f169a9c0a6caccd13eb11afa589f4a25_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f169a9c0a6caccd13eb11afa589f4a25_JaffaCakes118
Size

3.6MB
MD5

f169a9c0a6caccd13eb11afa589f4a25
SHA1

9b116c820b50f8ad2ef13a7adeb17a19ef6b9e8f
SHA256

028dfe83396e3f8d37c3510a3b246967661ed2e35444c7bf66c6f4668aa1b6aa
SHA512

b87997fcb2dbe1eaeac8c0b1b2effeb5dc51caecdd079ff85e59a7581c41dbf5111e1ed69762cdae14426b05e50514afbcab36c7efc87fb98fafd87f4c526a1d
SSDEEP

98304:WWxLzx58PyyUSOoVeEPDkIYM5/F4vTRnQ3D7PBG3:WqLzx58Py5

Score

1^/10

Malware Config

Signatures

Files

f169a9c0a6caccd13eb11afa589f4a25_JaffaCakes118
.iso
out.iso
.iso
sampfuncs-4284b8bd-c9fd0.exe
.exe windows:5 windows x86 arch:x86

3dad47ba531a8a9aec741c2bc497a77c

Code Sign

e6:91:b4:89:cb:3b:ae:fc:30:1b:26:6e:38:67:b1:4c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/04/2018, 00:00

Not After

18/04/2021, 23:59

Subject

CN=KC SOFTWARES,OU=KC SOFTWARES,O=KC SOFTWARES,POSTALCODE=31190,STREET=Chemin de traverse du Bouet,L=AUTERIVE,ST=Occitanie,C=FR,2.5.4.18=#13053331313930

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:f8:cc:41:e9:6c:3a:1a:d9:58:fe:26:47:28:93:f5:c6:a6:55:cf:71:12:c3:3c:2d:96:79:52:ae:9c:fd:2d
Signer

Actual PE Digest

cc:f8:cc:41:e9:6c:3a:1a:d9:58:fe:26:47:28:93:f5:c6:a6:55:cf:71:12:c3:3c:2d:96:79:52:ae:9c:fd:2d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
FindNextFileW
FindAtomW
FreeConsole
EnumResourceTypesA
FormatMessageA
FoldStringA
FlushViewOfFile
CreateMutexA
FlushInstructionCache
FindFirstFileW
FindFirstFileA
GetVersion
GetCommandLineA
GetLastError
GetOEMCP
GetACP
FreeLibrary
LoadLibraryW
GetModuleHandleW
ExitProcess
DeviceIoControl
CreateFileA
LCMapStringA
GetStringTypeW
GetStringTypeA
DuplicateHandle
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetCPInfo
WriteFile
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcAddress
GetStartupInfoA
GetModuleHandleA
RtlUnwind
FileTimeToSystemTime
FindAtomA
FileTimeToDosDateTime
VirtualProtect
RemoveDirectoryA
FileTimeToLocalFileTime
GetBinaryTypeA
FreeLibraryAndExitThread
GetBinaryTypeW
FormatMessageW
DisconnectNamedPipe
FlushFileBuffers
GetAtomNameA
EnumSystemCodePagesA
GetAtomNameW
GenerateConsoleCtrlEvent
FlushConsoleInputBuffer
FreeResource
CreateFileMappingA
FoldStringW
OpenProcess
AddAtomW
AddAtomA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
LoadLibraryExW
GetModuleFileNameA
MultiByteToWideChar
GetVersionExA

user32

MessageBoxA
GetSystemMetrics
DestroyIcon
SetCursor
GetSysColor
DefWindowProcA
DlgDirListComboBoxW
GetParent
DefFrameProcA
DialogBoxParamA
LoadStringA
DispatchMessageA
SetWindowLongA
TranslateMessage
DeferWindowPos
DlgDirListW
TrackPopupMenu
DestroyWindow
DialogBoxParamW
GetClassNameA
DestroyCaret
DlgDirSelectComboBoxExA
DlgDirSelectExA
DestroyCursor
IsWindowEnabled
DlgDirListA
DlgDirSelectExW
DispatchMessageW
GetClientRect
DlgDirListComboBoxA
DragDetect
DragObject
GetWindowDC
ReleaseDC
DestroyMenu

advapi32

RegEnumValueW
LookupAccountNameW
CreateServiceA
AddAccessDeniedAce
CopySid
LookupPrivilegeNameA
AddAce
RegDeleteValueW
AreAllAccessesGranted
CreatePrivateObjectSecurity
DestroyPrivateObjectSecurity
RegCreateKeyExA
CreateProcessAsUserW
RegDeleteKeyA
AddAccessAllowedAce
RegEnumValueA
RegCloseKey
EqualSid
CreateRestrictedToken
RegQueryValueExA
InitializeSid
CreateProcessAsUserA
IsValidSid
DeregisterEventSource
DuplicateToken
CreateServiceW
RegQueryValueW
AllocateLocallyUniqueId
ClearEventLogW
OpenEventLogW
RegOpenKeyExW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Pe9929
Size: 16KB - Virtual size: 30.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Qe992a
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dad47ba531a8a9aec741c2bc497a77c

Code Sign

e6:91:b4:89:cb:3b:ae:fc:30:1b:26:6e:38:67:b1:4cCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

cc:f8:cc:41:e9:6c:3a:1a:d9:58:fe:26:47:28:93:f5:c6:a6:55:cf:71:12:c3:3c:2d:96:79:52:ae:9c:fd:2dSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 8KB - Virtual size: 5KB

.Pe9929 Size: 16KB - Virtual size: 30.0MB

.Qe992a Size: 8KB - Virtual size: 4KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

e6:91:b4:89:cb:3b:ae:fc:30:1b:26:6e:38:67:b1:4c
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

cc:f8:cc:41:e9:6c:3a:1a:d9:58:fe:26:47:28:93:f5:c6:a6:55:cf:71:12:c3:3c:2d:96:79:52:ae:9c:fd:2d
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 8KB - Virtual size: 5KB

.Pe9929
Size: 16KB - Virtual size: 30.0MB

.Qe992a
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB