453f9014177977447a61fe1fc8e22068_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

453f9014177977447a61fe1fc8e22068_JaffaCakes118
Size

61KB
MD5

453f9014177977447a61fe1fc8e22068
SHA1

93202c7bb28071cdf9368b77255ec0701d5cb40b
SHA256

e89abf177efa581b7dbc497fa99f466ad1410d7efabd1d4fb68f63cd40ea40da
SHA512

163589068363c4d1457941b55635dc8eb874e36864f4d7a502cac70bf7efaee16ec7dabd6672a2d9d6538ec0960f55bf2c157af02180e65495f157acdfe4ed92
SSDEEP

1536:ADfm1eOg/pYcz/ZfoQIcjMjKdMjK/MMjKIMjK0y:WmILpfloQdjMedMe/MMeIMeP

Score

1^/10

Malware Config

Signatures

Files

453f9014177977447a61fe1fc8e22068_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4612a9f938acde82cfc69129f85888af

Code Sign

0d:6b:a2:22:c3:06:44:61:bb:33:56:6f:98:8e:de:8f
Certificate

Issuer

CN=EXNNKSTYFTTMBSDVWHNPQWXKMNRTUICHTICULDRHPPGTYLZNNXEIAFFAWZFHAWJDONCGDAYQLZGHCLXWISTAIFXNNXDKDSIZFXPCAZVDIPYQAIQCXWZTNOFJLFYAQXDRKLAKHTPJVQYDZOSRECYMAWKDYJJWMNVGDPCYUZKDXWIXXTRIBPEXCWOVMJUMMQIEMJDHBLHMLMOWGOXCUFPMNJQROTTDZLOBPHTVFVGWRIMRHOSHREOLUBPDYPJXZAFWZLYRBZDVWSJVWMIMCJTVBVGAMLBREQAWDLDUDTRJMOVNMZXPUDKMEMILGNTAYLOOTLGVOYQQEEZVIWLTNLZZNXMRMJSKGTGSSBMIBMNFRNINFWWJEPMSGYFKLHPATVOLAMNNEGWUYCSFPUBFWRGWDQYOSXNVTZTCWMLMXGBLAUMHRLTGWDCHPWCGXNYPGOAHOIRABKLNGEGWETPUOZDUTQXBXXVXWZNZPTDUBTDQYIFXPODJOUAVHANQQJKAVPEIQDCDYJJRRUVBBVWVNQRSQBADGTMBCXAWLHGGLHBVEQBXHMEHJDNNVVJTBMCYIJUHAQRCYQFOIPERSNIEDLJBPLMFMJVIRLHTLAYLMNRPDUYLKZMEZGLZHCCHDYPQCTDMAZWTUDCZTXMBCXUFGTHRYYZFTDTCDTVDCKWIDSFZOFICFJFPMSZJFFQKILZUADWOIXOHPLOGBLLAUNRWIJYALDRPVXNKPNQZKKEMUOOOWYFYMLZTPPZIQALUOBWOLNJVGOENCLPDUNJWRJWKFRJXLDHHXBBQSWFVXLNXKJZJVNBOKNXFJLSBDWLQJMJTGGHAOSOTKRWZBWXNIBRUIKCVSOASQNQVNMORPMBCJTJZUYVBTIPCNKYDTPCPPVBNTHYJNNESGBKPLSHGQOBINXEQOLOUHQEJSNEZAZMDQAYKPSAZSEGADYZTAPHXUSAPWAAPXRYSUDTHAXGXEMIXFACSTMBYNIZHJRBSDVYNPXOHPVPMBWKCWFPOZRNEWHWFYJVAYJGMRVZVJPAWXUKYICYAQSFDOZXZBBTLOOBHFOOPOVZCASFZXUBRFFRRHFRBVTCILIZJCRROOPIXHCQFFXGXZUGVCLHMZKEDGBAYWUSYWRFXIMJUWREUTBGZAOCIXBCTRSOBTQXGDFILIKYDTUAHCUVWICYFRVXGSUMNNVJIHXSOFLXCWMFBEPDJMADTZUOBKGYXTDEGHCUFNGQPJOUOUHDSAWHEGAYVZSPOPIIKFOMCLLMBOIZCLQUMRSMOMTTNWDMQVFQJMPZQWSRZYOPRILXJIDDTJESIOGACZPXDMDYCGTGGDSSBFNEMAGELGLKVVBBODIUWWMNNUHIBWPYYNUGEYTVZCWITNIXPCHXCJPDSICVWESGQLESBMUVPPTUGPGELILSPZYSFIAPIBAYISNYCCCFHBJEQIMYDXSQKTMMLYWILVZVYTWILNYNUMBRNYIRNQBZVXTFOYMTOWPBEQECONCQRKGIXZPGFVNYNXUZLUUKEUMGPDMMGBWWFEJGXCOZQQDQKHFHWQSSEGSJMQWMNIDYORTHCBCNXUADPSCCHEEDQDWUVFKCRQFYOOZIEVPZZPEHPDBRZXFXANDJONFFJIBMXBNAEOZWREWZDMIUAVVE

