ff9add51335bd66c0b204bf060a92d4b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ff9add51335bd66c0b204bf060a92d4b_JaffaCakes118
Size

222KB
MD5

ff9add51335bd66c0b204bf060a92d4b
SHA1

6c991a643755725a48b34fc2a552ffd48ecddfee
SHA256

61468e3775e2171c306d339dfd7a117405c13b4462399e8e286c3e86b8e1d3d9
SHA512

5a517f5423c737187ff71b9c26dd8a20ebc0ab87a88f28785b64ece016103251b0142be9c68e1672e13462f0d53e3f3cdfcc400ac35f29e50ebe17bd67074dd2
SSDEEP

3072:gB2/NrEldVcgsiBwd2Je4eNdojgeABdfBAPb+yEgINjcwAC8OC+z8Qnl:9eqrOwd2pGSjFAf5A6dgI1cwI+zL

Score

1^/10

Malware Config

Signatures

Files

ff9add51335bd66c0b204bf060a92d4b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8bd0afcba5d7878312f3898cb860f4f8

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

19-06-2009 00:00

Not After

19-06-2011 23:59

Subject

CN=MGAME Corp.,OU=Web Dev Team,O=MGAME Corp.,L=Geumcheon-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c9:df:99:91:8b:09:b5:14:66:2e:b3:b3:f6:2b:1c:55:7b:85:95:73
Signer

Actual PE Digest

c9:df:99:91:8b:09:b5:14:66:2e:b3:b3:f6:2b:1c:55:7b:85:95:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\Plug3.0(Gf)UDP\Shell6\Release\Shell6.pdb

Imports

kernel32

Sleep
VirtualProtect
VirtualAlloc
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapReAlloc
HeapAlloc
GetCPInfo
GetOEMCP
GetACP
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
HeapFree
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetSystemInfo

user32

LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
EndPaint
PostQuitMessage
EndDialog
CreateWindowExA
ShowWindow
UpdateWindow
MessageBoxA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bd0afcba5d7878312f3898cb860f4f8

Code Sign

01Certificate

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cdCertificate

Extended Key Usages

0aCertificate

Extended Key Usages

Key Usages

c9:df:99:91:8b:09:b5:14:66:2e:b3:b3:f6:2b:1c:55:7b:85:95:73Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 140KB - Virtual size: 140KB

.rsrc Size: 52KB - Virtual size: 48KB

01
Certificate

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cd
Certificate

0a
Certificate

c9:df:99:91:8b:09:b5:14:66:2e:b3:b3:f6:2b:1c:55:7b:85:95:73
Signer

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 140KB - Virtual size: 140KB

.rsrc
Size: 52KB - Virtual size: 48KB