b1f18c7fad0da8842863681a074c8a35_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b1f18c7fad0da8842863681a074c8a35_JaffaCakes118
Size

1.1MB
MD5

b1f18c7fad0da8842863681a074c8a35
SHA1

9e483f008a259c91f0be260a8a56e833a623dd89
SHA256

92459aab5fc4c348f5a6a10fa7ce8bc734121a8e2d8d3c30e4337f74ae87017a
SHA512

685cf77e17a93bf29e6a8f05c6ef18f72bb318f38b84cc466c86b665102769237771287efebc478cf13e615c5f5c2012007a7c5f6f1dd6f1c0a7cbb149950742
SSDEEP

6144:9Ug69tR5KCcCg8nqVbkQSaPOnNxRQVwSav4dyxDYoQYJUpg1MwE4s0m+Z1Af6kr:q99trKTX84bkQfUO/aQdeMo3e+k4jACU

Score

1^/10

Malware Config

Signatures

Files

b1f18c7fad0da8842863681a074c8a35_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3bd7c16a16ad7d5b3966a30a82496732

Code Sign

f8:c2:e0:84:38:bb:0e:9a:dc:95:5e:4b:49:3e:58:21
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08-09-2020 00:00

Not After

08-09-2021 23:59

Subject

CN=DocsGen Software Solutions Inc.,OU=IT,O=DocsGen Software Solutions Inc.,POSTALCODE=M5H 3E5,STREET=250 University Ave,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b9:2c:b0:11:55:7e:34:c5:a7:87:7a:32:65:ac:1f:d9:2c:eb:0a
Signer

Actual PE Digest

1b:b9:2c:b0:11:55:7e:34:c5:a7:87:7a:32:65:ac:1f:d9:2c:eb:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
lstrcmpA
ReadConsoleInputExA
GetCommModemStatus
GetConsoleOutputCP
SizeofResource
RegisterConsoleIME
DefineDosDeviceA
GetConsoleAliasesW
FillConsoleOutputCharacterW
GetSystemDefaultLCID
OpenThread
GetCommState
GetCurrentActCtx
CancelDeviceWakeupRequest
Heap32Next
SetLastConsoleEventActive
ReadFileEx
EnumCalendarInfoA
SetThreadLocale
CopyFileExA
OpenSemaphoreW
SetProcessPriorityBoost

user32

GetWindowThreadProcessId
UnhookWindowsHook
DefMDIChildProcW
SetMenuContextHelpId
GetOpenClipboardWindow
IsRectEmpty
SendMessageTimeoutA
EqualRect
DrawTextW
GetClipCursor
GetDlgCtrlID
PrivateExtractIconsA
ClientToScreen
EnumDisplayDevicesW
CalcMenuBar
LoadMenuA
SendMessageW
DlgDirSelectComboBoxExA
RegisterClipboardFormatA
NotifyWinEvent
GetDlgItemTextW
SetWindowPlacement
OemToCharW
UnregisterClassA
LoadMenuIndirectA
SetClassWord
GetWindowModuleFileName
FindWindowExW
SetKeyboardState
GetWindowTextW
UpdateWindow
GetMenuBarInfo
GetAsyncKeyState
SetWindowRgn
GetPropA
MessageBoxIndirectW
BuildReasonArray
DestroyReasons

comctl32

FlatSB_SetScrollPos
CreateStatusWindowW
UninitializeFlatSB
FlatSB_GetScrollProp
CreateStatusWindow
DestroyPropertySheetPage
DrawStatusTextW
FlatSB_SetScrollInfo
DSA_DeleteAllItems
ImageList_GetImageCount
DPA_GetPtr
ImageList_SetBkColor
ImageList_EndDrag
ImageList_GetFlags
DSA_Create
CreatePropertySheetPageW
ImageList_DragEnter
ImageList_Draw
InitCommonControls
FlatSB_GetScrollPos
DSA_InsertItem
DPA_Destroy
ImageList_SetFlags
EnumMRUListW
ImageList_Read
ImageList_Copy
_TrackMouseEvent
ImageList_LoadImageA
CreateStatusWindowA
DPA_DeletePtr
ImageList_Create
ImageList_DrawEx
MakeDragList
DSA_GetItemPtr
CreateUpDownControl
FlatSB_SetScrollRange
PropertySheetW

oleaut32

VarI4FromR4
VarCyFromUI4
OleLoadPictureFile
VarUI2FromR4
VariantTimeToDosDateTime
BSTR_UserUnmarshal
DllRegisterServer
VarI1FromUI2
DllCanUnloadNow
VarDecFromBool
VarUI4FromUI8
BSTR_UserFree
VarI8FromBool
VarCyFix
VarI8FromCy
VarUI8FromI2
VarI2FromDisp
VarUI8FromUI4
BSTR_UserMarshal
VarBstrFromI2
VarCat
VarUI2FromStr
VarI4FromI8
VarDecFromDate
OleCreatePropertyFrame
VarR4FromI4
GetErrorInfo
OleLoadPictureFileEx
VarR4FromDec
VarDateFromStr

