8665058d5be6e2a4abc0d0a6029d56f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8665058d5be6e2a4abc0d0a6029d56f4_JaffaCakes118
Size

737KB
MD5

8665058d5be6e2a4abc0d0a6029d56f4
SHA1

9c93e14665d9be62692242257f13c604afa5e2cf
SHA256

10a572a94fcc781ce7732396c5f8cbc897bfc450f6fb8afcb1cba586cc2710b9
SHA512

24c61b789121a73331d3106f61104b6a96e15dbf8b6aca87d3a2e5cda90555e1fa41487c5f68671a698d7f19d910b4ede8f650231220bde25edb65c59a7c21df
SSDEEP

12288:ApDXUVJoI2tmIutUzyTYzDVLnFn3eqWRbN87wbHv75N1gbs8USDQ95:ApDSnIutGyTYzhLFn3etYwbHT58bs5z

Score

1^/10

Malware Config

Signatures

Files

8665058d5be6e2a4abc0d0a6029d56f4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7ca36aefde49259784672acc7d27a4d

Code Sign

41:79:ea:1b:ec:59:d4:ca:7e:66:86:28:32:55:54:80
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

24/09/2014, 00:00

Not After

24/09/2015, 23:59

Subject

CN=Evgen Kugitko,OU=Individual Developer,O=No Organization Affiliation,L=Kiev,ST=Kiev,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

e7:94:97:07:f5:76:25:5b:22:e4:0c:d0:7f:e6:c7:e4:9f:af:45:f4
Signer

Actual PE Digest

e7:94:97:07:f5:76:25:5b:22:e4:0c:d0:7f:e6:c7:e4:9f:af:45:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

CODE
Size: - Virtual size: 932KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 708KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7ca36aefde49259784672acc7d27a4d

Code Sign

41:79:ea:1b:ec:59:d4:ca:7e:66:86:28:32:55:54:80Certificate

Extended Key Usages

Key Usages

e7:94:97:07:f5:76:25:5b:22:e4:0c:d0:7f:e6:c7:e4:9f:af:45:f4Signer

Headers

File Characteristics

Imports

kernel32

Sections

CODE Size: - Virtual size: 932KB

DATA Size: - Virtual size: 24KB

BSS Size: - Virtual size: 8KB

.idata Size: - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: - Virtual size: 4KB

.reloc Size: - Virtual size: 212KB

.text Size: 708KB - Virtual size: 716KB

.rsrc Size: 21KB - Virtual size: 130KB

41:79:ea:1b:ec:59:d4:ca:7e:66:86:28:32:55:54:80
Certificate

e7:94:97:07:f5:76:25:5b:22:e4:0c:d0:7f:e6:c7:e4:9f:af:45:f4
Signer

CODE
Size: - Virtual size: 932KB

DATA
Size: - Virtual size: 24KB

BSS
Size: - Virtual size: 8KB

.idata
Size: - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 4KB

.reloc
Size: - Virtual size: 212KB

.text
Size: 708KB - Virtual size: 716KB

.rsrc
Size: 21KB - Virtual size: 130KB