a604ed6788b06b165580883544ebb668_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a604ed6788b06b165580883544ebb668_JaffaCakes118
Size

1.3MB
MD5

a604ed6788b06b165580883544ebb668
SHA1

f0829df1ce096a8acd03eb9a2081d4f9a5685d2f
SHA256

ceae19fd590630a0fa91a0f7fe9b20b953c29c2aa90b4c9ad0d9db4c12241bde
SHA512

01692d4b3018200c92560def222d1924a240b0260d0a940f37916e565479020119aeff5274decbe34a06fd9a59a4ac36b39c0b6de0891983bc1fbe7c66d7b9a2
SSDEEP

24576:S1Fg5lyQS1JQeh498ZhnGFpbeCYd/rweMtbfKuKmKN1:yC2QeKXKPrIs1

Score

1^/10

Malware Config

Signatures

Files

a604ed6788b06b165580883544ebb668_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:79:0d:e8:cf:f3:fb:8e:48:d3:e6:71:f9:02:1d:0b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2012, 23:59

Subject

CN=Qzoneinteractive,OU=EC Team,O=Qzoneinteractive,L=Gwangjin-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d5:11:09:02:ba:72:2c:ab:d5:27:df:de:4a:10:cf:0f:6b:8a:d2:47
Signer

Actual PE Digest

d5:11:09:02:ba:72:2c:ab:d5:27:df:de:4a:10:cf:0f:6b:8a:d2:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

EurekaLog_AttachedFilesRequestEvent
EurekaLog_CallCreateThread
EurekaLog_CallExceptObject
EurekaLog_CallExitThread
EurekaLog_CallGeneralRaise
EurekaLog_CallResumeThread
EurekaLog_CustomButtonClickEvent
EurekaLog_CustomDataRequestEventEx
EurekaLog_CustomWebFieldsRequestEvent
EurekaLog_ExceptionActionNotifyEvent
EurekaLog_ExceptionErrorNotifyEvent
EurekaLog_ExceptionNotifyEvent
EurekaLog_HandledExceptionNotifyEvent
EurekaLog_LastDelphiException
EurekaLog_PasswordRequestEvent
EurekaLog_PasswordRequestEventEx
ExceptionManager

Sections

CODE
Size: 952KB - Virtual size: 951KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 387B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 62KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

51:79:0d:e8:cf:f3:fb:8e:48:d3:e6:71:f9:02:1d:0bCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

d5:11:09:02:ba:72:2c:ab:d5:27:df:de:4a:10:cf:0f:6b:8a:d2:47Signer

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 952KB - Virtual size: 951KB

DATA Size: 32KB - Virtual size: 31KB

BSS Size: - Virtual size: 19KB

.idata Size: 12KB - Virtual size: 11KB

.edata Size: 1024B - Virtual size: 753B

.tls Size: - Virtual size: 387B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 62KB

.rsrc Size: 284KB - Virtual size: 284KB

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

51:79:0d:e8:cf:f3:fb:8e:48:d3:e6:71:f9:02:1d:0b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

d5:11:09:02:ba:72:2c:ab:d5:27:df:de:4a:10:cf:0f:6b:8a:d2:47
Signer

CODE
Size: 952KB - Virtual size: 951KB

DATA
Size: 32KB - Virtual size: 31KB

BSS
Size: - Virtual size: 19KB

.idata
Size: 12KB - Virtual size: 11KB

.edata
Size: 1024B - Virtual size: 753B

.tls
Size: - Virtual size: 387B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 62KB

.rsrc
Size: 284KB - Virtual size: 284KB