f4233030a275747f7d877a783b70786e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f4233030a275747f7d877a783b70786e_JaffaCakes118
Size

991KB
MD5

f4233030a275747f7d877a783b70786e
SHA1

434b241dfbe8f712d00000c24e4cbbaae5ed7b67
SHA256

27094cb748873600fb21148e89ac9a86fab2f17cc0ffad0f44e57ffde474958c
SHA512

59fd48c26168a45e853f76faf5a3529ae1497dd130512fd99c1a7628a28ef5775e034bf007e692ec1b502c1db98b933c46735f592393ffe0fed4e208057004e0
SSDEEP

24576:0Zv+65mJHeo/7h/dez998Yirk3DkjyLLwRtYuOY4C8GQxOCEaPu:g+658eo/7h/Wn8YCk3Ei0RtYs4Pvu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/pokerhackV2.exe

Files

f4233030a275747f7d877a783b70786e_JaffaCakes118
.rar
OBAVEZNO PROCITATI!!!!!!v2.txt
pokerhackV2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pokerhackdataV2.dll
.dll windows:4 windows x86 arch:x86

143221c43a370520e975c7a1fa90a14a

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:ba:71:37:f9:21:80:f6:bc:4c:a2:f8:dd:b3:39:c8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

15-07-2009 00:00

Not After

29-08-2012 23:59

Subject

CN=Beepa Pty Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Beepa Pty Ltd,L=Melbourne,ST=Victoria,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d0:c5:23:73:ac:d6:56:23:d8:d8:12:cf:35:84:92:a2:90:0f:61:b5
Signer

Actual PE Digest

d0:c5:23:73:ac:d6:56:23:d8:d8:12:cf:35:84:92:a2:90:0f:61:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
GetVersionExA
GetSystemDirectoryA
GetCurrentProcessId
MapViewOfFileEx
OpenFileMappingA
DisableThreadLibraryCalls
GetModuleFileNameA
GetSystemInfo
CloseHandle
UnmapViewOfFile
SetEvent
WaitForSingleObject
CreateMutexA
FreeLibrary
LoadLibraryA
GetModuleHandleA
IsBadReadPtr
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
VirtualQuery
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

CallNextHookEx

gdi32

DeleteObject

Exports

Exports

FrapsCount
FrapsFunc
FrapsKey
FrapsProcCALLWND
FrapsProcCBT
FrapsSetup
FrapsSharedData
FrapsVersion

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 4KB - Virtual size: 720B

.reloc Size: 4KB - Virtual size: 12B

143221c43a370520e975c7a1fa90a14a

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:ba:71:37:f9:21:80:f6:bc:4c:a2:f8:dd:b3:39:c8Certificate

Extended Key Usages

Key Usages

d0:c5:23:73:ac:d6:56:23:d8:d8:12:cf:35:84:92:a2:90:0f:61:b5Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 69KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 4KB - Virtual size: 720B

.reloc
Size: 4KB - Virtual size: 12B

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:ba:71:37:f9:21:80:f6:bc:4c:a2:f8:dd:b3:39:c8
Certificate

d0:c5:23:73:ac:d6:56:23:d8:d8:12:cf:35:84:92:a2:90:0f:61:b5
Signer

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 69KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 18KB