General

Malware Config

Signatures

Files

• b3cfebdcb947eb0e4535ae55139ed7f7_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Code Sign

  6c:7c:17:23:38:1a:15:a4:41:61:85:1a:89:4b:f5:45

  Certificate

  Issuer

  CN=SmartFTP Client

  Not Before

  02-01-2014 12:56

  Not After

  02-01-2114 12:56

  Subject

  CN=SmartFTP Client

  14:e1:a1:1f:a1:01:8b:ce:b6:e8:1a:df:90:19:5c:e6:c9:a0:3c:fe

  Signer

  Actual PE Digest

  14:e1:a1:1f:a1:01:8b:ce:b6:e8:1a:df:90:19:5c:e6:c9:a0:3c:fe

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 166KB - Virtual size: 166KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 208KB - Virtual size: 208KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