ii6u8nuw76tik6qtnsmwhskni99xovmjwhuxurwu4ltivtziwh9p8kp7567pyrzky46qmx6846z69zxv9rv449u9yuzo4thk9q857qn65jvylqjp8qhpsp8nhtow4iyszqv4u7lvtykoiir4rh9l9t9stxi5llyv4vrvkqnt5xqktpkrhh89qvswsoqmo7mkro5r4hpkpvhoqyih6pnkzyr74kq4xl48tm97u4xnmpuuztqrtp84j4kt5o8iy4k7rr5stwxyjnmpuhsyj55tw4n8tpyo7soljskk5qhtjijzzs99qhvzsrw5mljr66wh9lqwx46598irt78xuuwt4rr69krhity6h87nmssh8qx65pumnrjs5qjho9xnm7snzs4iyhpv4pqi5yqp7i9845qpk6vh6qh9l65yr6slzlpzy5m5noi9hknjko46xm677yzsxr6vzyumvplxwq6k4xivqpw8quyih68py7i4i9yuy8w768y5rwossnljxtvymzw98u46wyqqolm8rhx8ok6ou7s6oh4kvj4w4r7k646hwr6kljwi6n6ipsjqjh785iknws5iyvmuhi5jxhmut8zyisvr6ozzlmot6xhlx9ps4puw5j9ny9kqr8mtqutpruvuizpmyj7knq6ul9h58mjs4o9zwqv56rjpys7jsvou7o594yrr4o5q6pz6soxnnvzspsk78r4mjizln57h4z75iojq54z8holjuly54iotptnsymjktijto4rpzjkq9j7l7kunkoxojrop4kohwxvs647tksokwiimiw7xxrrj6thvwqxsy4xz54snjjk95u4ry6o4u97nmp7999jhtwhvuw5yy9y6jp4vthvsuimvzsyvktn7ypxsjtut9jr6szyomm4w8jpximst46y7i7z79k6iko9msp6xwoosu96x4hsinqvtql4ynu7rpqnojkrttmzpv9osw9ozs497rjvxultny8uxixppwzjwiy6von6kxnz6jom688n7twqhsxnn8tu9nnwlt7oj5pq6lshtjjxph7tm7syinjvlkjqjh5itp9qhxjx8np5nsk9oxy8lui8kllx4y76tlt5irx9xjz48mynsrs9yz4z9oz8qo6xo64xtstnq65oqwy78slzr5to8jtnz4q4or6wp4776qs7lho6ovzzz4tlqvuwn894kprmpq9zj797w6tolisrzy7p7pqzizlts4rz7p6ynpirxvmzq5h9jxx8ms9j7lpikpnmjysmwh7p6wo84ktpny4skww8mlz6nlyuxxy6v69ptus9wirmmihv48hpi4uwh8hp6pqs5om5r6pji8ylx5mqnlplmj6ny64958kmio8jnju9u4wt8l8l7uki9kxi6xhykwxvmr9jm7rtyi8njs4tn5qpti8tkxkrmyqnqwqxk7r5m74p46mm9npnr9rspw98hr4ozt4pvz4qh4yqoxuu546zjj6hr754ljj8zkktyjx8l6v4wmk6zxiuvv7uvqnm9iw46k4nqzkt5444q6j685umtzhxhsqrsytx5zuviqmppxjo6huvwxnhl4yomhwmkqyytuuj864jonxmhirnmlwixhoz4v6oqwmp75qp67wupzi9stysp 6rnt5hsrkpih 6rnt5hsrkpih

