General

Malware Config

Signatures

Files

• 485963af9c9f770c8817438c1c606e4d_JaffaCakes118

  .dll regsvr32 windows:4 windows x86 arch:x86

  c0d4a888925cfdc2acf94edd6c75208f

  
  

  Code Sign

  38:98:9e:c6:1e:cd:b7:39:1f:f5:64:7f:7d:58:ad:18

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-02-2021 00:00

  Not After

  12-02-2022 23:59

  Subject

  CN=RotA Games ApS,O=RotA Games ApS,POSTALCODE=9000,STREET=Ved Stranden 9B,L=Aalborg,C=DK

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  01-01-2004 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  de:26:e4:16:23:84:35:3b:71:e3:5f:36:2a:d5:95:4a:d5:9a:3b:be

  Signer

  Actual PE Digest

  de:26:e4:16:23:84:35:3b:71:e3:5f:36:2a:d5:95:4a:d5:9a:3b:be

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  LoadLibraryA

  VirtualAlloc

  VirtualProtect

  GetProcAddress

  GetLastError

  GetCurrentThreadId

  lstrcmpA

  CreateTimerQueue

  FatalAppExitW

  SystemTimeToFileTime

  GetConsoleAliasExesW

  GlobalAddAtomW

  GetShortPathNameA

  DebugActiveProcessStop

  ExpandEnvironmentStringsA

  user32

  GetCursorInfo

  GetWindowThreadProcessId

  GetKeyboardType

  GetGUIThreadInfo

  GetWindowDC

  GetCursorPos

  SetRectEmpty

  AllowForegroundActivation

  DlgDirSelectComboBoxExW

  GetKeyboardLayoutList

  DrawTextExA

  DdeEnableCallback

  winspool.drv

  DeviceCapabilities

  SetPrinterDataA

  SetPrinterDataW

  GetJobW

  AdvancedDocumentPropertiesA

  SpoolerPrinterEvent

  StartPagePrinter

  ClosePrinter

  DeletePrinterDataExA

  ConfigurePortW

  PrinterMessageBoxA

  CreatePrinterIC

  OpenPrinterW

  DeleteFormA

  oledlg

  OleUIUpdateLinksW

  OleUIChangeIconW

  OleUIInsertObjectA

  OleUIBusyA

  OleUIChangeSourceA

  OleUIInsertObjectW

  OleUIAddVerbMenuA

  oleaut32

  VarDateFromCy

  VarR8FromUI1

  SafeArrayCreateEx

  BSTR_UserFree

  VarImp

  CreateTypeLib

  VarI4FromUI4

  VarR8FromStr

  VarUI1FromI8

  advapi32

  SaferSetLevelInformation

  ConvertAccessToSecurityDescriptorW

  InitializeSid

  EncryptedFileKeyInfo

  ComputeAccessTokenFromCodeAuthzLevel

  LookupPrivilegeValueW

  AccessCheckByTypeResultListAndAuditAlarmA

  gdi32

  DdEntry40

  GdiGetSpoolFileHandle

  AddFontResourceExA

  SetLayout

  EnumEnhMetaFile

  SetPixelV

  GetTextExtentExPointW

  EnumFontFamiliesA

  GetObjectType

  GdiIsPlayMetafileDC

  SetDCPenColor

  winmm

  timeGetSystemTime

  waveInReset

  midiOutGetNumDevs

  mixerGetDevCapsA

  waveOutPrepareHeader

  waveOutGetVolume

  mmioSeek

  mmioRenameA

  shell32

  SHGetFolderPathAndSubDirA

  DuplicateIcon

  OpenAs_RunDLLW

  PrintersGetCommand_RunDLLW

  ILFindLastID

  SHGetFileInfo

  SHCLSIDFromString

  DAD_DragEnterEx

  StrChrA

  SHAppBarMessage

  SheChangeDirExW

  SHCreateDirectory

  PickIconDlg

  DAD_SetDragImage

  comctl32

  CreateStatusWindow

  GetEffectiveClientRect

  ImageList_DragEnter

  ImageList_Draw

  CreateStatusWindowW

  AddMRUStringW

  _TrackMouseEvent

  CreateMRUListW

  comdlg32

  PrintDlgExA

  ChooseFontA

  GetOpenFileNameA

  FindTextW

  ChooseFontW

  GetSaveFileNameW

  FindTextA

  GetFileTitleA

  shlwapi

  PathGetArgsA

  PathUnExpandEnvStringsA

  wvnsprintfW

  UrlCombineW

  PathAddExtensionA

  PathIsUNCServerW

  PathIsSystemFolderA

  PathMakeSystemFolderA

  oleacc

  DllGetClassObject

  AccessibleObjectFromEvent

  ObjectFromLresult

  GetStateTextA

  DllRegisterServer

  CreateStdAccessibleProxyA

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnRegisterServer

  Sections

  .code

  Size: 311KB - Virtual size: 311KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 161B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 80KB - Virtual size: 79KB

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE