7028f7db0794e5828c35378df491d1bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7028f7db0794e5828c35378df491d1bc_JaffaCakes118
Size

765KB
MD5

7028f7db0794e5828c35378df491d1bc
SHA1

99d1c2e675397fce8c3fa0cda362c6cf9761fe58
SHA256

8655fb0ba3e61b2285ec50145cb5f863c6af92482a6c939d63d62b9b1112c921
SHA512

e171cfba22a60cd60fa306e2713b151551d432c2f8232850e4547a3787b186b06394d84d061f57c860043123515608cad0f54ae684b82de02d28d3275bf75adb
SSDEEP

12288:JiQ1YJyv/Kd2DhqYGvgt5cJenPuRTpeh/I0FcLJT9ekZPNm2nxUuY:JiMi2DhV5Zun8ctT9eaPfxUuY

Score

1^/10

Malware Config

Signatures

Files

7028f7db0794e5828c35378df491d1bc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d0c0e58abef6097f6dfa053b32e4dda8

Code Sign

9a:d4:72:93:7c:ad:ad:51:38:dc:33:26:36:10:14:8a
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/08/2019, 00:00

Not After

22/08/2020, 23:59

Subject

CN=Cyber Etechnologies Limited,OU=IT,O=Cyber Etechnologies Limited,POSTALCODE=3,STREET=Ferguson Room\, Centre Block Docklands\, 128-130 East Wall Road,L=Dublin,ST=Dublin,C=IE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01/02/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:58:3f:48:4b:4b:3d:1d:23:60:72:e4:a2:16:b0:d5:53:c6:7d:d0
Signer

Actual PE Digest

89:58:3f:48:4b:4b:3d:1d:23:60:72:e4:a2:16:b0:d5:53:c6:7d:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

FreeContextBuffer
QuerySecurityPackageInfoW
AcquireCredentialsHandleW
FreeCredentialsHandle
InitializeSecurityContextW
GetUserNameExW
GetUserNameExA
CompleteAuthToken

winscard

SCardEstablishContext
SCardReleaseContext
SCardGetStatusChangeW
SCardListReadersW

ws2_32

send
WSAStartup
__WSAFDIsSet
WSAIoctl
closesocket
select
getaddrinfo
WSACleanup
socket
connect
htons
freeaddrinfo
setsockopt
inet_addr
recv
ioctlsocket
WSAGetLastError

