2fa07025a83c700bc1744484c9d608a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fa07025a83c700bc1744484c9d608a4_JaffaCakes118
Size

135KB
MD5

2fa07025a83c700bc1744484c9d608a4
SHA1

953166ed6323c64ddd7d8c745354c8c5149f4c85
SHA256

872218f54a90741e80a35426c6122cd176967b6498287fb64d976675843e491b
SHA512

6a24c2b3f523ca4094157e6171aca3901e01c0763aa02d3cb64d77f25b5047a917283ca1702efdec2e7b4a7347cbeb95784a7ef28d171937e43bbedcd40456e8
SSDEEP

3072:89CEFLCbf3AXrRt8x6o7Piv2Piv2Piv2Pivu:mWw2ppp

Score

1^/10

Malware Config

Signatures

Files

2fa07025a83c700bc1744484c9d608a4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ec4bcf679a0c321685501642c283e424

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

Issuer

CN=NCrG992VieeQ

Not Before

14/03/2012, 06:19

Not After

31/12/2039, 23:59

Subject

CN=NCrG992VieeQ

Extended Key Usages

ExtKeyUsageCodeSigning

ea:b6:39:eb:0c:68:4c:24:22:22:7e:dc:a3:ca:ea:dd:5f:75:a1:9d
Signer

Actual PE Digest

ea:b6:39:eb:0c:68:4c:24:22:22:7e:dc:a3:ca:ea:dd:5f:75:a1:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedCompareExchange
LoadLibraryA
CreateFileA
lstrlenA
GetWindowsDirectoryA
lstrcpyA
GetProcAddress

user32

SetMessageExtraInfo
SetMessageQueue
SetScrollPos
SetScrollRange
SetSystemCursor
SystemParametersInfoW
TileChildWindows
TrackMouseEvent
UnionRect
ValidateRect
WindowFromDC
SetMenuDefaultItem
SetMenu
SetDlgItemTextA
SetDlgItemInt
SetClassLongA
SetCaretPos
SetActiveWindow
SendMessageA
ScrollDC
ReplyMessage
RemovePropW
ReleaseDC
RegisterShellHookWindow
RegisterDeviceNotificationW
PostMessageW
PaintDesktop
OemToCharA
MessageBoxExW
MapVirtualKeyExW
MapVirtualKeyA
MapDialogRect
LockSetForegroundWindow
LoadMenuW
LoadMenuIndirectA
AttachThreadInput
BeginDeferWindowPos
BeginPaint
CallMsgFilter
CascadeWindows
ChangeMenuA
CharToOemBuffA
CharToOemW
LoadMenuA
CharUpperA
CharUpperBuffW
CopyAcceleratorTableA
CountClipboardFormats
CreateDesktopA
CreateIcon
CreateMDIWindowA
CreateWindowExA
DdeCreateDataHandle
DdeInitializeA
DdeKeepStringHandle
DefDlgProcW
DialogBoxParamA
DlgDirSelectComboBoxExA
DrawTextExW
EndMenu
EndTask
EnumDesktopWindows
EnumDesktopsA
EnumDesktopsW
EnumDisplaySettingsW
EnumPropsA
FindWindowA
FrameRect
GetAltTabInfoW
GetCaretBlinkTime
GetClipboardViewer
GetDlgItemInt
GetIconInfo
GetKeyboardLayoutList
GetKeyboardType
GetLastInputInfo
GetMenuDefaultItem
GetMessagePos
GetMessageTime
GetMonitorInfoA
GetMonitorInfoW
GetProcessWindowStation
GetWindow
GetWindowThreadProcessId
IMPQueryIMEA
IMPQueryIMEW
InsertMenuA
AnyPopup
IntersectRect
InvertRect
IsIconic
KillTimer
LoadKeyboardLayoutW

comdlg32

PageSetupDlgW
ChooseColorW
ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextA
FindTextW
GetFileTitleA
ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
ChooseColorA
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW

