b4f079ba072df597deab79e4968dcd25_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b4f079ba072df597deab79e4968dcd25_JaffaCakes118
Size

255KB
MD5

b4f079ba072df597deab79e4968dcd25
SHA1

00005cd57b77e3daca98b2f825bfb953ac18514c
SHA256

5d73652e3a8c7f1fd919120301dca7f373bf1aa8e2fbaa650df5658e37ef4649
SHA512

b4c81ca991be02443d985fad4ab58aa26a4ff5da09bbb9df630e200fecf3d91a8ff688e9f4e3e11cf127245a654b54a5fedb39d70eaf2dd7bee85c9b20453f64
SSDEEP

3072:mUUWCjkOfOoRPQO97F/eUq+TrVFPKG+cyTA1ejfLsOA+5LDRnOX0Sn8L:mrjnHP19ZWUqYiNTAQzk63tOx8

Score

1^/10

Malware Config

Signatures

Files

b4f079ba072df597deab79e4968dcd25_JaffaCakes118
.dll windows:5 windows x86 arch:x86

255c1f590e202cf7d322c325f84a4636

Code Sign

40:e8:c8:0e:05:e3:76:47:bd:55:6a:83:7c:7c:15:e8
Certificate

Issuer

CN=t34ywervywe4

Not Before

23-02-2012 09:30

Not After

31-12-2039 23:59

Subject

CN=t34ywervywe4

Extended Key Usages

ExtKeyUsageCodeSigning

61:2e:9e:39:ee:ea:ec:03:07:aa:ac:6e:7c:38:83:9b:2f:f6:c4:33
Signer

Actual PE Digest

61:2e:9e:39:ee:ea:ec:03:07:aa:ac:6e:7c:38:83:9b:2f:f6:c4:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetNumberOfConsoleInputEvents
GetNumberOfConsoleMouseButtons
GetPrivateProfileIntW
GetPrivateProfileSectionNamesA
GetPrivateProfileStructA
GetProcessAffinityMask
GetProcessHeap
GetProfileStringA
GetSystemDirectoryA
GetThreadPriority
GetVolumeNameForVolumeMountPointA
GlobalMemoryStatus
Heap32ListFirst
HeapAlloc
HeapCompact
InitializeCriticalSection
InterlockedExchange
InterlockedIncrement
LocalFileTimeToFileTime
MapViewOfFile
Module32First
Module32NextW
MoveFileA
MoveFileExW
OpenFile
OpenJobObjectA
OpenJobObjectW
OpenProcess
OpenWaitableTimerA
Process32FirstW
ProcessIdToSessionId
RemoveDirectoryA
ReplaceFileW
RequestDeviceWakeup
RequestWakeupLatency
RtlFillMemory
RtlZeroMemory
GetLongPathNameA
SetComputerNameExW
SetConsoleActiveScreenBuffer
SetConsoleDisplayMode
SetCriticalSectionSpinCount
SetDefaultCommConfigA
SetEvent
SetFileApisToOEM
SetHandleInformation
SetLocaleInfoA
SetMessageWaitingIndicator
SetThreadExecutionState
SleepEx
SuspendThread
TerminateJobObject
TerminateThread
UnlockFileEx
UnregisterWait
UpdateResourceW
VerifyVersionInfoW
VirtualLock
VirtualProtect
WaitCommEvent
WaitForDebugEvent
WaitForSingleObjectEx
WriteConsoleA
WritePrivateProfileStructA
WriteProfileSectionW
_hread
_hwrite
_lcreat
_lopen
_lwrite
lstrcmpi
lstrcmpiA
lstrcmpiW
lstrcpyW
GetLastError
GetExitCodeProcess
GetEnvironmentVariableW
GetEnvironmentStringsW
GetDevicePowerState
GetDefaultCommConfigA
GetCurrentProcess
GetCurrentConsoleFont
GetCurrencyFormatA
GetConsoleTitleA
GetConsoleMode
GetConsoleFontSize
GetConsoleAliasesLengthW
GetConsoleAliasesA
GetConsoleAliasW
GetConsoleAliasExesLengthA
GetComputerNameExW
GetCommandLineW
GetCommProperties
GetCPInfoExW
GetBinaryTypeW
VirtualAlloc
GetACP
FreeUserPhysicalPages
FreeEnvironmentStringsA
FreeConsole
FormatMessageA
FlushInstructionCache
FlushConsoleInputBuffer
FindVolumeMountPointClose
FindVolumeClose
FindResourceExA
FindNextVolumeW
FindAtomW
FillConsoleOutputCharacterA
FileTimeToSystemTime
FileTimeToLocalFileTime
FatalExit
EnumSystemLanguageGroupsW
EnumSystemCodePagesA
EnumLanguageGroupLocalesW
EnumDateFormatsA
EnumCalendarInfoA
DeleteTimerQueueTimer
DeleteFileA
CreateWaitableTimerW
CreateWaitableTimerA
CreateThread
CreateHardLinkA
CreateFileMappingA
CreateConsoleScreenBuffer
CopyFileW
ContinueDebugEvent
ConnectNamedPipe
ClearCommError
BuildCommDCBAndTimeoutsW
BeginUpdateResourceA
AssignProcessToJobObject
GetVersion
LoadLibraryA
GetProcAddress
GetWindowsDirectoryA
lstrlenA
lstrcpyA
CreateFileA
ExitProcess
SetCommState

