77559f53b62847e5fd7cceda82a4d335_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

77559f53b62847e5fd7cceda82a4d335_JaffaCakes118
Size

65KB
MD5

77559f53b62847e5fd7cceda82a4d335
SHA1

5bf6242632a0916c54e1c332ed6001460dc1713c
SHA256

421a4f3d4932c18658801995d2c119e8297cda5e722fd4d53babe40b119165d1
SHA512

279ab0be5438b65110cb9c711c2f83b8076299612f497c382f8ba35be60330732af93d9c84d8d33c0d835584f7ee22830ece447c9fd2bf50e218b0cb35a016f0
SSDEEP

1536:nIJlJuecekrbgmtI4mJOGAgldz0c0tEJE5s:I4ekrbgmIn84lBpT5

Score

1^/10

Malware Config

Signatures

Files

77559f53b62847e5fd7cceda82a4d335_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4c95ee73b50461cce360eb93411fad9b

Code Sign

34:27:f6:2b:d3:9c:98:a4:27:f1:8e:c1:b4:e7:c2:e0
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/02/2020, 00:00

Not After

05/02/2023, 23:59

Subject

CN=Ian Dean,O=Ian Dean,POSTALCODE=8005,STREET=39 High Level Road,L=Greenpoint,ST=Western Cape,C=ZA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:63:0c:fd:03:65:6e:cc:ca:18:3b:e1:d7:07:df:c7:56:fc:b4:69
Signer

Actual PE Digest

2a:63:0c:fd:03:65:6e:cc:ca:18:3b:e1:d7:07:df:c7:56:fc:b4:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Dev\iVRy\iVRy.steam\content\windows_content\bin\win32\ivry_monitor.pdb

Imports

kernel32

ReadFile
SetNamedPipeHandleState
HeapFree
WriteFile
GetModuleFileNameW
CreateNamedPipeW
SetFilePointer
WaitForSingleObject
CreateFileW
DisconnectNamedPipe
CreateEventW
Sleep
GetLastError
SetEvent
CloseHandle
CreateThread
HeapAlloc
GetOverlappedResult
GetFileSize
GetProcessHeap
WaitNamedPipeW
ConnectNamedPipe
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent

msvcp140

?_Xlength_error@std@@YAXPBD@Z

openvr_api

VR_IsInterfaceVersionValid
VR_InitInternal2
VR_GetGenericInterface
VR_ShutdownInternal
VR_GetInitToken

steam_api

SteamAPI_Shutdown
SteamAPI_GetHSteamPipe
SteamInternal_CreateInterface
SteamInternal_ContextInit
SteamAPI_Init
SteamAPI_GetHSteamUser

vcruntime140

__CxxFrameHandler3
strchr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
_except_handler4_common
memcpy
memmove

api-ms-win-crt-string-l1-1-0

strtok
strncpy

api-ms-win-crt-convert-l1-1-0

atoll
atoi
atof

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_wide_winmain_command_line
exit
_exit
_initialize_wide_environment
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_wide_argv
_set_app_type
_seh_filter_exe
_initterm_e
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c95ee73b50461cce360eb93411fad9b

Code Sign

34:27:f6:2b:d3:9c:98:a4:27:f1:8e:c1:b4:e7:c2:e0Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

2a:63:0c:fd:03:65:6e:cc:ca:18:3b:e1:d7:07:df:c7:56:fc:b4:69Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

openvr_api

steam_api

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 1024B - Virtual size: 840B

34:27:f6:2b:d3:9c:98:a4:27:f1:8e:c1:b4:e7:c2:e0
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

2a:63:0c:fd:03:65:6e:cc:ca:18:3b:e1:d7:07:df:c7:56:fc:b4:69
Signer

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 1024B - Virtual size: 840B