fcc3bb21eece287e7e4138b5a230fba9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fcc3bb21eece287e7e4138b5a230fba9_JaffaCakes118
Size

15KB
MD5

fcc3bb21eece287e7e4138b5a230fba9
SHA1

47db3c05471c874b04dc2995673bdd64e138bc00
SHA256

73a666d9c0076b3e5f790b6323e7b2a37d3885de93535e3226fbf84ad3b4f630
SHA512

24a37a18c40a0bc03966a06b53843fa8169a7aac6602845128ae4eac0ac8e3c9cbc4e8f87d7fd95fbc01da2f75b555feccad2f895a2ad791da6fb6b47f02a8ea
SSDEEP

192:ait7CmOFY1eP4EyncjWOaUK557yRtZSGR6E81x+gteUeD+2jyM7tvmg4IC:XemOFYY0nn+RWGRh81xwUeljjvEf

Score

1^/10

Malware Config

Signatures

Files

fcc3bb21eece287e7e4138b5a230fba9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

414213cfaef62bc3fa9acc38ef124beb

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:5a:38:31:57:ef:c7:cd:26:17:ef:32:f0:a7:ac:b9
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03-11-2009 00:00

Not After

28-10-2011 23:59

Subject

CN=NHN USA Inc.,O=NHN USA Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

e7:c5:a6:07:3c:49:e5:a4:e8:5d:15:fd:32:f2:44:4f:e9:33:01:f4
Signer

Actual PE Digest

e7:c5:a6:07:3c:49:e5:a4:e8:5d:15:fd:32:f2:44:4f:e9:33:01:f4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
CloseHandle
ReadFile
GetFileSize
CreateFileA
WaitForSingleObject
CreateProcessA
GetEnvironmentVariableA
GetWindowsDirectoryA
GetModuleFileNameA

netapi32

NetUserDel

msvcrt

free
strcpy
malloc
strlen
strcat
memset
fclose
fprintf
fopen
sprintf
_initterm
_adjust_fdiv

Exports

Exports

heng
heng_deinit
heng_init

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 771B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

414213cfaef62bc3fa9acc38ef124beb

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

2b:5a:38:31:57:ef:c7:cd:26:17:ef:32:f0:a7:ac:b9Certificate

Extended Key Usages

e7:c5:a6:07:3c:49:e5:a4:e8:5d:15:fd:32:f2:44:4f:e9:33:01:f4Signer

Headers

File Characteristics

Imports

kernel32

netapi32

msvcrt

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 771B

.data Size: 512B - Virtual size: 504B

.reloc Size: 512B - Virtual size: 202B

01
Certificate

0a
Certificate

2b:5a:38:31:57:ef:c7:cd:26:17:ef:32:f0:a7:ac:b9
Certificate

e7:c5:a6:07:3c:49:e5:a4:e8:5d:15:fd:32:f2:44:4f:e9:33:01:f4
Signer

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 771B

.data
Size: 512B - Virtual size: 504B

.reloc
Size: 512B - Virtual size: 202B