2dc6b6376bf53315213f72ce0bf19725_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2dc6b6376bf53315213f72ce0bf19725_JaffaCakes118
Size

4.5MB
MD5

2dc6b6376bf53315213f72ce0bf19725
SHA1

bff0607f81eaec6c533465fd40f0eb077d39e98d
SHA256

aa3148ff4228b544f818cce391d80624dd81f0fb85cbf80c5e01f99f9474f17c
SHA512

ba072a23175c41d8a1b7c74842d09b9161d4cb4d9e0021c667b617cb40353f5f25ea8469581172cc9b7ceb7b10a9da42c1e82943a1df53b2521ea890d0b6a770
SSDEEP

98304:vrDJa6G3LtJB29VDNkUdm7EoepD7ENU4NjKR35OYUTPjM2o1UapukonZULhEBe8w:vHaFkuUdbN8e8i38TnMlUaKnZUVYe8w

Score

1^/10

Malware Config

Signatures

Files

2dc6b6376bf53315213f72ce0bf19725_JaffaCakes118
.exe windows:4 windows x86 arch:x86

efdfa6c221abc8eb289a2bd733431289

Code Sign

14:27:ae:bf:92:2a:10:59:4c:6d:40:ef:d5:d0:82:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13/02/2008, 00:00

Not After

28/06/2009, 23:59

Subject

CN=PartyGaming Services,OU=PRODUCTION ENGINEER GROUP,O=PartyGaming Services,L=Gibraltar,ST=Gibraltar,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
DeleteFileA
WaitForSingleObject
CreateProcessA
CloseHandle
GetLastError
CreateFileA
GetTempFileNameA
GetTempPathA
GetStringTypeA
LCMapStringW
LoadResource
LockResource
WriteFile
SizeofResource
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
GetStringTypeW

user32

wsprintfA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efdfa6c221abc8eb289a2bd733431289

Code Sign

14:27:ae:bf:92:2a:10:59:4c:6d:40:ef:d5:d0:82:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

14:27:ae:bf:92:2a:10:59:4c:6d:40:ef:d5:d0:82:dd
Certificate

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB