2b3c074f287860f020cce4fa029e1f53_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b3c074f287860f020cce4fa029e1f53_JaffaCakes118
Size

5.2MB
MD5

2b3c074f287860f020cce4fa029e1f53
SHA1

c139b9e74f74d1f087093f14b7faf82f83ce3d11
SHA256

f13f9db379c86daa30e0955cdf1e6fbebb3111d912e7d91324f8173d8c34b4ff
SHA512

c7186cd2fdbfe6193e02d6a34cd3db8e8dadf45030d2811a99154918167f25597cc6b6884dc5ec6d57fda6a1c636f473a414c8f14e11d89199cbacb9a6ff550e
SSDEEP

98304:gzmaQ5LDNhLbQYnNLmK6K3u2EFSSKkOKx8upqI14t3L1E308fKw/kNsyM:iK53XbQYnNaK61pKkOKx8u4I14t3pyU6

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Cleint/EngRat v0.1 B/obj/Debug/EngRat v0.1.0B.exe
unpack001/Cleint/EngRat v0.1 B/obj/Debug/TempPE/My Project.Resources.Designer.vb.dll
unpack001/Cleint/Mono.Cecil.dll
unpack001/Cleint/Plugin/PEPSI-C.dll
unpack001/Cleint/Plugin/PEPSI-CH.dll
unpack001/Cleint/Plugin/PEPSI-F.dll
unpack001/Cleint/Plugin/PEPSI-R.dll
unpack001/Cleint/Plugin/PEPSI-S.dll
unpack001/Cleint/Plugin/pw.dll