Not Before

13-12-2012 15:11

Not After

31-12-2039 23:59

Subject

CN=EXNNKSTYFTTMBSDVWHNPQWXKMNRTUICHTICULDRHPPGTYLZNNXEIAFFAWZFHAWJDONCGDAYQLZGHCLXWISTAIFXNNXDKDSIZFXPCAZVDIPYQAIQCXWZTNOFJLFYAQXDRKLAKHTPJVQYDZOSRECYMAWKDYJJWMNVGDPCYUZKDXWIXXTRIBPEXCWOVMJUMMQIEMJDHBLHMLMOWGOXCUFPMNJQROTTDZLOBPHTVFVGWRIMRHOSHREOLUBPDYPJXZAFWZLYRBZDVWSJVWMIMCJTVBVGAMLBREQAWDLDUDTRJMOVNMZXPUDKMEMILGNTAYLOOTLGVOYQQEEZVIWLTNLZZNXMRMJSKGTGSSBMIBMNFRNINFWWJEPMSGYFKLHPATVOLAMNNEGWUYCSFPUBFWRGWDQYOSXNVTZTCWMLMXGBLAUMHRLTGWDCHPWCGXNYPGOAHOIRABKLNGEGWETPUOZDUTQXBXXVXWZNZPTDUBTDQYIFXPODJOUAVHANQQJKAVPEIQDCDYJJRRUVBBVWVNQRSQBADGTMBCXAWLHGGLHBVEQBXHMEHJDNNVVJTBMCYIJUHAQRCYQFOIPERSNIEDLJBPLMFMJVIRLHTLAYLMNRPDUYLKZMEZGLZHCCHDYPQCTDMAZWTUDCZTXMBCXUFGTHRYYZFTDTCDTVDCKWIDSFZOFICFJFPMSZJFFQKILZUADWOIXOHPLOGBLLAUNRWIJYALDRPVXNKPNQZKKEMUOOOWYFYMLZTPPZIQALUOBWOLNJVGOENCLPDUNJWRJWKFRJXLDHHXBBQSWFVXLNXKJZJVNBOKNXFJLSBDWLQJMJTGGHAOSOTKRWZBWXNIBRUIKCVSOASQNQVNMORPMBCJTJZUYVBTIPCNKYDTPCPPVBNTHYJNNESGBKPLSHGQOBINXEQOLOUHQEJSNEZAZMDQAYKPSAZSEGADYZTAPHXUSAPWAAPXRYSUDTHAXGXEMIXFACSTMBYNIZHJRBSDVYNPXOHPVPMBWKCWFPOZRNEWHWFYJVAYJGMRVZVJPAWXUKYICYAQSFDOZXZBBTLOOBHFOOPOVZCASFZXUBRFFRRHFRBVTCILIZJCRROOPIXHCQFFXGXZUGVCLHMZKEDGBAYWUSYWRFXIMJUWREUTBGZAOCIXBCTRSOBTQXGDFILIKYDTUAHCUVWICYFRVXGSUMNNVJIHXSOFLXCWMFBEPDJMADTZUOBKGYXTDEGHCUFNGQPJOUOUHDSAWHEGAYVZSPOPIIKFOMCLLMBOIZCLQUMRSMOMTTNWDMQVFQJMPZQWSRZYOPRILXJIDDTJESIOGACZPXDMDYCGTGGDSSBFNEMAGELGLKVVBBODIUWWMNNUHIBWPYYNUGEYTVZCWITNIXPCHXCJPDSICVWESGQLESBMUVPPTUGPGELILSPZYSFIAPIBAYISNYCCCFHBJEQIMYDXSQKTMMLYWILVZVYTWILNYNUMBRNYIRNQBZVXTFOYMTOWPBEQECONCQRKGIXZPGFVNYNXUZLUUKEUMGPDMMGBWWFEJGXCOZQQDQKHFHWQSSEGSJMQWMNIDYORTHCBCNXUADPSCCHEEDQDWUVFKCRQFYOOZIEVPZZPEHPDBRZXFXANDJONFFJIBMXBNAEOZWREWZDMIUAVVE

