2d553956b081e279df6d464fa9ec76a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d553956b081e279df6d464fa9ec76a1_JaffaCakes118
Size

199KB
MD5

2d553956b081e279df6d464fa9ec76a1
SHA1

678695381d9e533d8cfeace10b088f541f002edb
SHA256

16992aa2439b501d5d671af7c50b929c020627ed41864ec8701b8aabb8a94aed
SHA512

3d036d1528c70676c578d6d701cd153b690e3535d3b76762ac59d7da57894ab8a316378c4ed31b9ea23e1861a53862158639a2fa3c16e2d38d3fe35bc02e0c8a
SSDEEP

6144:xK2JNQQ714ClRkj2h0wCRoBP4wdM0x6/XR8:xb928Rph0zoB1dMW6

Score

1^/10

Malware Config

Signatures

Files

2d553956b081e279df6d464fa9ec76a1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6d79abc773cafe2a931aed55f23ffde0

Code Sign

40:e8:c8:0e:05:e3:76:47:bd:55:6a:83:7c:7c:15:e8
Certificate

Issuer

CN=t34ywervywe4

Not Before

23/02/2012, 09:30

Not After

31/12/2039, 23:59

Subject

CN=t34ywervywe4

Extended Key Usages

ExtKeyUsageCodeSigning

11:c3:9e:85:12:05:ef:c0:98:0a:b1:75:46:fd:56:57:8e:b1:95:f5
Signer

Actual PE Digest

11:c3:9e:85:12:05:ef:c0:98:0a:b1:75:46:fd:56:57:8e:b1:95:f5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalGetAtomNameA
GlobalMemoryStatusEx
Heap32ListFirst
HeapLock
HeapSize
InterlockedExchangeAdd
IsDBCSLeadByteEx
IsValidCodePage
LocalFileTimeToFileTime
LocalFree
LocalShrink
MapViewOfFile
MapViewOfFileEx
Module32First
MoveFileW
MoveFileWithProgressA
OpenFile
OpenSemaphoreW
PeekNamedPipe
PostQueuedCompletionStatus
PulseEvent
PurgeComm
RaiseException
GetTickCount
ResetEvent
SetCalendarInfoW
SetConsoleCursor
SetConsoleDisplayMode
SetCurrentDirectoryA
SetEnvironmentVariableA
SetEvent
SetFileApisToOEM
SetFileAttributesA
SetMailslotInfo
SetMessageWaitingIndicator
SetProcessAffinityMask
SetProcessShutdownParameters
SetThreadLocale
SetVolumeMountPointA
UnmapViewOfFile
VerifyVersionInfoW
VirtualProtect
VirtualProtectEx
WaitCommEvent
WaitNamedPipeA
lstrcpy
GetThreadTimes
GetThreadPriorityBoost
GetTapePosition
GetProfileStringW
GetProcessWorkingSetSize
GetProcAddress
GetPrivateProfileStructA
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntA
GetLongPathNameW
GetLogicalDriveStringsW
GetLargestConsoleWindowSize
GetHandleInformation
GetFileInformationByHandle
GetExitCodeProcess
GetEnvironmentVariableW
GetCurrentProcessId
GetConsoleCP
GetConsoleAliasExesW
VirtualAlloc
GetConsoleAliasExesLengthA
GetConsoleAliasA
GetCompressedFileSizeW
GetCPInfoExW
GetAtomNameA
FlushFileBuffers
FindResourceExW
FindNextVolumeW
FindNextFileW
FindFirstVolumeMountPointA
FindAtomA
FileTimeToSystemTime
FatalExit
EnumSystemLocalesW
EnumSystemLanguageGroupsA
EnumResourceNamesA
EnumDateFormatsExW
EnumDateFormatsA
EnterCriticalSection
DuplicateHandle
CreateWaitableTimerW
CreateRemoteThread
CreateProcessW
CreateMailslotA
CreateHardLinkW
CommConfigDialogW
ChangeTimerQueueTimer
BuildCommDCBA
BeginUpdateResourceA
BackupSeek
AddConsoleAliasA
GetWindowsDirectoryA
lstrlenA
lstrcpyA
CreateFileA
ExitProcess
ReadConsoleW

