c9d9eee64d6d52c0ddbd0bc00821878d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c9d9eee64d6d52c0ddbd0bc00821878d_JaffaCakes118
Size

837KB
MD5

c9d9eee64d6d52c0ddbd0bc00821878d
SHA1

548ddd87178d31b05eb8d2fb02383d916fe9f442
SHA256

2e942fb4bd735500c9dc8c294e1acbeb7fff5c8ccbd533af468d1bc8f5cb48ac
SHA512

453b95c117590ac68f33f660f01076faa5e915558d7599070d4cd56cddf532e904c778c0a004d5e018115c4cf6324e29691102e9a7a86397638467405742942f
SSDEEP

24576:XWYJJKNaqTsB7xS64Z7MkJoEEywLC5s5KyQmpX5q38OghX:XWYJkTIS64Z7Tx55GS38O4

Score

1^/10

Malware Config

Signatures

Files

c9d9eee64d6d52c0ddbd0bc00821878d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

71fbe3c598de29fddab33a914b98b82a

Code Sign

da:e6:e6:78:b8:d8:4c:e3:75:e6:9e:61:63:36:84:98
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-03-2021 00:00

Not After

11-03-2022 23:59

Subject

CN=Zhuhai Yuanze Consulting Co.\, Ltd.,O=Zhuhai Yuanze Consulting Co.\, Ltd.,POSTALCODE=519000,STREET=Room 105\, No.6\, Baohua Road\, Hengqin New District,L=ZhuHai,ST=Guangdong Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:e6:e6:78:b8:d8:4c:e3:75:e6:9e:61:63:36:84:98
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-03-2021 00:00

Not After

11-03-2022 23:59

Subject

CN=Zhuhai Yuanze Consulting Co.\, Ltd.,O=Zhuhai Yuanze Consulting Co.\, Ltd.,POSTALCODE=519000,STREET=Room 105\, No.6\, Baohua Road\, Hengqin New District,L=ZhuHai,ST=Guangdong Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:fe:56:96:27:64:8f:6e:a4:8b:6a:96:f2:6d:79:c1:22:93:23:0a:65:e9:ed:72:03:0b:41:e7:45:0c:26:62
Signer

Actual PE Digest

68:fe:56:96:27:64:8f:6e:a4:8b:6a:96:f2:6d:79:c1:22:93:23:0a:65:e9:ed:72:03:0b:41:e7:45:0c:26:62

Digest Algorithm

sha256

PE Digest Matches

true

03:d4:2e:76:14:db:c6:74:78:26:69:ff:9c:e1:27:45:0e:ab:2c:e3
Signer

Actual PE Digest

03:d4:2e:76:14:db:c6:74:78:26:69:ff:9c:e1:27:45:0e:ab:2c:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
DeleteFileA
ExitProcess
GetEnvironmentVariableW
SetPriorityClass
GetCurrentProcess
GetCurrentThread
WriteFile
GetModuleFileNameW
SetThreadPriority
SetLastError
lstrcatW
GetShortPathNameW
lstrcpyW
InterlockedIncrement
InterlockedDecrement
Sleep
CreateFileA
CloseHandle
LoadLibraryA
GetFileAttributesA
GetCurrentThreadId
GetModuleFileNameA
WideCharToMultiByte
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExA
GetLastError
MultiByteToWideChar
lstrcatA
CreateFileW
LoadLibraryW
GetWindowsDirectoryA
GetComputerNameA
GetModuleHandleA
GetSystemInfo
ReadFile
GetProcAddress
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

wsprintfW

advapi32

RegFlushKey
OpenSCManagerA
StartServiceA
OpenServiceW
CloseServiceHandle
CreateServiceW
RegCloseKey
RegOpenKeyW
RegCreateKeyExW
RegSetValueExA
RegSetValueExW

shell32

ShellExecuteExW
SHGetFolderPathW
SHChangeNotify

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

netapi32

Netbios

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rc1
Size: 649KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71fbe3c598de29fddab33a914b98b82a

Code Sign

da:e6:e6:78:b8:d8:4c:e3:75:e6:9e:61:63:36:84:98Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

da:e6:e6:78:b8:d8:4c:e3:75:e6:9e:61:63:36:84:98Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

68:fe:56:96:27:64:8f:6e:a4:8b:6a:96:f2:6d:79:c1:22:93:23:0a:65:e9:ed:72:03:0b:41:e7:45:0c:26:62Signer

03:d4:2e:76:14:db:c6:74:78:26:69:ff:9c:e1:27:45:0e:ab:2c:e3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

urlmon

netapi32

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 9KB - Virtual size: 8KB

.rc1 Size: 649KB - Virtual size: 652KB

da:e6:e6:78:b8:d8:4c:e3:75:e6:9e:61:63:36:84:98
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

da:e6:e6:78:b8:d8:4c:e3:75:e6:9e:61:63:36:84:98
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

68:fe:56:96:27:64:8f:6e:a4:8b:6a:96:f2:6d:79:c1:22:93:23:0a:65:e9:ed:72:03:0b:41:e7:45:0c:26:62
Signer

03:d4:2e:76:14:db:c6:74:78:26:69:ff:9c:e1:27:45:0e:ab:2c:e3
Signer

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 9KB - Virtual size: 8KB

.rc1
Size: 649KB - Virtual size: 652KB