user32

GetClassInfoW

ole32

OleConvertIStorageToOLESTREAM
OleCreateFromFile
OleCreateFromFileEx
OleCreateLinkFromDataEx
OleCreateLinkToFileEx
OleCreateMenuDescriptor
OleDoAutoConvert
OleDraw
OleGetAutoConvert
OleIsCurrentClipboard
OleIsRunning
OleMetafilePictFromIconAndLabel
OleQueryCreateFromData
OleRegEnumVerbs
OleRun
OleSave
OleSaveToStream
OleSetContainedObject
OleTranslateAccelerator
OleUninitialize
OpenOrCreateStream
ProgIDFromCLSID
PropVariantCopy
ReadClassStg
ReadStringStream
RegisterDragDrop
STGMEDIUM_UserFree
STGMEDIUM_UserMarshal
STGMEDIUM_UserUnmarshal
StgConvertVariantToProperty
StgCreateDocfileOnILockBytes
StgCreateStorageEx
StgGetIFillLockBytesOnILockBytes
StgOpenAsyncDocfileOnIFillLockBytes
StgOpenPropStg
StgOpenStorage
StgPropertyLengthAsVariant
StgSetTimes
UpdateDCOMSettings
UtConvertDvtd16toDvtd32
UtConvertDvtd32toDvtd16
UtGetDvtd16Info
WdtpInterfacePointer_UserFree
WdtpInterfacePointer_UserMarshal
WriteClassStg
WriteFmtUserTypeStg
WriteOleStg
HWND_UserSize
HPALETTE_UserFree
HMETAFILE_UserUnmarshal
HMETAFILE_UserMarshal
HMETAFILE_UserFree
HMENU_UserSize
HGLOBAL_UserUnmarshal
MonikerRelativePathTo
HENHMETAFILE_UserFree
HDC_UserSize
HDC_UserMarshal
HBRUSH_UserUnmarshal
HBITMAP_UserUnmarshal
HBITMAP_UserSize
HACCEL_UserMarshal
GetHGlobalFromStream
FreePropVariantArray
FmtIdToPropStgName
DoDragDrop
DcomChannelSetHResult
CreateItemMoniker
CreateGenericComposite
CreateFileMoniker
CreateDataAdviseHolder
CreateClassMoniker
CreateBindCtx
CoUnmarshalHresult
CoUninitialize
CoTreatAsClass
CoSetCancelObject
CoRevokeClassObject
CoRevertToSelf
CoReleaseMarshalData
CoRegisterChannelHook
CoQueryReleaseObject
CoQueryClientBlanket
CoMarshalHresult
CoLockObjectExternal
CoLoadLibrary
CoInstall
CoInitializeWOW
CoInitializeSecurity
CoGetStdMarshalEx
CoGetObject
CoGetInterfaceAndReleaseStream
CoGetClassObject
CoGetCallerTID
CoGetCallContext
CoFreeUnusedLibraries
CoFreeAllLibraries
CoFileTimeToDosDateTime
CoFileTimeNow
CoDisableCallCancellation
CoCreateObjectInContext
CoCreateGuid
CoCopyProxy
CoCancelCall
CoBuildVersion
CoAddRefServerProcess
CLSIDFromString
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserFree
BindMoniker
HENHMETAFILE_UserUnmarshal
HWND_UserUnmarshal
CoGetClassVersion

comctl32

CreatePropertySheetPage
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
ord7
CreateToolbarEx
ord16
DestroyPropertySheetPage
ord15
DrawStatusText
ord5
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
ord4
GetMUILanguage
ImageList_AddIcon
ImageList_AddMasked
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Duplicate
ImageList_EndDrag
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetOverlayImage
ImageList_Write
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
ord14
ord13
PropertySheet
PropertySheetA
PropertySheetW
ord3
UninitializeFlatSB
ord8

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tex3t3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tex3t2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tex3t1
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tex5t2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text5
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

255c1f590e202cf7d322c325f84a4636

Code Sign

40:e8:c8:0e:05:e3:76:47:bd:55:6a:83:7c:7c:15:e8Certificate

Extended Key Usages

61:2e:9e:39:ee:ea:ec:03:07:aa:ac:6e:7c:38:83:9b:2f:f6:c4:33Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

comctl32

Sections

.text Size: 11KB - Virtual size: 10KB

.tex3t3 Size: 1024B - Virtual size: 1000B

.tex3t2 Size: 1024B - Virtual size: 1000B

.tex3t1 Size: 1024B - Virtual size: 1000B

.tex5t2 Size: 2KB - Virtual size: 1KB

.text5 Size: 232KB - Virtual size: 231KB

.data Size: 512B - Virtual size: 244B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

40:e8:c8:0e:05:e3:76:47:bd:55:6a:83:7c:7c:15:e8
Certificate

61:2e:9e:39:ee:ea:ec:03:07:aa:ac:6e:7c:38:83:9b:2f:f6:c4:33
Signer

.text
Size: 11KB - Virtual size: 10KB

.tex3t3
Size: 1024B - Virtual size: 1000B

.tex3t2
Size: 1024B - Virtual size: 1000B

.tex3t1
Size: 1024B - Virtual size: 1000B

.tex5t2
Size: 2KB - Virtual size: 1KB

.text5
Size: 232KB - Virtual size: 231KB

.data
Size: 512B - Virtual size: 244B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB