35c391dcb68910224a55b7a3c25f0ea1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

35c391dcb68910224a55b7a3c25f0ea1_JaffaCakes118
Size

112KB
MD5

35c391dcb68910224a55b7a3c25f0ea1
SHA1

7b0076e7504dd4394055f1a306d00c40dcfc2d8a
SHA256

1668d9353e0af593bfaa476396fa4d8ff8c22649e6959a30ab5e4f1d3b1babc0
SHA512

57397399813e2b6da473bd6dfa699d415981a59f339d74412e4a5c983206097d7f241070be20307e7a02f09b1ea0e1e1c7fa0da52eff1edf81225cfb33443480
SSDEEP

1536:esyXwRbvdYGx+RSoDNyX05rlwXAg6DND9y3pKx8l9YyhD0OqMs:esRRbV7x+RSoIX0Mwgu4K49YyhD0OqMs

Score

1^/10

Malware Config

Signatures

Files

35c391dcb68910224a55b7a3c25f0ea1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5946683f608e78381bbc67a185098c15

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:0d:fc:c3:6d:de:fd:25:1d:c2:41:dd:75:cc:01:0a
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03-11-2016 00:00

Not After

03-11-2017 23:59

Subject

CN=AITI ALYANS LLC,OU=Software development,O=AITI ALYANS LLC,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d5:88:b6:71:89:65:03:07:b7:36:ba:f1:9b:af:c5:47:f5:5c:f4:ef
Signer

Actual PE Digest

d5:88:b6:71:89:65:03:07:b7:36:ba:f1:9b:af:c5:47:f5:5c:f4:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_itoa
memcpy

user32

GetDesktopWindow
GetWindow
GetWindowRect
CopyRect
GetDlgCtrlID

kernel32

GetCurrentProcess
ExitProcess
GetBinaryTypeA
GetModuleFileNameA
GetModuleHandleA
VirtualQuery
ReadProcessMemory

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt1
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 1024B - Virtual size: 909B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ATNT+.
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nwNymn,
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

P._O-6
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1 HI
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5946683f608e78381bbc67a185098c15

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0d:0d:fc:c3:6d:de:fd:25:1d:c2:41:dd:75:cc:01:0aCertificate

Extended Key Usages

Key Usages

d5:88:b6:71:89:65:03:07:b7:36:ba:f1:9b:af:c5:47:f5:5c:f4:efSigner

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

Sections

.text Size: 9KB - Virtual size: 8KB

.crt1 Size: 512B - Virtual size: 10B

.qdata Size: 1024B - Virtual size: 909B

.data Size: 11KB - Virtual size: 13KB

ATNT+. Size: 5KB - Virtual size: 4KB

nwNymn, Size: 6KB - Virtual size: 5KB

P._O-6 Size: 46KB - Virtual size: 46KB

.crt0 Size: 7KB - Virtual size: 6KB

DATA Size: 8KB - Virtual size: 7KB

1 HI Size: 14KB - Virtual size: 13KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0d:0d:fc:c3:6d:de:fd:25:1d:c2:41:dd:75:cc:01:0a
Certificate

d5:88:b6:71:89:65:03:07:b7:36:ba:f1:9b:af:c5:47:f5:5c:f4:ef
Signer

.text
Size: 9KB - Virtual size: 8KB

.crt1
Size: 512B - Virtual size: 10B

.qdata
Size: 1024B - Virtual size: 909B

.data
Size: 11KB - Virtual size: 13KB

ATNT+.
Size: 5KB - Virtual size: 4KB

nwNymn,
Size: 6KB - Virtual size: 5KB

P._O-6
Size: 46KB - Virtual size: 46KB

.crt0
Size: 7KB - Virtual size: 6KB

DATA
Size: 8KB - Virtual size: 7KB

1 HI
Size: 14KB - Virtual size: 13KB