440dcb8aec1c6ab3cf6d47373acf3077_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

440dcb8aec1c6ab3cf6d47373acf3077_JaffaCakes118
Size

398KB
MD5

440dcb8aec1c6ab3cf6d47373acf3077
SHA1

a1a4b8bc937ba5d2da81f80d7f9b48901a4e6645
SHA256

d89fb3f26aa86e7d8db6d17ea409febe5b51825950ae7217e214e0ad5719080d
SHA512

bf688b2c926e7ba7f63701022680b2badee7508b186a5a7645ab22ac306ca2c17f821e90eebc4ba48bc5a05157736a4e9cb32201a8a919a5ff84bf574e88c722
SSDEEP

6144:a9ykYklEwrPmRPWEpWFn2E6lyDntvhhOU35RJEesN23wU7HuAmHK+P:02wr03pdf8vhhOKJET8Byq+P

Score

1^/10

Malware Config

Signatures

Files

440dcb8aec1c6ab3cf6d47373acf3077_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c0d4a888925cfdc2acf94edd6c75208f

Code Sign

38:98:9e:c6:1e:cd:b7:39:1f:f5:64:7f:7d:58:ad:18
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-02-2021 00:00

Not After

12-02-2022 23:59

Subject

CN=RotA Games ApS,O=RotA Games ApS,POSTALCODE=9000,STREET=Ved Stranden 9B,L=Aalborg,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:50:c1:fa:8b:2d:99:a4:27:34:99:7b:f2:bd:b0:b3:7f:52:93:cd
Signer

Actual PE Digest

f9:50:c1:fa:8b:2d:99:a4:27:34:99:7b:f2:bd:b0:b3:7f:52:93:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
GetLastError
GetCurrentThreadId
lstrcmpA
CreateTimerQueue
FatalAppExitW
SystemTimeToFileTime
GetConsoleAliasExesW
GlobalAddAtomW
GetShortPathNameA
DebugActiveProcessStop
ExpandEnvironmentStringsA

user32

GetCursorInfo
GetWindowThreadProcessId
GetKeyboardType
GetGUIThreadInfo
GetWindowDC
GetCursorPos
SetRectEmpty
AllowForegroundActivation
DlgDirSelectComboBoxExW
GetKeyboardLayoutList
DrawTextExA
DdeEnableCallback

winspool.drv

DeviceCapabilities
SetPrinterDataA
SetPrinterDataW
GetJobW
AdvancedDocumentPropertiesA
SpoolerPrinterEvent
StartPagePrinter
ClosePrinter
DeletePrinterDataExA
ConfigurePortW
PrinterMessageBoxA
CreatePrinterIC
OpenPrinterW
DeleteFormA

oledlg

OleUIUpdateLinksW
OleUIChangeIconW
OleUIInsertObjectA
OleUIBusyA
OleUIChangeSourceA
OleUIInsertObjectW
OleUIAddVerbMenuA

oleaut32

VarDateFromCy
VarR8FromUI1
SafeArrayCreateEx
BSTR_UserFree
VarImp
CreateTypeLib
VarI4FromUI4
VarR8FromStr
VarUI1FromI8

advapi32

SaferSetLevelInformation
ConvertAccessToSecurityDescriptorW
InitializeSid
EncryptedFileKeyInfo
ComputeAccessTokenFromCodeAuthzLevel
LookupPrivilegeValueW
AccessCheckByTypeResultListAndAuditAlarmA

gdi32

DdEntry40
GdiGetSpoolFileHandle
AddFontResourceExA
SetLayout
EnumEnhMetaFile
SetPixelV
GetTextExtentExPointW
EnumFontFamiliesA
GetObjectType
GdiIsPlayMetafileDC
SetDCPenColor

winmm

timeGetSystemTime
waveInReset
midiOutGetNumDevs
mixerGetDevCapsA
waveOutPrepareHeader
waveOutGetVolume
mmioSeek
mmioRenameA

shell32

SHGetFolderPathAndSubDirA
DuplicateIcon
OpenAs_RunDLLW
PrintersGetCommand_RunDLLW
ILFindLastID
SHGetFileInfo
SHCLSIDFromString
DAD_DragEnterEx
StrChrA
SHAppBarMessage
SheChangeDirExW
SHCreateDirectory
PickIconDlg
DAD_SetDragImage

comctl32

CreateStatusWindow
GetEffectiveClientRect
ImageList_DragEnter
ImageList_Draw
CreateStatusWindowW
AddMRUStringW
_TrackMouseEvent
CreateMRUListW

comdlg32

PrintDlgExA
ChooseFontA
GetOpenFileNameA
FindTextW
ChooseFontW
GetSaveFileNameW
FindTextA
GetFileTitleA

shlwapi

PathGetArgsA
PathUnExpandEnvStringsA
wvnsprintfW
UrlCombineW
PathAddExtensionA
PathIsUNCServerW
PathIsSystemFolderA
PathMakeSystemFolderA

oleacc

DllGetClassObject
AccessibleObjectFromEvent
ObjectFromLresult
GetStateTextA
DllRegisterServer
CreateStdAccessibleProxyA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnRegisterServer

Sections

.code
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0d4a888925cfdc2acf94edd6c75208f

Code Sign

38:98:9e:c6:1e:cd:b7:39:1f:f5:64:7f:7d:58:ad:18Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

f9:50:c1:fa:8b:2d:99:a4:27:34:99:7b:f2:bd:b0:b3:7f:52:93:cdSigner

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

oledlg

oleaut32

advapi32

gdi32

winmm

shell32

comctl32

comdlg32

shlwapi

oleacc

Exports

Exports

Sections

.code Size: 311KB - Virtual size: 311KB

.data Size: 512B - Virtual size: 161B

.rdata Size: 80KB - Virtual size: 79KB

38:98:9e:c6:1e:cd:b7:39:1f:f5:64:7f:7d:58:ad:18
Certificate

01
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

f9:50:c1:fa:8b:2d:99:a4:27:34:99:7b:f2:bd:b0:b3:7f:52:93:cd
Signer

.code
Size: 311KB - Virtual size: 311KB

.data
Size: 512B - Virtual size: 161B

.rdata
Size: 80KB - Virtual size: 79KB