5723b5eff4a66a0394978655b4aa21a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5723b5eff4a66a0394978655b4aa21a4_JaffaCakes118
Size

61KB
MD5

5723b5eff4a66a0394978655b4aa21a4
SHA1

ab13e13d8f860a250a2a064ee7868d74bdba5490
SHA256

80b2b9074651b5673d66379ec5cc1582db2958efb87fed9e46c69e6f85772ce0
SHA512

a5ed7f4c38e20ff2cd04b7caaed3d6ec53c4653338c6ee1686753647e2c2ed9283e1e40f28a776c4f83b02b315d34057f0ac3d9a07cc76c7ed73d5800c1475a3
SSDEEP

1536:lDfm1eOg/pYcz/ZaoQI1xMjKdMjK/MMjKIMjKLU:9mILpfMoQMxMedMe/MMeIMeo

Score

1^/10

Malware Config

Signatures

Files

5723b5eff4a66a0394978655b4aa21a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4612a9f938acde82cfc69129f85888af

Code Sign

0d:6b:a2:22:c3:06:44:61:bb:33:56:6f:98:8e:de:8f
Certificate

Issuer

CN=EXNNKSTYFTTMBSDVWHNPQWXKMNRTUICHTICULDRHPPGTYLZNNXEIAFFAWZFHAWJDONCGDAYQLZGHCLXWISTAIFXNNXDKDSIZFXPCAZVDIPYQAIQCXWZTNOFJLFYAQXDRKLAKHTPJVQYDZOSRECYMAWKDYJJWMNVGDPCYUZKDXWIXXTRIBPEXCWOVMJUMMQIEMJDHBLHMLMOWGOXCUFPMNJQROTTDZLOBPHTVFVGWRIMRHOSHREOLUBPDYPJXZAFWZLYRBZDVWSJVWMIMCJTVBVGAMLBREQAWDLDUDTRJMOVNMZXPUDKMEMILGNTAYLOOTLGVOYQQEEZVIWLTNLZZNXMRMJSKGTGSSBMIBMNFRNINFWWJEPMSGYFKLHPATVOLAMNNEGWUYCSFPUBFWRGWDQYOSXNVTZTCWMLMXGBLAUMHRLTGWDCHPWCGXNYPGOAHOIRABKLNGEGWETPUOZDUTQXBXXVXWZNZPTDUBTDQYIFXPODJOUAVHANQQJKAVPEIQDCDYJJRRUVBBVWVNQRSQBADGTMBCXAWLHGGLHBVEQBXHMEHJDNNVVJTBMCYIJUHAQRCYQFOIPERSNIEDLJBPLMFMJVIRLHTLAYLMNRPDUYLKZMEZGLZHCCHDYPQCTDMAZWTUDCZTXMBCXUFGTHRYYZFTDTCDTVDCKWIDSFZOFICFJFPMSZJFFQKILZUADWOIXOHPLOGBLLAUNRWIJYALDRPVXNKPNQZKKEMUOOOWYFYMLZTPPZIQALUOBWOLNJVGOENCLPDUNJWRJWKFRJXLDHHXBBQSWFVXLNXKJZJVNBOKNXFJLSBDWLQJMJTGGHAOSOTKRWZBWXNIBRUIKCVSOASQNQVNMORPMBCJTJZUYVBTIPCNKYDTPCPPVBNTHYJNNESGBKPLSHGQOBINXEQOLOUHQEJSNEZAZMDQAYKPSAZSEGADYZTAPHXUSAPWAAPXRYSUDTHAXGXEMIXFACSTMBYNIZHJRBSDVYNPXOHPVPMBWKCWFPOZRNEWHWFYJVAYJGMRVZVJPAWXUKYICYAQSFDOZXZBBTLOOBHFOOPOVZCASFZXUBRFFRRHFRBVTCILIZJCRROOPIXHCQFFXGXZUGVCLHMZKEDGBAYWUSYWRFXIMJUWREUTBGZAOCIXBCTRSOBTQXGDFILIKYDTUAHCUVWICYFRVXGSUMNNVJIHXSOFLXCWMFBEPDJMADTZUOBKGYXTDEGHCUFNGQPJOUOUHDSAWHEGAYVZSPOPIIKFOMCLLMBOIZCLQUMRSMOMTTNWDMQVFQJMPZQWSRZYOPRILXJIDDTJESIOGACZPXDMDYCGTGGDSSBFNEMAGELGLKVVBBODIUWWMNNUHIBWPYYNUGEYTVZCWITNIXPCHXCJPDSICVWESGQLESBMUVPPTUGPGELILSPZYSFIAPIBAYISNYCCCFHBJEQIMYDXSQKTMMLYWILVZVYTWILNYNUMBRNYIRNQBZVXTFOYMTOWPBEQECONCQRKGIXZPGFVNYNXUZLUUKEUMGPDMMGBWWFEJGXCOZQQDQKHFHWQSSEGSJMQWMNIDYORTHCBCNXUADPSCCHEEDQDWUVFKCRQFYOOZIEVPZZPEHPDBRZXFXANDJONFFJIBMXBNAEOZWREWZDMIUAVVE

