6393a870a8b97bf0eec4fd05f3f70348_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6393a870a8b97bf0eec4fd05f3f70348_JaffaCakes118
Size

118KB
MD5

6393a870a8b97bf0eec4fd05f3f70348
SHA1

e9f5f335af03539df64620c6d907055d8c8db02e
SHA256

a30e5e8d2e6c26983e6bb027cd0fd075c5f46e14c0c746cd69fccc3b597ff265
SHA512

a87931086c2598b079ed989d68828b549181f6a64470fad0a61c5ae30378d1c49e5ee778e73f8e18926fbfc0af949f60a636228fd3342a3b150520e43084d0d8
SSDEEP

1536:MHMQNHRoajvvFOQb/bevSVCyBT82KpIqxomw1pbI1DIAOEOMOwKY79MFCvJgZP1D:0Aa4QbTDRBT82Kpzk0djGwKkxEPgWrai

Score

1^/10

Malware Config

Signatures

Files

6393a870a8b97bf0eec4fd05f3f70348_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9ed9500f88ff1eb36f7063d6d0dc32f6

Code Sign

40:29:da:cc:bc:95:17:84:46:72:c7:37:2a:72:63:28
Certificate

Issuer

CN=SYAYHQPQSSMOVZVIQJ

Not Before

31-05-2019 07:51

Not After

31-12-2039 23:59

Subject

CN=SYAYHQPQSSMOVZVIQJ

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:ab:fa:99:f0:97:f5:af:ce:40:f4:99:1d:ea:90:de:05:57:46:08
Signer

Actual PE Digest

11:ab:fa:99:f0:97:f5:af:ce:40:f4:99:1d:ea:90:de:05:57:46:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetTempPathW
GetTickCount
GetVersion
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByte
IsDebuggerPresent
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalUnlock
LockResource
MoveFileWithProgressA
GetACP
GetTempFileNameA
Process32First
QueryPerformanceCounter
RaiseException
ReadConsoleOutputCharacterW
ReadFile
SetCommState
SetErrorMode
SetFilePointer
SetProcessWorkingSetSize
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
TerminateProcess
UnhandledExceptionFilter
UnregisterWait
VirtualProtect
WideCharToMultiByte
WriteConsoleOutputW
WriteFile
lstrcmpA
lstrcmpW
lstrcmpiA
lstrlenA
VirtualAllocEx
FreeResource
FreeLibraryAndExitThread
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemDefaultLangID
GetStartupInfoA
GetProcessHeap
GetProcAddress
GetPrivateProfileIntA
GetPriorityClass
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFileSize
GetFileAttributesA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
GetCurrentDirectoryA
GetCurrencyFormatA
GetConsoleScreenBufferInfo
MultiByteToWideChar
GetCPInfo
FreeLibrary
FreeConsole
FormatMessageA
FlushViewOfFile
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FillConsoleOutputCharacterW
ExpandEnvironmentStringsW
EnumSystemCodePagesW
EnumResourceLanguagesA
EnumDateFormatsExW
DisableThreadLibraryCalls
DeleteFileA
CreateProcessA
CreateFileA
CloseHandle
CancelWaitableTimer
MulDiv
CancelIo

user32

ExitWindowsEx

gdi32

bMakePathNameW
SetBrushOrgEx
RemoveFontResourceExW
RectVisible
GetGlyphOutlineWow
GetCurrentPositionEx
GetCharWidthFloatA
GetCharWidth32A
GdiSetPixelFormat
GdiEntry6
GdiDescribePixelFormat
GdiDeleteSpoolFileHandle
GdiAlphaBlend
FONTOBJ_pfdg
EnumMetaFile
EnumICMProfilesA
DeviceCapabilitiesExA
CreateColorSpaceA
CheckColorsInGamut
GetTextAlign

comdlg32

GetOpenFileNameA
CommDlgExtendedError
ChooseFontA
GetSaveFileNameA

advapi32

RegOpenKeyA
StartServiceCtrlDispatcherW
SetServiceStatus
ReportEventW
RegisterServiceCtrlHandlerW
RegisterEventSourceW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

wnsprintfA

comctl32

PropertySheetA

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ed9500f88ff1eb36f7063d6d0dc32f6

Code Sign

40:29:da:cc:bc:95:17:84:46:72:c7:37:2a:72:63:28Certificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

11:ab:fa:99:f0:97:f5:af:ce:40:f4:99:1d:ea:90:de:05:57:46:08Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

shlwapi

comctl32

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 892B

.rsrc Size: 36KB - Virtual size: 36KB

40:29:da:cc:bc:95:17:84:46:72:c7:37:2a:72:63:28
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

11:ab:fa:99:f0:97:f5:af:ce:40:f4:99:1d:ea:90:de:05:57:46:08
Signer

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 892B

.rsrc
Size: 36KB - Virtual size: 36KB