Extended Key Usages

ExtKeyUsageCodeSigning

18:60:2d:cc:48:42:b5:77:37:c1:f9:61:10:05:86:fb:ac:e6:7e:2b
Signer

Actual PE Digest

18:60:2d:cc:48:42:b5:77:37:c1:f9:61:10:05:86:fb:ac:e6:7e:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCommandLineW
CreateFileW
VirtualAlloc
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GlobalFree
SetErrorMode
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
FormatMessageW
MulDiv
GetCurrentProcess
GetVersionExW
TerminateProcess
GetExitCodeThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetSystemDirectoryW
lstrcatW
SearchPathW
GetPrivateProfileStringW
lstrcmpiW
lstrcpyW
lstrcpynW
CreateHardLinkA
VirtualQueryEx
GetCurrencyFormatA
FindFirstVolumeW
SetConsoleDisplayMode
IsSystemResumeAutomatic
Process32NextW
GetTapeStatus
_llseek
ReadConsoleInputA
lstrcpy
ReadFileEx
ExpandEnvironmentStringsW
DeleteVolumeMountPointW
UnlockFileEx
GetTempFileNameA
Module32First
FreeUserPhysicalPages
CopyFileA
GetDefaultCommConfigW
CancelDeviceWakeupRequest
CreateTimerQueue
CreateRemoteThread
FatalAppExitW
CreateConsoleScreenBuffer
FoldStringW
CommConfigDialogW
SetThreadAffinityMask
MapUserPhysicalPagesScatter
WriteConsoleInputW
SetMessageWaitingIndicator
PostQueuedCompletionStatus
GetModuleHandleW
GetPrivateProfileSectionW
GetThreadSelectorEntry

user32

GetWindowThreadProcessId
SetForegroundWindow
SendMessageTimeoutA
LoadStringA
MessageBoxA

gdi32

GetStockObject
SetTextAlign
SelectObject
SetTextColor
SetBkColor
GetTextExtentPoint32W
ExtTextOutW

msvcrt

memcpy
_vsnprintf
__p__commode
_adjust_fdiv
__setusermatherr
__p__fmode
__getmainargs
_acmdln
exit
__set_app_type
_except_handler3
_controlfp
_initterm
_cexit
_XcptFilter
_exit
_c_exit
setlocale
mbstowcs
gets
_mbscspn
__iscsymf
_rmtmp
__unDNameEx
atoi
wcspbrk
_Getdays
putwc
_aexit_rtn
sqrt
_errno
_j1
isalpha
fopen
_findnext
_memicmp
_fpclass
vwprintf
iswcntrl
_ftol
_ftime
_setjmp
strpbrk
rename
strftime
_itoa
_CIsin
_atodbl
_stati64
_wfindfirsti64
_ultow
wcsrchr
memset
_wchmod
malloc
getenv
_ismbbprint
_endthreadex
__p__winver
_Strftime
__p__winmajor
_winminor
__unDName
_findfirsti64
_adj_fprem
strtod
__isascii
_chgsign
wcstok
_wopen
free
_snwprintf
_wfindnext
strtol
_mbsupr
_mbsspnp
__p__wenviron
_strlwr
iswgraph
_adj_fdivr_m32
__STRINGTOLD
_isnan
_wfsopen
_mbctombb
_wsetlocale
_mbclen
difftime
time
_assert
_wspawnlpe
_isatty
log10
_lrotr
fputwc
_strnicmp
_findclose
_mbsnicoll
_wutime
strtok
_mbscpy
_ui64toa
fprintf
_wstati64
_adj_fdivr_m64
_wfindfirst64
ferror
freopen
_daylight
_mbsicoll

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4612a9f938acde82cfc69129f85888af

Code Sign

0d:6b:a2:22:c3:06:44:61:bb:33:56:6f:98:8e:de:8fCertificate

Extended Key Usages

18:60:2d:cc:48:42:b5:77:37:c1:f9:61:10:05:86:fb:ac:e6:7e:2bSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

advapi32

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 964B

0d:6b:a2:22:c3:06:44:61:bb:33:56:6f:98:8e:de:8f
Certificate

18:60:2d:cc:48:42:b5:77:37:c1:f9:61:10:05:86:fb:ac:e6:7e:2b
Signer

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 964B