Not Before

08/12/2012, 19:48

Not After

31/12/2039, 23:59

Subject

CN=wxlrm9hxs866qrhth6nyvzp5srinsksuw56x86muh6l9wt7jukzo98zmrwy995jrilo9w6jlzqisxsn9lnhpvkk9xqjjryrri4rviy5s9r9jp9n59notsoi7lirsrjuyxwwzztmim4y6jl6jjjhyo45r99hji7n6hvs6szhm9mn64u5zxv87mnrviovljnnqns6wzrw45qhq79wu5sho97zktjjjz47lv79zt6npo4u4q5vz4pxo4mqspr5pxuqhlvmkmz8j984y444s46qorl4vyknvl8ylo9p7hot9uk56jhjnirjhllin4jnvk5wynspmqjrsvxlk8hlu8q7n77m4y96p4qwlqrttshlz6zvwpzrnzin87v9myrthioi88iqp5t5xiqishuh96w6nkz7m9945qvi7pt6pyooz9w5ijl9ivkyq9roj6hxnv4r494jrywokpou8n4jrrwi5q8m6w9p8mx6zo6rujhowhniz497y48tk7kujviqunu44zvw8wuux5lsoqxzil85jsm8lkrthljsr6yv6utkrwymxqoytjolvx46hxkzrjr69k7w5y56xqnh7uvxviw9wu5slvku9v8zokynsswo5hq6oo4psyt6t4z4hpqrjzwz8txovxv68tp9rsskjvo5tsrvqtupnmzkj4j7jyxz66q8ztwq9pqimohr6tqtlm9jyxoqkuq58jwvkpx9py9jpsmxz7tpyrtum5tr8wu7moj9trs59om5wyjq5ppv5k4k594979qssu6v65kss7mmknhuyqppyi4pq6lnxlv499x9uirn7m7yh97zvy55xu4rpou48ll86zol6lopkkk8ul9up8hylqvr7i4puyw54jtqq5mxxry4mx8jr5h669nk5huhv44hhlzk6ii6u8nuw76tik6qtnsmwhskni99xovmjwhuxurwu4ltivtziwh9p8kp7567pyrzky46qmx6846z69zxv9rv449u9yuzo4thk9q857qn65jvylqjp8qhpsp8nhtow4iyszqv4u7lvtykoiir4rh9l9t9stxi5llyv4vrvkqnt5xqktpkrhh89qvswsoqmo7mkro5r4hpkpvhoqyih6pnkzyr74kq4xl48tm97u4xnmpuuztqrtp84j4kt5o8iy4k7rr5stwxyjnmpuhsyj55tw4n8tpyo7soljskk5qhtjijzzs99qhvzsrw5mljr66wh9lqwx46598irt78xuuwt4rr69krhity6h87nmssh8qx65pumnrjs5qjho9xnm7snzs4iyhpv4pqi5yqp7i9845qpk6vh6qh9l65yr6slzlpzy5m5noi9hknjko46xm677yzsxr6vzyumvplxwq6k4xivqpw8quyih68py7i4i9yuy8w768y5rwossnljxtvymzw98u46wyqqolm8rhx8ok6ou7s6oh4kvj4w4r7k646hwr6kljwi6n6ipsjqjh785iknws5iyvmuhi5jxhmut8zyisvr6ozzlmot6xhlx9ps4puw5j9ny9kqr8mtqutpruvuizpmyj7knq6ul9h58mjs4o9zwqv56rjpys7jsvou7o594yrr4o5q6pz6soxnnvzspsk78r4mjizln57h4z75iojq54z8holjuly54iotptnsymjktijto4rpzjkq9j7l7kunkoxojrop4kohwxvs647tksokwiimiw7xxrrj6thvwqxsy4xz54snjjk95u4ry6o4u97nmp7999jhtwhvuw5yy9y6jp4vthvsuimvzsyvktn7ypxsjtut9jr6szyomm4w8jpximst46y7i7z79k6iko9msp6xwoosu96x4hsinqvtql4ynu7rpqnojkrttmzpv9osw9ozs497rjvxultny8uxixppwzjwiy6von6kxnz6jom688n7twqhsxnn8tu9nnwlt7oj5pq6lshtjjxph7tm7syinjvlkjqjh5itp9qhxjx8np5nsk9oxy8lui8kllx4y76tlt5irx9xjz48mynsrs9yz4z9oz8qo6xo64xtstnq65oqwy78slzr5to8jtnz4q4or6wp4776qs7lho6ovzzz4tlqvuwn894kprmpq9zj797w6tolisrzy7p7pqzizlts4rz7p6ynpirxvmzq5h9jxx8ms9j7lpikpnmjysmwh7p6wo84ktpny4skww8mlz6nlyuxxy6v69ptus9wirmmihv48hpi4uwh8hp6pqs5om5r6pji8ylx5mqnlplmj6ny64958kmio8jnju9u4wt8l8l7uki9kxi6xhykwxvmr9jm7rtyi8njs4tn5qpti8tkxkrmyqnqwqxk7r5m74p46mm9npnr9rspw98hr4ozt4pvz4qh4yqoxuu546zjj6hr754ljj8zkktyjx8l6v4wmk6zxiuvv7uvqnm9iw46k4nqzkt5444q6j685umtzhxhsqrsytx5zuviqmppxjo6huvwxnhl4yomhwmkqyytuuj864jonxmhirnmlwixhoz4v6oqwmp75qp67wupzi9stysp 6rnt5hsrkpih 6rnt5hsrkpih

Extended Key Usages

ExtKeyUsageCodeSigning

25:55:75:66:45:86:f3:33:13:20:fa:d6:67:08:c8:c2:33:8a:ec:f7
Signer

Actual PE Digest

25:55:75:66:45:86:f3:33:13:20:fa:d6:67:08:c8:c2:33:8a:ec:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
ReadFile
lstrlenA
CreateMutexW
lstrcpyW
lstrcmpW
lstrcmpA
lstrcatW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
QueryPerformanceCounter
MultiByteToWideChar
LoadLibraryA
GetWindowsDirectoryW
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GetStartupInfoA
GetNumberFormatW
GetModuleHandleA
GetCurrentProcessId
GetCommandLineW

gdi32

GetStockObject

advapi32

RegOpenKeyW
RegOpenKeyA
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AddAccessAllowedAce

msvcrt

__p__fmode
__set_app_type
_except_handler3
__p__commode

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

354b99b7044cf55de8a717521a7e5c22

Code Sign

47:02:b9:9e:80:49:21:5b:b2:2a:2c:4c:fb:97:78:97Certificate

Extended Key Usages

25:55:75:66:45:86:f3:33:13:20:fa:d6:67:08:c8:c2:33:8a:ec:f7Signer

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

msvcrt

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 119KB - Virtual size: 118KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 1024B - Virtual size: 626B

47:02:b9:9e:80:49:21:5b:b2:2a:2c:4c:fb:97:78:97
Certificate

25:55:75:66:45:86:f3:33:13:20:fa:d6:67:08:c8:c2:33:8a:ec:f7
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 119KB - Virtual size: 118KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 1024B - Virtual size: 626B