14b04338526c8a6c208157fb8453e79c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

14b04338526c8a6c208157fb8453e79c_JaffaCakes118
Size

193KB
MD5

14b04338526c8a6c208157fb8453e79c
SHA1

321dccfffd240b721fbbd724a05a496a399dd60b
SHA256

e406d666509d49fff31d6535ea4b101d921133ac480353609d933af2e790fa39
SHA512

c982b6c4b2002a7502ee99e1d4385699f09787afb51bbcb70877b2c1dae60e1d2b542bf8d00595a59ad1f647a0b42e99ffd002717ae59917300f84558d7484c7
SSDEEP

3072:cL7uSjVApjwRRUHQs/I1C36pKUYJtph0Nphnw5sg0WenXJqN8Tf/6G:0u6OpuCHDAE3gGPph0Nbng/0WeXTf/N

Score

1^/10

Malware Config

Signatures

Files

14b04338526c8a6c208157fb8453e79c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

255239ee49ac1a0ee089589fcea1f1b3

Code Sign

37:77:aa:64:8a:f8:97:8a:4e:59:53:96:61:b7:9f:af
Certificate

Issuer

CN=y5z5qqtiilvzqo6puksy8pumx5un7kv4ttr966l4h7wwxo6hrsq6ujy4p9ui596py9okmk7zlwsw97ww9pwwrjx9ilsninutyrnhxiwtloqiu6kry5jm9rylh4nouru677tq448j66htiqlp78jimq8qumk44psyyppo76sshklwy9nhjvk4v4ll9xvrynz8wvu8ypp8u4hnnw4x4ukji6k6yppl78xkjqhwswx4nq9p9z4mruk8nlnrjmvjpqlwyrj5isnxjuyi4jmmvlwpn4ysvquqyjjl9mnk4kzihvnz76y85hktwjslww6sihhsupqrumsi975zpxznzs44u7qwy4t4iqlw9jtvyzwshyh4rsvxh5y4xt8mpswk785t85iznlkvjkwvjylqpqsjlruokpynn44ykyxkwpzuqnzh7mqnpn6w55nzv7rnsr5po5ol5t9h7h5n5lz44u9o7ihjqt7ml5pnklltrnkr4ostqoxkqllplhttjurt4ow8sz54rym4m4xjxtnlhhjhhhk7tkuvivyvin97solzqmwynpsot6z5nxmzmtlhr5q84tz8x8wyul77ov9ywplonh4mhvtx4vottjtix67w7jnwttojpjhp9wvkxq7ru44pjv5wx4okzs569zyhtwhz7pmi9zjqw5hnuqxkq44wrs65usltknly8rkh5rj5ws8y47lnjpi9npj5qhxplq7rxwq69hmls6ny5p76uqy6xmrpopx7xkzojh8iqj98zwthx7u6imhuhkh9xyxovyw76kux9mn7vy8jrxkrtul948rwo5zmiiy8h7wtyxk6uuw8jui6ms9zrupkv48jmktomvt8v4h858sn8t5ukvljsw6zrj98l5y9x9njvyxnhi9s9nqlyzk7q6nvowprj4qkhlyx4u9msvyttu7s6pk454mlk4p7kz4lu4rinoln5rykw84ojik7o5uitliqwltv9y7pk77jqjiwyh45tkhlupt9rhqvzwr8xnnlvk6t8rs97j6lwjojkxs5r58z6ryjqns8yzmt6ws6wvq5t7o657lxxtl6m54iu7nw4pokhpqvkw6n68mpnkyxzrmvlhp6hym8hr444woj7rlmz89hoqom5qlmmjp6mxvlysv5i8jhm9ru8kmhwuv5xsyxxikrkktpj586qksvwnimvislkpplqoruh4mll95ivzpyyu54tjzrt488wu4j65xj4jr6sqlwtpvkuzqkqnss8xyth4ovostnqy7ps7h9nzyp97k75rt6yuwultvzu75vrniznvv4n5itvr7hokpmkvmujkw78spotltmt54mhvo9sonht66plr8wziyurwtokholpstn8yopoztjhhjlkk8titpmptujihvjqzmtw7nmmtzjs7t5hjlvkvqyxqs77t8y7opkv4wthy9vuyyunlq7io897ljvquk5vl7iq5km666zhsxz7whn6yrihjhvlnory465ys7sv65qvnv9sir8zwrnvzukku4yjh7wj9kvsjl8h99i8vwh5497xl7h9pm8iksppwtion7xksw4hxuko6ou558yupvvt45rit5tuu6p5qwl5j4yqt67ntqpzo9ozi9khxnxhrwp7sou8n4xqjt5vuzzq4h5ys4mhhovl7u6okolv4xyujoqhunornrj75zm6sxnhq6x78uutztkk5wyov9j5kmlosonpxn99url4llq8xh7wrijxk49uz4qrivjopskkwhr5jztxszwo9uj7inownyin4tmzizphmkmj7859r9wwwppqy4jj574sj5zsninyni8yx6u4m749l6w7ytlhrunj89quor45l5xyo48qipy7t766ls6uhjq6vow6tp9u4ohl4pszr9x6otmlxpmzsok656suir9tnksp5qxnnovro98o9x75sly54ryuhxl8my8pkjq77s8j89smuyo9yhs99wz9roiwymlrp7tmjuiuzpoq9vqsyr7kq8uhl6o4kwt48vim9oyqino8tl6t8nwuos7zimynpy64pipsjotmkmnpwjhr4ysivmjp5qmqu99x7yyht7v5l7o4nz5utjrhp7lii499q4j44hyusn46mqv64q8lnmuplj5jpiot8mmtk6hl5owkn6tz89x4lilrhjpzikw6xj8nirtxzynrmhtk7o6zn6yno8znwmttrktsrilk47tt6xpmm6mtpmzn5uwhm6yst46vjtlq9n4m77556i8un7hu4uorh5jmtmwj7y7zzzou8m8mm89qzjsvzqz4jj66vthvr8z86l4nto4lis6vqljszouvskj8mp7vnyqpulwrhjzkwn5yz5k5lm9n7tnwnq6x76w6rlh848l7s44pl985898onj6ui8jsyup7tow6io47vomlj7jilj9nmjv6ojsx9hzqns7khhnkr5p5zjm5v9rxpinnj5u67ih4ts78xnuhzji9lql4lxiikw7i94r6vvvitzop8q4w644ru68mriuki6xh6s9qi4i57xtrzhkromz746y 9k88sqj7qjjz 9k88sqj7qjjz

