15a12ff9f8cb40978a43f1d23dad1672_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

15a12ff9f8cb40978a43f1d23dad1672_JaffaCakes118
Size

200KB
MD5

15a12ff9f8cb40978a43f1d23dad1672
SHA1

27ce97a79ded2dcd482567a0ba46cd5e2c1ed45e
SHA256

dcf884e20fd358557afd22c9070f8b21eaa0208602ff072a770f6e3b1f78cb92
SHA512

938d406eeecaa4c3e424e528b44a843ee2604cfa41a1549c0e6eed4ec73c21dfe9e1fb7e46297aea311be6b2ae29993b79a22ebf15a3e15041a66f62dc8c335f
SSDEEP

3072:nq1cl9g3teCb5oR/V9BHCekSlZjqMcCDBRHnCKq5C+lKblGn2L8vk9ziUdM4ITK/:IECijHCAlZjtHCK0DKBGn2gcxMH+VC0

Score

1^/10

Malware Config

Signatures

Files

15a12ff9f8cb40978a43f1d23dad1672_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f209a971023ceac9d193ababe0fb1c91

Code Sign

0e:a9:50:eb:e4:01:c1:b8:40:d1:ef:7c:0b:af:64:3b
Certificate

Issuer

CN=rMwsnI7xLNMUIb9

Not Before

04-04-2012 12:26

Not After

31-12-2039 23:59

Subject

CN=rMwsnI7xLNMUIb9

Extended Key Usages

ExtKeyUsageCodeSigning

b5:95:d2:e1:0f:1a:57:34:1f:7e:4d:7a:c0:9b:29:96:2f:66:7d:87
Signer

Actual PE Digest

b5:95:d2:e1:0f:1a:57:34:1f:7e:4d:7a:c0:9b:29:96:2f:66:7d:87

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
VirtualAlloc
IsDebuggerPresent

gdi32

GetStockObject

comdlg32

GetSaveFileNameA
ChooseColorA
ChooseColorW
ChooseFontA
ChooseFontW
ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextW
FindTextA

advapi32

RegOpenKeyW

ole32

OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleCreateDefaultHandler
OleCreateEmbeddingHelper
OleCreateEx
OleCreateFromDataEx
OleCreateFromFile
OleCreateFromFileEx
OleCreateLinkToFile
OleConvertIStorageToOLESTREAM
OleDoAutoConvert
OleGetAutoConvert
OleGetIconOfClass
OleInitializeWOW
OleIsRunning
OleLoad
OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
OleRun
OleSaveToStream
OleSetClipboard
OleTranslateAccelerator
PropVariantClear
PropVariantCopy
ReadClassStm
ReadFmtUserTypeStg
ReadStringStream
RevokeDragDrop
SNB_UserFree
SNB_UserMarshal
SNB_UserSize
SNB_UserUnmarshal
SetConvertStg
StgConvertPropertyToVariant
StgConvertVariantToProperty
StgCreateDocfileOnILockBytes
StgOpenStorage
StringFromGUID2
UtGetDvtd16Info
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserUnmarshal
WriteClassStg
WriteOleStg
MonikerCommonPrefixWith
HWND_UserSize
HWND_UserMarshal
HMETAFILE_UserUnmarshal
HMETAFILE_UserMarshal
HMETAFILE_UserFree
HMETAFILEPICT_UserUnmarshal
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserFree
HMENU_UserFree
HICON_UserSize
HICON_UserMarshal
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserFree
HDC_UserUnmarshal
HDC_UserMarshal
HBRUSH_UserMarshal
HBITMAP_UserUnmarshal
HBITMAP_UserSize
HACCEL_UserUnmarshal
GetHGlobalFromStream
GetHGlobalFromILockBytes
GetDocumentBitStg
GetConvertStg
GetClassFile
EnableHookObject
DllDebugObjectRPCHook
DcomChannelSetHResult
CreateStdProgressIndicator
CreateBindCtx
CreateAntiMoniker
CoWaitForMultipleHandles
CoUnmarshalHresult
CoUnloadingWOW
CoUninitialize
CoTestCancel
CoTaskMemAlloc
CoSuspendClassObjects
CoSetProxyBlanket
CoSetCancelObject
CoRevokeMallocSpy
CoRevokeClassObject
CoRevertToSelf
CoReleaseServerProcess
CoRegisterPSClsid
CoRegisterMessageFilter
CoRegisterClassObject
CoReactivateObject
CoQueryReleaseObject
CoQueryProxyBlanket
CoQueryClientBlanket
CoQueryAuthenticationServices
CoMarshalHresult
CoLockObjectExternal
CoLoadLibrary
CoIsOle1Class
CoIsHandlerConnected
CoGetObjectContext
CoGetMarshalSizeMax
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoGetCurrentProcess
CoGetCurrentLogicalThreadId
CoGetCancelObject
CoGetApartmentID
CoFreeAllLibraries
CoFileTimeToDosDateTime
CoEnableCallCancellation
CoDosDateTimeToFileTime
CoDisconnectObject
CoCreateInstanceEx
CoCreateInstance
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoCancelCall
CoBuildVersion
CLSIDFromProgIDEx
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserFree
BindMoniker
OleCreateStaticFromData

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
ord7
CreateToolbarEx
ord16
DestroyPropertySheetPage
ord15
DrawStatusText
CreatePropertySheetPage
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
ord4
GetMUILanguage
ImageList_Add
ord5
ImageList_Replace
ImageList_AddIcon
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
_TrackMouseEvent
UninitializeFlatSB
ord3
PropertySheetW
PropertySheetA
PropertySheet
ord2
ord13
ord14
InitializeFlatSB
InitMUILanguage
InitCommonControlsEx
ord17
ImageList_Write
ImageList_SetOverlayImage
ImageList_SetImageCount
ImageList_SetIconSize
ImageList_SetFilter
ImageList_SetDragCursorImage
ImageList_SetBkColor
ImageList_ReplaceIcon
ord8
ImageList_Remove
ImageList_Read
ImageList_Merge
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_LoadImage
ImageList_GetImageRect
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_GetIcon
ImageList_GetDragImage
ImageList_GetBkColor
ImageList_EndDrag
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f209a971023ceac9d193ababe0fb1c91

Code Sign

0e:a9:50:eb:e4:01:c1:b8:40:d1:ef:7c:0b:af:64:3bCertificate

Extended Key Usages

b5:95:d2:e1:0f:1a:57:34:1f:7e:4d:7a:c0:9b:29:96:2f:66:7d:87Signer

Headers

File Characteristics

Imports

kernel32

gdi32

comdlg32

advapi32

ole32

comctl32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 181KB - Virtual size: 182KB

.data2 Size: 1024B - Virtual size: 1000B

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 2KB

0e:a9:50:eb:e4:01:c1:b8:40:d1:ef:7c:0b:af:64:3b
Certificate

b5:95:d2:e1:0f:1a:57:34:1f:7e:4d:7a:c0:9b:29:96:2f:66:7d:87
Signer

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 181KB - Virtual size: 182KB

.data2
Size: 1024B - Virtual size: 1000B

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 2KB