2d83c7d37e34471e040c4235efe26813_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d83c7d37e34471e040c4235efe26813_JaffaCakes118
Size

221KB
MD5

2d83c7d37e34471e040c4235efe26813
SHA1

02b614449436c7bdb9dd6cc98472d6344e2e3b57
SHA256

a4ad26b0fdef129e915e2f0c54e652e5ad5c47b5cb456388893f402e9148f536
SHA512

2043d5aac573e71986ff1eae7bc6a611be9e6a422b737e54540f4dea9df68e79623270473443844366e5d6baacc526ae2a15aa0fe01640808741f9562b4b2118
SSDEEP

3072:WmPuIDBayr1iE7YGrsrpVhizsexQh3e0uFyO32FJHvex6oW:WMuIVayhiEMGrsjwA3e7FN32FBdF

Score

1^/10

Malware Config

Signatures

Files

2d83c7d37e34471e040c4235efe26813_JaffaCakes118
.dll windows:5 windows x86 arch:x86

11e0ce1be130e74800309c765a9f5be6

Code Sign

05:a8:88:e0:a0:c1:17:5e:bb:58:a1:14:23:ad:53:d1
Certificate

Issuer

CN=TR34fRGrpEtFmg3FNV2DaHMMHUQmj2wIPE75uQ21OEmfn35u55IvBHhwUBrqTS33GSqDgNS34DXIlPxPyqyO2XrMWVSES2dP1ZRi4qjxn8RC3zNJmQ5eGUhR2pU5jDNWumCOWQb91CXAKB4SBb7xoowLtrxXHfpVKg86vC8cgsnqjIiFu7JIuCI9yl3GdPnXuP9bNFAEsVy655d5dikUPgbhDmZMpLPRrcEfulKaWcbIWfnN1gxpQmZa5BfWuPIbmjYGJpDZ8nhAlc5aaqjCrm4nh8V27dH114H1eZY7pq66dkp8YaQa591dHRs4xuhcfgETdIl6ggcR3qflLGGMLXjBLGwctFIdSBYbqw4d8GpDRHe7Uczo1wb72l6Ke839OI7ObMgnzpQidKNnOIz3TSBZXusdCH6OX6KYgiN963VTaAaJSe2XYwnaaG8dXBsEgaSW4fnKi9kFkEktACAxpm48drUxbsxIGgLcres5L6YYQI3vpF8j

Not Before

03/11/2012, 06:32

Not After

31/12/2039, 23:59

Subject

CN=TR34fRGrpEtFmg3FNV2DaHMMHUQmj2wIPE75uQ21OEmfn35u55IvBHhwUBrqTS33GSqDgNS34DXIlPxPyqyO2XrMWVSES2dP1ZRi4qjxn8RC3zNJmQ5eGUhR2pU5jDNWumCOWQb91CXAKB4SBb7xoowLtrxXHfpVKg86vC8cgsnqjIiFu7JIuCI9yl3GdPnXuP9bNFAEsVy655d5dikUPgbhDmZMpLPRrcEfulKaWcbIWfnN1gxpQmZa5BfWuPIbmjYGJpDZ8nhAlc5aaqjCrm4nh8V27dH114H1eZY7pq66dkp8YaQa591dHRs4xuhcfgETdIl6ggcR3qflLGGMLXjBLGwctFIdSBYbqw4d8GpDRHe7Uczo1wb72l6Ke839OI7ObMgnzpQidKNnOIz3TSBZXusdCH6OX6KYgiN963VTaAaJSe2XYwnaaG8dXBsEgaSW4fnKi9kFkEktACAxpm48drUxbsxIGgLcres5L6YYQI3vpF8j

Extended Key Usages

ExtKeyUsageCodeSigning

4d:4b:36:ab:b6:20:1a:65:cd:44:03:d7:23:29:90:22:49:8b:bf:33
Signer

Actual PE Digest

4d:4b:36:ab:b6:20:1a:65:cd:44:03:d7:23:29:90:22:49:8b:bf:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
TerminateProcess
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameW
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CreateFileW
GetSystemTime
LoadLibraryA
GetProcAddress

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

EnumServiceGroupW
WriteEncryptedFileRaw
UnlockServiceDatabase
TrusteeAccessToObjectW
SystemFunction020
SystemFunction013
SystemFunction011
SystemFunction002
SetUserFileEncryptionKey
SetSecurityInfoExA
SetSecurityDescriptorGroup
SetNamedSecurityInfoA
SetFileSecurityA
RegisterTraceGuidsW
RegisterEventSourceW
RegSetValueW
RegQueryValueA
RegNotifyChangeKeyValue
RegEnumKeyA
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyW
AbortSystemShutdownA
AddUsersToEncryptedFile
AreAnyAccessesGranted
BackupEventLogA
BackupEventLogW
BuildImpersonateTrusteeA
BuildSecurityDescriptorW
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
ChangeServiceConfig2A
ControlTraceW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSidToStringSidW
CopySid
CreatePrivateObjectSecurityEx
CryptDuplicateKey
CryptGetHashParam
CryptSetProviderA
CryptSetProviderExW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
DeleteAce
DestroyPrivateObjectSecurity
DuplicateTokenEx
ElfOpenBackupEventLogW
ElfOpenEventLogA
ElfRegisterEventSourceW
EncryptionDisable
RegCloseKey
FileEncryptionStatusW
GetAccessPermissionsForObjectW
GetCurrentHwProfileA
GetEffectiveRightsFromAclW
GetFileSecurityW
GetLengthSid
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetServiceDisplayNameA
GetSidSubAuthorityCount
GetTraceEnableFlags
GetTrusteeTypeW
InitiateSystemShutdownExA
LookupPrivilegeNameW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClose
LsaCreateTrustedDomain
LsaEnumerateAccountsWithUserRight
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaLookupPrivilegeName
LsaOpenAccount
LsaOpenSecret
LsaRemoveAccountRights
LsaSetSecret
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmW
OpenEncryptedFileRawW
QueryRecoveryAgentsOnEncryptedFile

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11e0ce1be130e74800309c765a9f5be6

Code Sign

05:a8:88:e0:a0:c1:17:5e:bb:58:a1:14:23:ad:53:d1Certificate

Extended Key Usages

4d:4b:36:ab:b6:20:1a:65:cd:44:03:d7:23:29:90:22:49:8b:bf:33Signer

Headers

File Characteristics

Imports

kernel32

comdlg32

advapi32

ole32

Sections

.text Size: 3KB - Virtual size: 3KB

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 167KB - Virtual size: 167KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 196B

.rsrc Size: 1024B - Virtual size: 632B

.reloc Size: 1KB - Virtual size: 1KB

05:a8:88:e0:a0:c1:17:5e:bb:58:a1:14:23:ad:53:d1
Certificate

4d:4b:36:ab:b6:20:1a:65:cd:44:03:d7:23:29:90:22:49:8b:bf:33
Signer

.text
Size: 3KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 167KB - Virtual size: 167KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 196B

.rsrc
Size: 1024B - Virtual size: 632B

.reloc
Size: 1KB - Virtual size: 1KB