Files

2b3c074f287860f020cce4fa029e1f53_JaffaCakes118
.zip

Password: infected
Cleint/EngRat v0.1 B/1.ico
Cleint/EngRat v0.1 B/76e18038461c2273bb5c0c1f977b02c8.ico
Cleint/EngRat v0.1 B/About.Designer.vb
Cleint/EngRat v0.1 B/About.resx
.vbs
Cleint/EngRat v0.1 B/About.vb
Cleint/EngRat v0.1 B/Builder.designer.vb
Cleint/EngRat v0.1 B/Builder.resx
.vbs
Cleint/EngRat v0.1 B/Builder.vb
.vbs
Cleint/EngRat v0.1 B/Client.vb
.vbs
Cleint/EngRat v0.1 B/DW.Designer.vb
Cleint/EngRat v0.1 B/DW.resx
.vbs
Cleint/EngRat v0.1 B/DW.vb
Cleint/EngRat v0.1 B/EngRat v0.1 B.sln
Cleint/EngRat v0.1 B/EngRat v0.1 B.suo
Cleint/EngRat v0.1 B/EngRat v0.1 B.vbproj
Cleint/EngRat v0.1 B/EngRat v0.1 B.vbproj.user
Cleint/EngRat v0.1 B/FM.Designer.vb
Cleint/EngRat v0.1 B/FM.resx
.vbs
Cleint/EngRat v0.1 B/FM.vb
.vbs
Cleint/EngRat v0.1 B/FMcach.vb
Cleint/EngRat v0.1 B/FN.vb
.vbs
Cleint/EngRat v0.1 B/FURL.Designer.vb
Cleint/EngRat v0.1 B/FURL.resx
.vbs
Cleint/EngRat v0.1 B/FURL.vb
Cleint/EngRat v0.1 B/Form1.Designer.vb
Cleint/EngRat v0.1 B/Form1.resx
.vbs
Cleint/EngRat v0.1 B/Form1.vb
.vbs
Cleint/EngRat v0.1 B/LV.vb
.vbs
Cleint/EngRat v0.1 B/MON.vb
.vbs
Cleint/EngRat v0.1 B/My Project/Application.Designer.vb
Cleint/EngRat v0.1 B/My Project/Application.myapp
Cleint/EngRat v0.1 B/My Project/AssemblyInfo.vb
Cleint/EngRat v0.1 B/My Project/Resources.Designer.vb
.vbs
Cleint/EngRat v0.1 B/My Project/Resources.resx
.vbs
Cleint/EngRat v0.1 B/My Project/Settings.Designer.vb
.vbs
Cleint/EngRat v0.1 B/My Project/Settings.settings
Cleint/EngRat v0.1 B/My Project/app.manifest
Cleint/EngRat v0.1 B/Note.Designer.vb
Cleint/EngRat v0.1 B/Note.resx
.vbs
Cleint/EngRat v0.1 B/Note.vb
Cleint/EngRat v0.1 B/PASS.Designer.vb
Cleint/EngRat v0.1 B/PASS.resx
.vbs
Cleint/EngRat v0.1 B/PASS.vb
.vbs
Cleint/EngRat v0.1 B/Proc.Designer.vb
Cleint/EngRat v0.1 B/Proc.resx
.vbs
Cleint/EngRat v0.1 B/Proc.vb
Cleint/EngRat v0.1 B/RGv.designer.vb
Cleint/EngRat v0.1 B/RGv.resx
.vbs
Cleint/EngRat v0.1 B/RGv.vb
.vbs
Cleint/EngRat v0.1 B/Reg.designer.vb
Cleint/EngRat v0.1 B/Reg.resx
.vbs
Cleint/EngRat v0.1 B/Reg.vb
Cleint/EngRat v0.1 B/Resources/GA.png
.png
Cleint/EngRat v0.1 B/SK.vb
.vbs
Cleint/EngRat v0.1 B/Script.Designer.vb
Cleint/EngRat v0.1 B/Script.resx
.vbs
Cleint/EngRat v0.1 B/Script.vb
Cleint/EngRat v0.1 B/cam.Designer.vb
Cleint/EngRat v0.1 B/cam.resx
.vbs
Cleint/EngRat v0.1 B/cam.vb
Cleint/EngRat v0.1 B/chat.Designer.vb
Cleint/EngRat v0.1 B/chat.resx
.vbs
Cleint/EngRat v0.1 B/chat.vb
.vbs
Cleint/EngRat v0.1 B/ico.vb
.vbs
Cleint/EngRat v0.1 B/ind.vb
.vbs
Cleint/EngRat v0.1 B/kl.Designer.vb
Cleint/EngRat v0.1 B/kl.resx
.vbs
Cleint/EngRat v0.1 B/kl.vb
Cleint/EngRat v0.1 B/logs.Designer.vb
Cleint/EngRat v0.1 B/logs.resx
.vbs
Cleint/EngRat v0.1 B/logs.vb
.vbs
Cleint/EngRat v0.1 B/nt.Designer.vb
Cleint/EngRat v0.1 B/nt.resx
.vbs
Cleint/EngRat v0.1 B/nt.vb
Cleint/EngRat v0.1 B/obj/Debug/DesignTimeResolveAssemblyReferences.cache
Cleint/EngRat v0.1 B/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
Cleint/EngRat v0.1 B/obj/Debug/EngRat v0.1 B.vbproj.FileListAbsolute.txt
Cleint/EngRat v0.1 B/obj/Debug/EngRat v0.1 B.vbproj.GenerateResource.Cache
Cleint/EngRat v0.1 B/obj/Debug/EngRat v0.1 B.vbprojResolveAssemblyReference.cache
Cleint/EngRat v0.1 B/obj/Debug/EngRat v0.1.0B.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\EGY\Desktop\EngRat v0.1.0B Src\Cleint\EngRat v0.1 B\obj\Debug\EngRat v0.1.0B.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cleint/EngRat v0.1 B/obj/Debug/EngRat v0.1.0B.pdb
Cleint/EngRat v0.1 B/obj/Debug/EngRat v0.1.0B.xml
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.About.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.Builder.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.DW.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.FM.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.FURL.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.Form1.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.Note.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.PASS.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.Proc.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.Reg.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.Resources.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.Script.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.cam.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.chat.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.kl.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.logs.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.nt.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.rgv.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.sc.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.shl.resources
Cleint/EngRat v0.1 B/obj/Debug/EngRat_v0._1_B.up.resources
Cleint/EngRat v0.1 B/obj/Debug/TempPE/My Project.Resources.Designer.vb.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cleint/EngRat v0.1 B/obj/Debug/njRAT v0.5 Client.vbproj.FileListAbsolute.txt
Cleint/EngRat v0.1 B/obj/Debug/njRAT v0.5 Client.vbproj.GenerateResource.Cache
Cleint/EngRat v0.1 B/sc.designer.vb
Cleint/EngRat v0.1 B/sc.resx
.vbs
Cleint/EngRat v0.1 B/sc.vb
.vbs
Cleint/EngRat v0.1 B/shl.Designer.vb
Cleint/EngRat v0.1 B/shl.resx
.vbs
Cleint/EngRat v0.1 B/shl.vb
.vbs
Cleint/EngRat v0.1 B/up.Designer.vb
Cleint/EngRat v0.1 B/up.resx
.vbs
Cleint/EngRat v0.1 B/up.vb
Cleint/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\njq8\Desktop\jbevain-cecil-0.9.5-73-ga5ffcc0\jbevain-cecil-a5ffcc0\obj\net_2_0_Debug\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cleint/Plugin/PEPSI-C.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cleint/Plugin/PEPSI-CH.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cleint/Plugin/PEPSI-F.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cleint/Plugin/PEPSI-R.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cleint/Plugin/PEPSI-S.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cleint/Plugin/pw.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StubEng/StubEng/StubEng.sln
StubEng/StubEng/StubEng.suo
StubEng/StubEng/StubEng.vb
.vbs
StubEng/StubEng/StubEng.vbproj
StubEng/StubEng/StubEng.vbproj.user
StubEng/StubEng/bin/Debug/StubEng.vshost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8b:c6:80:3e:18:cb:e4:18:0e:d5:d4:05:61:38:75:5b:2c:70:c4:b0
Signer

Actual PE Digest

8b:c6:80:3e:18:cb:e4:18:0e:d5:d4:05:61:38:75:5b:2c:70:c4:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\dd\vsproject\vshost\vshost32-clr2\objr\i386\vshost32-clr2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StubEng/StubEng/bin/Debug/StubEng.vshost.exe.manifest
StubEng/StubEng/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
StubEng/StubEng/obj/Debug/StubEng.pdb
StubEng/StubEng/obj/Debug/StubEng.vbproj.FileListAbsolute.txt
StubEng/StubEng/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache
StubEng/StubEng/obj/Release/StubEng.vbproj.FileListAbsolute.txt
StubEng/StubEng/obj/Release/W.vbproj.FileListAbsolute.txt

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.sdata Size: 512B - Virtual size: 142B

.rsrc Size: 278KB - Virtual size: 277KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 5KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 303KB - Virtual size: 302KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 62KB - Virtual size: 61KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

.text
Size: 4.7MB - Virtual size: 4.7MB

.sdata
Size: 512B - Virtual size: 142B

.rsrc
Size: 278KB - Virtual size: 277KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 303KB - Virtual size: 302KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 62KB - Virtual size: 61KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

8b:c6:80:3e:18:cb:e4:18:0e:d5:d4:05:61:38:75:5b:2c:70:c4:b0
Signer

.text
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B