153a3e024afec642e2691920b59c61a4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

153a3e024afec642e2691920b59c61a4_JaffaCakes118
Size

70KB
MD5

153a3e024afec642e2691920b59c61a4
SHA1

93a078d8a1630f88056fbdeb874857220a3267da
SHA256

530a35c6ec422cdfa7d66978dd18fade819487ef66bb5578699905f19d09ea27
SHA512

09537843dd5a4293c1602e27149df4d29cda5f68f3198f6ee90dca1424ec52e5b34e7089aa944c922bea5a0fd7061c7f81039230b7530dd703ee1676822d176f
SSDEEP

1536:maN9r/CSHl5arOoh7cM9sh1/UkiruECYXqiIyMuwzGhhdeSG:maN9rXsX7clst8Y6dqwIeS

Score

1^/10

Malware Config

Signatures

Files

153a3e024afec642e2691920b59c61a4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6a6588e0964c292f6ac4705d9e739805

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

Issuer

CN=NCrG992VieeQ

Not Before

14-03-2012 06:19

Not After

31-12-2039 23:59

Subject

CN=NCrG992VieeQ

Extended Key Usages

ExtKeyUsageCodeSigning

f4:e3:45:64:ae:b5:91:25:a2:0e:99:fe:36:38:5f:df:d6:32:6c:1b
Signer

Actual PE Digest

f4:e3:45:64:ae:b5:91:25:a2:0e:99:fe:36:38:5f:df:d6:32:6c:1b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
LoadLibraryA
CreateFileA
lstrlenA
GetWindowsDirectoryA
lstrcpyA
GetProcAddress

user32

ShowCaret
ShowOwnedPopups
SwitchToThisWindow
TabbedTextOutA
ToUnicode
UnhookWindowsHook
UnregisterHotKey
wsprintfW
SetWindowTextW
SetUserObjectSecurity
SetUserObjectInformationW
SetSystemCursor
SetScrollRange
SetMenuItemInfoW
SetMenuItemBitmaps
SetLayeredWindowAttributes
SetDeskWallpaper
SetClassLongW
SetCapture
ScrollWindow
ScrollDC
ReuseDDElParam
ReplyMessage
RemovePropW
RemoveMenu
RegisterHotKey
RegisterClassW
RegisterClassA
PostThreadMessageA
OpenDesktopA
NotifyWinEvent
MapVirtualKeyExW
BringWindowToTop
ChangeClipboardChain
ChangeDisplaySettingsW
ChangeMenuA
CharNextW
CharUpperBuffA
ChildWindowFromPointEx
CopyIcon
CreateDialogIndirectParamA
CreateMDIWindowW
MapDialogRect
DdeAccessData
DdeAddData
DdeDisconnect
DdeFreeStringHandle
DdeInitializeW
DdeQueryStringA
DdeReconnect
DdeUnaccessData
DdeUninitialize
DestroyWindow
DlgDirSelectComboBoxExW
DrawAnimatedRects
DrawFrame
DrawTextExW
EndPaint
EnumClipboardFormats
EnumDesktopsW
EnumDisplayMonitors
EnumDisplaySettingsW
FindWindowExW
GetAsyncKeyState
GetClassInfoExA
GetClassNameA
GetDlgItem
GetFocus
GetInputDesktop
GetKeyNameTextA
GetKeyboardType
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMessageA
GetMessageTime
GetParent
GetScrollBarInfo
GetSubMenu
GetUpdateRgn
GetWindowContextHelpId
GetWindowPlacement
GetWindowThreadProcessId
IMPSetIMEA
IsCharAlphaW
IsDialogMessage
IsHungAppWindow
IsWindow
AppendMenuA
IsWindowEnabled
LoadIconA
LoadImageA
LoadKeyboardLayoutA
LoadMenuW

comdlg32

PageSetupDlgW
ChooseColorW
ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextA
FindTextW
GetFileTitleA
ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
ChooseColorA
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW

advapi32

RegOpenKeyW

ole32

OleSaveToStream
OleTranslateAccelerator
ProgIDFromCLSID
ReadOleStg
RegisterDragDrop
ReleaseStgMedium
SNB_UserFree
SNB_UserUnmarshal
SetConvertStg
StgConvertVariantToProperty
StgGetIFillLockBytesOnFile
StgOpenAsyncDocfileOnIFillLockBytes
StgPropertyLengthAsVariant
StringFromCLSID
UtConvertDvtd16toDvtd32
UtGetDvtd16Info
UtGetDvtd32Info
WdtpInterfacePointer_UserFree
WdtpInterfacePointer_UserSize
WriteFmtUserTypeStg
WriteStringStream
OleRegGetMiscStatus
OleMetafilePictFromIconAndLabel
OleIsRunning
OleGetIconOfFile
OleDoAutoConvert
OleCreateLinkFromDataEx
OleCreateLinkEx
OleCreateLink
OleCreateEx
OleCreate
OleConvertOLESTREAMToIStorage
MonikerCommonPrefixWith
IsAccelerator
HkOleRegisterObject
HWND_UserSize
HMETAFILE_UserSize
HMETAFILE_UserMarshal
HMETAFILEPICT_UserUnmarshal
HMETAFILEPICT_UserMarshal
HMENU_UserFree
HICON_UserUnmarshal
HGLOBAL_UserUnmarshal
HGLOBAL_UserSize
HDC_UserUnmarshal
HBRUSH_UserUnmarshal
HBRUSH_UserSize
HBITMAP_UserSize
HBITMAP_UserFree
HACCEL_UserMarshal
EnableHookObject
CreateObjrefMoniker
CreateDataAdviseHolder
CoUnmarshalInterface
CoUnmarshalHresult
CoTestCancel
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoSetCancelObject
CoReleaseServerProcess
CoRegisterPSClsid
CoRegisterClassObject
CoReactivateObject
CoQueryClientBlanket
CoMarshalInterface
CoMarshalInterThreadInterfaceInStream
CoIsOle1Class
CoInitializeWOW
CoGetTreatAsClass
CoGetPSClsid
CoGetInterfaceAndReleaseStream
CoGetCurrentLogicalThreadId
CoGetCallContext
CoFreeUnusedLibraries
CoDosDateTimeToFileTime
CoDisableCallCancellation
CoCreateInstanceEx
CoCancelCall
CoAllowSetForegroundWindow
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
OleCreateStaticFromData
CoGetInstanceFromFile

comctl32

ord8
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
_TrackMouseEvent
UninitializeFlatSB
ord3
PropertySheetA
PropertySheet
ord2
ord13
ord14
InitializeFlatSB
InitMUILanguage
InitCommonControlsEx
ord17
ImageList_Write
ImageList_SetOverlayImage
ImageList_SetImageCount
ImageList_SetIconSize
ImageList_SetFilter
ImageList_SetDragCursorImage
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Read
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_LoadImage
ImageList_GetImageRect
ImageList_GetIconSize
ImageList_GetDragImage
ImageList_GetBkColor
ImageList_EndDrag
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_Destroy
ImageList_Create
ImageList_Copy
ImageList_BeginDrag
ImageList_AddIcon
ImageList_Add
ord4
FlatSB_ShowScrollBar
FlatSB_SetScrollPos
FlatSB_GetScrollRange
FlatSB_GetScrollProp
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
FlatSB_EnableScrollBar
DrawStatusTextW
ord5
DrawStatusText
ord15
DestroyPropertySheetPage
CreateToolbarEx
CreateStatusWindowW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a6588e0964c292f6ac4705d9e739805

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3bCertificate

Extended Key Usages

f4:e3:45:64:ae:b5:91:25:a2:0e:99:fe:36:38:5f:df:d6:32:6c:1bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

comctl32

Sections

.text Size: 12KB - Virtual size: 12KB

.text1 Size: 50KB - Virtual size: 49KB

.data Size: 1024B - Virtual size: 644B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

f4:e3:45:64:ae:b5:91:25:a2:0e:99:fe:36:38:5f:df:d6:32:6c:1b
Signer

.text
Size: 12KB - Virtual size: 12KB

.text1
Size: 50KB - Virtual size: 49KB

.data
Size: 1024B - Virtual size: 644B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB