37e178a326a15bbb5184c849b280848f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37e178a326a15bbb5184c849b280848f_JaffaCakes118
Size

297KB
MD5

37e178a326a15bbb5184c849b280848f
SHA1

14137983cbfe9c2cc55ebe90d8de4f16d68d02e2
SHA256

b852ce48bfda6298a04b609ce69fa0cf3f40f4c5f7fe07a848bbeaf5b9566803
SHA512

92384abf4139f7b1e78aad29969813198f18a19b521c645a7fad10ce8b5c4ee030d823ccb7057c2f05d44ee59a5eb4019e5b1897b4784530d915312d7c9c11bc
SSDEEP

6144:XLk0FFKtTdoqkC1ED26GYUr081iNHJcG22yBDogrvSdh:7k+8+3C2D26GYpf6loSSz

Score

1^/10

Malware Config

Signatures

Files

37e178a326a15bbb5184c849b280848f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

20a5ab31fc0afde6bf1f16774fc97b0d

Code Sign

66:5f:c4:08:f3:1b:6e:2f:31:c0:83:96:85:58:9a:99
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/10/2005, 00:00

Not After

23/11/2006, 23:59

Subject

CN=InterLogic Ltd.,OU=Digital ID Class 3 - Microsoft VBA Software Validation v2+OU=Skill Games,O=InterLogic Ltd.,L=Carmel,ST=North,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8d:2f:c7:21:86:7a:63:98:75:60:19:dc:df:80:f7:0b:2c:df:08:0e
Signer

Actual PE Digest

8d:2f:c7:21:86:7a:63:98:75:60:19:dc:df:80:f7:0b:2c:df:08:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetLastError
lstrcmpiA
lstrlenW
lstrlenA
GetStringTypeW
GetStringTypeA
GetCPInfo
CloseHandle
CompareStringA
CompareStringW
WriteFile
CreateFileA
CreateDirectoryA
DeleteFileA
CopyFileA
TerminateProcess
OpenProcess
GetOEMCP
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
SetLastError
GetFileAttributesA
IsBadReadPtr
LoadLibraryA
FlushFileBuffers
LCMapStringW
LCMapStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetTickCount
QueryPerformanceCounter
SetStdHandle
SetFilePointer
IsBadWritePtr
VirtualFree
GetCurrentThreadId
HeapCreate
MultiByteToWideChar
SetEndOfFile
ExitThread
MoveFileA
GetTimeZoneInformation
LockResource
LoadResource
FindResourceA
GetSystemTimeAsFileTime
GetCommandLineA
FreeLibrary
LoadLibraryExA
Sleep
GetStartupInfoA
GetProcAddress
SizeofResource
MulDiv
SetEnvironmentVariableA
LocalFree
IsBadCodePtr
RtlUnwind
GlobalFree
GlobalUnlock
GlobalLock
FreeResource
GlobalAlloc
ReadFile
GetFileSize
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
VirtualQuery
lstrcpynA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
IsDBCSLeadByte
MoveFileExA
GetCurrentProcessId
EnterCriticalSection
GetSystemInfo
Process32Next
Process32First
CreateToolhelp32Snapshot
FindClose
FindNextFileA
FindFirstFileA
VirtualAlloc
CreateThread
VirtualProtect
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
ExitProcess
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

IsWindowVisible
EnumWindows
GetWindowThreadProcessId
SetWindowTextA
CreateWindowExA
RegisterClassExA
DefWindowProcA
PostQuitMessage
UnregisterClassA
LoadCursorA
wsprintfA
GetClassInfoExA
MessageBoxA
ShowWindow
GetWindowLongA
PostMessageA
MoveWindow
SetWindowPos
InvalidateRect
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
GetClientRect
SetWindowLongA
SendMessageA
CharNextA
GetWindowDC
CreateIconFromResource
GetActiveWindow
DialogBoxParamA
SendDlgItemMessageA
CallWindowProcA
ClientToScreen
GetSysColor
FillRect
GetCursorPos
WindowFromPoint
GetCapture
ReleaseCapture
EndDialog
DestroyWindow
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints

shell32

SHFileOperationA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA

gdi32

SetMapMode
LPtoDP
GetDeviceCaps
DPtoLP
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
DeleteObject
DeleteDC
GetMapMode

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA

wininet

HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetReadFile
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA

ws2_32

closesocket
htons
gethostbyname
socket

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
CoInitialize
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
OleLoadPicture
SysFreeString

comctl32

_TrackMouseEvent
InitCommonControlsEx

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20a5ab31fc0afde6bf1f16774fc97b0d

Code Sign

66:5f:c4:08:f3:1b:6e:2f:31:c0:83:96:85:58:9a:99Certificate

Extended Key Usages

Key Usages

8d:2f:c7:21:86:7a:63:98:75:60:19:dc:df:80:f7:0b:2c:df:08:0eSigner

Headers

File Characteristics

Imports

kernel32

user32

shell32

gdi32

advapi32

wininet

ws2_32

ole32

oleaut32

comctl32

Sections

.text Size: 136KB - Virtual size: 134KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 112KB - Virtual size: 110KB

66:5f:c4:08:f3:1b:6e:2f:31:c0:83:96:85:58:9a:99
Certificate

8d:2f:c7:21:86:7a:63:98:75:60:19:dc:df:80:f7:0b:2c:df:08:0e
Signer

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 112KB - Virtual size: 110KB