97aa992d7a114b8bf08c4a03e3d13f13_JaffaCakes118

Resubmissions

Sharing

Copy URL

Twitter E-mail

General

Target

97aa992d7a114b8bf08c4a03e3d13f13_JaffaCakes118
Size

1.1MB
MD5

97aa992d7a114b8bf08c4a03e3d13f13
SHA1

f457a5c6f3fbb3e9cccde160e82ed6520cafc2a7
SHA256

52870f2e75fa9c8073182e6779708adea25e096036561e4099e81cf5975a33ec
SHA512

252c5b2e1a8862a8936c51ea2927ee8888a9d006b6cb96fd2833bea7942402e12f7d0a7f419e318bb88e43f3b55a909d0fb19b415186d9e0d74df0246730ae2d
SSDEEP

24576:eHtrdKYVVSrqGDohJ3STZG8vIn/sCBGnWsY0m+W:eHtV7GwBSTc8An/4YuW

Score

1^/10

Malware Config

Signatures

Files

97aa992d7a114b8bf08c4a03e3d13f13_JaffaCakes118
.exe windows:5 windows x86 arch:x86

11ba1e736f6a94a344ffead8850154e1

Code Sign

6c:af:80:8f:23:19:67:73:bd:42:61:17:c1:db:be:38
Certificate

Issuer

CN=TCBPXRFI

Not Before

19-02-2019 16:40

Not After

31-12-2039 23:59

Subject

CN=TCBPXRFI

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b0:cc:95:28:3d:cb:c3:8f:0a:1d:e2:80:3f:67:cc:72:1f:12:78:ce:31:7d:2c:0d:b9:1d:97:3d:9d:89:f0:70
Signer

Actual PE Digest

b0:cc:95:28:3d:cb:c3:8f:0a:1d:e2:80:3f:67:cc:72:1f:12:78:ce:31:7d:2c:0d:b9:1d:97:3d:9d:89:f0:70

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetVolumeInformationA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByte
IsDebuggerPresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
MapViewOfFile
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenProcess
GetTempPathA
PulseEvent
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ResetEvent
RtlUnwind
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadIdealProcessor
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TerminateThread
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WriteProfileStringW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
lstrlenW
GetTempFileNameA
GetSystemTimeAsFileTime
GetSystemInfo
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoA
GetShortPathNameA
GetProcessHeap
GetProcAddress
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoW
GetLocaleInfoA
GetLastError
CloseHandle
GetFullPathNameA
GetFileType
GetFileTime
GetFileSizeEx
GetFileSize
GetFileAttributesExA
GetFileAttributesA
GetExitCodeThread
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeW
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetCommMask
GetCommConfig
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindResourceA
FindNextChangeNotification
FindFirstFileA
FindFirstChangeNotificationA
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumSystemLocalesA
EnterCriticalSection
DuplicateHandle
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateMailslotA
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringW
CompareStringA
OutputDebugStringA

