4d1a7b4b0c74e513c475f551fc19fdbb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4d1a7b4b0c74e513c475f551fc19fdbb_JaffaCakes118
Size

4.0MB
MD5

4d1a7b4b0c74e513c475f551fc19fdbb
SHA1

6c2cb1c1fba0fe7bb26a1d9862ef26b8d14702ad
SHA256

021b161b2582768dd7a83b66370d98f4e1ffd17adbafbb27b1cddfbeb5f93331
SHA512

df4b4d3e09a36e408bb8109ecffe08c40648dbe1272d9fb16bd0b5d9ffa6d3476c3bf3cbcc7a76313b225860c3e33ac957b6b53fe984e7e78d4d13af8f6f8442
SSDEEP

3072:uwcKI3PxCuwGuf2ufdZt5Guf2ufdZdaIx55PDXIs94LohYkQr0jeLwJr95rJorNv:1I/xoIs94AYQqLwhHrWGOP+5VT0

Score

1^/10

Malware Config

Signatures

Files

4d1a7b4b0c74e513c475f551fc19fdbb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4bf9cb9813207cfa1456014ad6bfc691

Code Sign

2a:29:7b:e3:e5:4f:d3:98:41:d6:81:ae:99:cb:7a:f0
Certificate

Issuer

CN=NQKGVEOGCWTGEJEQWX

Not Before

12/09/2020, 17:38

Not After

31/12/2039, 23:59

Subject

CN=NQKGVEOGCWTGEJEQWX

Extended Key Usages

ExtKeyUsageCodeSigning

f0:47:1a:b8:14:12:b4:c7:f3:7a:ed:02:d2:7e:39:73:ff:30:bb:7f
Signer

Actual PE Digest

f0:47:1a:b8:14:12:b4:c7:f3:7a:ed:02:d2:7e:39:73:ff:30:bb:7f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetLastError
VirtualAlloc
SetErrorMode
GetModuleHandleA
LockResource
LoadResource
FindResourceW
SetEvent
WaitForSingleObject
CreateEventW
FormatMessageW
GetSystemTime
GetFileType
GetConsoleMode
ReadConsoleW
AllocConsole
FreeConsole
WriteConsoleW
GetCurrentProcessId
LocalFree
CancelIo
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
ResetEvent
WaitForMultipleObjects
ExpandEnvironmentStringsW
GetCommandLineW
GetModuleFileNameW
SearchPathW
GetSystemTimeAsFileTime
QueryPerformanceCounter
FileTimeToSystemTime
QueryPerformanceFrequency
Sleep
SetEndOfFile
SetFilePointer
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
CompareStringW
LCMapStringW
GetComputerNameW
FreeLibrary
GetSystemDirectoryA
FindClose
FindFirstFileW
FindNextFileW
OutputDebugStringW
GetVersionExW
GetSystemDirectoryW
CreateProcessW
SetHandleInformation
FlushFileBuffers
GetHandleInformation
GetLocaleInfoW
GetUserDefaultLCID
LocalAlloc
SizeofResource
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
GetTimeZoneInformation
GetExitCodeProcess
ResumeThread
CreateThread
TerminateThread
GetCurrentThread
GetThreadTimes
ExitProcess
RtlUnwind
RaiseException
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetModuleFileNameA
InterlockedExchange
SetHandleCount
FatalAppExitA
InterlockedIncrement
InterlockedDecrement
SetConsoleCtrlHandler
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetTickCount
LCMapStringA
GetConsoleCP
CreateFileA
SetEnvironmentVariableA
SetEnvironmentVariableW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
CompareStringA
MapViewOfFile
CreateFileMappingW
OpenProcess
GetCurrentProcess
DuplicateHandle
UnmapViewOfFile
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
GetFileInformationByHandle
CloseHandle
ReadFile
WriteFile
GlobalAlloc
GlobalFree
LoadLibraryW
GetCurrentThreadId
SetLastError
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetModuleHandleW
GlobalLock
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
GetStdHandle
GetSystemInfo
SetStdHandle
InterlockedCompareExchange
WaitForSingleObjectEx
CreateEventA
InterlockedExchangeAdd
PostQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
OpenEventA
SetWaitableTimer
SleepEx
CreateWaitableTimerW
DeviceIoControl
WTSGetActiveConsoleSessionId
GetSystemTimes
GetProcessTimes
FlushInstructionCache
GetProcessId
LoadLibraryExA
GetProcessShutdownParameters
SetProcessShutdownParameters
DecodePointer
ReleaseSemaphore
CreateSemaphoreA
FileTimeToLocalFileTime
SetThreadAffinityMask
SetThreadPriority
GetUserGeoID
GetGeoInfoW
VerSetConditionMask
VerifyVersionInfoW
ProcessIdToSessionId
RegisterWaitForSingleObject
UnregisterWaitEx
LoadLibraryExW
SetDllDirectoryW
HeapSetInformation
CreateIoCompletionPort
QueueUserAPC
GetQueuedCompletionStatus
SetFilePointerEx
ReleaseMutex
CreateMutexW
OpenMutexW
GetFileSize
GetLocalTime
SystemTimeToFileTime
GetPrivateProfileStringW
GetTempPathW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalMemoryStatusEx
SetFileAttributesW
lstrcmpiW
SetThreadExecutionState
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
FormatMessageA
GetFullPathNameW
SetFileTime
CopyFileW
AreFileApisANSI
WaitForMultipleObjectsEx
GetLogicalProcessorInformation
CreateWaitableTimerA
ExitThread
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
UnregisterWait
GetStartupInfoW
CreateSemaphoreW
EnumSystemLocalesW
GetModuleHandleExW
FreeLibraryAndExitThread
VirtualProtect
InterlockedFlushSList
QueryDepthSList
GetPrivateProfileIntW
GetPrivateProfileSectionW
WritePrivateProfileStringW
CreateFileMappingA
OpenFileMappingA
MapViewOfFileEx
OpenEventW
GetExitCodeThread
GetTempFileNameW
FindFirstFileExW
GetDriveTypeW
PeekNamedPipe
LocalFileTimeToFileTime

