82a11356240a98f01dae3b592dafce8a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

82a11356240a98f01dae3b592dafce8a_JaffaCakes118
Size

26KB
MD5

82a11356240a98f01dae3b592dafce8a
SHA1

9f17f0a93a92119cb9f18ef13ff2ccc0925a3f74
SHA256

13bdbe289fbb595bc2346ea2e907587435ab02cca9295e34929db53e53d294ae
SHA512

935b840759373b2a33d1aebfd675090bc5281d3beaf2db0ad1a3e8d16495786f9f7510b719ad5e8aff6ed8b4f79f0a5c306ddb9a40655d87f51ca4feadfe9fd7
SSDEEP

96:36Y+J5kfDmbEwvzZn73e9FFc/AbYe/z3d1xnWt0dlm+U4pqyQ547OUjqIr5k:36x/krChzxe98/WNnWklmh4pjWUk

Score

1^/10

Malware Config

Signatures

Files

82a11356240a98f01dae3b592dafce8a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

76d0065500fe306b57f36c3a8556dcc2

Code Sign

01:a5
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

13/08/1998, 00:29

Not After

13/08/2018, 23:59

Subject

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

01:00:00:00:00:01:1f:71:31:72:c9
Certificate

Issuer

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Not Before

13/02/2009, 19:00

Not After

13/02/2011, 19:00

Subject

CN=inpack.syniverse.com,OU=Crossroads,O=Syniverse Technologies Inc.,L=Tampa,ST=Florida,C=US,1.2.840.113549.1.9.1=#0c1f62656c696e64612e6a61626c6f6e736b694073796e6976657273652e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:03:cb
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

16/02/2005, 19:14

Not After

16/02/2012, 23:59

Subject

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e8:ec:1f:9a:db:b5:41:fe:6d:21:6c:42:c7:fc:e4:19:dd:41:57
Signer

Actual PE Digest

09:e8:ec:1f:9a:db:b5:41:fe:6d:21:6c:42:c7:fc:e4:19:dd:41:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowsHookExA
UnhookWindowsHookEx
GetKeyboardState
ToAscii
CallNextHookEx

msvcrt

memmove
_adjust_fdiv
malloc
_initterm
memcpy
strlen
free

Exports

Exports

GetData
ULogOff
ULogOn
ULogOpt

Sections

.text
Size: 4KB - Virtual size: 810B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 487B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76d0065500fe306b57f36c3a8556dcc2

Code Sign

01:a5Certificate

01:00:00:00:00:01:1f:71:31:72:c9Certificate

Key Usages

04:00:03:cbCertificate

Key Usages

09:e8:ec:1f:9a:db:b5:41:fe:6d:21:6c:42:c7:fc:e4:19:dd:41:57Signer

Headers

File Characteristics

Imports

user32

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 810B

.rdata Size: 4KB - Virtual size: 487B

.data Size: 4KB - Virtual size: 48B

SHARED Size: 4KB - Virtual size: 264B

.reloc Size: 4KB - Virtual size: 170B

01:a5
Certificate

01:00:00:00:00:01:1f:71:31:72:c9
Certificate

04:00:03:cb
Certificate

09:e8:ec:1f:9a:db:b5:41:fe:6d:21:6c:42:c7:fc:e4:19:dd:41:57
Signer

.text
Size: 4KB - Virtual size: 810B

.rdata
Size: 4KB - Virtual size: 487B

.data
Size: 4KB - Virtual size: 48B

SHARED
Size: 4KB - Virtual size: 264B

.reloc
Size: 4KB - Virtual size: 170B