3de37e2bc559e8e43888aeaf53c3ed02_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3de37e2bc559e8e43888aeaf53c3ed02_JaffaCakes118
Size

245KB
MD5

3de37e2bc559e8e43888aeaf53c3ed02
SHA1

4f957229741e42357947de2dab4705952ac0a087
SHA256

13cdf8ed470ad5c0bb89d8f8661910c0d68ab7cf3895bdcdd98f7f42b191a5d1
SHA512

1ca7ca4151a2072b66cf7e545fb5926aff47d6236b9558e47036b87962a7a6feb8c33b45c4565d453558f18518064b31ca273553beb40abe21a2a39883881d17
SSDEEP

6144:tMufT6chd86r9J1ZMbVpwgaSBCtpRMCDB:aiNa6rZZeDBy1

Score

1^/10

Malware Config

Signatures

Files

3de37e2bc559e8e43888aeaf53c3ed02_JaffaCakes118
.exe windows:5 windows x86 arch:x86

64e578bac462a01f705dd1802d84a9b7

Code Sign

42:2d:a3:83:15:85:23:4f:ba:44:e3:74:25:bc:73:7e
Certificate

Issuer

CN=Rnj9VEWc547GX4t8hL18UFWngGL6WtpjiENtfJYcFEPj2ACXiOGpPvYAx7eDKglb4JrFWANASXyyfqvGuLlINLWn5ZALWewY4eEMc46xs74lc6NtCyo36TO5Yk9PNWqzVpQJnb6DQWbrJgJRgNhiit3w7Id6Lc1d7dupd5wTjUJz1K5QJJvgceGT7ubHDSQzPd6xE7GJT9Dmrz7O9iyEV5gOqzrHu4YK6EcNXJoUrqMhJQEwo217T5Rggzp6EWYfFqkLHAXGwa8MRT4c9bp8Mq6GCLxJKVXU966TFtkExuCd6aeoRBoaxw6Th5lqHyB6RR8AXlPQE8iKYfz9NRzxpRy8N5kOFu3tWA49XhsHPtaAmU1RW9CuU9E1vZ2x9A3bjOAImxF4MCiKj83m7ifbRc9BwI45RQOHDHrs5zrb2gOcfUGQTNbDl1hlKN2PRr8Zo5llkUlGRLOMOysYERcRHLS5Trz8sFkoQs5jEkpFmbuhZqrLvh3HBJg6oumbeZcC2Xt9NEfzmc2m15fEowBUXoh3vt76349PKqlBSYYhw7DAodZv2JHd1nkZfyzV6F3zChzjdug3eYzsTGmyTGfafqkrqyvCMImMZD5NswizIq8mDwwthQ8fpvKhDWI1Pk1R3hLxuAMXWLDAWTflbikSyGzLgT2PgJwyIEDQxnZGGXpmu9KBtMNn3diDqcjLlnU3IOF14GHEsERLbKP9LJzVuuZY5htlCMJUzvSbPwdcB6oPclQhrdGFM5ekWgq4WH5ay9lpRYnZffru3JBFFWdB6G7yvT8isZyaILaIvozceGuyvSwpqkgFSbh22DzjyHjIV6qWlbIjfE2KASu2rnYHUAVsAwMjU134NtkUfWehJ5BKE2XqdMxsb7JZ1jNmvhWLKW1iot5rWvM4iIVT5U7zZ3XbVnJuAYMTYbIHeENyRabboxTd5LWAXVmVJLFBGNOQrvHEtzoKiToq8fSs71kZVoeECcLvByQsSUex9sqBOh66WIubOWv94eo4yZcUsbeXR4BHvGZ5LsZlBZNkAzQjLqengcbsBQO2GgbmaNJxiiNf5isfFvGFL5B7htWFGO1GrrjDVwNKkhhNHXBG12pj3uXjU9LXFwKo2fqzYFSVxzdS3xYOq6seS5fjgcVJLzu25UV8GhcEpYpjWHLcqjfkOrWUbgNbsIeP3pkaLvuTeXILyfLNmUipIi5lkEIuwRtvai5pbF361F2Sice1lP5bFzdc9i6I35j8qOJxdfF2AQfaSFZBfCbf5jotPOlPnzicBRQ8mSJVzXk1hYrMLw9aCJeAotUH6Jzzh11Dun6qm5eMKzp9noAkhdToBbk796MAMsQuEEaw5XWHQ4kFhNa6gg352w5LHm6Vg3ZVhOSFH1yTqdaNvUvH7ySkYJJeflfJCkabZaIHXi6sxXmlQAmiDX99CHR2u4svyt4kL4FRnwEhCoXwUlqWTr7ZOX6yvFvbwjqoO7hOe4ogkHuW2ktAibyKgJ47zuH4Mk3hE2ABzWsaCl1Fnmi7rsPDqQrWjZTVnFIO3IdHiR2DHO99QUIhiKMmxQXaANrT6aiI6dhY1bmi8P1cb8BL3FNXESlNxHexzfED7GqJ9QFAFhh6PMQbcYOWyNmNCDINa2G6LwRBTxhVpa9u5llZwEibP4OZyHP32jkxXeiIfAtBIElsYS4B4JcYSNx9k8727uylSsZyWVDOd58snaYkau32OQpTemxX9EmJ12I2yd7HPUhoQB7nrkUrBCiONVGoBzKT6VMroGleMP9wOguQNMlIVeaoUzEkNBPScj4vxkKmwCyxrRdNoztMksVXFa3aNPEHBrTlTGPTPeSzHOm8HAVX2IBPvKZGqWmcVLdu934ALL55j86GtPTZ75dc4ve7kj6c5TrSJhZ5Evz1MvzeIu5ZqhN9lLU4TX3mcByPRYcT5RkFriZnJTHxzHsEA4OxmzrjHN47zlgwXrSMmvAG8zxxXpiEk2cZDuvynxZSDfPirWfsoMDEK9SoN5rWmvSewFwvb5TFDdyuZj1gctpBKqzOZ56hNqcvxMOtpLStVr8hlxh7bxfPymWZmqse1WZsY8IHEbADELhIwQFmzBuwS6VwmNLmDmH9YFBjKZ8WIGKPNCmLkWxKITUnlvi6D4fZo1RmP5fBOmluKn3ufyOwlcSUnwlNeG5USrWKjr7asARthKW7RYLIiAjWlwfHTYcaTSkoSewERQbvtBPzwuSaqNcGTMmXqP7oETuZxMIt6h9dMVZhj2ExPK6Isf6ERlTH9KWfvzxqYCG4TQf197DuVu74fwSJAG9AbliHlfkH7lKwNFWWG1qwpeP8gSa5chWUid6RRzXXSvjTMQXHpAA5ckpLhfqtBDY2RzY6bwPdtTmrmZJhxnNvykvcQbcCYspAZhCHEbSTNSVgmSc45AH1ZUk2kV25PAXKBRFQWPBQCy7rTqPTR31MlTClOowoR1R1nvQF2RYjrCZToIDZsgsQEjDyd5gV9TTiN3Va8RxWyrHxtYaYdqNakhcyeeU2WznW7XFeIymN13o56BtUhkPCY7BziF9STu7GmpTHBP1mH9hewacdAroYyhJjGVFDRivGmbqjRJEte4yxflqIQUjVgoYOpcdkZKrtGJ9GPsUq2Nvw5ZQHxxu3BegzhgzSINl1JdXmal1TjZpx5bFPVJRPkJ2uSCw9LycFFlNMJUDZ1ZyUB1A94CmFvYhOAqUR9gsdqADjMP4cWJlPkRT9NVXStdvjysBG7kbOH2tbLU4pCQ7p8dnHI7HFPQM2IaudfjU43ojAqaWWnDhFeHk5edB9vqFvLFvRnVKWI6fAOGzxjZjv88CZvWLlDEjEeJB3E5iQMakagMigjxEMyrExvIgcIqiMnKL2sMIB5kIbmU2G2wPeALjdXxgwuKPEfQ11teFngVxsYFfJVPnsxm4Vo8U6WNCoGHq5GLoNH11EiNRJg2P21DR16OqwqWTxjK3elSBTDgjoKgprZmPqTdfabD2otEq3

