42702f6b7f2483569de1c4cf80e84621_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42702f6b7f2483569de1c4cf80e84621_JaffaCakes118
Size

286KB
MD5

42702f6b7f2483569de1c4cf80e84621
SHA1

2924c9881e7d0fc24c433ba3eebfff5cf8e669db
SHA256

dfd989d1d8f912e45b6442df32742bcc804023319e12c35001410c8ebbb431f6
SHA512

0841d710c33ce1cd2e0a2367b4d8e81a4847d7b59b592674de199976bd5f52f08baa710dabe4f88a5778f31bfa7569c8e6dd4efcf41c4dcfcfe1cccb5c756986
SSDEEP

6144:Yf46N6xlbvxu6ZEPtpmXcc6V4kICS+7ph10MTk+znjtrRHQ75rT:YfPN4vxfEP8vNkNHptznjt9kH

Score

1^/10

Malware Config

Signatures

Files

42702f6b7f2483569de1c4cf80e84621_JaffaCakes118
.exe windows:5 windows x86 arch:x86

20da521db731df346704463e68f56e01

Code Sign

77:15:e2:b2:6d:40:69:af:41:4c:f5:df:d1:55:9f:bf
Certificate

Issuer

CN=Guo828eV88TY7pgEPgsTxOB2TROdCohGEzEvuJdudE88RXnodUx6Lm1GI63YtwT7dOD2AhStCn3i95mOET113d6n9orZmpZ5t8TfSe3EgT3zV6tn5NmwYOPtiBMbINs65NOn2ZPZwhjJdggHRCNacurvQWD67qsRexugGQBAmWLa2FxyYKn8nvta14kZ4QueCtPsvY2HfIaWsqrRT3QheYIhx1YLbAibv6y7fv3JaRZLArlHCGQ5sZgPFdvV33TSEn64BrShD2y2yAUiHlHKQvsYdxzIlwCFmAKOoF34LhVJ

Not Before

29/10/2012, 06:20

Not After

31/12/2039, 23:59

Subject

CN=Guo828eV88TY7pgEPgsTxOB2TROdCohGEzEvuJdudE88RXnodUx6Lm1GI63YtwT7dOD2AhStCn3i95mOET113d6n9orZmpZ5t8TfSe3EgT3zV6tn5NmwYOPtiBMbINs65NOn2ZPZwhjJdggHRCNacurvQWD67qsRexugGQBAmWLa2FxyYKn8nvta14kZ4QueCtPsvY2HfIaWsqrRT3QheYIhx1YLbAibv6y7fv3JaRZLArlHCGQ5sZgPFdvV33TSEn64BrShD2y2yAUiHlHKQvsYdxzIlwCFmAKOoF34LhVJ

Extended Key Usages

ExtKeyUsageCodeSigning

1e:43:d8:94:8c:aa:1a:17:dd:4c:ce:27:ee:5a:47:d4:2d:2c:34:40
Signer

Actual PE Digest

1e:43:d8:94:8c:aa:1a:17:dd:4c:ce:27:ee:5a:47:d4:2d:2c:34:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
lstrcatA
GetSystemDirectoryA
BackupWrite
CallNamedPipeA
ChangeTimerQueueTimer
ClearCommError
CloseHandle
CommConfigDialogW
CompareFileTime
CreateEventW
CreateIoCompletionPort
CreateJobObjectW
CreateMutexW
CreateProcessW
CreateSemaphoreW
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
EnumSystemLanguageGroupsA
ExitProcess
FatalAppExitA
FileTimeToDosDateTime
FillConsoleOutputAttribute
FindFirstFileA
FindNextFileW
FindResourceExA
FoldStringA
FreeLibrary
GetBinaryType
GetComputerNameA
GetConsoleAliasW
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleCP
GetCurrentProcessId
GetDefaultCommConfigA
GetLocaleInfoW
GetNumberFormatW
GetNumberOfConsoleMouseButtons
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileSectionW
GetProcessAffinityMask
GetProcessShutdownParameters
GetProcessWorkingSetSize
GetProfileSectionW
GetStartupInfoW
GetSystemInfo
GetSystemWindowsDirectoryA
GetTempFileNameW
GetThreadSelectorEntry
GetUserDefaultUILanguage
GetVersionExA
GetWriteWatch
GlobalAlloc
GlobalFindAtomW
GlobalSize
Heap32ListFirst
HeapAlloc
HeapFree
HeapReAlloc
GetModuleHandleA
InitializeCriticalSection
InterlockedIncrement
IsBadReadPtr
IsBadStringPtrA
IsBadStringPtrW
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LocalLock
LockFile
MoveFileA
MoveFileExA
OpenFileMappingA
OpenProcess
Process32FirstW
ReadConsoleInputA
ReadConsoleW
ReadFileEx
ReleaseMutex
ReplaceFileA
ReplaceFileW
RequestDeviceWakeup
ResetWriteWatch
SearchPathA
SearchPathW
SetCommBreak
SetCommMask
SetConsoleActiveScreenBuffer
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleWindowInfo
SetDefaultCommConfigW
SetEvent
SetFileApisToOEM
SetLastError
SetProcessAffinityMask
SetProcessShutdownParameters
SetStdHandle
SetVolumeLabelA
SignalObjectAndWait
TerminateProcess
UnlockFile
UpdateResourceW
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFileGather
WriteProfileSectionA
WriteTapemark
_hwrite
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrlen
InitAtomTable
GetProcAddress