advapi32

RegOpenKeyW

ole32

OleRegGetMiscStatus
OleRun
OleSaveToStream
OleSetAutoConvert
OleSetContainedObject
OleSetMenuDescriptor
PropVariantClear
ReadClassStg
ReadClassStm
ReadOleStg
RevokeDragDrop
SNB_UserFree
SNB_UserUnmarshal
SetConvertStg
SetDocumentBitStg
StgCreateDocfile
StgCreatePropSetStg
StgIsStorageILockBytes
StgOpenPropStg
StgOpenStorageEx
StringFromIID
UtGetDvtd16Info
WdtpInterfacePointer_UserFree
WriteClassStg
WriteOleStg
OleRegEnumFormatEtc
OleQueryCreateFromData
OleMetafilePictFromIconAndLabel
OleLoadFromStream
OleGetIconOfFile
OleGetAutoConvert
OleFlushClipboard
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleCreateFromFileEx
OleConvertOLESTREAMToIStorage
HPALETTE_UserFree
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserMarshal
HMENU_UserSize
HMENU_UserFree
HGLOBAL_UserMarshal
HGLOBAL_UserFree
HDC_UserFree
HBRUSH_UserUnmarshal
HBRUSH_UserFree
HBITMAP_UserSize
HACCEL_UserMarshal
GetHookInterface
GetHGlobalFromStream
FreePropVariantArray
CreateOleAdviseHolder
CreateILockBytesOnHGlobal
CreateFileMoniker
CreateDataCache
CoUnmarshalInterface
CoUnloadingWOW
CoUninitialize
CoSwitchCallContext
CoRevokeMallocSpy
CoReleaseServerProcess
CoRegisterChannelHook
CoQueryProxyBlanket
CoQueryClientBlanket
CoLockObjectExternal
CoLoadLibrary
CoIsHandlerConnected
CoInstall
CoInitializeWOW
CoGetStandardMarshal
CoGetMalloc
CoGetInstanceFromIStorage
CoGetCurrentLogicalThreadId
CoFreeLibrary
CoFileTimeToDosDateTime
CoCreateInstanceEx
CoCreateInstance
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoBuildVersion
CLSIDFromProgIDEx
OleGetClipboard
CoFreeUnusedLibraries

comctl32

ord8
CreatePropertySheetPage
CreatePropertySheetPageW
ord6
CreateStatusWindowW
UninitializeFlatSB
ord3
PropertySheetW
ord2
ord13
ord14
InitMUILanguage
ord17
ImageList_Write
ImageList_SetOverlayImage
ImageList_SetIconSize
ImageList_SetDragCursorImage
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Read
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_LoadImage
ImageList_GetImageRect
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_GetIcon
ImageList_GetDragImage
ImageList_EndDrag
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_AddMasked
ImageList_AddIcon
ImageList_Add
GetMUILanguage
ord4
FlatSB_ShowScrollBar
FlatSB_SetScrollRange
FlatSB_SetScrollProp
FlatSB_SetScrollInfo
FlatSB_GetScrollRange
FlatSB_GetScrollProp
FlatSB_GetScrollPos
FlatSB_EnableScrollBar
DrawStatusTextW
DestroyPropertySheetPage
ord7

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec4bcf679a0c321685501642c283e424

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3bCertificate

Extended Key Usages

ea:b6:39:eb:0c:68:4c:24:22:22:7e:dc:a3:ca:ea:dd:5f:75:a1:9dSigner

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

comctl32

Sections

.text Size: 12KB - Virtual size: 11KB

.text1 Size: 20KB - Virtual size: 19KB

.data Size: 1024B - Virtual size: 644B

.rsrc Size: 98KB - Virtual size: 98KB

.reloc Size: 2KB - Virtual size: 1KB

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

ea:b6:39:eb:0c:68:4c:24:22:22:7e:dc:a3:ca:ea:dd:5f:75:a1:9d
Signer

.text
Size: 12KB - Virtual size: 11KB

.text1
Size: 20KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 644B

.rsrc
Size: 98KB - Virtual size: 98KB

.reloc
Size: 2KB - Virtual size: 1KB