259925e889414c91171fda87b993e3e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

259925e889414c91171fda87b993e3e0_JaffaCakes118
Size

472KB
MD5

259925e889414c91171fda87b993e3e0
SHA1

3a7997d12a3e82763603b899e30efeed5283ee92
SHA256

4e2e2cc00247979599326a11d82efc2eb9b348a3e690e7ac10014a80c745a0ca
SHA512

040a5df1c65dd24f018563f8d7c25d231e9f999a54e72bdc59dbb5c526ff4d966edaf0d583b1c3ac0ded62bea5a5172fc69df2bf0ccda032ad8e79adcacf5da3
SSDEEP

12288:02vuWBn9ag2KmFg1ydntMYGShnVI3jy1pu:0Qu29Eb98asjym

Score

1^/10

Malware Config

Signatures

Files

259925e889414c91171fda87b993e3e0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

86901ef1e8eb1d7c86f0686b07fae70d

Code Sign

5b:be:a6:af:c9:41:b1:ab:40:d3:fb:92:00:39:36:2a
Certificate

Issuer

CN=AIJRQTPHNHRQRXSYJZNZMDZDFPEWFOXWORLOLDLMUQCUCZLGUZDSLMUTHGGMBWHWWLJSGOXEHBJCICYKYYZDAOKZJNTCIWSRZTYVAMCNUWYGMWPPKNOCZLTIDOIXOJVKXQIWERTJXESAKJNTUEOQOSNAGOYJQQFVUBXWUKLGLARMGAPKRHAXNGFUNLUAEICFTXIDIHOHCJFTXSNTSGIEEKAGSEKQFNQRZYNZYIGISCADRRUROFZZIXZLQOPCJQQVPUUBFALVBAACKPPQZHXWJXZGDIJKSOSBXCPYFDVZBTJGNNAVRPGSFYOBACCVZPIKCHUPRAWMOXPKXZVCKZLJHZCBHLMQHJQLNUJAUGWVNYMLAVPYZIFZOJUZVTIJKARMLWTIGZXCVIBMWJTLGKNUMYNFQLXSOBDOFTNYJPTBNIRUYHJKCVSFDUBYQSQMNIQHGORGWAADODYSIRMIJEIVANXVYUIQQELWYHJZDNEJBXTVPCSHAYEHHEHHOSAITIRISWCXYVIMAQHWVLPBZMKOMCJJPLZWFWGFBCQYUZLXPGARRAKBHBKQVBXUEWVRXJTTNTZGMOGQXQSHHPFIXWXRYJOXLUMIJSTXOLNCNJHJDMIXLGWRYAVBCNUUQXCRLHJEUTVWWVWLMLEWIPXKMNLIZQSAWUBNSVQVUDVDAQBXDCXPSNVPOHGBWBHAMAEAFLKSFWQSBWSJLXIVWLTZKBDCQRJTSXJJMTFJSITLOCNEPEPIRBSXEQDLNSKWWWAYPRKZZPXJOHVIAHDCMPJJBPPEMVSQHBQIGQDJSVCRSTWKZISEEOHAHNGQWALBJRBENIHBSYPUGGRTYLGYDAUFEUZFQULSMSLJDAPESXBEUYZGHOBTJHZXZTANFAJXCCGXHGNPPKGNPLIOMQRFJERUBSWHPYROQTCXUBISEGJRLQBWZMYCCXNDTTIMJFOFQJZUWUBRHZVPOZHDHTZGEBAWMAKDNZBEQREYJIOGYEIMVFXYACDUPRJPRKMLRRXIDEFCPVKXZFWNPOPMRBEWBDNQUVEVYFSEUJYYLXZSLKQHSOVQWBAXQHGVHBKUZXVYEQKMJQMLIAHIPHUZHKXKAJEVTUIBYMJOZIZUGKVLQFOLGDNQPJIBLAOVQPLKOZFMWNKEOCTVMZQNCWWNLBDSQGPSQAMXBZCWNLPAIXUHYHVQDUIDPOKIVNDBGKMRGJLQUZSXCOFGCBXCZMIPUWNCVSXAFDTBKNOFIEJOWACRFZSFPYATWUBHZBINEJXNJEMTBTGVIWHGKTOOSSHCPDAJDGQZVGTRNLYCTLNVNWLJXYXWIOVSWOPZSIXRYVNHTWQQHYLRDIZZZBPAFTELPRGXPVYJHBPINLXOOSSUIZCUYNSYNZORQYUAHOHNQSSXTNXPOHGRXWSBBNOXZHBOZUGMSXJIUPXGYWOEFYEYANRUSJVEVENUPNZMLNHOSJKTCQPKMZAMNUMOHDKGXLMVNIPMMMZRFOVAVMOZMNOGSAMSEVNUNMKTUJZYLIFTHQYSFHRJFRTIKYTDVJQPMXLHLPHRKZLPVAYUVOBNTLACZQELSPNPGWOTPZBNAUYQWZEFWZNGHQXYKQLWIGGYRUMGLJYMMLTWKRJFZWSWXCHMAXZIGYCWFRTLCNBSNCT

