9c216a7d7e50c0576ca4bdc794db37c8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9c216a7d7e50c0576ca4bdc794db37c8_JaffaCakes118
Size

1.2MB
MD5

9c216a7d7e50c0576ca4bdc794db37c8
SHA1

0aaadb06bcf07248471e6a82fb2637af3716642e
SHA256

b5684501d0aad591ad4248ad10bd83d2489da9eada54e7b8547ae695a47eed05
SHA512

809309fd5c43e2afcc21e72eb54dee152b6defcca0e09437e8cd661adea8aaea2bb771cec6502c916fb1395d69128fb582de8899fbc5daaef49c273e8d2d4231
SSDEEP

24576:EWGL4aoSLfz3UYfsRuoL5nj8+/FRoR6SK+/JFwcAr:xG3dflURLV8ekR6SJ7wcAr

Score

1^/10

Malware Config

Signatures

Files

9c216a7d7e50c0576ca4bdc794db37c8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

205356c80c2adc20172150f0a82384f1

Code Sign

3c:11:63:40:95:c6:95:ab:49:6c:01:fb:e5:fd:d3:b5
Certificate

Issuer

CN=GBZWAIEZ

Not Before

26-03-2019 22:30

Not After

31-12-2039 23:59

Subject

CN=GBZWAIEZ

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

71:b1:cd:36:b5:d6:93:ad:42:63:a4:30:47:ff:bd:19:ef:9d:62:f7:29:f9:ad:32:74:11:e5:c6:9b:3f:f9:d9
Signer

Actual PE Digest

71:b1:cd:36:b5:d6:93:ad:42:63:a4:30:47:ff:bd:19:ef:9d:62:f7:29:f9:ad:32:74:11:e5:c6:9b:3f:f9:d9

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNumberFormatW
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessHeaps
GetProcessIoCounters
GetProfileIntW
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadLocale
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalMemoryStatusEx
GlobalReAlloc
GlobalSize
GlobalUnlock
Heap32ListNext
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapQueryInformation
HeapReAlloc
HeapSetInformation
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
GetConsoleOutputCP
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalLock
LocalReAlloc
LocalSize
LocalUnlock
LockFile
LockResource
MapViewOfFile
MoveFileA
MoveFileExA
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
OpenEventW
OpenFile
OpenFileMappingA
OpenFileMappingW
OpenMutexW
OpenProcess
OpenSemaphoreA
OpenThread
OutputDebugStringA
OutputDebugStringW
ProcessIdToSessionId
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadDirectoryChangesW
ReadFile
ReadProcessMemory
ReleaseActCtx
ReleaseMutex
RemoveDirectoryA
RemoveDirectoryW
ReplaceFileA
ResetEvent
ResumeThread
RtlUnwind
SearchPathW
SetCommState
SetCommTimeouts
SetComputerNameExA
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleTextAttribute
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDllDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleCount
SetLastError
SetProcessWorkingSetSize
SetStdHandle
SetThreadExecutionState
SetThreadLocale
SetThreadPriority
SetThreadUILanguage
SetUnhandledExceptionFilter
SetVolumeMountPointW
SignalObjectAndWait
SizeofResource
Sleep
SleepEx
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VerLanguageNameA
VerSetConditionMask
VerifyVersionInfoA
VerifyVersionInfoW
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringA
WritePrivateProfileStringW
WriteProcessMemory
_lclose
_lcreat
_llseek
_lopen
_lread
_lwrite
lstrcatA
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW
GetConsoleMode
GetConsoleFontSize
GetConsoleCP
GetComputerNameW
GetComputerNameExW
GetComputerNameA
GetCommandLineW
GetCommandLineA
GetCommState
GetCPInfo
GetACP
FreeResource
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FormatMessageA
FlushInstructionCache
FlushFileBuffers
FindResourceW
FindResourceExW
FindResourceA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
ExitThread
ExitProcess
EnumResourceLanguagesW
EnumCalendarInfoW
EnumCalendarInfoA
EnterCriticalSection
EncodePointer
DuplicateHandle
DeviceIoControl
DeleteFileW
DeleteFileA
DeleteCriticalSection
DecodePointer
DebugBreak
DeactivateActCtx
CreateToolhelp32Snapshot
CreateThread
CreateRemoteThread
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CreateActCtxW
CopyFileW
CopyFileExW
CopyFileA
ConvertDefaultLocale
CompareStringW
CompareStringA
CompareFileTime
CloseHandle
Beep
LoadResource
ActivateActCtx

