9b8232597b1b9285ae68a218a5769d91_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9b8232597b1b9285ae68a218a5769d91_JaffaCakes118
Size

377KB
MD5

9b8232597b1b9285ae68a218a5769d91
SHA1

2ecdfb6bef2b6f6d7258dbd652b2a3828c5ef345
SHA256

1498d54a4e516e82fd36b286b745a51d307b29a2ef9d50d3c1a2d247b619c838
SHA512

b430ac3e0bed4bedceb961509a76c523212cdeb7830e39e33fb033fdd1fcd1eb1162a2de0f9524b550b63ebd6b50c3e90cfb64290593dbf021a6b26659c340f0
SSDEEP

6144:DKSF7lONgku4J+5YJvNAcATMWRYMio3A2dxPkLSDyR0b/fGihiBLzCXBB1vHc7de:OSRcNgH4dOc01A0MIbfGihiURH0ps1n

Score

1^/10

Malware Config

Signatures

Files

9b8232597b1b9285ae68a218a5769d91_JaffaCakes118
.exe windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Code Sign

03:bc:4f:9a:53:32:df:7a:49:62:4a:cb:44:18:e6:52
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/03/2013, 00:00

Not After

16/03/2016, 12:00

Subject

CN=Pierre GOUGELET,O=Pierre GOUGELET,L=REIMS,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:9f:0f:29:cd:f1:19:ac:9f:97:ff:1d:9f:29:b5:ce:13:f1:d4:67
Signer

Actual PE Digest

5d:9f:0f:29:cd:f1:19:ac:9f:97:ff:1d:9f:29:b5:ce:13:f1:d4:67

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Documents and Settings\Administrator\桌面\Black20130409增加K金山\加壳的\Zzh\Black.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 360KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Code Sign

03:bc:4f:9a:53:32:df:7a:49:62:4a:cb:44:18:e6:52Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

5d:9f:0f:29:cd:f1:19:ac:9f:97:ff:1d:9f:29:b5:ce:13:f1:d4:67Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 360KB - Virtual size: 460KB

.rsrc Size: 11KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 512B

03:bc:4f:9a:53:32:df:7a:49:62:4a:cb:44:18:e6:52
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

5d:9f:0f:29:cd:f1:19:ac:9f:97:ff:1d:9f:29:b5:ce:13:f1:d4:67
Signer

.text
Size: 360KB - Virtual size: 460KB

.rsrc
Size: 11KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 512B