2e897d5b88fcbdfeda7f5775de22f174_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e897d5b88fcbdfeda7f5775de22f174_JaffaCakes118
Size

178KB
MD5

2e897d5b88fcbdfeda7f5775de22f174
SHA1

2584cacba7f2f2bc42c42e2af1d53b8b273c6246
SHA256

72422d7c306e3f414c9b29e6614176a6fe8d15633de93c12f7150003cd0ac433
SHA512

f135a5927b64f407ace13e4525f52244781449f8400dc9c3c0ccc320c46565962603abb41c5974a8688b0fdcc861727e8c87f6a30fe4a3a6f4e307d1dd3b298c
SSDEEP

3072:79he6xMV7j+6oUaxlSTj5zskgxClRqMRHbVGZ5Rd2MVLq+v8s:79he6xkvo5lST5VFf1bVGtdPL

Score

1^/10

Malware Config

Signatures

Files

2e897d5b88fcbdfeda7f5775de22f174_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1ddddcc6f51aed04ac3df3c1a429b15c

Code Sign

06:08:88:49:b5:f4:5c:56:b1:28:0c:1d:a5:0b:cd:a2
Certificate

Issuer

CN=qt4246

Not Before

14/01/2012, 21:25

Not After

31/12/2039, 23:59

Subject

CN=qt4246

Extended Key Usages

ExtKeyUsageCodeSigning

25:05:35:e1:fd:1b:e5:84:8f:86:40:6f:cb:a2:f0:ad:14:39:f3:1a
Signer

Actual PE Digest

25:05:35:e1:fd:1b:e5:84:8f:86:40:6f:cb:a2:f0:ad:14:39:f3:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
CreateFileW
lstrcpyW
lstrlenW
GetWindowsDirectoryW
AreFileApisANSI
BeginUpdateResourceW
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
CloseHandle
CompareStringA
CompareStringW
CopyFileW
CreateDirectoryExW
CreateDirectoryW
CreateJobObjectW
CreateMailslotW
CreateSemaphoreW
CreateToolhelp32Snapshot
DefineDosDeviceA
DeleteVolumeMountPointA
DeviceIoControl
DuplicateHandle
EnumCalendarInfoExA
EnumCalendarInfoExW
EnumResourceLanguagesW
EnumResourceTypesW
EnumSystemCodePagesW
FatalAppExitA
FileTimeToLocalFileTime
FillConsoleOutputCharacterA
FindFirstFileExW
FindNextVolumeMountPointA
FindNextVolumeW
FindResourceExA
FlushFileBuffers
FoldStringA
FormatMessageW
GenerateConsoleCtrlEvent
GetAtomNameA
GetAtomNameW
GetCommMask
GetCompressedFileSizeW
GetConsoleCP
GetConsoleOutputCP
GetDiskFreeSpaceExA
GetExitCodeThread
GetFileAttributesA
ExitProcess
GetLocaleInfoA
GetNumberOfConsoleMouseButtons
GetOEMCP
GetStartupInfoW
GetStdHandle
GetTapeStatus
GetThreadContext
GetTimeFormatW
GetVersionExA
GetWindowsDirectoryA
GlobalUnfix
HeapFree
IsBadCodePtr
IsDebuggerPresent
IsValidLanguageGroup
LoadLibraryExW
LocalLock
LocalShrink
MapViewOfFile
Module32FirstW
OpenEventA
OpenWaitableTimerA
Process32Next
PulseEvent
ReadConsoleA
ReadConsoleOutputCharacterA
ReadConsoleOutputW
RtlFillMemory
SearchPathW
SetCommTimeouts
SetComputerNameA
SetComputerNameExA
SetFileTime
SetInformationJobObject
SetLocalTime
SetSystemTimeAdjustment
SetTapeParameters
SetThreadExecutionState
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualFreeEx
VirtualLock
WritePrivateProfileSectionA
WriteProfileStringW
_llseek
lstrcpyA
lstrcpyn
lstrcpynW
lstrlen
GetLocalTime
VirtualAlloc

user32

CharLowerA
CharNextA
CharUpperA
CharUpperBuffW
ChildWindowFromPointEx
CloseClipboard
CloseWindow
CopyAcceleratorTableA
CopyImage
CountClipboardFormats
CreateIconIndirect
DdeConnectList
DdeEnableCallback
DeferWindowPos
DestroyMenu
DlgDirListA
DlgDirListComboBoxA
DlgDirListComboBoxW
DrawEdge
DrawFocusRect
DrawFrame
DrawStateA
DrawStateW
EmptyClipboard
EnumWindows
FindWindowExA
GetAltTabInfo
GetAncestor
GetCapture
GetCaretBlinkTime
GetClassInfoW
GetClassLongA
GetClipCursor
GetClipboardViewer
GetDialogBaseUnits
GetDlgItemInt
GetKeyboardLayoutNameW
GetLastActivePopup
GetMenuItemID
GetMenuItemRect
GetMenuStringW
GetMessageW
GetParent
GetProcessDefaultLayout
GetScrollRange
GetWindow
GrayStringA
HideCaret
HiliteMenuItem
IMPQueryIMEW
InsertMenuW
IsWindowVisible
KillTimer
LoadCursorFromFileW
LoadMenuIndirectW
LoadStringA
LockSetForegroundWindow
MenuItemFromPoint
MessageBoxIndirectA
OemToCharBuffW
PostMessageW
PostQuitMessage
PostThreadMessageW
RealGetWindowClass
RedrawWindow
RegisterClassW
RegisterDeviceNotificationA
RemoveMenu
ReplyMessage
SendDlgItemMessageW
SendMessageTimeoutA
SendNotifyMessageA
SendNotifyMessageW
SetDebugErrorLevel
SetDlgItemTextW
SetDoubleClickTime
SetMenuItemInfoA
SetParent
SetRectEmpty
SetUserObjectInformationA
SetUserObjectInformationW
SetWindowLongW
SetWindowWord
SetWindowsHookA
SetWindowsHookW
ShowScrollBar
SystemParametersInfoA
TabbedTextOutA
ToAsciiEx
TranslateAccelerator
UpdateLayeredWindow
WINNLSGetIMEHotkey
WindowFromPoint
BroadcastSystemMessageW
CascadeChildWindows

advapi32

RegOpenKeyExW

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ddddcc6f51aed04ac3df3c1a429b15c

Code Sign

06:08:88:49:b5:f4:5c:56:b1:28:0c:1d:a5:0b:cd:a2Certificate

Extended Key Usages

25:05:35:e1:fd:1b:e5:84:8f:86:40:6f:cb:a2:f0:ad:14:39:f3:1aSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 172KB - Virtual size: 172KB

.data Size: 1024B - Virtual size: 924B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

06:08:88:49:b5:f4:5c:56:b1:28:0c:1d:a5:0b:cd:a2
Certificate

25:05:35:e1:fd:1b:e5:84:8f:86:40:6f:cb:a2:f0:ad:14:39:f3:1a
Signer

.text
Size: 172KB - Virtual size: 172KB

.data
Size: 1024B - Virtual size: 924B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB