8d44301c9c2891421aae35778adffca8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d44301c9c2891421aae35778adffca8_JaffaCakes118
Size

468KB
MD5

8d44301c9c2891421aae35778adffca8
SHA1

5bb1d31464d97addbe84a036b293309ba84e39b8
SHA256

70ea388c86b7f466042422588a32b6497165aa22e74969b96bb1422707974fca
SHA512

cb89f289f856564a43d7720aadce732969a921bd3e514264328fb9f3d57745e88145a96fa5e4b20132b44defaba25bdc307617a1321a84ea574088abe6b09f35
SSDEEP

6144:s+eQc+yi9csv7t6Z6lKtffCFiquSZz6xGXcY5+1:vtlKtffAiq58xGsY5O

Score

1^/10

Malware Config

Signatures

Files

8d44301c9c2891421aae35778adffca8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ae08f49e8223133062205077b94da89c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ed:c3:f2:1b:e3:7e:ca:9f:f1:11:7f:f4:90:da:32:ea
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/04/2019, 00:00

Not After

17/04/2020, 23:59

Subject

CN=Pragramatic Limited,O=Pragramatic Limited,POSTALCODE=WA3 4HX,STREET=100a Twiss Green Lane Twiss Green Lane,L=Warrington,ST=Cheshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:f5:bb:79:cc:47:5b:04:3c:20:3a:8b:53:72:1f:00:bd:f8:35:5d
Signer

Actual PE Digest

26:f5:bb:79:cc:47:5b:04:3c:20:3a:8b:53:72:1f:00:bd:f8:35:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
VerQueryValueW

kernel32

GetDateFormatA
GlobalUnlock
GetShortPathNameA
GlobalLock
GetConsoleCP
lstrcmpiA
GetExitCodeProcess
GetFileAttributesA
GetPrivateProfileStringA
FindNextFileA
GlobalAddAtomW
FindClose
FindFirstFileA
GetTimeZoneInformation
GetStringTypeA
DuplicateHandle
SetFilePointer
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
WriteFile
RtlUnwind
VirtualFree
SetEndOfFile
FlushFileBuffers
WritePrivateProfileStringA
GetDiskFreeSpaceA
LCMapStringW
GetTempPathA
GetTimeFormatA
GlobalFindAtomW
RemoveDirectoryA
GetVolumeInformationW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapFree
GetModuleHandleW
GetProcAddress
GetLastError
FreeLibraryAndExitThread
CloseHandle
SetEvent
ConnectNamedPipe
GetVersionExA
LoadLibraryExW
IsBadReadPtr
GetStringTypeW
LCMapStringA
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate

user32

TrackPopupMenu
CloseClipboard
LoadCursorA
LoadBitmapA
CharPrevA
MessageBoxIndirectA
EndDialog
IsWindowEnabled
SendMessageA
EnableMenuItem
EnableWindow
GetClientRect
SetWindowPos

gdi32

GetClipBox
CreateBitmap
SaveDC
SetViewportExtEx
ScaleWindowExtEx
EnumFontsA
RestoreDC
SetWindowExtEx
GetTextColor
DeleteDC
SetTextColor
Rectangle
SetTextAlign
SetBkColor

advapi32

RegDeleteValueW
FreeSid
RegQueryValueExW
AllocateAndInitializeSid
RegOpenKeyW
RegCreateKeyExW
RegEnumValueW
RegEnumKeyW
RegQueryValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
AllocateLocallyUniqueId

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae08f49e8223133062205077b94da89c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

ed:c3:f2:1b:e3:7e:ca:9f:f1:11:7f:f4:90:da:32:eaCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

26:f5:bb:79:cc:47:5b:04:3c:20:3a:8b:53:72:1f:00:bd:f8:35:5dSigner

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 11KB - Virtual size: 131KB

.rsrc Size: 405KB - Virtual size: 405KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

ed:c3:f2:1b:e3:7e:ca:9f:f1:11:7f:f4:90:da:32:ea
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

26:f5:bb:79:cc:47:5b:04:3c:20:3a:8b:53:72:1f:00:bd:f8:35:5d
Signer

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 11KB - Virtual size: 131KB

.rsrc
Size: 405KB - Virtual size: 405KB