user32

PtInRect
RealGetWindowClass
RegisterWindowMessageA
RemovePropA
RemovePropW
ReplyMessage
ScreenToClient
SendDlgItemMessageW
SendMessageA
SendNotifyMessageW
SetCaretPos
SetForegroundWindow
SetLastErrorEx
SetMessageExtraInfo
SetProcessWindowStation
SetPropW
SetScrollRange
SetSysColors
SetWindowPlacement
SetWindowPos
SetWindowRgn
ShowCursor
SystemParametersInfoA
ToUnicode
UpdateWindow
WinHelpA
WinHelpW
wsprintfW
PaintDesktop
OemKeyScan
MsgWaitForMultipleObjectsEx
ModifyMenuW
MessageBeep
MapVirtualKeyExW
LoadMenuW
LoadKeyboardLayoutW
LoadImageW
LoadAcceleratorsW
LoadAcceleratorsA
IsZoomed
IsRectEmpty
IsHungAppWindow
IsCharAlphaNumericA
IsCharAlphaA
InternalGetWindowText
IMPGetIMEA
GetWindowWord
GetWindowRect
GetWindowModuleFileName
GetWindowLongW
GetWindow
GetUpdateRgn
GetSystemMenu
GetMonitorInfoA
GetMessageTime
GetMenuState
GetKeyboardLayoutList
GetKeyboardLayout
GetInputDesktop
GetClipboardViewer
GetClassNameW
GetActiveWindow
ExitWindowsEx
EnumWindowStationsW
EnumChildWindows
EndDeferWindowPos
DrawTextExW
DrawMenuBar
DispatchMessageW
DestroyMenu
DestroyCaret
DdeSetUserHandle
DdeQueryConvInfo
DdeConnectList
DdeCmpStringHandles
CreateIconFromResource
CreateDialogIndirectParamA
CopyIcon
ClipCursor
ClientToScreen
ChildWindowFromPoint
CharToOemBuffW
CharPrevA
CharNextExA
CharLowerA
ChangeClipboardChain
CallNextHookEx
BroadcastSystemMessageW
BringWindowToTop
BeginPaint
ArrangeIconicWindows
AppendMenuW
AnimateWindow
LoadIconA
CreateDesktopA

advapi32

RegOpenKeyW

shell32

WOWShellExecute
Shell_NotifyIcon
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
ShellAboutW
CheckEscapesW
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryPoint
ShellAboutA
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
FindExecutableA
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHChangeNotify
SHCreateDirectoryExA
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathW
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHLoadInProc
SHPathPrepareForWriteA
SHPathPrepareForWriteW

shlwapi

StrChrA
StrChrW
StrCmpNIW
StrCmpNW
StrRChrIW
StrRStrIA
StrRStrIW
StrStrIA
StrStrA

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20da521db731df346704463e68f56e01

Code Sign

77:15:e2:b2:6d:40:69:af:41:4c:f5:df:d1:55:9f:bfCertificate

Extended Key Usages

1e:43:d8:94:8c:aa:1a:17:dd:4c:ce:27:ee:5a:47:d4:2d:2c:34:40Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 263KB - Virtual size: 263KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 392B

.data2 Size: 512B - Virtual size: 200B

.data3 Size: 512B - Virtual size: 200B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 2KB

77:15:e2:b2:6d:40:69:af:41:4c:f5:df:d1:55:9f:bf
Certificate

1e:43:d8:94:8c:aa:1a:17:dd:4c:ce:27:ee:5a:47:d4:2d:2c:34:40
Signer

.text
Size: 263KB - Virtual size: 263KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 392B

.data2
Size: 512B - Virtual size: 200B

.data3
Size: 512B - Virtual size: 200B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 2KB