ea5dbfee033edb469af270f7641482d3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea5dbfee033edb469af270f7641482d3_JaffaCakes118
Size

16KB
MD5

ea5dbfee033edb469af270f7641482d3
SHA1

a79d1445edd9bf2aaf82fdcc20aa78707fd1460c
SHA256

520bc548587e04a2fb08eda33d558cd70e65339637b35d15c5b0c92a776230ba
SHA512

349ae073faff03664fb50c9d15b9237df20a7fd022e99e3aba65abdd4bfc75c8d5a157d2e615e44ddabd72c95f30b694915d0de4fd67e28c6741e387fc327b23
SSDEEP

384:PndGOuFcGcx2eJNYrH0iQf3rWeBmOAKqiozbeOZ9Tl:PdocXIB0iI3ae8OAK4iOZf

Score

1^/10

Malware Config

Signatures

Files

ea5dbfee033edb469af270f7641482d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

7e:8e:d5:9a:b3:2f:d5:44:ba:ba:a8:fc:5c:cc:22:e7
Certificate

Issuer

CN=Thawte Code Signing CA

Not Before

16/05/2010, 10:55

Not After

31/12/2039, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd

91:f5:1b:27:e8:cd:b2:0d:2c:df:b0:35:d7:5c:f3:83:ea:fb:3f:f8
Signer

Actual PE Digest

91:f5:1b:27:e8:cd:b2:0d:2c:df:b0:35:d7:5c:f3:83:ea:fb:3f:f8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE