16580b40e061c7c8fea5fa7900d95f96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16580b40e061c7c8fea5fa7900d95f96_JaffaCakes118
Size

229KB
MD5

16580b40e061c7c8fea5fa7900d95f96
SHA1

8d35fd8719d1e83dd0ba1b64399e872c62a62dfe
SHA256

df76ee05300b1ab76297d7cd18139725909ccae858fc234d3a91254fccb161f2
SHA512

618742df5b66bdebdd03bfdc45cbecf2127f4737e0fb67962d63bfcfa48618ca683da0922876829be74eb31e17993174621368fa72f024ea3e5237f491b0cf44
SSDEEP

3072:G2OTMD46HZAwHslto0idwDbciHwVQQUO/lPW+DPfrze:hPt6NtojwDAiH8aONbDPfrze

Score

1^/10

Malware Config

Signatures

Files

16580b40e061c7c8fea5fa7900d95f96_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a12eaafd4b27cf1f6a98d2322c9f425a

Code Sign

31:64:01:1c:37:78:af:b1:45:cd:8e:8f:85:e8:b3:02
Certificate

Issuer

CN=GHW2

Not Before

22/06/2012, 04:50

Not After

31/12/2039, 23:59

Subject

CN=GHW2

Extended Key Usages

ExtKeyUsageCodeSigning

ed:47:93:b6:61:80:c6:03:67:f9:62:8c:78:c0:9f:61:da:2f:74:90
Signer

Actual PE Digest

ed:47:93:b6:61:80:c6:03:67:f9:62:8c:78:c0:9f:61:da:2f:74:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnumResourceNamesW
EnumSystemLanguageGroupsA
FindNextVolumeMountPointA
FormatMessageA
GetCurrentThreadId
GetModuleHandleA
GetPrivateProfileStringA
GetShortPathNameA
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetTickCount
GetVersionExA
DeleteFileA
LCMapStringW
MoveFileA
MultiByteToWideChar
OpenFileMappingW
OpenMutexW
PrepareTape
SetLastError
SetThreadAffinityMask
SetThreadPriorityBoost
Thread32Next
WriteFileEx
WriteProfileSectionW
VirtualAllocEx
CreateFileW
lstrcatW
GlobalFindAtomW
GetWindowsDirectoryW

user32

EndPaint
BeginPaint
UpdateWindow
ScrollWindow
SetScrollPos
SetScrollRange
ReleaseDC
GetDC
AppendMenuA
CallMsgFilterW
CallWindowProcW
CascadeWindows
ChangeDisplaySettingsW
CharToOemA
CharUpperW
CheckMenuItem
ChildWindowFromPoint
CloseDesktop
CopyAcceleratorTableA
CopyImage
CopyRect
CreateIconFromResourceEx
CreateMDIWindowA
CreatePopupMenu
DdeClientTransaction
DdeCreateStringHandleW
DdeFreeStringHandle
DdePostAdvise
DdeQueryStringW
DdeSetQualityOfService
DeregisterShellHookWindow
DrawStateA
DrawStateW
EndDialog
PostQuitMessage
EnumChildWindows
GetAltTabInfo
GetAsyncKeyState
GetClassLongW
GetClassNameW
GetClipboardOwner
GetClipboardSequenceNumber
GetComboBoxInfo
GetInputState
GetKeyboardLayout
GetLastActivePopup
GetMenuItemID
GetMessageA
GetProcessWindowStation
GetScrollPos
GetScrollRange
GetSubMenu
GetUpdateRect
GetWindowDC
GetWindowLongW
GetWindowRgn
GetWindowThreadProcessId
GetWindowWord
IMPGetIMEA
IMPQueryIMEA
IMPSetIMEW
InSendMessageEx
InsertMenuItemA
IsCharAlphaNumericW
IsCharUpperW
IsDialogMessageA
LoadKeyboardLayoutW
LockWorkStation
MoveWindow
OemToCharBuffW
OemToCharW
OpenWindowStationA
RealChildWindowFromPoint
RegisterDeviceNotificationW
RemoveMenu
ScrollDC
SendDlgItemMessageA
SendMessageCallbackW
SendMessageW
SendNotifyMessageW
SetClassLongW
SetDlgItemTextW
SetForegroundWindow
SetScrollInfo
SetSysColors
SetWindowWord
SystemParametersInfoA
SystemParametersInfoW
TabbedTextOutA
TileWindows
ToAscii
TrackPopupMenuEx
TranslateMessage
UnhookWinEvent
UnhookWindowsHookEx
VkKeyScanA
VkKeyScanExA
WaitForInputIdle
WindowFromDC
DefWindowProcA
LoadIconA
CreateWindowExA
RegisterClassExA
EndMenu

gdi32

GetTextMetricsA
TextOutA

advapi32

RegOpenKeyExA

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data8
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data7
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data6
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data5
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a12eaafd4b27cf1f6a98d2322c9f425a

Code Sign

31:64:01:1c:37:78:af:b1:45:cd:8e:8f:85:e8:b3:02Certificate

Extended Key Usages

ed:47:93:b6:61:80:c6:03:67:f9:62:8c:78:c0:9f:61:da:2f:74:90Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 202KB - Virtual size: 202KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 4KB

.data8 Size: 2KB - Virtual size: 1KB

.data7 Size: 2KB - Virtual size: 1KB

.data6 Size: 2KB - Virtual size: 1KB

.data5 Size: 2KB - Virtual size: 1KB

.data4 Size: 2KB - Virtual size: 1KB

.data3 Size: 2KB - Virtual size: 1KB

.data2 Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

31:64:01:1c:37:78:af:b1:45:cd:8e:8f:85:e8:b3:02
Certificate

ed:47:93:b6:61:80:c6:03:67:f9:62:8c:78:c0:9f:61:da:2f:74:90
Signer

.text
Size: 202KB - Virtual size: 202KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 4KB

.data8
Size: 2KB - Virtual size: 1KB

.data7
Size: 2KB - Virtual size: 1KB

.data6
Size: 2KB - Virtual size: 1KB

.data5
Size: 2KB - Virtual size: 1KB

.data4
Size: 2KB - Virtual size: 1KB

.data3
Size: 2KB - Virtual size: 1KB

.data2
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB