General

Malware Config

Signatures

Files

• 70b6366143aacfa38b8326e51873d5ae_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  65b7e4d2b8f7b3cf1dfc4bed557e0068

  
  

  Code Sign

  13:79:43:71:c0:52:ec:05:59:e9:b4:92:ab:b2:5c:26

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  04-09-2020 00:00

  Not After

  04-09-2021 23:59

  Subject

  CN=Carmel group LLC,O=Carmel group LLC,STREET=Serpukhovskaya B. House\, 31/9\, Apartment 291,L=Moscow,C=RU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  01-01-2004 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  4e:ce:10:3a:85:4c:60:a6:26:07:78:4a:e7:6e:79:62:26:c9:60:24

  Signer

  Actual PE Digest

  4e:ce:10:3a:85:4c:60:a6:26:07:78:4a:e7:6e:79:62:26:c9:60:24

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetProcAddress

  GetVersion

  LoadLibraryA

  VirtualAlloc

  VirtualFree

  VirtualProtect

  GetModuleHandleA

  GetTickCount

  lstrcmpA

  ReadFileScatter

  SetThreadAffinityMask

  VerLanguageNameW

  UpdateResourceA

  SetConsoleOutputCP

  InterlockedPushEntrySList

  MoveFileExA

  SignalObjectAndWait

  GetSystemTimeAdjustment

  GetCurrentProcess

  ole32

  OleUninitialize

  HACCEL_UserSize

  DoDragDrop

  CoGetCurrentLogicalThreadId

  CoSwitchCallContext

  CoReactivateObject

  CLSIDFromOle1Class

  STGMEDIUM_UserMarshal

  CoGetObjectContext

  CoLockObjectExternal

  CoAllowSetForegroundWindow

  CoGetCancelObject

  CoRegisterClassObject

  MonikerRelativePathTo

  CoBuildVersion

  CreateStdProgressIndicator

  CoPushServiceDomain

  CoGetSystemSecurityPermissions

  EnableHookObject

  version

  VerFindFileW

  VerInstallFileA

  GetFileVersionInfoW

  GetFileVersionInfoSizeA

  VerFindFileA

  GetFileVersionInfoA

  advapi32

  SystemFunction033

  PrivilegedServiceAuditAlarmW

  SystemFunction035

  SetEntriesInAccessListA

  IsValidSecurityDescriptor

  LsaEnumeratePrivileges

  EnumServicesStatusExA

  ConvertSecurityDescriptorToAccessNamedW

  ConvertSecurityDescriptorToAccessA

  OpenEventLogW

  SetEntriesInAuditListW

  shell32

  ILGetNext

  StrCmpNA

  Shell_GetCachedImageIndex

  ILCreateFromPathW

  SHShellFolderView_Message

  SHFindFiles

  Options_RunDLLW

  GetFileNameFromBrowse

  SHChangeNotifyRegister

  SHSetInstanceExplorer

  SheChangeDirExW

  RestartDialogEx

  WOWShellExecute

  ShellHookProc

  StrStrIW

  SHUpdateRecycleBinIcon

  PathYetAnotherMakeUniqueName

  oledlg

  OleUIChangeSourceW

  OleUIEditLinksA

  OleUIPromptUserW

  OleUIConvertA

  OleUIPasteSpecialW

  OleUIObjectPropertiesW

  OleUIChangeIconW

  OleUIAddVerbMenuA

  OleUIInsertObjectW

  OleUIPasteSpecialA

  OleUIInsertObjectA

  winspool.drv

  DeletePrintProcessorA

  EnumJobsW

  GetSpoolFileHandle

  DeletePrinterKeyA

  AddFormA

  SeekPrinter

  AddPrintProvidorW

  GetPrinterDriverDirectoryA

  QueryColorProfile

  EndPagePrinter

  EnumPrintersW

  EnumPrinterKeyA

  user32

  LoadImageW

  IMPGetIMEA

  GetMenuItemRect

  EqualRect

  DrawAnimatedRects

  RegisterShellHookWindow

  LoadStringW

  TabbedTextOutA

  GetKeyNameTextW

  RegisterClipboardFormatW

  DestroyReasons

  AllowForegroundActivation

  Sections

  .text

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 21KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 428B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