fae8a465cc5a2aa5b436947559f62937_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fae8a465cc5a2aa5b436947559f62937_JaffaCakes118
Size

1.8MB
MD5

fae8a465cc5a2aa5b436947559f62937
SHA1

d3fa9043dd15df440f33be3e18891f122d397094
SHA256

862a3ffe3832e057fd53dbf89cf02d90bbbceb522dba7e81bf71ee16fd648b3d
SHA512

49a701109f07dfda38231a9dab544506bf6292849a3913815c476cbf0543b2b2f94d6bb022758f6f17c7502e4102f3ccfd1b0a7d083a8e9e3d919417a2f31260
SSDEEP

49152:SAbCfOjPWceAFAlq9AESdfJuVzpo8cEaL3dUnFJ6lNEb:SJltfuzt8CFJjb

Score

1^/10

Malware Config

Signatures

Files

fae8a465cc5a2aa5b436947559f62937_JaffaCakes118
.exe windows:6 windows x64 arch:x64

c0c518766d34c2508d0107e2f0f26b60

Code Sign

47:d5:29:f4:40:91:b5:18:5e:6f:ab:9d:30:34:f0:df
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14-05-2021 00:00

Not After

13-05-2024 23:59

Subject

SERIALNUMBER=2370477,CN=TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL),O=TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL),L=Paranaque City,C=PH,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025048

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:d5:29:f4:40:91:b5:18:5e:6f:ab:9d:30:34:f0:df
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14-05-2021 00:00

Not After

13-05-2024 23:59

Subject

SERIALNUMBER=2370477,CN=TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL),O=TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL),L=Paranaque City,C=PH,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025048

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f7:65:06:57:52:04:15:05:1c:ef:aa:64:02:e5:1f:17:f9:c8:31:39:fb:2c:35:80:05:3e:11:6e:f3:a4:6e:4c
Signer

Actual PE Digest

f7:65:06:57:52:04:15:05:1c:ef:aa:64:02:e5:1f:17:f9:c8:31:39:fb:2c:35:80:05:3e:11:6e:f3:a4:6e:4c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\f\save\bin\client\master\five\release\dbg\CitizenFX_SubProcess_game_mtl.pdb

Imports

kernel32

GetLastError
AddVectoredExceptionHandler
GetCurrentProcessId
ExitProcess
GetStartupInfoW
VirtualProtect
CreateFileMappingW
MapViewOfFile
GetModuleFileNameW
GetModuleHandleW
LoadLibraryA
K32EnumProcessModules
CreateDirectoryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
CreateMutexW
OpenMutexW
CreateThread
GetCurrentThread
GetCurrentThreadId
GetSystemTime
GetTickCount64
LocalFree
SystemTimeToFileTime
VerSetConditionMask
CloseHandle
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
GetFileAttributesW
RtlAddFunctionTable
GetModuleFileNameA
DeleteFileW
GetFullPathNameW
CreateProcessW
GetSystemTimeAsFileTime
CopyFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEvent
WaitForSingleObject
CreateEventW
GetExitCodeProcess
OpenProcess
GetSystemDirectoryW
IsProcessInJob
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetPrivateProfileIntW
SetDllDirectoryW
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
CreateFileW
GetCommandLineW
LoadLibraryW
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetProcAddress
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetFileAttributesExW
VerifyVersionInfoW
GetOEMCP
GetACP
HeapReAlloc
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileSizeEx
GetConsoleCP
HeapAlloc
ReadConsoleW
GetConsoleMode
HeapFree
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
WriteConsoleW
GetPrivateProfileStringW
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
WriteFile
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
ResetEvent
WaitForMultipleObjects
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreW
GetProcessId
VirtualQueryEx
FormatMessageA
WideCharToMultiByte
CreateEventA
WaitForSingleObjectEx
FoldStringW
LCMapStringW
CompareStringW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetLocaleInfoA
EnumSystemLocalesA
MultiByteToWideChar
IsValidCodePage
IsDBCSLeadByteEx
GetStdHandle
GetFileType
FindFirstFileExW
GetFileInformationByHandle
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
SetLastError
MoveFileExW
GetExitCodeThread
GetStringTypeW
EncodePointer
DecodePointer
QueryPerformanceCounter
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
RaiseException
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
GetModuleHandleExW
ReadFile
ExitThread
GetDriveTypeW
PeekNamedPipe
RtlUnwind

user32

FindWindowW
MessageBoxW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW

advapi32

RegGetValueW
GetTokenInformation
OpenProcessToken
RegSetKeyValueW

shell32

CommandLineToArgvW
SetCurrentProcessExplicitAppUserModelID
SHSetLocalizedName
ord709

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

AmdPowerXpressRequestHighPerformance
AsyncTrace
BeforeTerminateHandler
DllCanUnloadNow
EarlyInitializeExceptionHandler
GetErrorData
InitializeExceptionHandler
NvOptimusEnablement
RemoteExceptionFunc
TerminateForException
free
malloc
realloc

Sections

.cdummy
Size: - Virtual size: 47.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cld
Size: 23KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clr
Size: 301KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zdata
Size: 1005KB - Virtual size: 1008KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.unwind
Size: 213KB - Virtual size: 216KB

IMAGE_SCN_MEM_READ

.rd_pef
Size: 202KB - Virtual size: 204KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0c518766d34c2508d0107e2f0f26b60

Code Sign

47:d5:29:f4:40:91:b5:18:5e:6f:ab:9d:30:34:f0:dfCertificate

Extended Key Usages

Key Usages

47:d5:29:f4:40:91:b5:18:5e:6f:ab:9d:30:34:f0:dfCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

f7:65:06:57:52:04:15:05:1c:ef:aa:64:02:e5:1f:17:f9:c8:31:39:fb:2c:35:80:05:3e:11:6e:f3:a4:6e:4cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ntdll

version

Exports

Exports

Sections

.cdummy Size: - Virtual size: 47.1MB

.pdata Size: 39KB - Virtual size: 40KB

_RDATA Size: 512B - Virtual size: 4KB

.cld Size: 23KB - Virtual size: 144KB

.clr Size: 301KB - Virtual size: 304KB

.zdata Size: 1005KB - Virtual size: 1008KB

.rsrc Size: 79KB - Virtual size: 80KB

.unwind Size: 213KB - Virtual size: 216KB

.rd_pef Size: 202KB - Virtual size: 204KB

47:d5:29:f4:40:91:b5:18:5e:6f:ab:9d:30:34:f0:df
Certificate

47:d5:29:f4:40:91:b5:18:5e:6f:ab:9d:30:34:f0:df
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

f7:65:06:57:52:04:15:05:1c:ef:aa:64:02:e5:1f:17:f9:c8:31:39:fb:2c:35:80:05:3e:11:6e:f3:a4:6e:4c
Signer

.cdummy
Size: - Virtual size: 47.1MB

.pdata
Size: 39KB - Virtual size: 40KB

_RDATA
Size: 512B - Virtual size: 4KB

.cld
Size: 23KB - Virtual size: 144KB

.clr
Size: 301KB - Virtual size: 304KB

.zdata
Size: 1005KB - Virtual size: 1008KB

.rsrc
Size: 79KB - Virtual size: 80KB

.unwind
Size: 213KB - Virtual size: 216KB

.rd_pef
Size: 202KB - Virtual size: 204KB