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

dbghelp

MiniDumpWriteDump

wtsapi32

WTSEnumerateSessionsW

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoUninitialize

kernel32

EnumSystemLocalesA
MultiByteToWideChar
Sleep
GetConsoleMode
GetTimeZoneInformation
CompareStringA
GetLastError
OpenMutexA
FatalAppExitA
CreateFileA
GetUserDefaultLCID
SetEvent
GetCurrentThread
TerminateThread
lstrcatW
TlsAlloc
LockResource
GlobalAlloc
CloseHandle
RaiseException
ResetEvent
LoadResource
HeapAlloc
FileTimeToLocalFileTime
QueueUserAPC
GetOverlappedResult
SearchPathA
HeapDestroy
LocalSize
GetProcAddress
GlobalLock
GetTimeFormatW
GetStartupInfoA
IsProcessorFeaturePresent
DeleteCriticalSection
ExitProcess
lstrcpynA
GetCurrentProcessId
UnhandledExceptionFilter
SystemTimeToFileTime
GetModuleHandleW
WideCharToMultiByte
lstrcpyW
TlsGetValue
ConvertFiberToThread
GetSystemTime
GlobalMemoryStatus
FormatMessageA
CreateFileMappingW
CreateEventA
MapViewOfFile
GetStringTypeW
GetTickCount
GetEnvironmentStringsW
lstrcmpW
GetStringTypeA
IsDebuggerPresent
HeapSize
WriteFile
WaitForSingleObject
GetCurrentThreadId
GetSystemDirectoryW
OpenProcess
LoadLibraryW
CreateThread
FreeLibrary
WaitNamedPipeW
GetExitCodeProcess
GetVersionExW
LocalFree
lstrcmpiW
SizeofResource
FindResourceW
LoadLibraryExW
SetHandleInformation
GetCommandLineW
ExpandEnvironmentStringsW
CreatePipe
PeekNamedPipe
GetEnvironmentVariableA
GetTimeFormatA
FreeResource
GetDateFormatA
MoveFileExW
CreateEventW
lstrcmpA
LoadLibraryA
lstrcmpiA
InterlockedIncrement
GlobalUnlock
CreateDirectoryW
GetFileSizeEx
DeleteFileW
MoveFileW
GetDriveTypeW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetFileTime
ProcessIdToSessionId
SleepEx
GetFileTime
GetLogicalDrives
FindNextFileW
RemoveDirectoryW
SetFileAttributesW
OpenEventW
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenA
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileSize
SetUnhandledExceptionFilter
LocalAlloc
FileTimeToSystemTime
GetSystemInfo
GetComputerNameW
GetComputerNameA
GetModuleFileNameA
GetSystemTimeAsFileTime
SetThreadPriority
ResumeThread
DuplicateHandle
CreateSemaphoreW
GetACP
ExitThread
UnmapViewOfFile
CreateFileW
GetLocaleInfoW
FindClose
CreateMutexW
SetEndOfFile
WriteFileEx
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
GetUserDefaultUILanguage
GetProcessId
GetThreadLocale
GetConsoleCP
WaitForMultipleObjects
GetModuleFileNameW
TerminateProcess
InterlockedDecrement
VirtualAlloc
WriteConsoleA
GetStdHandle
lstrlenW
GetCurrentProcess
TlsSetValue
CompareStringW
EraseTape
FindFirstFileW
LocalLock
ReadFile
IsValidCodePage
CreateProcessW
GetVersion
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsFree
LCMapStringW
GetCPInfo
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
RtlUnwind
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
HeapReAlloc
HeapFree
FlushFileBuffers
IsValidLocale
EnumSystemLocalesW
SetFilePointerEx
ReadConsoleW
SetStdHandle
GetProcessHeap
FindFirstFileExA
FindNextFileA
GetOEMCP
GetCommandLineA
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetLastError
WriteConsoleW

user32

ReleaseDC
GetDC
IntersectRect
EnumWindows
IsWindowVisible
ExitWindowsEx
mouse_event
MessageBoxA
CreateWindowExW
GetMessageW
PostThreadMessageW
CreateDialogParamW
DefWindowProcW
CallWindowProcW
CheckMenuRadioItem
GetFocus
LoadCursorA
DestroyWindow
SetWindowPos
CheckRadioButton
HideCaret
PostMessageA
ScreenToClient
DialogBoxParamA
MsgWaitForMultipleObjects
RegisterClassExW
GetWindowPlacement
LoadAcceleratorsW
LoadStringW
GetSubMenu
ShowWindow
OffsetRect
TranslateAcceleratorA
DispatchMessageW
SetTimer
IsDialogMessageW
GetMenuCheckMarkDimensions
DrawTextA
SendMessageW
GetDlgCtrlID
GetThreadDesktop
CloseDesktop
ClientToScreen
CloseClipboard
CallWindowProcA
PostMessageW
PeekMessageW
GetWindowTextA
IsChild
SetDlgItemTextW
GetKeyboardLayout
AttachThreadInput
GetDlgItemTextW
SendDlgItemMessageW
GetForegroundWindow
GetDialogBaseUnits
SetMenu
RegisterClassA
WinHelpW
DefWindowProcA
DestroyMenu
CreateWindowExA
LoadCursorW
SetDlgItemTextA
SetCapture
wsprintfW
CreateDialogParamA
SetWindowLongW
TrackPopupMenuEx
IsZoomed
KillTimer
PostQuitMessage
SetWinEventHook
FindWindowA
InsertMenuItemA
RegisterClassExA
UpdateWindow
UnhookWinEvent
ReleaseCapture
SetForegroundWindow
IsIconic
BeginPaint
EndPaint
OpenClipboard
GetCursorInfo
ChangeClipboardChain
OpenInputDesktop
GetClipboardData
SetClipboardData
GetUserObjectInformationW
GetDesktopWindow
GetCursorPos
VkKeyScanExW
MapVirtualKeyW
GetAsyncKeyState
FindWindowW
OpenDesktopW
GetWindowLongW
GetWindowRect
EqualRect
SetClipboardViewer
GetClipboardOwner
EmptyClipboard
GetIconInfo
LoadKeyboardLayoutW
SendMessageTimeoutW
SystemParametersInfoW
keybd_event
GetSystemMetrics
SetThreadDesktop
SetWindowLongA
GetKeyboardState

