ab6b422a0762cae281111136ade1b846_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab6b422a0762cae281111136ade1b846_JaffaCakes118
Size

119KB
MD5

ab6b422a0762cae281111136ade1b846
SHA1

29d2cd9bb5242cb555380277d3066386d8891948
SHA256

d58f0fb9c40c9fabe93d75cb1ed8495ff896bb6d52026c4512ab69d0252cc705
SHA512

482173382a8ce0dc6dfb84f38199b6fb283d693af30f036f49f7dbd704e61e573ac79614374dde087510fa821c18b6071e58319f631aedd65a5eb10569235068
SSDEEP

3072:gVctjh66UqfXLb1KbDLMZVsFNNp08MXgjho6o:g2hRUyL0rCVUNiVMh3o

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/d3pl0y.exe
unpack001/d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/obj/Debug/d3pl0y.exe

Files

ab6b422a0762cae281111136ade1b846_JaffaCakes118
.zip
d3pl0y-IRC-BotNet-master/README.md
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y.sln
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y.v11.suo
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/App.config
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/Config.cs
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/Debug.cs
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/Network.cs
.js
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/Persist.cs
.js
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/Process.cs
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/Program.cs
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/Properties/AssemblyInfo.cs
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/Stealer.cs
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/d3pl0y.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\ghost\Documents\Visual Studio 2012\Projects\d3pl0y\d3pl0y\obj\Debug\d3pl0y.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/d3pl0y.exe.config
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/d3pl0y.pdb
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/d3pl0y.vshost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

61:19:cc:93:00:01:00:00:00:66
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/10/2011, 20:32

Not After

10/01/2013, 20:32

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:05:13:36:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2011, 20:42

Not After

25/10/2012, 20:42

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2012, 00:14

Not After

07/10/2013, 00:14

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:64:5f:e5:cf:38:f2:a2:a8:69:b4:29:9f:d2:ac:e1:72:43:a2:c4:35:f0:35:c1:ce:91:a1:5b:f4:6c:43:dc
Signer

Actual PE Digest

22:64:5f:e5:cf:38:f2:a2:a8:69:b4:29:9f:d2:ac:e1:72:43:a2:c4:35:f0:35:c1:ce:91:a1:5b:f4:6c:43:dc

Digest Algorithm

sha256

PE Digest Matches

true

62:ac:05:0a:9d:d8:fe:44:a8:ef:62:6a:b5:a0:96:e3:c9:0a:46:e0
Signer

Actual PE Digest

62:ac:05:0a:9d:d8:fe:44:a8:ef:62:6a:b5:a0:96:e3:c9:0a:46:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\binaries\Intermediate\vsproject\vshost32.csproj__1853760103\objr\x86\vshost32.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/d3pl0y.vshost.exe.config
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/d3pl0y.vshost.exe.manifest
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/data
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/file.html
.html .js polyglot
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/index.htm
.html .js polyglot
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/index.html
.html .js polyglot
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/bin/Debug/test.data
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/d3pl0y.csproj
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/obj/Debug/DesignTimeResolveAssemblyReferences.cache
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/obj/Debug/d3pl0y.csproj.FileListAbsolute.txt
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/obj/Debug/d3pl0y.csprojResolveAssemblyReference.cache
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/obj/Debug/d3pl0y.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\ghost\Documents\Visual Studio 2012\Projects\d3pl0y\d3pl0y\obj\Debug\d3pl0y.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d3pl0y-IRC-BotNet-master/d3pl0y/d3pl0y/obj/Debug/d3pl0y.pdb

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 9KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

61:19:cc:93:00:01:00:00:00:66Certificate

Extended Key Usages

Key Usages

61:05:13:36:00:00:00:00:00:1aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

22:64:5f:e5:cf:38:f2:a2:a8:69:b4:29:9f:d2:ac:e1:72:43:a2:c4:35:f0:35:c1:ce:91:a1:5b:f4:6c:43:dcSigner

62:ac:05:0a:9d:d8:fe:44:a8:ef:62:6a:b5:a0:96:e3:c9:0a:46:e0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 9KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

61:19:cc:93:00:01:00:00:00:66
Certificate

61:05:13:36:00:00:00:00:00:1a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

22:64:5f:e5:cf:38:f2:a2:a8:69:b4:29:9f:d2:ac:e1:72:43:a2:c4:35:f0:35:c1:ce:91:a1:5b:f4:6c:43:dc
Signer

62:ac:05:0a:9d:d8:fe:44:a8:ef:62:6a:b5:a0:96:e3:c9:0a:46:e0
Signer

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B