user32

MapWindowPoints
MessageBoxA
MessageBoxW
ModifyMenuW
MsgWaitForMultipleObjectsEx
NotifyWinEvent
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageA
PtInRect
RegisterClassW
RegisterWindowMessageW
ReleaseDC
RemovePropW
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageA
SendMessageW
SetClassLongA
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetMenu
SetMenuItemBitmaps
SetMessageQueue
SetPropW
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoA
TabbedTextOutW
TranslateMessage
UnhookWinEvent
UnhookWindowsHookEx
UnregisterClassW
UnregisterDeviceNotification
ValidateRect
WinHelpW
mouse_event
WindowFromDC
LoadCursorFromFileA
GetClipboardData
InSendMessage
IsMenu
DestroyIcon
CharLowerW
GetMenuContextHelpId
VkKeyScanA
CountClipboardFormats
IsCharAlphaA
IsCharAlphaNumericA
IsWindowUnicode
GetKeyboardLayout
VkKeyScanW
GetKBCodePage
GetClipboardOwner
GetAsyncKeyState
DestroyCursor
CloseClipboard
PaintDesktop
GetInputState
GetCursor
CharNextW
CloseDesktop
ReleaseCapture
EnumClipboardFormats
GetWindowContextHelpId
GetWindowTextLengthA
GetClipboardViewer
GetThreadDesktop
IsCharAlphaW
AnyPopup
CharUpperW
IsCharLowerW
IsClipboardFormatAvailable
GetQueueStatus
CloseWindow
GetDialogBaseUnits
OemKeyScan
LoadMenuW
LoadIconW
LoadIconA
LoadCursorW
LoadBitmapW
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
IsDlgButtonChecked
GrayStringW
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindow
GetUserObjectInformationW
GetTopWindow
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollPos
GetPropW
GetProcessWindowStation
GetParent
GetMessageW
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuCheckMarkDimensions
GetMenu
GetLastActivePopup
GetKeyState
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetClassInfoExW
GetCapture
GetActiveWindow
EndDialog
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextExW
DispatchMessageW
DialogBoxParamW
DestroyWindow
DestroyMenu
DefWindowProcW
DefWindowProcA
DdeQueryConvInfo
CreateWindowExW
CreateDialogParamW
CopyRect
CloseWindowStation
ClientToScreen
CheckMenuItem
CharLowerA
CallWindowProcW
CallNextHookEx
AdjustWindowRectEx
LoadStringW

gdi32

GdiFlush
CreateHalftonePalette
GetSystemPaletteUse
GetObjectType
GetColorSpace
AddFontResourceW
GetPolyFillMode
GetGraphicsMode
GetBkColor
DeleteColorSpace
CreateCompatibleDC
UnrealizeObject
GetDCPenColor
UpdateColors
CreatePatternBrush
StrokePath
GetLayout
GetStockObject
AbortDoc
GdiGetBatchLimit
FlattenPath
SaveDC
CreateSolidBrush
DeleteObject
SwapBuffers
GetTextCharset
XLATEOBJ_cGetPalette
XFORMOBJ_iGetXform
StartDocW
SetWindowExtEx
SetTextColor
GetTextColor
GetICMProfileW
GetCharABCWidthsA
GdiStartDocEMF
GdiDllInitialize
EngReleaseSemaphore
EngQueryLocalTime
EngLoadModule
EndDoc
DeleteDC
DPtoLP
CreateDCW
AbortPath
CopyMetaFileW

advapi32

RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegSetValueExA
RegSetValueExW
RegCloseKey

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_DrawEx
ImageList_Duplicate
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Remove
ImageList_ReplaceIcon
InitCommonControlsEx
_TrackMouseEvent

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 957KB - Virtual size: 957KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 966KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

205356c80c2adc20172150f0a82384f1

Code Sign

3c:11:63:40:95:c6:95:ab:49:6c:01:fb:e5:fd:d3:b5Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

71:b1:cd:36:b5:d6:93:ad:42:63:a4:30:47:ff:bd:19:ef:9d:62:f7:29:f9:ad:32:74:11:e5:c6:9b:3f:f9:d9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 957KB - Virtual size: 957KB

.rsrc Size: 111KB - Virtual size: 966KB

3c:11:63:40:95:c6:95:ab:49:6c:01:fb:e5:fd:d3:b5
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

71:b1:cd:36:b5:d6:93:ad:42:63:a4:30:47:ff:bd:19:ef:9d:62:f7:29:f9:ad:32:74:11:e5:c6:9b:3f:f9:d9
Signer

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 957KB - Virtual size: 957KB

.rsrc
Size: 111KB - Virtual size: 966KB