General

Malware Config

Signatures

Files

• 856c9d9c2b9242cdf2628fff86c2ca36_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  199be9bc3a6f2091caba2ff07319dba5

  
  

  Code Sign

  80:3d:de:c4:d8:7b:ad:33:05:80:37:e6:5f:c3:8d:9c

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  28-05-2020 00:00

  Not After

  28-05-2021 23:59

  Subject

  CN=OOO Kineskop,O=OOO Kineskop,POSTALCODE=141981,STREET=Shkolnaya 10a\, of. 15,L=Dubna,ST=Moscowskaya Obl,C=RU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  01-08-2030 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  be:30:e8:c1:47:59:aa:d3:ca:6a:57:d7:2a:58:66:64:d2:a8:91:cd

  Signer

  Actual PE Digest

  be:30:e8:c1:47:59:aa:d3:ca:6a:57:d7:2a:58:66:64:d2:a8:91:cd

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetCurrentThreadId

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  GetUserDefaultLCID

  Process32First

  GetACP

  SetCommState

  FindAtomA

  RequestDeviceWakeup

  CancelWaitableTimer

  GetSystemTimeAsFileTime

  GetSystemDirectoryW

  DuplicateHandle

  CallNamedPipeW

  QueueUserWorkItem

  EndUpdateResourceA

  IsBadReadPtr

  BuildCommDCBW

  ReleaseSemaphore

  WriteFile

  Module32FirstW

  CreateMailslotA

  UpdateResourceW

  GetProcessAffinityMask

  GetCurrentDirectoryA

  HeapAlloc

  SetStdHandle

  GetDateFormatW

  OpenJobObjectA

  EnumResourceLanguagesW

  RequestWakeupLatency

  SetDefaultCommConfigW

  SetConsoleOutputCP

  GetConsoleCP

  TerminateJobObject

  GetFileInformationByHandle

  VerLanguageNameW

  CommConfigDialogA

  GetStartupInfoA

  VirtualUnlock

  GetShortPathNameA

  Heap32Next

  DeleteTimerQueueEx

  PeekConsoleInputW

  SetCalendarInfoW

  FlushFileBuffers

  GetEnvironmentStrings

  GetSystemInfo

  GetCurrentProcess

  lstrcpyW

  ExpandEnvironmentStringsW

  LocalReAlloc

  lstrlenW

  FindNextFileW

  CompareStringW

  FindClose

  lstrcmpiW

  GetLastError

  FindFirstFileW

  SetLastError

  LeaveCriticalSection

  EnterCriticalSection

  ExitThread

  GetEnvironmentVariableW

  SetEvent

  FindCloseChangeNotification

  Sleep

  WaitForMultipleObjects

  FindNextChangeNotification

  CloseHandle

  CreateEventW

  FindFirstChangeNotificationW

  ResumeThread

  SetThreadPriority

  CreateThread

  WaitForSingleObject

  InitializeCriticalSection

  SetProcessShutdownParameters

  OpenEventW

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCommandLineA

  GetVersionExA

  GetProcAddress

  GetStdHandle

  FreeEnvironmentStringsA

  VirtualProtect

  FreeEnvironmentStringsW

  WideCharToMultiByte

  GetEnvironmentStringsW

  SetHandleCount

  GetFileType

  HeapDestroy

  HeapCreate

  VirtualFree

  HeapFree

  GetOEMCP

  GetCPInfo

  VirtualAlloc

  HeapReAlloc

  RtlUnwind

  InterlockedExchange

  VirtualQuery

  SetFilePointer

  MultiByteToWideChar

  LCMapStringA

  LCMapStringW

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  user32

  LockWorkStation

  AnimateWindow

  CopyAcceleratorTableW

  SetDeskWallpaper

  GetSysColor

  UnpackDDElParam

  LookupIconIdFromDirectoryEx

  DdeQueryStringA

  GetUserObjectInformationW

  SetDlgItemTextW

  GetMenuStringA

  wsprintfA

  EnumDesktopsA

  GrayStringW

  CountClipboardFormats

  LoadImageA

  GetClassLongW

  ToAsciiEx

  GetMessageW

  EnumDisplayDevicesW

  GetWindowModuleFileName

  VkKeyScanExW

  RealGetWindowClassA

  CreateCaret

  GetWindowRect

  GetTitleBarInfo

  SetClassLongW

  LoadStringW

  SendMessageW

  SetWindowPos

  GetDesktopWindow

  GetParent

  GetSystemMetrics

  GetWindowLongW

  SetForegroundWindow

  CheckDlgButton

  GetClientRect

  EndDialog

  PostMessageW

  GetDlgItem

  IsDlgButtonChecked

  SendDlgItemMessageW

  KillTimer

  SetTimer

  LoadImageW

  DialogBoxParamW

  MessageBoxW

  DefWindowProcW

  LoadIconW

  PostQuitMessage

  DispatchMessageW

  TranslateMessage

  CreateWindowExW

  RegisterClassW

  CharUpperA

  gdi32

  SetDIBColorTable

  GdiConvertBitmap

  PlayMetaFileRecord

  EnumEnhMetaFile

  EnableEUDC

  SetBitmapDimensionEx

  GdiRealizationInfo

  GdiAlphaBlend

  SetWorldTransform

  CreateICW

  CombineRgn

  StretchDIBits

  GdiDeleteSpoolFileHandle

  GetBkColor

  GdiGetCharDimensions

  CloseEnhMetaFile

  GetPath

  UnloadNetworkFonts

  GdiConvertEnhMetaFile

  GdiStartDocEMF

  GetROP2

  SetBitmapBits

  GdiSetLastError

  EngMarkBandingSurface

  GdiCreateLocalMetaFilePict

  GetWindowOrgEx

  GdiArtificialDecrementDriver

  GdiQueryTable

  GetRasterizerCaps

  PolyDraw

  CloseFigure

  GetTextMetricsW

  AnyLinkedFonts

  GetTextFaceAliasW

  SetICMMode

  SelectClipPath

  EngWideCharToMultiByte

  CreateEnhMetaFileA

  CombineTransform

  CreateEnhMetaFileW

  GetKerningPairs

  GdiResetDCEMF

  GdiGradientFill

  EngStrokeAndFillPath

  GetEnhMetaFileA

  advapi32

  FreeSid

  GetAce

  RegNotifyChangeKeyValue

  RegOpenKeyExW

  RegCloseKey

  RegQueryValueExW

  SetSecurityInfo

  GetSecurityInfo

  shell32

  CommandLineToArgvW

  SHGetFileInfo

  Shell_NotifyIconW

  ole32

  CoInitializeSecurity

  shlwapi

  StrRChrA

  Sections

  .text

  Size: 320KB - Virtual size: 319KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 512B - Virtual size: 349B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 257KB - Virtual size: 256KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 31KB - Virtual size: 30KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