e01d1bc1d2afc8ed4790abb0bc27b3c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e01d1bc1d2afc8ed4790abb0bc27b3c2_JaffaCakes118
Size

508KB
MD5

e01d1bc1d2afc8ed4790abb0bc27b3c2
SHA1

42985365c1a454f4af9fc6c2f02f8d3b918e70b5
SHA256

6c5366dc1d4dedc6f86ece8302caf9fb2c67eb2b1cb2a8c6fdcaa3cf5bfc83d9
SHA512

210663b1b07e127564ecb734af4d1648802cfcf0aa44ff7da95239dd950700ba7034a87cb52578fbb6a32fbb0c2129758b489340ae5725e67b73d25a21f18aef
SSDEEP

6144:46HUGeJ80F/cmXhWwCd/2uD43fytgIBfp7Gghdr4G5BRyCgrV8Pt18f2lIA/i4t+:xUVGuRWUk43fFMfxHgG5rmx8PD8f2lmf

Score

1^/10

Malware Config

Signatures

Files

e01d1bc1d2afc8ed4790abb0bc27b3c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f69aa62f440cb6b4a5012a5ed12aece7

Code Sign

01
Certificate

Issuer

CN=Finarea S.A. Switzerland Sysinternals - www.sysinternals.com,O=Mediatronic Pty Ltd Ventis Media Inc.,C=US

Not Before

18/09/2018, 12:16

Not After

18/09/2019, 12:16

Subject

CN=Finarea S.A. Switzerland Sysinternals - www.sysinternals.com,O=Mediatronic Pty Ltd Ventis Media Inc.,C=US

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2f:1f:33:c5:0c:20:9a:7f:81:ed:4c:15:12:10:6a:f5:91:b7:9e:84:8b:15:bf:0c:c5:b5:88:fb:dc:5d:66:94
Signer

Actual PE Digest

2f:1f:33:c5:0c:20:9a:7f:81:ed:4c:15:12:10:6a:f5:91:b7:9e:84:8b:15:bf:0c:c5:b5:88:fb:dc:5d:66:94

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaCyMul
__vbaStrVarMove
__vbaFreeVarList
ord697
_adj_fdiv_m64
ord698
_adj_fprem1
ord519
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaR4Str
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
ord678
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
ord710
__vbaExceptHandler
__vbaStrToUnicode
ord713
_adj_fprem
_adj_fdivr_m64
ord609
__vbaFPException
__vbaVarCat
__vbaDateVar
ord537
_CIlog
__vbaErrorOverflow
ord646
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord575
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
ord610
__vbaVarDup
__vbaStrToAnsi
_CIatan
__vbaStrMove
ord540
ord542
_allmul
ord544
_CItan
ord546
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 480KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f69aa62f440cb6b4a5012a5ed12aece7

Code Sign

01Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

2f:1f:33:c5:0c:20:9a:7f:81:ed:4c:15:12:10:6a:f5:91:b7:9e:84:8b:15:bf:0c:c5:b5:88:fb:dc:5d:66:94Signer

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 480KB - Virtual size: 478KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 13KB

01
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

2f:1f:33:c5:0c:20:9a:7f:81:ed:4c:15:12:10:6a:f5:91:b7:9e:84:8b:15:bf:0c:c5:b5:88:fb:dc:5d:66:94
Signer

.text
Size: 480KB - Virtual size: 478KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 13KB