23ed44acc00fd2e788d7c6c5522a5df4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23ed44acc00fd2e788d7c6c5522a5df4_JaffaCakes118
Size

2.1MB
MD5

23ed44acc00fd2e788d7c6c5522a5df4
SHA1

b92bb4a4b32e4281dbd1335cc3164bcbd900a9cc
SHA256

a1aaea05d5f2eab1c0fd33a98b8a31691383a1939fb94a715a8a54e4edea5f4e
SHA512

3df443b1941cf6cdc0eb2444082a5ad135bb6a3052b5110d780623303eef97c8769a5a2014481fdee4b179af076bc32ea7d4962063490535e1571d8b1bce01b3
SSDEEP

49152:cSQ6pF2spI404sBC0e1Ic+zJTfcTXgoML8ka/VH8e2+DK:ccF2p+sw91IH5hosa/Vz2

Score

1^/10

Malware Config

Signatures

Files

23ed44acc00fd2e788d7c6c5522a5df4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e32f3ec4dbc582054beb058be5e2c8c6

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:2b:9b:c1:c8:4a:18:52:32:39:55:95:67:12:a7:30
Certificate

Issuer

CN=GoGetSSL RSA Codesigning CA,O=GoGetSSL,L=Riga,C=LV

Not Before

02/07/2020, 00:00

Not After

02/07/2021, 23:59

Subject

CN=Proektnyj ofis cifrovoj transformacii LLA,O=Proektnyj ofis cifrovoj transformacii LLA,POSTALCODE=620000,STREET=Sverdlovskaja oblast'\, gorod Ekaterinburg\, ulica Geroev Rossii\, dom 2\, pomeshhenie 20,L=Ekaterinburg,ST=Ekaterinburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:6e:54:ff:9f:9c:e0:f8:ea:cb:e7:a0:ab:56:9d:32
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

06/09/2018, 00:00

Not After

05/09/2028, 23:59

Subject

CN=GoGetSSL RSA Codesigning CA,O=GoGetSSL,L=Riga,C=LV

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

15:29:5c:f2:d6:8b:c9:fe:07:7c:da:dd:12:28:a9:26:c8:31:b1:30
Signer

Actual PE Digest

15:29:5c:f2:d6:8b:c9:fe:07:7c:da:dd:12:28:a9:26:c8:31:b1:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILDMACHINE\TESTMACHINE\MODULES\NEWINSTALLERMODULE\Builders\Thread_1\Release\df6a6430f1f41b680b48.pdb

Imports

ole32

OleLockRunning
OleCreate
OleSetContainedObject
StringFromCLSID
OleUninitialize
CoInitializeEx
OleInitialize
CoTaskMemFree
CoCreateGuid

winhttp

WinHttpGetIEProxyConfigForCurrentUser

crypt32

CertGetNameStringW
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyRevocation
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CryptDecodeObjectEx
PFXImportCertStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertAddStoreToCollection
CertOpenSystemStoreW

kernel32

FindClose
UnmapViewOfFile
GetFileAttributesA
CreateFileA
LockResource
GlobalFree
CloseHandle
LoadResource
FindResourceW
CreateFileMappingW
MapViewOfFile
CreateMutexW
CreateProcessW
GetExitCodeProcess
FindFirstFileW
DeleteFileW
GetFileSize
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetVolumeInformationW
GetSystemDirectoryW
LocalFree
GetComputerNameW
GetDiskFreeSpaceExW
QueryPerformanceFrequency
GetProcAddress
GetModuleHandleW
GlobalMemoryStatus
GetSystemWindowsDirectoryW
QueryPerformanceCounter
MulDiv
ExitProcess
GetTempPathW
GetFileAttributesExW
LoadLibraryW
GetLongPathNameW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
WideCharToMultiByte
SetEndOfFile
SetFilePointer
SizeofResource
CreateDirectoryW
RemoveDirectoryW
CreateFileW
GetFileAttributesW
DeleteCriticalSection
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetVersionExA
FindNextFileW
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventW
FreeLibrary
SetLastError
GetConsoleCP
FlushFileBuffers
GetFileType
SetFilePointerEx
GetFileSizeEx
HeapFree
WriteFile
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
InterlockedPushEntrySList
IsValidLocale
RtlUnwind
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetModuleFileNameW
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
TlsFree
TlsSetValue
DecodePointer
RaiseException
CopyFileA
InitializeCriticalSectionAndSpinCount
CreateThread
WaitForSingleObject
GetVersionExW
ReleaseMutex
Sleep
CreateDirectoryA
MultiByteToWideChar
GetConsoleMode
HeapAlloc
GetLastError
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
CreateMutexA
GetTempPathA
FindFirstFileA
GetDateFormatW
GetTimeFormatW
WriteConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapSize
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID

