309dd8eedaf63a4d933b1a58f983f6bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

309dd8eedaf63a4d933b1a58f983f6bd_JaffaCakes118
Size

59KB
MD5

309dd8eedaf63a4d933b1a58f983f6bd
SHA1

34c13dbe74c57be8c76364792183213f772b34a5
SHA256

5db0c2496c58dab1f71b4018174e2bdbda8a797845d920997233fa56153cea49
SHA512

d4b7d4ab266c0d045d3ac10666da5101fd96bef2e5d5c3cae54acb9c2d1f7c17deb1c7253e040f6e127dadb011652288cb079e3f03a6cc08bdfe513fd7d7400e
SSDEEP

1536:i/cZC2374LQvaubTm7f1Ws5Y/O6dbaDksI/:iUZC67UQhbTmRWSYWSbaXI/

Score

1^/10

Malware Config

Signatures

Files

309dd8eedaf63a4d933b1a58f983f6bd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

93b5201d57470bdee489ff3f4140bac0

Code Sign

41:32:b4:4e:fd:d3:8a:50:bd:ff:3a:42:d1:e2:1e:9f
Certificate

Issuer

CN=Root dddddd

Not Before

10/12/2009, 11:58

Not After

31/12/2039, 23:59

Subject

CN=kol.sdppp,O=y,1.2.840.113549.1.9.1=#130e6b696c77656f66646a662e6f706f

03:09:c9:19:b6:39:9c:e6:a7:a3:b9:33:55:e6:96:2c:4b:b0:48:50
Signer

Actual PE Digest

03:09:c9:19:b6:39:9c:e6:a7:a3:b9:33:55:e6:96:2c:4b:b0:48:50

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
CreateProcessA
GetModuleFileNameA
GetCurrentProcess
SetThreadContext
ResumeThread
GetThreadContext

advapi32.dll�

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

msvcrt.dll�

malloc
fclose
??3@YAXPAX@Z
fread
fseek
fopen
free

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cw
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CBtrl
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shasd
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93b5201d57470bdee489ff3f4140bac0

Code Sign

41:32:b4:4e:fd:d3:8a:50:bd:ff:3a:42:d1:e2:1e:9fCertificate

03:09:c9:19:b6:39:9c:e6:a7:a3:b9:33:55:e6:96:2c:4b:b0:48:50Signer

Headers

File Characteristics

Imports

kernel32

advapi32.dll�

msvcrt.dll�

Sections

.text Size: 2KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 16B

.cw Size: 512B - Virtual size: 512B

.CBtrl Size: 50KB - Virtual size: 52KB

.shasd Size: 512B - Virtual size: 44B

41:32:b4:4e:fd:d3:8a:50:bd:ff:3a:42:d1:e2:1e:9f
Certificate

03:09:c9:19:b6:39:9c:e6:a7:a3:b9:33:55:e6:96:2c:4b:b0:48:50
Signer

.text
Size: 2KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 16B

.cw
Size: 512B - Virtual size: 512B

.CBtrl
Size: 50KB - Virtual size: 52KB

.shasd
Size: 512B - Virtual size: 44B