Not Before

06/12/2012, 19:09

Not After

31/12/2039, 23:59

Subject

CN=y5z5qqtiilvzqo6puksy8pumx5un7kv4ttr966l4h7wwxo6hrsq6ujy4p9ui596py9okmk7zlwsw97ww9pwwrjx9ilsninutyrnhxiwtloqiu6kry5jm9rylh4nouru677tq448j66htiqlp78jimq8qumk44psyyppo76sshklwy9nhjvk4v4ll9xvrynz8wvu8ypp8u4hnnw4x4ukji6k6yppl78xkjqhwswx4nq9p9z4mruk8nlnrjmvjpqlwyrj5isnxjuyi4jmmvlwpn4ysvquqyjjl9mnk4kzihvnz76y85hktwjslww6sihhsupqrumsi975zpxznzs44u7qwy4t4iqlw9jtvyzwshyh4rsvxh5y4xt8mpswk785t85iznlkvjkwvjylqpqsjlruokpynn44ykyxkwpzuqnzh7mqnpn6w55nzv7rnsr5po5ol5t9h7h5n5lz44u9o7ihjqt7ml5pnklltrnkr4ostqoxkqllplhttjurt4ow8sz54rym4m4xjxtnlhhjhhhk7tkuvivyvin97solzqmwynpsot6z5nxmzmtlhr5q84tz8x8wyul77ov9ywplonh4mhvtx4vottjtix67w7jnwttojpjhp9wvkxq7ru44pjv5wx4okzs569zyhtwhz7pmi9zjqw5hnuqxkq44wrs65usltknly8rkh5rj5ws8y47lnjpi9npj5qhxplq7rxwq69hmls6ny5p76uqy6xmrpopx7xkzojh8iqj98zwthx7u6imhuhkh9xyxovyw76kux9mn7vy8jrxkrtul948rwo5zmiiy8h7wtyxk6uuw8jui6ms9zrupkv48jmktomvt8v4h858sn8t5ukvljsw6zrj98l5y9x9njvyxnhi9s9nqlyzk7q6nvowprj4qkhlyx4u9msvyttu7s6pk454mlk4p7kz4lu4rinoln5rykw84ojik7o5uitliqwltv9y7pk77jqjiwyh45tkhlupt9rhqvzwr8xnnlvk6t8rs97j6lwjojkxs5r58z6ryjqns8yzmt6ws6wvq5t7o657lxxtl6m54iu7nw4pokhpqvkw6n68mpnkyxzrmvlhp6hym8hr444woj7rlmz89hoqom5qlmmjp6mxvlysv5i8jhm9ru8kmhwuv5xsyxxikrkktpj586qksvwnimvislkpplqoruh4mll95ivzpyyu54tjzrt488wu4j65xj4jr6sqlwtpvkuzqkqnss8xyth4ovostnqy7ps7h9nzyp97k75rt6yuwultvzu75vrniznvv4n5itvr7hokpmkvmujkw78spotltmt54mhvo9sonht66plr8wziyurwtokholpstn8yopoztjhhjlkk8titpmptujihvjqzmtw7nmmtzjs7t5hjlvkvqyxqs77t8y7opkv4wthy9vuyyunlq7io897ljvquk5vl7iq5km666zhsxz7whn6yrihjhvlnory465ys7sv65qvnv9sir8zwrnvzukku4yjh7wj9kvsjl8h99i8vwh5497xl7h9pm8iksppwtion7xksw4hxuko6ou558yupvvt45rit5tuu6p5qwl5j4yqt67ntqpzo9ozi9khxnxhrwp7sou8n4xqjt5vuzzq4h5ys4mhhovl7u6okolv4xyujoqhunornrj75zm6sxnhq6x78uutztkk5wyov9j5kmlosonpxn99url4llq8xh7wrijxk49uz4qrivjopskkwhr5jztxszwo9uj7inownyin4tmzizphmkmj7859r9wwwppqy4jj574sj5zsninyni8yx6u4m749l6w7ytlhrunj89quor45l5xyo48qipy7t766ls6uhjq6vow6tp9u4ohl4pszr9x6otmlxpmzsok656suir9tnksp5qxnnovro98o9x75sly54ryuhxl8my8pkjq77s8j89smuyo9yhs99wz9roiwymlrp7tmjuiuzpoq9vqsyr7kq8uhl6o4kwt48vim9oyqino8tl6t8nwuos7zimynpy64pipsjotmkmnpwjhr4ysivmjp5qmqu99x7yyht7v5l7o4nz5utjrhp7lii499q4j44hyusn46mqv64q8lnmuplj5jpiot8mmtk6hl5owkn6tz89x4lilrhjpzikw6xj8nirtxzynrmhtk7o6zn6yno8znwmttrktsrilk47tt6xpmm6mtpmzn5uwhm6yst46vjtlq9n4m77556i8un7hu4uorh5jmtmwj7y7zzzou8m8mm89qzjsvzqz4jj66vthvr8z86l4nto4lis6vqljszouvskj8mp7vnyqpulwrhjzkwn5yz5k5lm9n7tnwnq6x76w6rlh848l7s44pl985898onj6ui8jsyup7tow6io47vomlj7jilj9nmjv6ojsx9hzqns7khhnkr5p5zjm5v9rxpinnj5u67ih4ts78xnuhzji9lql4lxiikw7i94r6vvvitzop8q4w644ru68mriuki6xh6s9qi4i57xtrzhkromz746y 9k88sqj7qjjz 9k88sqj7qjjz

Extended Key Usages

ExtKeyUsageCodeSigning

79:6a:26:b6:ff:c8:99:f3:a2:c3:52:4e:dc:96:84:48:fd:3e:d0:b1
Signer

Actual PE Digest

79:6a:26:b6:ff:c8:99:f3:a2:c3:52:4e:dc:96:84:48:fd:3e:d0:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
OpenEventW
QueryPerformanceCounter
SetEvent
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForMultipleObjects
LocalFree
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenA
lstrlenW
ReadFile
LoadLibraryA
LocalAlloc
GetWindowsDirectoryW
GetVersionExW
GetTickCount
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetStartupInfoA
GetProcAddress
GetNumberFormatW
GetModuleHandleA
GetLastError
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCommandLineW
CreateThread
CreateMutexW
CreateEventW
lstrcatW
CloseHandle

gdi32

GetStockObject

advapi32

RegOpenKeyA
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AddAccessAllowedAce
RegOpenKeyW

msvcrt

__p__fmode
__set_app_type
_except_handler3
__p__commode

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 798B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

255239ee49ac1a0ee089589fcea1f1b3

Code Sign

37:77:aa:64:8a:f8:97:8a:4e:59:53:96:61:b7:9f:afCertificate

Extended Key Usages

79:6a:26:b6:ff:c8:99:f3:a2:c3:52:4e:dc:96:84:48:fd:3e:d0:b1Signer

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 164KB - Virtual size: 164KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 1024B - Virtual size: 798B

37:77:aa:64:8a:f8:97:8a:4e:59:53:96:61:b7:9f:af
Certificate

79:6a:26:b6:ff:c8:99:f3:a2:c3:52:4e:dc:96:84:48:fd:3e:d0:b1
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 164KB - Virtual size: 164KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 1024B - Virtual size: 798B