General

Malware Config

Signatures

Files

• 6312e50af74e027602835fbfbd0f36f1_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  f2435e2a76bd200b5b66fab72c7e1b98

  
  

  Code Sign

  62:1e:92:61:61:f7:d6:a1:46:f8:f2:37:6f:cb:f1:1f

  Certificate

  Issuer

  CN=WBDEVWJTKIIYVHPJIS

  Not Before

  02-05-2019 20:03

  Not After

  31-12-2039 23:59

  Subject

  CN=WBDEVWJTKIIYVHPJIS

  Extended Key Usages

  ExtKeyUsageCodeSigning

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  c7:f2:b2:23:6c:81:73:43:68:2b:4b:74:51:46:75:82:b1:15:17:b7:c6:2e:12:2f:14:be:5b:17:3d:d8:e7:02

  Signer

  Actual PE Digest

  c7:f2:b2:23:6c:81:73:43:68:2b:4b:74:51:46:75:82:b1:15:17:b7:c6:2e:12:2f:14:be:5b:17:3d:d8:e7:02

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetModuleHandleW

  LoadLibraryA

  GetProcAddress

  GetACP

  Sleep

  VirtualFree

  VirtualAlloc

  GetSystemInfo

  GetVersion

  GetCurrentThreadId

  VirtualQuery

  WideCharToMultiByte

  MultiByteToWideChar

  lstrlenW

  lstrcpynW

  LoadLibraryExW

  GetThreadLocale

  GetStartupInfoA

  GetModuleFileNameW

  GetLocaleInfoW

  GetLastError

  GetCommandLineW

  FreeLibrary

  FindFirstFileW

  FindClose

  ExitProcess

  CreateThread

  WriteFile

  UnhandledExceptionFilter

  SetFilePointer

  SetEndOfFile

  RtlUnwind

  ReadFile

  RaiseException

  GetStdHandle

  GetFileSize

  GetFileType

  CreateFileW

  CloseHandle

  TlsSetValue

  TlsGetValue

  LocalAlloc

  lstrcmpA

  WaitForSingleObject

  VirtualQueryEx

  VirtualProtect

  UnmapViewOfFile

  TerminateThread

  TerminateProcess

  SystemTimeToFileTime

  SuspendThread

  SizeofResource

  SignalObjectAndWait

  SetUnhandledExceptionFilter

  SetThreadPriority

  SetLastError

  SetFileAttributesA

  SetFileAttributesW

  SetEvent

  ResumeThread

  ResetEvent

  RemoveDirectoryA

  ReleaseMutex

  ReadProcessMemory

  QueryPerformanceFrequency

  QueryPerformanceCounter

  OpenProcess

  OpenFileMappingA

  OpenFileMappingW

  MapViewOfFile

  LockResource

  LocalSize

  LocalFree

  LoadResource

  LoadLibraryExA

  LoadLibraryW

  LeaveCriticalSection

  IsValidLocale

  IsBadReadPtr

  InitializeCriticalSection

  GlobalUnlock

  GlobalReAlloc

  GlobalMemoryStatus

  GlobalHandle

  GlobalLock

  GlobalFree

  GlobalAlloc

  GetWindowsDirectoryA

  GetVersionExA

  GetVersionExW

  GetTickCount

  GetThreadPriority

  GetThreadContext

  GetTempPathA

  GetSystemTime

  GetSystemDirectoryW

  GetSystemDefaultLangID

  GetPriorityClass

  GetModuleHandleA

  GetModuleFileNameA

  GetLocaleInfoA

  GetLocalTime

  GetFullPathNameW

  GetFileTime

  GetFileAttributesA

  GetFileAttributesW

  GetDiskFreeSpaceA

  GetDiskFreeSpaceW

  GetDateFormatW

  GetCurrentThread

  GetCurrentProcessId

  GetCurrentProcess

  GetComputerNameA

  GetCommandLineA

  GetCPInfo

  FreeResource

  InterlockedIncrement

  InterlockedExchange

  InterlockedDecrement

  InterlockedCompareExchange

  FormatMessageA

  FormatMessageW

  FindResourceA

  FindResourceW

  FindNextFileA

  FindFirstFileA

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  FileTimeToDosDateTime

  ExpandEnvironmentStringsA

  ExitThread

  EnumCalendarInfoW

  EnterCriticalSection

  DuplicateHandle

  DeleteFileA

  DeleteFileW

  DeleteCriticalSection

  CreateRemoteThread

  CreateProcessA

  CreateProcessW

  CreatePipe

  CreateMutexA

  CreateMutexW

  CreateFileMappingA

  CreateFileMappingW

  CreateFileA

  CreateEventW

  CreateDirectoryA

  CreateDirectoryW

  CopyFileA

  CompareStringW

  Beep

  user32

  GetProcessWindowStation

  GetQueueStatus

  LoadCursorFromFileW

  PaintDesktop

  CharUpperA

  IsWindow

  GetSysColorBrush

  IsClipboardFormatAvailable

  AnyPopup

  CloseWindowStation

  GetDesktopWindow

  GetClipboardOwner

  GetThreadDesktop

  GetCaretBlinkTime

  DestroyWindow

  GetKeyState

  IsIconic

  GetTopWindow

  GetSysColor

  GetListBoxInfo

  CharNextW

  IsWindowVisible

  CharToOemBuffA

  CharNextExA

  gdi32

  DeleteObject

  UpdateColors

  GetLayout

  CreateMetaFileW

  DeleteEnhMetaFile

  GetTextAlign

  GetDCPenColor

  CloseMetaFile

  CreateMetaFileA

  FillPath

  RealizePalette

  EndDoc

  SwapBuffers

  GetFontLanguageInfo

  GetSystemPaletteUse

  advapi32

  RegOpenKeyA

  RegQueryValueExA

  msvcrt

  _except_handler3

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  _acmdln

  exit

  _XcptFilter

  _exit

  _onexit

  __dllonexit

  _controlfp

  Sections

  .text

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 20KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 72KB - Virtual size: 71KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 36KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