user32

SetForegroundWindow
SetMenu
SetMenuItemBitmaps
SetPropA
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
SetWindowsHookExA
SystemParametersInfoA
TabbedTextOutA
UnhookWindowsHookEx
ValidateRect
WinHelpA
wsprintfA
wvsprintfA
GetKeyboardLayout
WindowFromDC
LoadCursorFromFileA
GetClipboardData
InSendMessage
IsMenu
DestroyIcon
CharLowerW
GetMenuContextHelpId
VkKeyScanA
CountClipboardFormats
IsCharAlphaA
IsCharAlphaNumericA
GetProcessWindowStation
IsWindowUnicode
VkKeyScanW
GetActiveWindow
GetKBCodePage
GetClipboardOwner
GetAsyncKeyState
DestroyCursor
CloseClipboard
PaintDesktop
GetInputState
GetCursor
CloseDesktop
ReleaseCapture
EnumClipboardFormats
GetWindowContextHelpId
GetWindowTextLengthA
GetClipboardViewer
GetThreadDesktop
IsCharAlphaW
AnyPopup
CharUpperW
IsCharLowerW
IsClipboardFormatAvailable
GetQueueStatus
CloseWindow
GetDialogBaseUnits
OemKeyScan
SendMessageA
RemovePropA
ReleaseDC
RegisterWindowMessageA
RegisterClassA
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageA
ModifyMenuA
MessageBoxA
MapWindowPoints
LoadStringA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsWindowEnabled
IsWindow
IsIconic
GrayStringA
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindow
GetTopWindow
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetPropA
GetParent
GetMessageTime
GetMessagePos
GetMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuInfo
GetMenuCheckMarkDimensions
GetMenu
GetLastActivePopup
GetKeyState
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDC
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoExA
GetClassInfoA
GetCapture
EnableMenuItem
DrawTextExA
DrawTextA
DispatchMessageA
DestroyWindow
DestroyMenu
DefWindowProcA
CreateWindowExA
CopyRect
ClientToScreen
CheckMenuItem
CharUpperA
CharNextW
CharNextA
CallWindowProcA
CallNextHookEx
AdjustWindowRectEx
EnableWindow

gdi32

CreateRectRgn
EngDeletePath
EngFreeModule
EngUnlockSurface
EngWideCharToMultiByte
EnumFontFamiliesA
EnumFontsA
Escape
FontIsLinked
GdiAddGlsRecord
GdiArtificialDecrementDriver
GdiConvertPalette
GdiCreateLocalMetaFilePict
GdiEndDocEMF
GdiEntry4
GdiGetCodePage
GdiGetDC
GdiGetLocalBrush
GdiReleaseDC
GdiSetServerAttr
GdiStartPageEMF
GetCharABCWidthsA
GetCharWidthFloatW
GetCurrentPositionEx
GetDCPenColor
GetFontUnicodeRanges
GetGlyphOutlineW
GetMiterLimit
GetNearestColor
GetTextExtentExPointI
GetTextFaceAliasW
LPtoDP
PATHOBJ_vGetBounds
PolyPatBlt
CreateColorSpaceW
RemoveFontResourceExA
RemoveFontResourceW
SelectObject
SetGraphicsMode
SetMetaRgn
SetPixel
cGetTTFFromFOT
GetTextCharset
SwapBuffers
DeleteObject
CreateSolidBrush
SaveDC
FlattenPath
GdiGetBatchLimit
AbortDoc
GetStockObject
GetLayout
GetBkColor
GdiFlush
CreateHalftonePalette
GetSystemPaletteUse
GetObjectType
GetTextColor
GetColorSpace
GetPolyFillMode
GetGraphicsMode
AbortPath
DeleteColorSpace
CreateCompatibleDC
UnrealizeObject
UpdateColors
CreatePatternBrush
StrokePath
CloseEnhMetaFile
PolyPolyline
AddFontResourceW

advapi32

RegQueryValueExA
RegOpenKeyExW

ole32

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
StringFromGUID2

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

11ba1e736f6a94a344ffead8850154e1

Code Sign

6c:af:80:8f:23:19:67:73:bd:42:61:17:c1:db:be:38Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

b0:cc:95:28:3d:cb:c3:8f:0a:1d:e2:80:3f:67:cc:72:1f:12:78:ce:31:7d:2c:0d:b9:1d:97:3d:9d:89:f0:70Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 600B

.rsrc Size: 40KB - Virtual size: 952KB

6c:af:80:8f:23:19:67:73:bd:42:61:17:c1:db:be:38
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

b0:cc:95:28:3d:cb:c3:8f:0a:1d:e2:80:3f:67:cc:72:1f:12:78:ce:31:7d:2c:0d:b9:1d:97:3d:9d:89:f0:70
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 600B

.rsrc
Size: 40KB - Virtual size: 952KB