b7a1fd96f9ed1d45bf29788be82634f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7a1fd96f9ed1d45bf29788be82634f5_JaffaCakes118
Size

122KB
MD5

b7a1fd96f9ed1d45bf29788be82634f5
SHA1

9078115074329eded4ceef415410ef2a11f40029
SHA256

ca53e66e9a8e208fff6a1c07576899014613bbb4a9ba43a38fb9124257da2df5
SHA512

994e15d60ae2fc88f066dbc2c929a9b6db60a3930d252d409e349b7315a86194e401da997a630bd3a32a3b1c69c4da35a855bfcc72bb01659aa988ce92e5a377
SSDEEP

3072:OvPykv9oQFyB3pPexvTbT86FtsSDfrRCp/H:K3oQFC3Zexg6FtsSfrI9H

Score

1^/10

Malware Config

Signatures

Files

b7a1fd96f9ed1d45bf29788be82634f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d221b1dc8c3a08622f6512e7876527c8

Code Sign

5a:e2:20:54:8a:a6:bd:f7:10:19:02:7b:fd:8d:8c:a1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

31/08/2010, 00:00

Not After

30/08/2011, 23:59

Subject

CN=VintaSoft Ltd,O=VintaSoft Ltd,L=Rostov-on-Don,ST=Rostov-on-Don,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6c:6a:97:57:d4:c9:38:69:51:f4:d5:f1:1b:1c:4b:44:d7:1f:c5
Signer

Actual PE Digest

64:6c:6a:97:57:d4:c9:38:69:51:f4:d5:f1:1b:1c:4b:44:d7:1f:c5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateDirectoryA
lstrcpyA
CreateFileA
GetFileAttributesA
lstrlenA
GetTempPathA
lstrcmpA
lstrcatA
ExitProcess
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetFileSize
GetLastError
CreateMutexA
GetModuleFileNameA
VirtualAlloc
VirtualFree
GetStartupInfoA

user32

MessageBoxA
wsprintfA

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gentee
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d221b1dc8c3a08622f6512e7876527c8

Code Sign

5a:e2:20:54:8a:a6:bd:f7:10:19:02:7b:fd:8d:8c:a1Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

64:6c:6a:97:57:d4:c9:38:69:51:f4:d5:f1:1b:1c:4b:44:d7:1f:c5Signer

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 1KB

.gentee Size: 64KB - Virtual size: 60KB

.rsrc Size: 40KB - Virtual size: 37KB

5a:e2:20:54:8a:a6:bd:f7:10:19:02:7b:fd:8d:8c:a1
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

64:6c:6a:97:57:d4:c9:38:69:51:f4:d5:f1:1b:1c:4b:44:d7:1f:c5
Signer

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 1KB

.gentee
Size: 64KB - Virtual size: 60KB

.rsrc
Size: 40KB - Virtual size: 37KB