Not Before

18/10/2012, 15:13

Not After

31/12/2039, 23:59

Subject

CN=Rnj9VEWc547GX4t8hL18UFWngGL6WtpjiENtfJYcFEPj2ACXiOGpPvYAx7eDKglb4JrFWANASXyyfqvGuLlINLWn5ZALWewY4eEMc46xs74lc6NtCyo36TO5Yk9PNWqzVpQJnb6DQWbrJgJRgNhiit3w7Id6Lc1d7dupd5wTjUJz1K5QJJvgceGT7ubHDSQzPd6xE7GJT9Dmrz7O9iyEV5gOqzrHu4YK6EcNXJoUrqMhJQEwo217T5Rggzp6EWYfFqkLHAXGwa8MRT4c9bp8Mq6GCLxJKVXU966TFtkExuCd6aeoRBoaxw6Th5lqHyB6RR8AXlPQE8iKYfz9NRzxpRy8N5kOFu3tWA49XhsHPtaAmU1RW9CuU9E1vZ2x9A3bjOAImxF4MCiKj83m7ifbRc9BwI45RQOHDHrs5zrb2gOcfUGQTNbDl1hlKN2PRr8Zo5llkUlGRLOMOysYERcRHLS5Trz8sFkoQs5jEkpFmbuhZqrLvh3HBJg6oumbeZcC2Xt9NEfzmc2m15fEowBUXoh3vt76349PKqlBSYYhw7DAodZv2JHd1nkZfyzV6F3zChzjdug3eYzsTGmyTGfafqkrqyvCMImMZD5NswizIq8mDwwthQ8fpvKhDWI1Pk1R3hLxuAMXWLDAWTflbikSyGzLgT2PgJwyIEDQxnZGGXpmu9KBtMNn3diDqcjLlnU3IOF14GHEsERLbKP9LJzVuuZY5htlCMJUzvSbPwdcB6oPclQhrdGFM5ekWgq4WH5ay9lpRYnZffru3JBFFWdB6G7yvT8isZyaILaIvozceGuyvSwpqkgFSbh22DzjyHjIV6qWlbIjfE2KASu2rnYHUAVsAwMjU134NtkUfWehJ5BKE2XqdMxsb7JZ1jNmvhWLKW1iot5rWvM4iIVT5U7zZ3XbVnJuAYMTYbIHeENyRabboxTd5LWAXVmVJLFBGNOQrvHEtzoKiToq8fSs71kZVoeECcLvByQsSUex9sqBOh66WIubOWv94eo4yZcUsbeXR4BHvGZ5LsZlBZNkAzQjLqengcbsBQO2GgbmaNJxiiNf5isfFvGFL5B7htWFGO1GrrjDVwNKkhhNHXBG12pj3uXjU9LXFwKo2fqzYFSVxzdS3xYOq6seS5fjgcVJLzu25UV8GhcEpYpjWHLcqjfkOrWUbgNbsIeP3pkaLvuTeXILyfLNmUipIi5lkEIuwRtvai5pbF361F2Sice1lP5bFzdc9i6I35j8qOJxdfF2AQfaSFZBfCbf5jotPOlPnzicBRQ8mSJVzXk1hYrMLw9aCJeAotUH6Jzzh11Dun6qm5eMKzp9noAkhdToBbk796MAMsQuEEaw5XWHQ4kFhNa6gg352w5LHm6Vg3ZVhOSFH1yTqdaNvUvH7ySkYJJeflfJCkabZaIHXi6sxXmlQAmiDX99CHR2u4svyt4kL4FRnwEhCoXwUlqWTr7ZOX6yvFvbwjqoO7hOe4ogkHuW2ktAibyKgJ47zuH4Mk3hE2ABzWsaCl1Fnmi7rsPDqQrWjZTVnFIO3IdHiR2DHO99QUIhiKMmxQXaANrT6aiI6dhY1bmi8P1cb8BL3FNXESlNxHexzfED7GqJ9QFAFhh6PMQbcYOWyNmNCDINa2G6LwRBTxhVpa9u5llZwEibP4OZyHP32jkxXeiIfAtBIElsYS4B4JcYSNx9k8727uylSsZyWVDOd58snaYkau32OQpTemxX9EmJ12I2yd7HPUhoQB7nrkUrBCiONVGoBzKT6VMroGleMP9wOguQNMlIVeaoUzEkNBPScj4vxkKmwCyxrRdNoztMksVXFa3aNPEHBrTlTGPTPeSzHOm8HAVX2IBPvKZGqWmcVLdu934ALL55j86GtPTZ75dc4ve7kj6c5TrSJhZ5Evz1MvzeIu5ZqhN9lLU4TX3mcByPRYcT5RkFriZnJTHxzHsEA4OxmzrjHN47zlgwXrSMmvAG8zxxXpiEk2cZDuvynxZSDfPirWfsoMDEK9SoN5rWmvSewFwvb5TFDdyuZj1gctpBKqzOZ56hNqcvxMOtpLStVr8hlxh7bxfPymWZmqse1WZsY8IHEbADELhIwQFmzBuwS6VwmNLmDmH9YFBjKZ8WIGKPNCmLkWxKITUnlvi6D4fZo1RmP5fBOmluKn3ufyOwlcSUnwlNeG5USrWKjr7asARthKW7RYLIiAjWlwfHTYcaTSkoSewERQbvtBPzwuSaqNcGTMmXqP7oETuZxMIt6h9dMVZhj2ExPK6Isf6ERlTH9KWfvzxqYCG4TQf197DuVu74fwSJAG9AbliHlfkH7lKwNFWWG1qwpeP8gSa5chWUid6RRzXXSvjTMQXHpAA5ckpLhfqtBDY2RzY6bwPdtTmrmZJhxnNvykvcQbcCYspAZhCHEbSTNSVgmSc45AH1ZUk2kV25PAXKBRFQWPBQCy7rTqPTR31MlTClOowoR1R1nvQF2RYjrCZToIDZsgsQEjDyd5gV9TTiN3Va8RxWyrHxtYaYdqNakhcyeeU2WznW7XFeIymN13o56BtUhkPCY7BziF9STu7GmpTHBP1mH9hewacdAroYyhJjGVFDRivGmbqjRJEte4yxflqIQUjVgoYOpcdkZKrtGJ9GPsUq2Nvw5ZQHxxu3BegzhgzSINl1JdXmal1TjZpx5bFPVJRPkJ2uSCw9LycFFlNMJUDZ1ZyUB1A94CmFvYhOAqUR9gsdqADjMP4cWJlPkRT9NVXStdvjysBG7kbOH2tbLU4pCQ7p8dnHI7HFPQM2IaudfjU43ojAqaWWnDhFeHk5edB9vqFvLFvRnVKWI6fAOGzxjZjv88CZvWLlDEjEeJB3E5iQMakagMigjxEMyrExvIgcIqiMnKL2sMIB5kIbmU2G2wPeALjdXxgwuKPEfQ11teFngVxsYFfJVPnsxm4Vo8U6WNCoGHq5GLoNH11EiNRJg2P21DR16OqwqWTxjK3elSBTDgjoKgprZmPqTdfabD2otEq3

Extended Key Usages

ExtKeyUsageCodeSigning

ca:be:cb:d3:af:0e:a3:bf:7b:c4:8b:e8:52:fe:53:90:d1:6a:01:c3
Signer

Actual PE Digest

ca:be:cb:d3:af:0e:a3:bf:7b:c4:8b:e8:52:fe:53:90:d1:6a:01:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetVersionExA
GetWindowsDirectoryA
HeapAlloc
HeapFree
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
LoadResource
LockResource
QueryPerformanceCounter
ReleaseMutex
SetCurrentDirectoryA
SetFileAttributesA
GetSystemTimeAsFileTime
Sleep
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObject
WriteFile
WritePrivateProfileSectionA
WritePrivateProfileStringA
WriteProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
GetSystemInfo
GetSystemDirectoryA
GetStartupInfoA
GetShortPathNameA
GetProcessHeap
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileIntA
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
ExpandEnvironmentStringsA
ExitProcess
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
SetUnhandledExceptionFilter
CreateFileW

user32

wsprintfA
SetWindowTextA
MessageBoxExA
LoadStringA
IsDlgButtonChecked
GetDlgItemTextA
ExitWindowsEx
EndDialog
DialogBoxParamA
CheckDlgButton
CharPrevA
CharNextA
GetDC
ReleaseDC
MessageBoxA
GetFocus
SetCaretPos
CreateCaret
ShowCaret
HideCaret
DestroyCaret
SendMessageA
InvalidateRect
BeginPaint
PostQuitMessage
DefWindowProcA
EndPaint

gdi32

TextOutA
GetTextMetricsA
GetStockObject
SelectObject

advapi32

GetSidSubAuthority
FreeSid
AllocateAndInitializeSid
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
AdjustTokenPrivileges
AddAccessAllowedAce
RegOpenKeyW
GetSidLengthRequired

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHFileOperationA
SHChangeNotify
ShellExecuteExA

ole32

CoUninitialize
CoInitialize

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

msvcrt

_vsnprintf
exit
__set_app_type
malloc
free
_XcptFilter
__getmainargs
__p__commode
__p__fmode
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64e578bac462a01f705dd1802d84a9b7

Code Sign

42:2d:a3:83:15:85:23:4f:ba:44:e3:74:25:bc:73:7eCertificate

Extended Key Usages

ca:be:cb:d3:af:0e:a3:bf:7b:c4:8b:e8:52:fe:53:90:d1:6a:01:c3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

version

msvcrt

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 300B

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 2KB - Virtual size: 1KB

42:2d:a3:83:15:85:23:4f:ba:44:e3:74:25:bc:73:7e
Certificate

ca:be:cb:d3:af:0e:a3:bf:7b:c4:8b:e8:52:fe:53:90:d1:6a:01:c3
Signer

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 300B

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 2KB - Virtual size: 1KB