51f0e237978d8a8649ee1ac7f0a8108c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

51f0e237978d8a8649ee1ac7f0a8108c_JaffaCakes118
Size

918KB
MD5

51f0e237978d8a8649ee1ac7f0a8108c
SHA1

b61c903ea11cbe5930220b4f150ac388385ef1c3
SHA256

e366c18e2f2389d4e90386f01876174074019a021b6eacfceb187aaa53560078
SHA512

1f918b471cf53202c5cec4c36dfcdfab6313cd9c115e6c9d904e041e977a8853cee70e69f129e63361e7d41faee905fd22d701a2b92075d20590bc89c9d07368
SSDEEP

6144:W3bDksaZLLP8OvtzpfzzlPFAAfwG44X0m+Z1Af61g8nKB17M1hRJF:8vksaZLwOvTzRP6Af44ajACi8Kr7M1n

Score

1^/10

Malware Config

Signatures

Files

51f0e237978d8a8649ee1ac7f0a8108c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a847cd72b1f7bfaf97d49dd38246ae25

Code Sign

70:e1:eb:d1:70:db:81:02:d8:c2:8e:58:39:2e:56:32
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05-09-2020 00:00

Not After

05-09-2021 23:59

Subject

CN=Equal Cash Technologies Limited,OU=IT,O=Equal Cash Technologies Limited,POSTALCODE=S4R 8J6,STREET=1252 North Galloway Street,L=Regina,ST=Saskatchewan,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:58:03:42:58:bc:a4:ee:10:09:71:e2:94:7b:d5:18:d9:9a:f5:7e
Signer

Actual PE Digest

39:58:03:42:58:bc:a4:ee:10:09:71:e2:94:7b:d5:18:d9:9a:f5:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
GetTickCount
GetSystemTimeAsFileTime
GetConsoleTitleA
GetTempFileNameW
LZCopy
FindNextFileA
GetThreadLocale
InterlockedPushEntrySList
CreateActCtxA
GetTapeStatus
MapUserPhysicalPagesScatter
SetInformationJobObject
FindNextVolumeW

user32

GetAsyncKeyState
GetUpdateRgn
GetClipCursor
GetInputDesktop
DrawCaption
CloseClipboard
IsWindowVisible
CopyAcceleratorTableA
DdeCmpStringHandles
GetKeyboardState
DdeDisconnectList
RegisterClipboardFormatA
SetWindowsHookA
ReplyMessage
GetAltTabInfoA
GetAltTabInfoW
DrawStateW
GetWindowPlacement
GetKeyboardLayout
CreateDialogIndirectParamA
MessageBoxW
GetKeyboardType
WINNLSEnableIME
CsrBroadcastSystemMessageExW
GetKeyState
OemToCharBuffW
MsgWaitForMultipleObjects
PackDDElParam
LoadMenuIndirectW
BroadcastSystemMessage
GetMouseMovePointsEx
DrawTextExA
ValidateRgn

shell32

StrChrIA
SHCreateFileExtractIconW
StrStrA
SHGetSetSettings
SHGetDesktopFolder
SHGetNewLinkInfo
ILAppendID
PifMgr_SetProperties
SHFreeNameMappings
ILIsEqual
StrNCmpIA
DAD_AutoScroll
IsLFNDriveA
SHCreateQueryCancelAutoPlayMoniker
DAD_SetDragImage
ExtractAssociatedIconExW
PathYetAnotherMakeUniqueName
SHOpenFolderAndSelectItems
ShellExecuteEx
Control_RunDLLA
SHGetDiskFreeSpaceA
SHGetFolderPathA
RealShellExecuteA
IsNetDrive
SHFileOperationA
SHGetIconOverlayIndexA
SHChangeNotification_Unlock
StrRChrW
SHPropStgCreate

comctl32

UninitializeFlatSB
FlatSB_GetScrollProp
DestroyPropertySheetPage
SetWindowSubclass
ImageList_SetIconSize
ImageList_SetFilter
ImageList_DrawEx
ImageList_Replace
CreatePropertySheetPageW
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_GetImageCount
DPA_Sort
CreateStatusWindowW
ImageList_Draw
CreateUpDownControl
CreateStatusWindowA
CreateToolbarEx
FlatSB_GetScrollPos
DSA_Destroy
GetEffectiveClientRect
FlatSB_SetScrollRange
DrawStatusTextW
ImageList_GetImageRect
FlatSB_SetScrollInfo
AddMRUStringW

oleaut32

VarMod
VarAnd
VarSub
VARIANT_UserSize
VarBoolFromI1
VarOr
VarBoolFromI2
VarI8FromI1
GetActiveObject
DllGetClassObject
VarI2FromI1
OaBuildVersion
VarR4CmpR8
BSTR_UserFree
DllRegisterServer
VariantCopyInd
VarI1FromCy
VarR8FromDec
GetAltMonthNames
VarCyNeg
VarDateFromUI1
VarDecFromI2
LHashValOfNameSysA
OleCreateFontIndirect
SysFreeString
VarDecFromR4
VarBstrFromUI4
VarCyFromStr
BstrFromVector

