215943879123ddb0ad1cbe380ad089e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

215943879123ddb0ad1cbe380ad089e6_JaffaCakes118
Size

148KB
MD5

215943879123ddb0ad1cbe380ad089e6
SHA1

95559168ee9de82859427a11dcc266bd84fdad6f
SHA256

57e5187e7020b6e11f5d4ecca9156bc2f4bc59692435b08992991d1564d41c62
SHA512

2c62bd92dfefdc21f50322cc499e9a02d4b96b9ae8697e48fc4d13e1e855655ed9b267e3ba97db4d9c1daf7135282ea3f81ee9332546f2ce9371b1137e9b5030
SSDEEP

3072:JsjTdVntR3X7JVZbyebyJhmPSE1wlYHVewSC3dWtnGjXhrEjjGCkY7:JmntR3zMqqgSE1qCkwScIi42G

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

Files

215943879123ddb0ad1cbe380ad089e6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:31:05:6f:a2:a9:ee:8a:5e:94:54:b5:37:d3:61:00
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/09/2006, 00:00

Not After

22/11/2009, 23:59

Subject

CN=NET TRANSMIT & RECEIVE\, S.L.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Quality department,O=NET TRANSMIT & RECEIVE\, S.L.,L=Barcelona,ST=Barcelona,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Data
Event
Start
Stop

Sections

NTR0
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

NTR1
Size: 140KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

63:31:05:6f:a2:a9:ee:8a:5e:94:54:b5:37:d3:61:00Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Exports

Exports

Sections

NTR0 Size: - Virtual size: 252KB

NTR1 Size: 140KB - Virtual size: 144KB

.rsrc Size: 4KB - Virtual size: 4KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

63:31:05:6f:a2:a9:ee:8a:5e:94:54:b5:37:d3:61:00
Certificate

NTR0
Size: - Virtual size: 252KB

NTR1
Size: 140KB - Virtual size: 144KB

.rsrc
Size: 4KB - Virtual size: 4KB