advapi32

RegOpenKeyExW

ole32

OleFlushClipboard
OleInitializeWOW
OleIsRunning
OleLoadFromStream
OleLockRunning
OleRegGetUserType
OleSetClipboard
OleSetContainedObject
OleTranslateAccelerator
PropVariantCopy
ReadClassStm
ReadOleStg
RegisterDragDrop
SNB_UserUnmarshal
STGMEDIUM_UserFree
SetConvertStg
SetDocumentBitStg
StgCreatePropSetStg
StgCreateStorageEx
StgGetIFillLockBytesOnFile
StgOpenStorage
StgOpenStorageOnILockBytes
StringFromCLSID
StringFromGUID2
StringFromIID
UtConvertDvtd16toDvtd32
UtConvertDvtd32toDvtd16
UtGetDvtd16Info
WdtpInterfacePointer_UserMarshal
WriteOleStg
OleDestroyMenuDescriptor
OleCreateLinkToFile
OleCreateFromData
OleCreateEmbeddingHelper
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
MonikerCommonPrefixWith
HkOleRegisterObject
HWND_UserSize
HWND_UserMarshal
HPALETTE_UserUnmarshal
HMETAFILE_UserSize
HMENU_UserFree
HGLOBAL_UserSize
HGLOBAL_UserFree
HENHMETAFILE_UserSize
HDC_UserFree
HBITMAP_UserMarshal
HBITMAP_UserFree
HACCEL_UserSize
HACCEL_UserMarshal
GetHGlobalFromStream
CreateStdProgressIndicator
CreatePointerMoniker
CreateOleAdviseHolder
CreateDataAdviseHolder
CreateAntiMoniker
CoUnmarshalInterface
CoUninitialize
CoTreatAsClass
CoTestCancel
CoSetCancelObject
CoRevokeClassObject
CoRegisterSurrogateEx
CoRegisterSurrogate
CoQueryClientBlanket
CoQueryAuthenticationServices
CoMarshalHresult
CoLockObjectExternal
CoInstall
CoInitialize
CoGetTreatAsClass
CoGetObject
CoGetMalloc
CoGetInstanceFromFile
CoGetCallerTID
CoEnableCallCancellation
CoCreateObjectInContext
CoCreateFreeThreadedMarshaler
CoBuildVersion
CoAllowSetForegroundWindow
CoAddRefServerProcess
CLSIDFromString
CLIPFORMAT_UserMarshal
BindMoniker
CoMarshalInterThreadInterfaceInStream

comctl32

CreatePropertySheetPageW
CreateStatusWindow
ord7
ord16
DestroyPropertySheetPage
ord15
DrawStatusText
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollProp
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_ShowScrollBar
ord4
ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
CreatePropertySheetPage
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Duplicate
ImageList_GetBkColor
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageRect
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetFilter
ImageList_SetImageCount
ImageList_Write
ord17
InitCommonControlsEx
InitMUILanguage
ord13
PropertySheet
PropertySheetA
PropertySheetW
UninitializeFlatSB
_TrackMouseEvent
ImageList_Draw
ord8

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text7
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tex5t2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d79abc773cafe2a931aed55f23ffde0

Code Sign

40:e8:c8:0e:05:e3:76:47:bd:55:6a:83:7c:7c:15:e8Certificate

Extended Key Usages

11:c3:9e:85:12:05:ef:c0:98:0a:b1:75:46:fd:56:57:8e:b1:95:f5Signer

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

comctl32

Sections

.text Size: 9KB - Virtual size: 8KB

.text7 Size: 181KB - Virtual size: 181KB

.data Size: 512B - Virtual size: 124B

.tex5t2 Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

40:e8:c8:0e:05:e3:76:47:bd:55:6a:83:7c:7c:15:e8
Certificate

11:c3:9e:85:12:05:ef:c0:98:0a:b1:75:46:fd:56:57:8e:b1:95:f5
Signer

.text
Size: 9KB - Virtual size: 8KB

.text7
Size: 181KB - Virtual size: 181KB

.data
Size: 512B - Virtual size: 124B

.tex5t2
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB