2816e5e1efa636ba099a3c08273e17de_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2816e5e1efa636ba099a3c08273e17de_JaffaCakes118
Size

29.7MB
MD5

2816e5e1efa636ba099a3c08273e17de
SHA1

92aec82a13ffc4a823de3fccfa7447aabba2b676
SHA256

2dde4ce08c509b9dd41dd19f413ff53fc6b9c56ce807e446a52ac9207c171ecc
SHA512

e8b52a74da4c3032fd4415ce0f4e003f97870fbdfe1ce6019d51cf7f99ac89579e97e12fd32a0666229f5129b7a41a7be5af4c79c08e74a72f8acd9fef4c2c24
SSDEEP

786432:RRFHT/4TQ37gL9VmDgFlYN3bEQx1SereQ08:t6QrgfciWNrEQxUnQ08

Score

1^/10

Malware Config

Signatures

Files

2816e5e1efa636ba099a3c08273e17de_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1e8e44e203357bbc7b001b2c4a607d69

Code Sign

4d:c2:2c:db:b4:a1:51:7d:95:99:a8:6e:19:2f:d5:98
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/01/2019, 00:00

Not After

07/01/2022, 23:59

Subject

CN=gamigo AG,O=gamigo AG,POSTALCODE=22265,STREET=Behringstr. 16b,L=Hamburg,ST=Hamburg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b8:e8:14:fd:60:98:ab:52:c2:f1:c9:cd:87:95:17:0d:5d:6d:19:f8:51:10:4d:d4:88:3f:55:d5:dc:ba:fc:1f
Signer

Actual PE Digest

b8:e8:14:fd:60:98:ab:52:c2:f1:c9:cd:87:95:17:0d:5d:6d:19:f8:51:10:4d:d4:88:3f:55:d5:dc:ba:fc:1f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
FreeSid
RegEnumValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
AddAccessAllowedAce
RegSetKeySecurity
SetFileSecurityA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_LoadImageA

gdiplus

GdipDrawImageRectRectI
GdipGetPenFillType
GdipGetPenBrushFill
GdipCreatePen1
GdipFillRectangleI
GdipDeletePen
GdipBitmapGetPixel
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipCreateSolidFill
GdipCloneBrush
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipDeleteBrush
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateFromHDC
GdipCreateBitmapFromGraphics
GdipGetImageGraphicsContext
GdipDrawImagePointRectI
GdipDeleteGraphics
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipFree
GdipAlloc

kernel32

ReadFile
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
HeapReAlloc
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
GetSystemTimeAsFileTime
GetLastError
GetModuleFileNameA
Sleep
FreeResource
SetThreadLocale
SizeofResource
MulDiv
GetLocaleInfoA
GetThreadLocale
GetSystemDirectoryA
GetWindowsDirectoryA
GetCurrentDirectoryA
FindClose
FindFirstFileA
FindNextFileA
LocalFree
FreeLibrary
LoadLibraryExA
LockResource
LoadResource
FindResourceA
DeleteFileA
FreeEnvironmentStringsA
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetVersionExA
FlushInstructionCache
GetLocalTime
GetModuleHandleA
CloseHandle
SetFileTime
WriteFile
SetEndOfFile
SetFilePointer
GetFileAttributesA
GetTempFileNameA
CompareFileTime
GetFileInformationByHandle
CreateFileA
CopyFileA
MoveFileA
SetFileAttributesA
GetFullPathNameA
RemoveDirectoryA
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetShortPathNameA
WaitForSingleObject
lstrlenA
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
CreateDirectoryA
GetUserDefaultLangID
OpenProcess
WideCharToMultiByte
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
GlobalMemoryStatus
GetDiskFreeSpaceA
ResumeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
ExitProcess
GetModuleHandleW
HeapFree
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
DeleteCriticalSection
InterlockedExchange
InterlockedDecrement
GetProcessHeap
InterlockedIncrement
FlushViewOfFile
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTickCount

user32

AdjustWindowRectEx
GetFocus
WaitForInputIdle
GetWindowThreadProcessId
FindWindowA
SendMessageW
SetCursor
TrackMouseEvent
SetWindowRgn
PostQuitMessage
MoveWindow
ReleaseCapture
LoadIconA
DrawFrameControl
GetWindowTextLengthA
GetWindowTextA
DrawTextA
DrawFocusRect
EndPaint
DefWindowProcA
GetParent
CreateWindowExA
SetWindowTextA
SetWindowPos
GetWindowLongA
SetWindowLongA
DestroyWindow
UnregisterClassA
LoadCursorA
RegisterClassExA
ExitWindowsEx
GetDlgItemTextA
GetWindowRect
MapWindowPoints
GetClassNameA
PostMessageA
IsDialogMessageA
GetWindow
CreateDialogParamA
DispatchMessageA
GetMessageA
PeekMessageA
GetSystemMetrics
ReleaseDC
SetFocus
InvalidateRect
BeginPaint
SetCapture
SetDlgItemTextA
SendMessageA
GetClientRect
GetDlgItem
ShowWindow
CheckDlgButton
SendDlgItemMessageA
IsWindow
GetDC
MessageBoxA
GetWindowDC
IsDlgButtonChecked

gdi32

CreateCompatibleBitmap
DeleteObject
GetStockObject
SelectObject
ExtTextOutA
SetBkMode
SetBkColor
SetTextColor
TextOutA
SetTextAlign
DeleteDC
BitBlt
CreateCompatibleDC
CombineRgn
CreateRectRgn
GetDeviceCaps
SetDIBits
CreateFontA

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
ord680
ShellExecuteExA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
VariantInit

Sections

.text
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 867KB - Virtual size: 866KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e8e44e203357bbc7b001b2c4a607d69

Code Sign

4d:c2:2c:db:b4:a1:51:7d:95:99:a8:6e:19:2f:d5:98Certificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

b8:e8:14:fd:60:98:ab:52:c2:f1:c9:cd:87:95:17:0d:5d:6d:19:f8:51:10:4d:d4:88:3f:55:d5:dc:ba:fc:1fSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

version

comctl32

gdiplus

kernel32

user32

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 481KB - Virtual size: 481KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 14KB - Virtual size: 24KB

.rsrc Size: 867KB - Virtual size: 866KB

4d:c2:2c:db:b4:a1:51:7d:95:99:a8:6e:19:2f:d5:98
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

b8:e8:14:fd:60:98:ab:52:c2:f1:c9:cd:87:95:17:0d:5d:6d:19:f8:51:10:4d:d4:88:3f:55:d5:dc:ba:fc:1f
Signer

.text
Size: 481KB - Virtual size: 481KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 14KB - Virtual size: 24KB

.rsrc
Size: 867KB - Virtual size: 866KB