0fc19a9a51ac4d6bb9e29da44de88518_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fc19a9a51ac4d6bb9e29da44de88518_JaffaCakes118
Size

454KB
MD5

0fc19a9a51ac4d6bb9e29da44de88518
SHA1

b09be8d030ca058302c585edd2ccd1a371257306
SHA256

edcd4f33863686c8ffe678d59db9f207fcfb67ec195390ed41d7f71076e08812
SHA512

3c56ca66a9e9c5e0035f3b5ad6ccad3f940d077fbba209ef07a8fbec482d8d5b8f43359a9b0f91dc56abbdb27cb32631b1c60337006ef7b3e56d0dd40029ccaa
SSDEEP

6144:liug4985ei9csv7t6Z1o6N+hCDU5Y7s6afDrTH0pv:E8985Zh6N+hCDUC7s6SDkpv

Score

1^/10

Malware Config

Signatures

Files

0fc19a9a51ac4d6bb9e29da44de88518_JaffaCakes118
.exe windows:4 windows x86 arch:x86

24d6f254b3a07ce241a35d2bd39a2e1c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ed:c3:f2:1b:e3:7e:ca:9f:f1:11:7f:f4:90:da:32:ea
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/04/2019, 00:00

Not After

17/04/2020, 23:59

Subject

CN=Pragramatic Limited,O=Pragramatic Limited,POSTALCODE=WA3 4HX,STREET=100a Twiss Green Lane Twiss Green Lane,L=Warrington,ST=Cheshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:7e:51:c8:71:84:f4:db:af:1d:50:c7:5d:88:3b:54:33:8f:f1:db
Signer

Actual PE Digest

ae:7e:51:c8:71:84:f4:db:af:1d:50:c7:5d:88:3b:54:33:8f:f1:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM

Imports

kernel32

lstrcmpiA
GetExitCodeProcess
GetFileAttributesA
GetPrivateProfileStringA
FindNextFileA
GlobalAddAtomW
FindClose
FindFirstFileA
GetTimeZoneInformation
LCMapStringA
GetStringTypeW
GetStringTypeA
GetConsoleCP
SetFilePointer
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
WriteFile
GlobalLock
GetShortPathNameA
GlobalUnlock
GetDateFormatA
DuplicateHandle
SetEndOfFile
IsBadReadPtr
FlushFileBuffers
WritePrivateProfileStringA
GetDiskFreeSpaceA
GetTempPathA
GetTimeFormatA
GlobalFindAtomW
RemoveDirectoryA
GetVolumeInformationW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapFree
GetModuleHandleW
GetProcAddress
GetLastError
FreeLibraryAndExitThread
CloseHandle
SetEvent
ConnectNamedPipe
GetVersionExA
LoadLibraryExA
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
LCMapStringW

user32

TrackPopupMenu
CloseClipboard
EndDialog
IsWindowEnabled
LoadCursorA
LoadBitmapA
CharPrevA
MessageBoxIndirectA
SendMessageA
DestroyIcon
EnableMenuItem
EnableWindow
SetWindowPos

gdi32

GetClipBox
GetWindowExtEx
CreateBitmap
SaveDC
SetBkColor
DeleteDC
SetViewportExtEx
ScaleWindowExtEx
EnumFontsA
SetWindowExtEx
GetTextColor
GetRgnBox
SetTextColor
Rectangle
SetTextAlign
RestoreDC

advapi32

RegDeleteValueW
FreeSid
RegQueryValueExW
AllocateAndInitializeSid
RegOpenKeyW
RegCreateKeyExW
RegEnumValueW
RegEnumKeyW
RegQueryValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
AllocateLocallyUniqueId

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24d6f254b3a07ce241a35d2bd39a2e1c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

ed:c3:f2:1b:e3:7e:ca:9f:f1:11:7f:f4:90:da:32:eaCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

ae:7e:51:c8:71:84:f4:db:af:1d:50:c7:5d:88:3b:54:33:8f:f1:dbSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 11KB - Virtual size: 130KB

.rsrc Size: 391KB - Virtual size: 391KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

ed:c3:f2:1b:e3:7e:ca:9f:f1:11:7f:f4:90:da:32:ea
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

ae:7e:51:c8:71:84:f4:db:af:1d:50:c7:5d:88:3b:54:33:8f:f1:db
Signer

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 11KB - Virtual size: 130KB

.rsrc
Size: 391KB - Virtual size: 391KB