3596ba9b6e8903665e2b7c6e0edd82c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3596ba9b6e8903665e2b7c6e0edd82c5_JaffaCakes118
Size

1.2MB
MD5

3596ba9b6e8903665e2b7c6e0edd82c5
SHA1

19058647cc95c7ef3b27a91de197fd2490c79de6
SHA256

0bccabad1d8159344b8671c7fc4388907067d1e6c6705b92a8ce6d9496215356
SHA512

d7249ba265443695fa69aed22bec6ce08352cf4a1a7a8b4387868087b28f5cb87e258b1cc58308dd9da4e345e24db4c24f0bcabc3a359ea7807636e69ec71b58
SSDEEP

24576:jz1BHQ2u8ehROTc4HLMwXXDI7hGUj3hAEN40eVzcWMYbTxCu:j5BwCLc4Z6hGUj5N/eVzcWrJ

Score

1^/10

Malware Config

Signatures

Files

3596ba9b6e8903665e2b7c6e0edd82c5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

85ad4735f82693ca2e7f3af4f9de6e63

Code Sign

69:5a:ea:c4:b6:2e:07:95:42:a3:da:77:a5:8b:25:10
Certificate

Issuer

CN=EJEMXUYX

Not Before

18/01/2019, 23:04

Not After

31/12/2039, 23:59

Subject

CN=EJEMXUYX

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b8:fc:cf:1a:27:90:94:4a:af:30:21:fb:e6:d6:fb:14:53:6b:c4:aa:0e:87:c5:c9:e9:3b:92:de:f0:15:cd:1c
Signer

Actual PE Digest

b8:fc:cf:1a:27:90:94:4a:af:30:21:fb:e6:d6:fb:14:53:6b:c4:aa:0e:87:c5:c9:e9:3b:92:de:f0:15:cd:1c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedExchange
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LocalFree
LocalShrink
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
ReadFile
ReadProcessMemory
RtlUnwind
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesW
HeapCreate
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyW
LoadLibraryW
VirtualAllocEx
HeapAlloc
GetWriteWatch
GetWindowsDirectoryW
GetVersionExW
GetVersionExA
GetTimeZoneInformation
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoA
GetProcessVersion
GetProcessHeap
GetProcAddress
GetPrivateProfileStructW
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetFileType
GetFileSize
GetFileAttributesW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetConsoleCP
GetConsoleAliasesA
GetCommandLineA
GetCPInfo
GetACP
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FlushFileBuffers
ExitProcess
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileW
CreateFileMappingW
CompareStringW
CompareStringA
SetFilePointer
CloseHandle

user32

GetTopWindow
GetKBCodePage
GetKeyState
GetDesktopWindow
GetMessagePos
IsCharUpperW
GetSystemMetrics
CloseDesktop
DestroyWindow
DestroyIcon
GetMenuItemCount
LoadCursorFromFileA
SetWindowWord
GetThreadDesktop
MonitorFromRect
MessageBoxExW
LoadStringA
IsDialogMessageA
IMPGetIMEA
GetMenuItemInfoW
DrawStateA
DrawIcon
DdeDisconnect
DdeCreateDataHandle
DdeCmpStringHandles
ChangeDisplaySettingsExA
ArrangeIconicWindows
GetForegroundWindow
GetAsyncKeyState
CharLowerW
SetDlgItemTextW

gdi32

GetTextAlign
AddFontResourceW
CreateCompatibleDC
GetStockObject
GetROP2
GetTextCharset
WidenPath
GdiFlush
AbortDoc
AnyLinkedFonts
CancelDC
CopyMetaFileA
CreateICA
EngCreatePalette
EngDeleteClip
EngStrokeAndFillPath
GdiAlphaBlend
GdiCreateLocalMetaFilePict
GdiGetLocalDC
GdiReleaseDC
GetClipRgn
GetPath
OffsetClipRgn
OffsetViewportOrgEx
XLATEOBJ_piVector
CreateSolidBrush
GetColorSpace
GetEnhMetaFileW
FillPath
FlattenPath

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
QueryServiceStatusEx
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
OpenProcessToken
LookupPrivilegeValueW
FreeSid
EnumServicesStatusExW
DeleteService
CloseServiceHandle
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
RegQueryValueExA

shell32

CommandLineToArgvW
SHBrowseForFolderW

shlwapi

StrCmpNA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 1004KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85ad4735f82693ca2e7f3af4f9de6e63

Code Sign

69:5a:ea:c4:b6:2e:07:95:42:a3:da:77:a5:8b:25:10Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

b8:fc:cf:1a:27:90:94:4a:af:30:21:fb:e6:d6:fb:14:53:6b:c4:aa:0e:87:c5:c9:e9:3b:92:de:f0:15:cd:1cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 160KB - Virtual size: 1004KB

69:5a:ea:c4:b6:2e:07:95:42:a3:da:77:a5:8b:25:10
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

b8:fc:cf:1a:27:90:94:4a:af:30:21:fb:e6:d6:fb:14:53:6b:c4:aa:0e:87:c5:c9:e9:3b:92:de:f0:15:cd:1c
Signer

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 160KB - Virtual size: 1004KB