aee6b91317a0a9adcdf15170c780e1ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aee6b91317a0a9adcdf15170c780e1ae_JaffaCakes118
Size

180KB
MD5

aee6b91317a0a9adcdf15170c780e1ae
SHA1

6e54c0273b8e1681749ec8bd398f4d62f6da2ef1
SHA256

e09b8af1441b5de52832352f13c019a37a39b7bf887b4245c099e8af3648a90f
SHA512

d053d6e0cc3e2d15f2237723ef930ee2ceaa93ea7477c07f462e77ee34a21a0619b38e43c9b36273deba5772f4c6213911c9fb43290225636cefb6865c12764b
SSDEEP

3072:+XxBIXbjoxL598dRNHQlXa3Va7Bo17aHEFtawLTMQ6/X/05f5uf:+BBIq59ERNHYq3Va7G17BrPx6/X/05fo

Score

1^/10

Malware Config

Signatures

Files

aee6b91317a0a9adcdf15170c780e1ae_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7c2116af86cf5b29bc6a7e0377601029

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

76:47:8e:a8:64:43:10:d1:2f:e1:35:1b:e0:c1:c0:fa
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

08/12/2010, 00:00

Not After

07/12/2012, 23:59

Subject

CN=Jean-Pierre GuTSatz,O=Jean-Pierre GuTSatz,POSTALCODE=34510,STREET=8 Rue Diderot,L=Florensac,ST=Heraut,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:32:cb:cd:05:83:5d:fc:f4:f5:3d:a6:df:c4:b9:7b:0b:7d:db:32
Signer

Actual PE Digest

bd:32:cb:cd:05:83:5d:fc:f4:f5:3d:a6:df:c4:b9:7b:0b:7d:db:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZInit
LZClose
LZCopy

comctl32

ord17

kernel32

HeapAlloc
GetProcessHeap
GetLastError
ExitProcess
GetThreadContext
CreateFileA
SetThreadContext
SetFilePointer
lstrlenA
lstrcpynA
SetErrorMode
FreeLibrary
GetCurrentProcess
GlobalLock
WaitForSingleObject
WriteFile
GlobalAlloc
Sleep
CreateProcessA
ReadFile
GlobalUnlock
FlushInstructionCache
GetCommandLineA
GetProcAddress
RemoveDirectoryA
VirtualProtectEx
GlobalFree
GetTempFileNameA
LoadLibraryA
MoveFileA
GetModuleFileNameA
DuplicateHandle
CloseHandle
GetTempPathA
WriteProcessMemory
ResumeThread
DeleteFileA
lstrcpyA
GetModuleHandleA
GetStartupInfoA

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c2116af86cf5b29bc6a7e0377601029

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

76:47:8e:a8:64:43:10:d1:2f:e1:35:1b:e0:c1:c0:faCertificate

Extended Key Usages

Key Usages

bd:32:cb:cd:05:83:5d:fc:f4:f5:3d:a6:df:c4:b9:7b:0b:7d:db:32Signer

Headers

File Characteristics

Imports

lz32

comctl32

kernel32

user32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 6KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

76:47:8e:a8:64:43:10:d1:2f:e1:35:1b:e0:c1:c0:fa
Certificate

bd:32:cb:cd:05:83:5d:fc:f4:f5:3d:a6:df:c4:b9:7b:0b:7d:db:32
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 6KB