fd26e32b1bf02dc23d6f3b1f918e3509a139d02626aac37515196b9befdf13dd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd26e32b1bf02dc23d6f3b1f918e3509a139d02626aac37515196b9befdf13dd_JaffaCakes118
Size

3.0MB
MD5

4f6b78b731d41e8242b7892677f251b1
SHA1

742ff39e4c793028505597cd047b5e8503257c7b
SHA256

fd26e32b1bf02dc23d6f3b1f918e3509a139d02626aac37515196b9befdf13dd
SHA512

8e108bfbeeb4b3919bd01fc5d8c20f6b384a8174cb8b0621918b20ef4f7c5c32387520ba8c22a254acf51e6e63882f5238ee1e7718a966287d6b137a7c11ce81
SSDEEP

98304:QO7doJp9rYGzxWzvbFMDp6tfYGAMNUAcX7nn:Qk23YGzuMDMqAcrn

Score

1^/10

Malware Config

Signatures

Files

fd26e32b1bf02dc23d6f3b1f918e3509a139d02626aac37515196b9befdf13dd_JaffaCakes118
.exe windows:6 windows x86 arch:x86

3b4ca2c67d6b571d34aa248f15ad031c

Code Sign

25:b4:17:3e:81:f2:80:90:48:41:51:5c:02:31:8e:27
Certificate

Issuer

CN=▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶

Not Before

23/12/2023, 12:15

Not After

24/12/2033, 12:15

Subject

CN=▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶▵¾/–“6¾▶▶

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:34:19:3d:a9:61:6f:f6:5d:09:7e:98:81:84:27:9b:aa:fa:c9:2c:51:47:11:00:b6:49:ea:96:35:b3:f3:fc
Signer

Actual PE Digest

07:34:19:3d:a9:61:6f:f6:5d:09:7e:98:81:84:27:9b:aa:fa:c9:2c:51:47:11:00:b6:49:ea:96:35:b3:f3:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetSystemMetrics

gdi32

CreateCompatibleBitmap

advapi32

CredEnumerateA

shell32

ShellExecuteA

ole32

CoInitializeEx

ws2_32

getaddrinfo

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdiplusStartup

setupapi

SetupDiEnumDeviceInterfaces

ntdll

RtlUnicodeStringToAnsiString

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp=�
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp=�
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp=�
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b4ca2c67d6b571d34aa248f15ad031c

Code Sign

25:b4:17:3e:81:f2:80:90:48:41:51:5c:02:31:8e:27Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

07:34:19:3d:a9:61:6f:f6:5d:09:7e:98:81:84:27:9b:aa:fa:c9:2c:51:47:11:00:b6:49:ea:96:35:b3:f3:fcSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

crypt32

shlwapi

gdiplus

setupapi

ntdll

Sections

.text Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 167KB

.data Size: - Virtual size: 13KB

.vmp=� Size: - Virtual size: 1.1MB

.vmp=� Size: 1KB - Virtual size: 1KB

.vmp=� Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 146KB - Virtual size: 148KB

25:b4:17:3e:81:f2:80:90:48:41:51:5c:02:31:8e:27
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

07:34:19:3d:a9:61:6f:f6:5d:09:7e:98:81:84:27:9b:aa:fa:c9:2c:51:47:11:00:b6:49:ea:96:35:b3:f3:fc
Signer

.text
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 167KB

.data
Size: - Virtual size: 13KB

.vmp=�
Size: - Virtual size: 1.1MB

.vmp=�
Size: 1KB - Virtual size: 1KB

.vmp=�
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 146KB - Virtual size: 148KB