shlwapi

UrlUnescapeW
SHRegisterValidateTemplate
PathFindSuffixArrayA
PathCreateFromUrlW
StrChrNIW
PathIsURLA
PathStripPathA
PathIsContentTypeA
StrCmpIW
PathIsSystemFolderW
StrCpyNW
SHRegGetPathA
PathSetDlgItemPathA
UrlEscapeW
StrIsIntlEqualW
SHDeleteEmptyKeyW
StrStrNIW
PathFindNextComponentA
PathRemoveFileSpecA
PathRemoveExtensionA
PathAddExtensionA
StrIsIntlEqualA
wnsprintfW
SHReleaseThreadRef
SHRegDeleteEmptyUSKeyA
SHRegSetUSValueA
SHRegDeleteUSValueW
PathCombineW
PathCompactPathW
SHRegWriteUSValueA
AssocCreate
PathCompactPathExA
StrNCatA
SHGetViewStatePropertyBag
PathUnmakeSystemFolderA
wvnsprintfW

winspool.drv

AddPortExW
ScheduleJob
CommitSpoolData
GetPrinterDataExA
DeleteMonitorW
PlayGdiScriptOnPrinterIC
ConvertUnicodeDevModeToAnsiDevmode
AddFormA
QuerySpoolMode
DeletePrinter
EnumPrintProcessorsW
IsValidDevmodeA
AdvancedDocumentPropertiesW
AddPortExA
GetPrinterA
DeletePrinterDriverW
EnumFormsW
SpoolerPrinterEvent
DeletePrinterDriverA
GetPrinterW
FindNextPrinterChangeNotification
GetPrinterDriverA
SetPrinterDataW
SetFormA
FindClosePrinterChangeNotification
SetPrinterDataA
PerfOpen
ResetPrinterA
ReadPrinter
EnumJobsA
AddPrinterDriverExW
DeleteFormA
ConfigurePortW
SplDriverUnloadComplete

winmm

mmsystemGetVersion
waveOutGetPlaybackRate
mixerGetID
midiInMessage
PlaySoundA
mciGetDeviceIDW
wid32Message
midiOutCacheDrumPatches
waveOutGetPosition
WOW32ResolveMultiMediaHandle
mciGetDeviceIDFromElementIDA
mixerSetControlDetails
waveOutOpen
joyGetDevCapsA
waveOutPrepareHeader
mmioRenameW
mmDrvInstall
joyReleaseCapture
PlaySoundW
sndPlaySoundW
waveInGetErrorTextW
midiOutGetDevCapsA
WOWAppExit
sndPlaySoundA
midiInGetErrorTextA
waveOutMessage
mmTaskBlock
midiOutCachePatches

imagehlp

ImageDirectoryEntryToDataEx
ImageNtHeader
SymEnumerateModules
SymGetSymFromName
GetTimestampForLoadedLibrary
FindFileInPath
SymGetOptions
TouchFileTimes
FindExecutableImage
ImageGetCertificateHeader
ImageDirectoryEntryToData
SymGetModuleBase64
MapFileAndCheckSumA
RemovePrivateCvSymbolic
SymEnumerateSymbolsW
SymGetTypeInfo
ImageGetCertificateData
ImageAddCertificate
SymFunctionTableAccess
SymGetSymNext
CheckSumMappedFile
ImageEnumerateCertificates
SymRegisterCallback64
SplitSymbols
BindImageEx
SymGetModuleInfoW
SymFindFileInPath
SymEnumerateSymbolsW64
MapDebugInformation
ReBaseImage64
ImageLoad

advapi32

RegQueryValueExW
BuildTrusteeWithSidA
SystemFunction010
LsaCreateSecret
DecryptFileA
CryptGetDefaultProviderW
GetMultipleTrusteeOperationW
LsaAddAccountRights
LsaICLookupSids
LsaSetSystemAccessAccount
WmiOpenBlock
CryptEnumProviderTypesA
NotifyBootConfigStatus
RegCreateKeyA
RegEnumValueW
AddAccessAllowedObjectAce
SystemFunction024
SaferiCompareTokenLevels
AccessCheckByTypeAndAuditAlarmW
CommandLineFromMsiDescriptor
ImpersonateLoggedOnUser
SystemFunction040
UnregisterTraceGuids
FindFirstFreeAce
A_SHAFinal
CryptSetProviderA
LogonUserA
LookupPrivilegeDisplayNameW
CryptHashData
RegSaveKeyA
A_SHAInit
InstallApplication
AdjustTokenGroups
GetSecurityInfo
FreeEncryptedFileKeyInfo

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bd7c16a16ad7d5b3966a30a82496732

Code Sign

f8:c2:e0:84:38:bb:0e:9a:dc:95:5e:4b:49:3e:58:21Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

01Certificate

Key Usages

1b:b9:2c:b0:11:55:7e:34:c5:a7:87:7a:32:65:ac:1f:d9:2c:eb:0aSigner

Headers

File Characteristics

Imports

kernel32

user32

comctl32

oleaut32

shlwapi

winspool.drv

winmm

imagehlp

advapi32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 1024B - Virtual size: 8KB

.data Size: 93KB - Virtual size: 93KB

.rdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 484B

f8:c2:e0:84:38:bb:0e:9a:dc:95:5e:4b:49:3e:58:21
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

01
Certificate

1b:b9:2c:b0:11:55:7e:34:c5:a7:87:7a:32:65:ac:1f:d9:2c:eb:0a
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 1024B - Virtual size: 8KB

.data
Size: 93KB - Virtual size: 93KB

.rdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 484B