Not Before

13/12/2012, 15:11

Not After

31/12/2039, 23:59

Subject

CN=EXNNKSTYFTTMBSDVWHNPQWXKMNRTUICHTICULDRHPPGTYLZNNXEIAFFAWZFHAWJDONCGDAYQLZGHCLXWISTAIFXNNXDKDSIZFXPCAZVDIPYQAIQCXWZTNOFJLFYAQXDRKLAKHTPJVQYDZOSRECYMAWKDYJJWMNVGDPCYUZKDXWIXXTRIBPEXCWOVMJUMMQIEMJDHBLHMLMOWGOXCUFPMNJQROTTDZLOBPHTVFVGWRIMRHOSHREOLUBPDYPJXZAFWZLYRBZDVWSJVWMIMCJTVBVGAMLBREQAWDLDUDTRJMOVNMZXPUDKMEMILGNTAYLOOTLGVOYQQEEZVIWLTNLZZNXMRMJSKGTGSSBMIBMNFRNINFWWJEPMSGYFKLHPATVOLAMNNEGWUYCSFPUBFWRGWDQYOSXNVTZTCWMLMXGBLAUMHRLTGWDCHPWCGXNYPGOAHOIRABKLNGEGWETPUOZDUTQXBXXVXWZNZPTDUBTDQYIFXPODJOUAVHANQQJKAVPEIQDCDYJJRRUVBBVWVNQRSQBADGTMBCXAWLHGGLHBVEQBXHMEHJDNNVVJTBMCYIJUHAQRCYQFOIPERSNIEDLJBPLMFMJVIRLHTLAYLMNRPDUYLKZMEZGLZHCCHDYPQCTDMAZWTUDCZTXMBCXUFGTHRYYZFTDTCDTVDCKWIDSFZOFICFJFPMSZJFFQKILZUADWOIXOHPLOGBLLAUNRWIJYALDRPVXNKPNQZKKEMUOOOWYFYMLZTPPZIQALUOBWOLNJVGOENCLPDUNJWRJWKFRJXLDHHXBBQSWFVXLNXKJZJVNBOKNXFJLSBDWLQJMJTGGHAOSOTKRWZBWXNIBRUIKCVSOASQNQVNMORPMBCJTJZUYVBTIPCNKYDTPCPPVBNTHYJNNESGBKPLSHGQOBINXEQOLOUHQEJSNEZAZMDQAYKPSAZSEGADYZTAPHXUSAPWAAPXRYSUDTHAXGXEMIXFACSTMBYNIZHJRBSDVYNPXOHPVPMBWKCWFPOZRNEWHWFYJVAYJGMRVZVJPAWXUKYICYAQSFDOZXZBBTLOOBHFOOPOVZCASFZXUBRFFRRHFRBVTCILIZJCRROOPIXHCQFFXGXZUGVCLHMZKEDGBAYWUSYWRFXIMJUWREUTBGZAOCIXBCTRSOBTQXGDFILIKYDTUAHCUVWICYFRVXGSUMNNVJIHXSOFLXCWMFBEPDJMADTZUOBKGYXTDEGHCUFNGQPJOUOUHDSAWHEGAYVZSPOPIIKFOMCLLMBOIZCLQUMRSMOMTTNWDMQVFQJMPZQWSRZYOPRILXJIDDTJESIOGACZPXDMDYCGTGGDSSBFNEMAGELGLKVVBBODIUWWMNNUHIBWPYYNUGEYTVZCWITNIXPCHXCJPDSICVWESGQLESBMUVPPTUGPGELILSPZYSFIAPIBAYISNYCCCFHBJEQIMYDXSQKTMMLYWILVZVYTWILNYNUMBRNYIRNQBZVXTFOYMTOWPBEQECONCQRKGIXZPGFVNYNXUZLUUKEUMGPDMMGBWWFEJGXCOZQQDQKHFHWQSSEGSJMQWMNIDYORTHCBCNXUADPSCCHEEDQDWUVFKCRQFYOOZIEVPZZPEHPDBRZXFXANDJONFFJIBMXBNAEOZWREWZDMIUAVVE

Extended Key Usages

ExtKeyUsageCodeSigning

a2:d7:ee:04:f6:50:70:83:c5:a7:c7:3c:1e:8d:4e:e6:65:88:46:e3
Signer

Actual PE Digest

a2:d7:ee:04:f6:50:70:83:c5:a7:c7:3c:1e:8d:4e:e6:65:88:46:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCommandLineW
CreateFileW
VirtualAlloc
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GlobalFree
SetErrorMode
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
FormatMessageW
MulDiv
GetCurrentProcess
GetVersionExW
TerminateProcess
GetExitCodeThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetSystemDirectoryW
lstrcatW
SearchPathW
GetPrivateProfileStringW
lstrcmpiW
lstrcpyW
lstrcpynW
CreateHardLinkA
VirtualQueryEx
GetCurrencyFormatA
FindFirstVolumeW
SetConsoleDisplayMode
IsSystemResumeAutomatic
Process32NextW
GetTapeStatus
_llseek
ReadConsoleInputA
lstrcpy
ReadFileEx
ExpandEnvironmentStringsW
DeleteVolumeMountPointW
UnlockFileEx
GetTempFileNameA
Module32First
FreeUserPhysicalPages
CopyFileA
GetDefaultCommConfigW
CancelDeviceWakeupRequest
CreateTimerQueue
CreateRemoteThread
FatalAppExitW
CreateConsoleScreenBuffer
FoldStringW
CommConfigDialogW
SetThreadAffinityMask
MapUserPhysicalPagesScatter
WriteConsoleInputW
SetMessageWaitingIndicator
PostQueuedCompletionStatus
GetModuleHandleW
GetPrivateProfileSectionW
GetThreadSelectorEntry

user32

GetWindowThreadProcessId
SetForegroundWindow
SendMessageTimeoutA
LoadStringA
MessageBoxA

gdi32

GetStockObject
SetTextAlign
SelectObject
SetTextColor
SetBkColor
GetTextExtentPoint32W
ExtTextOutW

msvcrt

memcpy
_vsnprintf
__p__commode
_adjust_fdiv
__setusermatherr
__p__fmode
__getmainargs
_acmdln
exit
__set_app_type
_except_handler3
_controlfp
_initterm
_cexit
_XcptFilter
_exit
_c_exit
setlocale
mbstowcs
gets
_mbscspn
__iscsymf
_rmtmp
__unDNameEx
atoi
wcspbrk
_Getdays
putwc
_aexit_rtn
sqrt
_errno
_j1
isalpha
fopen
_findnext
_memicmp
_fpclass
vwprintf
iswcntrl
_ftol
_ftime
_setjmp
strpbrk
rename
strftime
_itoa
_CIsin
_atodbl
_stati64
_wfindfirsti64
_ultow
wcsrchr
memset
_wchmod
malloc
getenv
_ismbbprint
_endthreadex
__p__winver
_Strftime
__p__winmajor
_winminor
__unDName
_findfirsti64
_adj_fprem
strtod
__isascii
_chgsign
wcstok
_wopen
free
_snwprintf
_wfindnext
strtol
_mbsupr
_mbsspnp
__p__wenviron
_strlwr
iswgraph
_adj_fdivr_m32
__STRINGTOLD
_isnan
_wfsopen
_mbctombb
_wsetlocale
_mbclen
difftime
time
_assert
_wspawnlpe
_isatty
log10
_lrotr
fputwc
_strnicmp
_findclose
_mbsnicoll
_wutime
strtok
_mbscpy
_ui64toa
fprintf
_wstati64
_adj_fdivr_m64
_wfindfirst64
ferror
freopen
_daylight
_mbsicoll

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4612a9f938acde82cfc69129f85888af

Code Sign

0d:6b:a2:22:c3:06:44:61:bb:33:56:6f:98:8e:de:8fCertificate

Extended Key Usages

a2:d7:ee:04:f6:50:70:83:c5:a7:c7:3c:1e:8d:4e:e6:65:88:46:e3Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

advapi32

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 964B

0d:6b:a2:22:c3:06:44:61:bb:33:56:6f:98:8e:de:8f
Certificate

a2:d7:ee:04:f6:50:70:83:c5:a7:c7:3c:1e:8d:4e:e6:65:88:46:e3
Signer

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 964B