Not Before

19/12/2012, 05:21

Not After

31/12/2039, 23:59

Subject

CN=AIJRQTPHNHRQRXSYJZNZMDZDFPEWFOXWORLOLDLMUQCUCZLGUZDSLMUTHGGMBWHWWLJSGOXEHBJCICYKYYZDAOKZJNTCIWSRZTYVAMCNUWYGMWPPKNOCZLTIDOIXOJVKXQIWERTJXESAKJNTUEOQOSNAGOYJQQFVUBXWUKLGLARMGAPKRHAXNGFUNLUAEICFTXIDIHOHCJFTXSNTSGIEEKAGSEKQFNQRZYNZYIGISCADRRUROFZZIXZLQOPCJQQVPUUBFALVBAACKPPQZHXWJXZGDIJKSOSBXCPYFDVZBTJGNNAVRPGSFYOBACCVZPIKCHUPRAWMOXPKXZVCKZLJHZCBHLMQHJQLNUJAUGWVNYMLAVPYZIFZOJUZVTIJKARMLWTIGZXCVIBMWJTLGKNUMYNFQLXSOBDOFTNYJPTBNIRUYHJKCVSFDUBYQSQMNIQHGORGWAADODYSIRMIJEIVANXVYUIQQELWYHJZDNEJBXTVPCSHAYEHHEHHOSAITIRISWCXYVIMAQHWVLPBZMKOMCJJPLZWFWGFBCQYUZLXPGARRAKBHBKQVBXUEWVRXJTTNTZGMOGQXQSHHPFIXWXRYJOXLUMIJSTXOLNCNJHJDMIXLGWRYAVBCNUUQXCRLHJEUTVWWVWLMLEWIPXKMNLIZQSAWUBNSVQVUDVDAQBXDCXPSNVPOHGBWBHAMAEAFLKSFWQSBWSJLXIVWLTZKBDCQRJTSXJJMTFJSITLOCNEPEPIRBSXEQDLNSKWWWAYPRKZZPXJOHVIAHDCMPJJBPPEMVSQHBQIGQDJSVCRSTWKZISEEOHAHNGQWALBJRBENIHBSYPUGGRTYLGYDAUFEUZFQULSMSLJDAPESXBEUYZGHOBTJHZXZTANFAJXCCGXHGNPPKGNPLIOMQRFJERUBSWHPYROQTCXUBISEGJRLQBWZMYCCXNDTTIMJFOFQJZUWUBRHZVPOZHDHTZGEBAWMAKDNZBEQREYJIOGYEIMVFXYACDUPRJPRKMLRRXIDEFCPVKXZFWNPOPMRBEWBDNQUVEVYFSEUJYYLXZSLKQHSOVQWBAXQHGVHBKUZXVYEQKMJQMLIAHIPHUZHKXKAJEVTUIBYMJOZIZUGKVLQFOLGDNQPJIBLAOVQPLKOZFMWNKEOCTVMZQNCWWNLBDSQGPSQAMXBZCWNLPAIXUHYHVQDUIDPOKIVNDBGKMRGJLQUZSXCOFGCBXCZMIPUWNCVSXAFDTBKNOFIEJOWACRFZSFPYATWUBHZBINEJXNJEMTBTGVIWHGKTOOSSHCPDAJDGQZVGTRNLYCTLNVNWLJXYXWIOVSWOPZSIXRYVNHTWQQHYLRDIZZZBPAFTELPRGXPVYJHBPINLXOOSSUIZCUYNSYNZORQYUAHOHNQSSXTNXPOHGRXWSBBNOXZHBOZUGMSXJIUPXGYWOEFYEYANRUSJVEVENUPNZMLNHOSJKTCQPKMZAMNUMOHDKGXLMVNIPMMMZRFOVAVMOZMNOGSAMSEVNUNMKTUJZYLIFTHQYSFHRJFRTIKYTDVJQPMXLHLPHRKZLPVAYUVOBNTLACZQELSPNPGWOTPZBNAUYQWZEFWZNGHQXYKQLWIGGYRUMGLJYMMLTWKRJFZWSWXCHMAXZIGYCWFRTLCNBSNCT

Extended Key Usages

ExtKeyUsageCodeSigning

5d:6e:73:4b:57:de:68:f0:41:61:33:70:a0:44:37:df:1c:87:31:1d
Signer

Actual PE Digest

5d:6e:73:4b:57:de:68:f0:41:61:33:70:a0:44:37:df:1c:87:31:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedExchange
FreeResource
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MoveFileA
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
RtlUnwind
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile
WritePrivateProfileSectionA
WritePrivateProfileStringA
_lclose
_llseek
_lread
_lwrite
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindResourceExA
FindFirstFileA
FindClose
ExitProcess
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateProcessA
CreateFileMappingA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
IsDBCSLeadByte
VirtualAlloc

user32

GetParent
GetSystemMetrics
GetWindowLongA
GetWindowRect
IsDlgButtonChecked
LoadStringA
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
PostMessageA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetWindowLongA
wsprintfA
GetDlgItem
GetDC
EnableWindow
CheckRadioButton
CheckDlgButton
CharPrevA
CharNextA
CallWindowProcA
BeginPaint
GetClientRect
EndPaint
PostQuitMessage
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
GetDlgItemTextA

gdi32

DeleteObject
CreateEnhMetaFileA
GetObjectA
MoveToEx
Rectangle
LineTo
CreateFontIndirectA
CloseEnhMetaFile
DeleteEnhMetaFile
GetEnhMetaFileA
PlayEnhMetaFile
GetDeviceCaps
GetStockObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyW

comctl32

CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86901ef1e8eb1d7c86f0686b07fae70d

Code Sign

5b:be:a6:af:c9:41:b1:ab:40:d3:fb:92:00:39:36:2aCertificate

Extended Key Usages

5d:6e:73:4b:57:de:68:f0:41:61:33:70:a0:44:37:df:1c:87:31:1dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

comctl32

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 415KB - Virtual size: 414KB

.rsrc Size: 41KB - Virtual size: 40KB

5b:be:a6:af:c9:41:b1:ab:40:d3:fb:92:00:39:36:2a
Certificate

5d:6e:73:4b:57:de:68:f0:41:61:33:70:a0:44:37:df:1c:87:31:1d
Signer

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 415KB - Virtual size: 414KB

.rsrc
Size: 41KB - Virtual size: 40KB