winspool.drv

DocumentPropertiesA
QueryColorProfile
ConnectToPrinterDlg
AddPrinterDriverW
DeletePrinterDataA
FlushPrinter
PrinterMessageBoxA
EnumJobsW
EnumFormsA
DeleteMonitorA
AddFormW
EnumMonitorsA
EnumPrinterKeyW
GetPrinterW
AbortPrinter
PerfOpen
PerfClose
GetPrinterDriverDirectoryA
DeletePrinterIC
EnumPrintersW
GetPrintProcessorDirectoryA
AdvancedDocumentPropertiesA
GetPrinterDriverDirectoryW
SpoolerPrinterEvent
AddMonitorW
EnumPrinterDataExA
AddPrinterW
EnumPrintProcessorDatatypesW
OpenPrinterW

advapi32

WmiReceiveNotificationsA
FileEncryptionStatusW
UpdateTraceA
FindFirstFreeAce
InitiateSystemShutdownW
UnregisterIdleTask
SaferiIsExecutableFileType
RegQueryMultipleValuesA
SystemFunction003
RegisterEventSourceW
RegSaveKeyExW
GetTrusteeFormW
SaferGetLevelInformation
InitializeSecurityDescriptor
ConvertSecurityDescriptorToAccessW
RegQueryValueExW
RegDisablePredefinedCacheEx
CredReadA
RegNotifyChangeKeyValue
WmiExecuteMethodA
CryptImportKey
ClearEventLogA
LookupSecurityDescriptorPartsW
ConvertSecurityDescriptorToAccessNamedA
CredEnumerateA
SystemFunction028
ElfBackupEventLogFileW
DeregisterEventSource
LsaSetQuotasForAccount
ConvertAccessToSecurityDescriptorA
CryptSetProviderExA
ConvertSecurityDescriptorToStringSecurityDescriptorA
BuildTrusteeWithObjectsAndSidW
RegQueryValueExA
ObjectOpenAuditAlarmA
GetWindowsAccountDomainSid
SetEntriesInAccessListW
EnumServicesStatusExW
SystemFunction032
AllocateAndInitializeSid
CredGetTargetInfoW
LsaSetSystemAccessAccount

winmm

mmioFlush
waveInGetDevCapsA
mciLoadCommandResource
mci32Message
waveOutPause
midiOutLongMsg
mixerMessage
midiInStop
waveOutBreakLoop
mmioInstallIOProcW
DefDriverProc
mmioCreateChunk
mixerGetDevCapsA
auxOutMessage
waveOutGetPitch
mixerOpen
waveInGetID
joySetCapture
wod32Message
midiStreamProperty
waveOutOpen
waveOutGetErrorTextW
midiOutMessage
midiStreamPosition
midiOutSetVolume
joyGetThreshold
mciGetDriverData
waveInReset
midiOutCacheDrumPatches
waveInGetNumDevs
mixerGetControlDetailsW
PlaySound
midiStreamClose
sndPlaySoundA
mixerGetNumDevs

imagehlp

SymGetLineFromName
SymUnloadModule64
SymGetModuleInfo64
SymEnumerateModules
ImageRvaToVa
UnDecorateSymbolName
SymLoadModule
ImageLoad
EnumerateLoadedModules64
TouchFileTimes
FindFileInSearchPath
SearchTreeForFile
SymSetOptions
SymGetSymFromName
FindDebugInfoFile
ImageNtHeader
ImageRvaToSection
ImagehlpApiVersionEx
MapAndLoad
SymMatchFileName
ImagehlpApiVersion
SymGetLinePrev64
ReBaseImage
GetImageConfigInformation
GetTimestampForLoadedLibrary
StackWalk
SymGetModuleInfo

Sections

.text
Size: 808KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a847cd72b1f7bfaf97d49dd38246ae25

Code Sign

70:e1:eb:d1:70:db:81:02:d8:c2:8e:58:39:2e:56:32Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

01Certificate

Key Usages

39:58:03:42:58:bc:a4:ee:10:09:71:e2:94:7b:d5:18:d9:9a:f5:7eSigner

Headers

File Characteristics

Imports

kernel32

user32

shell32

comctl32

oleaut32

winspool.drv

advapi32

winmm

imagehlp

Sections

.text Size: 808KB - Virtual size: 808KB

.rdata Size: 512B - Virtual size: 4KB

.data Size: 93KB - Virtual size: 93KB

.rdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 484B

70:e1:eb:d1:70:db:81:02:d8:c2:8e:58:39:2e:56:32
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

01
Certificate

39:58:03:42:58:bc:a4:ee:10:09:71:e2:94:7b:d5:18:d9:9a:f5:7e
Signer

.text
Size: 808KB - Virtual size: 808KB

.rdata
Size: 512B - Virtual size: 4KB

.data
Size: 93KB - Virtual size: 93KB

.rdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 484B