04cafedd64194a593f210b409d04844d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

04cafedd64194a593f210b409d04844d_JaffaCakes118
Size

1.4MB
MD5

04cafedd64194a593f210b409d04844d
SHA1

5bb015692ad6bf8cac450c264fb9c754012265b9
SHA256

a5388ffee5b8dc422ed166a44d273f3c6be76db2d11f0f29fa99adbd1322c1d8
SHA512

d562b612802aae12c00a300017a3ae5b967b321c34a92840ebedc15788b165453e4ff76a645ad0a09bc266dbe4773f528c195b06ae1378a822da623fb4ed0494
SSDEEP

12288:8ZaQfL1k3zmpVqt2k+kG7t2ZYkWEhkTl+igHs02lRjE0SST27r4PYDb5iSA6ief:YaQ+3zk+2V77kKTlbwsh3/ywADQSPief

Score

1^/10

Malware Config

Signatures

Files

04cafedd64194a593f210b409d04844d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

136f0dbada6bb4a05762d95693589abf

Code Sign

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60
Certificate

Issuer

CN=TRWKDEDCHIQLRULBSO

Not Before

22-08-2019 19:34

Not After

31-12-2039 23:59

Subject

CN=TRWKDEDCHIQLRULBSO

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07:71:9c:88:3b:fc:56:28:51:91:e7:22:98:02:52:be:76:7d:bc:9a
Signer

Actual PE Digest

07:71:9c:88:3b:fc:56:28:51:91:e7:22:98:02:52:be:76:7d:bc:9a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GetVolumeInformationW
GlobalAlloc
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetErrorMode
SetFilePointer
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
lstrcmpiW
lstrcpynW
lstrlenW
VirtualAlloc
LoadLibraryA
GetDriveTypeW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapSize
RtlUnwind
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
HeapFree
VirtualFree
HeapCreate
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
FreeLibrary
ExitProcess
CreateFileW
CopyFileW
CloseHandle
InterlockedDecrement
SetLastError
InterlockedIncrement
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

LoadIconA
TrackPopupMenu
SetMenuDefaultItem
SetForegroundWindow
SendMessageW
RegisterWindowMessageW
RegisterClassW
PostQuitMessage
MessageBoxW
LoadStringW
LoadImageW
IsWindow
InsertMenuItemW
GetWindowTextW
GetWindow
GetMessageW
GetCursorPos
GetClassNameW
GetAsyncKeyState
FindWindowW
EnumWindows
EnableMenuItem
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DefWindowProcW
CreateWindowExW
CreatePopupMenu
CharPrevW
CharNextW
ShowWindow

gdi32

PathToRegion
GetStockObject

advapi32

RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExA

shlwapi

StrToIntW
PathFileExistsW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 743KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

136f0dbada6bb4a05762d95693589abf

Code Sign

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60Certificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

07:71:9c:88:3b:fc:56:28:51:91:e7:22:98:02:52:be:76:7d:bc:9aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 80KB - Virtual size: 743KB

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

07:71:9c:88:3b:fc:56:28:51:91:e7:22:98:02:52:be:76:7d:bc:9a
Signer

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 80KB - Virtual size: 743KB