General

Malware Config

Signatures

Files

• 83dacee114620a9c7ca0c4b1a7d20e7c_JaffaCakes118

  .exe windows:1 windows x86 arch:x86

  46bc8fadc9354542964a11262484657c

  
  

  Code Sign

  53:90:15:99:9e:30:4a:59:52:98:5a:99:4f:9c:3a:53

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  04-09-2020 00:00

  Not After

  04-09-2021 23:59

  Subject

  CN=Service lab LLC,O=Service lab LLC,POSTALCODE=121099,STREET=Smolensk Square 3,L=Moscow,C=RU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  01-01-2004 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:25:66:72:bd:08:36:a7:3b:44:3c:08:29:3a:4f:00:67:cb:fe:e2

  Signer

  Actual PE Digest

  0d:25:66:72:bd:08:36:a7:3b:44:3c:08:29:3a:4f:00:67:cb:fe:e2

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  Sleep

  VirtualAlloc

  GetModuleHandleW

  GetLastError

  LoadLibraryExW

  HeapFree

  GetProcessHeap

  GetModuleHandleA

  LoadLibraryW

  GetProcAddress

  FreeLibrary

  OutputDebugStringW

  GetLocalTime

  WriteFile

  SetFilePointer

  ExpandEnvironmentStringsW

  GetEnvironmentVariableW

  HeapAlloc

  CreateFileW

  DeviceIoControl

  CreateThread

  WaitForSingleObject

  GetCurrentProcess

  CloseHandle

  ExitThread

  SetLastError

  user32

  LoadCursorA

  gdi32

  CreateSolidBrush

  CreateHalftonePalette

  CreateMetaFileW

  DeleteColorSpace

  DeleteEnhMetaFile

  CreatePatternBrush

  DeleteMetaFile

  CreateMetaFileA

  CreateCompatibleDC

  DeleteDC

  CloseMetaFile

  GetEnhMetaFileW

  advapi32

  RegOpenKeyW

  RegQueryValueExW

  Sections

  .text

  Size: 4.0MB - Virtual size: 4.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