7f5afc0231448af6823890cf4d888fe3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7f5afc0231448af6823890cf4d888fe3_JaffaCakes118
Size

412KB
MD5

7f5afc0231448af6823890cf4d888fe3
SHA1

dd60452c203a622ac59081184673af6ea15acad7
SHA256

7abe9d27478bf0673d8a178988e74250300e8945d92693c965d05e302c863fed
SHA512

ab71456cb282ebdf9253b79893fe40df786c1b9ec284ede42765b4ba71646d4fa3b1af00d88fa72904c2979c3a2347416b2bb5ff394817c861e23edd69f1fe86
SSDEEP

6144:7qZMR2KUU347B3argy7miAca8ZxYSYlDiGnznE6oUsEc:7NVUU347Hy7mitaExYDxfjE6dsH

Score

1^/10

Malware Config

Signatures

Files

7f5afc0231448af6823890cf4d888fe3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a3ce141cb1093521cb94da7216444ee8

Code Sign

3f:70:52:24:86:1c:36:85:e3:09:db:5c:d1:d7:df:4c
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

31-01-2020 00:00

Not After

30-01-2021 23:59

Subject

CN=NBZ LTD.,O=NBZ LTD.,POSTALCODE=197342,STREET=d. 17 korp. 2 litera A ofis 606-2\, ul. Beloostrovskaya,L=Saint-Petersburg,ST=Saint-Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:70:52:24:86:1c:36:85:e3:09:db:5c:d1:d7:df:4c
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

31-01-2020 00:00

Not After

30-01-2021 23:59

Subject

CN=NBZ LTD.,O=NBZ LTD.,POSTALCODE=197342,STREET=d. 17 korp. 2 litera A ofis 606-2\, ul. Beloostrovskaya,L=Saint-Petersburg,ST=Saint-Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:b3:e0:d9:52:e4:ad:17:6f:c1:13:a0:32:28:06:8c:78:f9:ce:95:a1:9d:db:ab:71:09:9e:36:d3:35:84:9f
Signer

Actual PE Digest

2d:b3:e0:d9:52:e4:ad:17:6f:c1:13:a0:32:28:06:8c:78:f9:ce:95:a1:9d:db:ab:71:09:9e:36:d3:35:84:9f

Digest Algorithm

sha256

PE Digest Matches

true

3e:ea:b0:cb:68:ca:39:4a:60:79:ba:49:4a:9e:c9:7a:ed:69:d7:5f
Signer

Actual PE Digest

3e:ea:b0:cb:68:ca:39:4a:60:79:ba:49:4a:9e:c9:7a:ed:69:d7:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
FreeLibrary
OpenProcess
Module32FirstW
GetTempFileNameW
GetTempPathW
GetFileSizeEx
ReadFile
GetLocalTime
GetCommandLineW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
SetFileAttributesW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
CreateMutexW
ReleaseMutex
CreateThread
MoveFileW
GetFileAttributesExW
WaitForMultipleObjects
GetExitCodeProcess
SetEnvironmentVariableW
OutputDebugStringW
GetSystemDirectoryW
LCMapStringW
CompareStringW
LoadLibraryExW
QueryPerformanceCounter
WriteConsoleW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetStringTypeW
SetLastError
GetModuleHandleExW
ExitProcess
RtlUnwind
SetFilePointerEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
GetVolumeInformationW
GetLocaleInfoA
GetNativeSystemInfo
GetProcAddress
SetEndOfFile
SetFilePointer
WriteFile
CreateFileW
InitializeCriticalSection
GetSystemInfo
LocalFree
LocalAlloc
GlobalMemoryStatusEx
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
GetModuleHandleW
Sleep
CloseHandle
FlushFileBuffers
WaitForSingleObject
GetCurrentProcess
DeleteFileW
CreateDirectoryW
GetDiskFreeSpaceExW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
DecodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException

user32

FlashWindow
SetClassLongW
GetFocus
KillTimer
SetTimer
PostQuitMessage
GetDC
ReleaseDC
MapDialogRect
UnregisterClassW
SetScrollPos
SendMessageW
PostMessageW
GetSysColor
CharLowerA
CharLowerW
DestroyIcon
LoadImageW
SetForegroundWindow
MessageBoxW
FindWindowW
LoadIconW
GetCursorPos
SetCursorPos
GetSysColorBrush
LockWindowUpdate
ShowScrollBar
SetScrollInfo
FillRect
GetSystemMetrics
GetWindowRect
MonitorFromPoint
MoveWindow
ClientToScreen
EnumChildWindows
DispatchMessageW
TranslateMessage
CharUpperW
UpdateWindow
DefWindowProcW
SetWindowTextW
SetWindowPos
MapWindowPoints
RedrawWindow
GetDlgItem
ShowWindow
GetParent
TrackMouseEvent
GetWindowTextLengthW
GetWindowTextW
GetClientRect
GetDlgCtrlID
DrawTextW
SetFocus
GetWindowLongW
IsWindowEnabled
BeginPaint
FrameRect
EndPaint
LoadCursorW
DestroyCursor
SetCursor
ShowCursor
DrawIconEx
RegisterClassExW
GetDesktopWindow
CreateWindowExW
SetWindowLongW
IsDialogMessageW
GetMessageW
EnableWindow
DestroyWindow

gdi32

GetBkColor
DeleteDC
SetTextColor
SetBkColor
SetDCBrushColor
DeleteObject
CreateFontIndirectW
GetTextColor
SelectObject
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreatePen
SetStretchBltMode
StretchBlt
CreateSolidBrush
GetStockObject
GetDIBits
SetDIBits
AddFontMemResourceEx
GetDeviceCaps
RemoveFontMemResourceEx

advapi32

RegOpenKeyExW
RegQueryValueExW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
ShellExecuteW

ole32

CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoInitializeEx

wintrust

WinVerifyTrust

crypt32

CryptBinaryToStringA

psapi

GetDeviceDriverBaseNameW
EnumDeviceDrivers

shlwapi

StrFormatByteSizeW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord412
InitCommonControlsEx
ord410
ord413

powrprof

CallNtPowerInformation

gdiplus

GdipAlloc
GdipDrawImageRectRectI
GdipGetImageWidth
GdipGetImageHeight
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipFree
GdipCloneImage
GdiplusStartup
GdipDisposeImage
GdipLoadImageFromStream

wininet

InternetCrackUrlW
InternetReadFile
HttpQueryInfoA
HttpQueryInfoW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCloseHandle
HttpSendRequestW

winmm

timeKillEvent
timeSetEvent

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3ce141cb1093521cb94da7216444ee8

Code Sign

3f:70:52:24:86:1c:36:85:e3:09:db:5c:d1:d7:df:4cCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

3f:70:52:24:86:1c:36:85:e3:09:db:5c:d1:d7:df:4cCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

2d:b3:e0:d9:52:e4:ad:17:6f:c1:13:a0:32:28:06:8c:78:f9:ce:95:a1:9d:db:ab:71:09:9e:36:d3:35:84:9fSigner

3e:ea:b0:cb:68:ca:39:4a:60:79:ba:49:4a:9e:c9:7a:ed:69:d7:5fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

wintrust

crypt32

psapi

shlwapi

version

comctl32

powrprof

gdiplus

wininet

winmm

Sections

.text Size: 228KB - Virtual size: 228KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 7KB - Virtual size: 19KB

.rsrc Size: 79KB - Virtual size: 79KB

.reloc Size: 14KB - Virtual size: 13KB

3f:70:52:24:86:1c:36:85:e3:09:db:5c:d1:d7:df:4c
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

3f:70:52:24:86:1c:36:85:e3:09:db:5c:d1:d7:df:4c
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

2d:b3:e0:d9:52:e4:ad:17:6f:c1:13:a0:32:28:06:8c:78:f9:ce:95:a1:9d:db:ab:71:09:9e:36:d3:35:84:9f
Signer

3e:ea:b0:cb:68:ca:39:4a:60:79:ba:49:4a:9e:c9:7a:ed:69:d7:5f
Signer

.text
Size: 228KB - Virtual size: 228KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 79KB - Virtual size: 79KB

.reloc
Size: 14KB - Virtual size: 13KB