user32

GetDesktopWindow
WindowFromPoint
FindWindowW
MonitorFromRect
GetWindowLongW
SetWindowPos
SendMessageW
InvalidateRect
UpdateWindow
WaitForInputIdle
UnregisterClassA
LoadStringW
PostMessageW
RegisterWindowMessageW
DefWindowProcW
SetWindowLongW
CallWindowProcW
GetAncestor
GetWindow
GetWindowInfo
GetShellWindow
IsWindow
IsWindowVisible
IsDialogMessageW
GetWindowRect
KillTimer
SetTimer
GetCursorPos
PtInRect
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
GetClientRect
GetParent
AllowSetForegroundWindow
EnumDisplaySettingsW
GetMonitorInfoW
MonitorFromPoint
GetActiveWindow
GetWindowThreadProcessId
MessageBoxW
ExitWindowsEx
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
FindWindowExW
SendMessageTimeoutW
GetWindowTextW
GetDC
ReleaseDC
CopyRect
SetCursor
OffsetRect
keybd_event
GetKeyboardState
ShowWindow
SetFocus
AttachThreadInput
SetForegroundWindow
SetActiveWindow
GetWindowPlacement
SetRect
EnableWindow
IsWindowEnabled
UpdateLayeredWindow
ClientToScreen
GetMessagePos
ScreenToClient
GetClassLongW
SetClassLongW
DrawTextW
SetRectEmpty
SetWindowTextW
PostQuitMessage
DestroyIcon
GetSystemMetrics
LoadImageW
SwitchToThisWindow
OpenInputDesktop
CloseDesktop
MapWindowPoints
MonitorFromWindow
SystemParametersInfoW
GetForegroundWindow

gdi32

GetEnhMetaFileW

advapi32

GetUserNameA
RegQueryValueExW
OpenEventLogW
RegEnumKeyExA
ImpersonateLoggedOnUser
RevertToSelf
StartServiceW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCreateKeyA
RegCreateKeyExW
RegSetValueExW
ConvertStringSidToSidW
DuplicateTokenEx
RegEnumKeyExW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
EqualSid
AllocateAndInitializeSid
RegOpenKeyExW
CheckTokenMembership
CreateWellKnownSid
DuplicateToken
GetTokenInformation
OpenProcessToken
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
RegOpenKeyW
RegQueryValueExA
ReadEventLogW
CloseEventLog
LookupAccountSidW
RegNotifyChangeKeyValue
ConvertSidToStringSidW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegOpenKeyExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.te2xt
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata2
Size: 1024B - Virtual size: 555B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bf9cb9813207cfa1456014ad6bfc691

Code Sign

2a:29:7b:e3:e5:4f:d3:98:41:d6:81:ae:99:cb:7a:f0Certificate

Extended Key Usages

f0:47:1a:b8:14:12:b4:c7:f3:7a:ed:02:d2:7e:39:73:ff:30:bb:7fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 4KB - Virtual size: 3KB

.te2xt Size: 512B - Virtual size: 300B

.rdata Size: 3.9MB - Virtual size: 3.9MB

.rdata2 Size: 1024B - Virtual size: 555B

.data Size: 11KB - Virtual size: 11KB

.rsrc Size: 150KB - Virtual size: 150KB

2a:29:7b:e3:e5:4f:d3:98:41:d6:81:ae:99:cb:7a:f0
Certificate

f0:47:1a:b8:14:12:b4:c7:f3:7a:ed:02:d2:7e:39:73:ff:30:bb:7f
Signer

.text
Size: 4KB - Virtual size: 3KB

.te2xt
Size: 512B - Virtual size: 300B

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.rdata2
Size: 1024B - Virtual size: 555B

.data
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 150KB - Virtual size: 150KB