user32

GetWindowLongW
SetWindowLongW
ReleaseDC
GetDC
SetRect
DefWindowProcW
PostQuitMessage
MessageBoxW
EnableMenuItem
BeginPaint
SetActiveWindow
BringWindowToTop
SetFocus
SetForegroundWindow
GetSystemMetrics
SetWindowPos
SetMenu
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
LoadStringW
GetSystemMenu
DestroyWindow
SendMessageW
EndPaint
UpdateWindow

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ConvertSidToStringSidW
LookupAccountNameW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership

shell32

ShellExecuteA

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

shlwapi

PathFileExistsA

wsock32

ioctlsocket
socket
shutdown
setsockopt
sendto
send
recvfrom
recv
listen
getsockopt
ntohl
getpeername
inet_ntoa
connect
closesocket
bind
accept
ntohs
htons
WSACleanup
WSAStartup
WSAGetLastError
select
__WSAFDIsSet
getsockname

ws2_32

getaddrinfo
freeaddrinfo
getnameinfo

gdi32

GetDeviceCaps

Exports

Exports

_Abrwgfiuq@36
_diqjodihqod@12
_dqbquiiqgq@16
_dqhwioqhdoiqdghqiu@12
_dugqyudvbqbkdq@16
_gqgigbuifqiufq@16
_hguiqgdqld@12
_ihdoqhdoiq@12
_iohqobqbqocqoq@4
_jwqdiuqgdiuq@12
_kodioqhdq@16
_mdlqkndoiq@28
_nenvijwbviwq@16
_nlkwqdjqbiduq@16
_qdqohdoqddq@16
_qhdoqdoqdqj@12
_ugiqgdiqbqdd@12
_yeywbelqnlqnf@12

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 638KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e32f3ec4dbc582054beb058be5e2c8c6

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

06:2b:9b:c1:c8:4a:18:52:32:39:55:95:67:12:a7:30Certificate

Extended Key Usages

Key Usages

1a:6e:54:ff:9f:9c:e0:f8:ea:cb:e7:a0:ab:56:9d:32Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

15:29:5c:f2:d6:8b:c9:fe:07:7c:da:dd:12:28:a9:26:c8:31:b1:30Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

winhttp

crypt32

kernel32

user32

advapi32

shell32

oleaut32

shlwapi

wsock32

ws2_32

gdi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 338KB - Virtual size: 338KB

.data Size: 26KB - Virtual size: 38KB

.rsrc Size: 638KB - Virtual size: 637KB

.reloc Size: 67KB - Virtual size: 66KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

06:2b:9b:c1:c8:4a:18:52:32:39:55:95:67:12:a7:30
Certificate

1a:6e:54:ff:9f:9c:e0:f8:ea:cb:e7:a0:ab:56:9d:32
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

15:29:5c:f2:d6:8b:c9:fe:07:7c:da:dd:12:28:a9:26:c8:31:b1:30
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 338KB - Virtual size: 338KB

.data
Size: 26KB - Virtual size: 38KB

.rsrc
Size: 638KB - Virtual size: 637KB

.reloc
Size: 67KB - Virtual size: 66KB