397ee9505ae40a2548fa118087d54986_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

397ee9505ae40a2548fa118087d54986_JaffaCakes118
Size

43KB
MD5

397ee9505ae40a2548fa118087d54986
SHA1

8c2fdb68cbfbfeab02c4aa21ecd6815ec829c318
SHA256

d6d09be3731a1f30fdea36264719439024614738fed72908364fc1c1205aa6d8
SHA512

7905e3e9feec7ce1871cea440a53b178ef9a99be4f420da12addf18a27f6c3d310181553bf4335ffbcdf6d777ad713bfe7d446e5ea76ffccfd5eccbdf891d60c
SSDEEP

768:KAshMZ6negq3zoMpguS+xw8ky5qbQssPx3P4yJeaRapMO:K3hMcqDokBXk3kR3PJeaRYMO

Score

1^/10

Malware Config

Signatures

Files

397ee9505ae40a2548fa118087d54986_JaffaCakes118
.exe windows:4 windows x86 arch:x86

93b5201d57470bdee489ff3f4140bac0

Code Sign

41:32:b4:4e:fd:d3:8a:50:bd:ff:3a:42:d1:e2:1e:9f
Certificate

Issuer

CN=Root dddddd

Not Before

10/12/2009, 11:58

Not After

31/12/2039, 23:59

Subject

CN=kol.sdppp,O=y,1.2.840.113549.1.9.1=#130e6b696c77656f66646a662e6f706f

c2:4a:58:7e:90:0f:90:6e:19:c1:1d:d3:2e:5b:48:c4:a8:58:b2:42
Signer

Actual PE Digest

c2:4a:58:7e:90:0f:90:6e:19:c1:1d:d3:2e:5b:48:c4:a8:58:b2:42

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
CreateProcessA
GetModuleFileNameA
GetCurrentProcess
SetThreadContext
ResumeThread
GetThreadContext

advapi32.dll�

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

msvcrt.dll�

malloc
fclose
??3@YAXPAX@Z
fread
fseek
fopen
free

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cw
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CBtrl
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

93b5201d57470bdee489ff3f4140bac0

Code Sign

41:32:b4:4e:fd:d3:8a:50:bd:ff:3a:42:d1:e2:1e:9fCertificate

c2:4a:58:7e:90:0f:90:6e:19:c1:1d:d3:2e:5b:48:c4:a8:58:b2:42Signer

Headers

File Characteristics

Imports

kernel32

advapi32.dll�

msvcrt.dll�

Sections

.text Size: 2KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 16B

.cw Size: 512B - Virtual size: 512B

.CBtrl Size: 35KB - Virtual size: 36KB

41:32:b4:4e:fd:d3:8a:50:bd:ff:3a:42:d1:e2:1e:9f
Certificate

c2:4a:58:7e:90:0f:90:6e:19:c1:1d:d3:2e:5b:48:c4:a8:58:b2:42
Signer

.text
Size: 2KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 16B

.cw
Size: 512B - Virtual size: 512B

.CBtrl
Size: 35KB - Virtual size: 36KB