gdi32

BitBlt
CreateDIBSection
CreateCompatibleDC
GdiFlush
RealizePalette
GetDIBits
GetSystemPaletteEntries
DeleteDC
SelectPalette
CreatePalette
CreateRectRgnIndirect
GetRegionData
CombineRgn
GetBitmapBits
GetObjectW
CreateCompatibleBitmap
SelectObject
StartPage
StretchBlt
StartDocA
EndDoc
CreateDCW
SetWindowExtEx
SetViewportExtEx
GetDeviceCaps
GetTextMetricsW
TextOutW
SetBkMode
SetBkColor
LPtoDP
DeleteObject
SetMapMode
GetObjectA
StartDocW

winspool.drv

GetPrinterDriverW

comdlg32

ChooseColorA
PageSetupDlgW
PrintDlgExW
GetSaveFileNameW
GetSaveFileNameA
ChooseFontW
FindTextW
GetOpenFileNameW

advapi32

InitiateSystemShutdownExW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceW
EnumServicesStatusExW
QueryServiceConfigW
OpenServiceW
AccessCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
ConvertSidToStringSidW
GetSidSubAuthority
IsValidSecurityDescriptor
FreeSid
InitializeAcl
DuplicateToken
GetLengthSid
GetTokenInformation
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
AddAccessAllowedAce
SetTokenInformation
OpenThreadToken
SetSecurityDescriptorGroup
SetServiceStatus
CreateProcessAsUserW
StartServiceCtrlDispatcherW
DuplicateTokenEx
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyA
RegOpenKeyA
QueryServiceStatus
OpenSCManagerA
DeleteService
ControlService
RegSetValueExA
OpenProcessToken
InitializeSecurityDescriptor
RegDeleteValueA
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExA
RegCreateKeyExA
OpenServiceA
RegDeleteKeyA
RegQueryValueExW

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathW
ShellAboutW
ShellExecuteW
DragQueryFileW

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Sections

.text
Size: 533KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0c0e58abef6097f6dfa053b32e4dda8

Code Sign

9a:d4:72:93:7c:ad:ad:51:38:dc:33:26:36:10:14:8aCertificate

Extended Key Usages

Key Usages

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2dCertificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

89:58:3f:48:4b:4b:3d:1d:23:60:72:e4:a2:16:b0:d5:53:c6:7d:d0Signer

Headers

DLL Characteristics

File Characteristics

Imports

secur32

winscard

ws2_32

userenv

dbghelp

wtsapi32

ole32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

oleaut32

Sections

.text Size: 533KB - Virtual size: 532KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 13KB - Virtual size: 36KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 72KB - Virtual size: 71KB

9a:d4:72:93:7c:ad:ad:51:38:dc:33:26:36:10:14:8a
Certificate

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

89:58:3f:48:4b:4b:3d:1d:23:60:72:e4:a2:16:b0:d5:53:c6:7d:d0
Signer

.text
Size: 533KB - Virtual size: 532KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 13KB - Virtual size: 36KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 72KB - Virtual size: 71KB