773d40144f60cd3133d59defbba2007d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

773d40144f60cd3133d59defbba2007d_JaffaCakes118
Size

4.2MB
MD5

773d40144f60cd3133d59defbba2007d
SHA1

99b90db69a50bbc69085bb3a6b5f2cec87695082
SHA256

9668bf80c1521a42cebce4a8c81da28fd5b10d846af370b2ad7c0ccda415c258
SHA512

ce3df2ef537fda66e7210fa10a2f767dde81cd69501c1c7cc5bf1e3f368569e2bccb91132026a2a34a71b5c04aa1c56730a29e997b25ceee1b79438e6ad244e5
SSDEEP

12288:FX2NIwHFTQLKZapgbC0tIIl/QTACm/Uby:uIyFTQLK8pgbCiLl/h8by

Score

1^/10

Malware Config

Signatures

Files

773d40144f60cd3133d59defbba2007d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a8fbc14f7eea01467161e1f292b81fe7

Code Sign

fe:41:94:14:64:b9:99:2a:69:b7:31:74:18:ae:8e:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08-09-2020 00:00

Not After

08-09-2021 23:59

Subject

CN=Milsean Software Limited,O=Milsean Software Limited,POSTALCODE=X91 A26N,STREET=9 BÁN ÁRD ABBEYLANDS FERRYBANK,L=Waterford,C=IE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:b7:d3:1a:0f:84:6f:60:d3:13:31:4e:46:23:57:c5:c7:f6:ee:d0
Signer

Actual PE Digest

7b:b7:d3:1a:0f:84:6f:60:d3:13:31:4e:46:23:57:c5:c7:f6:ee:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
Sleep
VirtualAlloc
GetLastError
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
GetCurrentThreadId
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
SetLastError
LocalFree
FormatMessageA
SetConsoleCtrlHandler
UnhandledExceptionFilter
GetModuleHandleA
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
BackupRead
QueryInformationJobObject
GetCommandLineW
SetComputerNameW
OpenJobObjectW
FoldStringW
GetCommandLineA
GetTempPathA
GetQueuedCompletionStatus
TransactNamedPipe
CommConfigDialogW
EnumTimeFormatsW
GetCPInfoExW
DeleteVolumeMountPointA
SetTimeZoneInformation
EnumDateFormatsA
GetDateFormatW
HeapUnlock
SetThreadPriorityBoost
InterlockedExchange
RaiseException
SetCommState
LocalAlloc
GetVolumeNameForVolumeMountPointA
GetNumberOfConsoleMouseButtons
FileTimeToSystemTime
GetDiskFreeSpaceA
EnumSystemCodePagesA
IsBadReadPtr
CreateMutexA
GetThreadPriorityBoost
GetTimeZoneInformation
GetTempPathW
ContinueDebugEvent
IsValidLanguageGroup
FindCloseChangeNotification
OpenProcess
GetProcessTimes
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetEnvironmentVariableW
LoadLibraryW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToDosDateTime
FindClose
GetLogicalDriveStringsW
GetDriveTypeW
IsDebuggerPresent
GetStartupInfoW
InterlockedCompareExchange
WinExec
GetWindowsDirectoryW
GetVersion
GetComputerNameW
SetPriorityClass
lstrcpynW
Process32NextW
Process32FirstW
WaitForSingleObject
CloseHandle
CreateMutexW
MultiByteToWideChar
WideCharToMultiByte
FindResourceW
LoadResource
SizeofResource
GetLongPathNameW
GetSystemDirectoryW
GetVersionExW
GlobalMemoryStatusEx
GetModuleFileNameW

user32

CharToOemBuffA
DdeClientTransaction
BringWindowToTop
CharLowerBuffA
DefMDIChildProcA
UnhookWinEvent
SetWindowsHookExA
TabbedTextOutW
DrawTextW
CopyIcon
GetMessagePos
MessageBeep
DestroyCursor
RegisterWindowMessageW
ClientToScreen
DrawFocusRect
DrawEdge
DrawStateW
GetWindowDC
GetWindowLongW
ExitWindowsEx
SetWindowPos
UpdateWindow
EnumWindows
GetWindowTextW
GetWindowThreadProcessId
LoadIconW
SetForegroundWindow
ShowWindow
IsIconic
FindWindowW
TrackMouseEvent
GetClientRect
GetIconInfo
DestroyIcon
AppendMenuW
CreatePopupMenu
IsWindow
SetTimer
KillTimer
IsWindowVisible
PtInRect
LoadCursorW
SetCursor
ScreenToClient
GetCursorPos
RedrawWindow
InflateRect
SetWindowLongW
GetMenuItemInfoW
UnionRect
GetMenuBarInfo
LoadMenuW
GetSubMenu
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetMenuState
GetMenuItemID
GetMenuItemCount
FillRect
DrawIcon
InvalidateRect
GetWindowRect
GetParent
GetSystemMetrics
OffsetRect
ReleaseDC
GetDC
FrameRect
CopyRect
GetSysColor
LoadImageW
wsprintfW
LoadBitmapW
EnableWindow
SendMessageW
MessageBoxW
GrayStringW
DrawTextExW

gdi32

GetEnhMetaFileW
StrokePath
EngMultiByteToWideChar
GetColorAdjustment
GetTextExtentPointA
EnumFontFamiliesA
EngLineTo
GetBkColor
EndPath
GetLayout
CLIPOBJ_bEnum
SetMapperFlags
GetTextAlign
GdiEntry14
EnumFontsA
OffsetClipRgn
SelectClipRgn
STROBJ_vEnumStart
RestoreDC
SetICMProfileA
GdiGetLocalFont
GetKerningPairs
EngMultiByteToUnicodeN
RemoveFontResourceExW
GdiCreateLocalMetaFilePict
EnumObjects
SetBkMode
GetCharacterPlacementW
GetPixel
FONTOBJ_vGetInfo
GetViewportOrgEx
GdiQueryTable
GdiConvertMetaFilePict
MoveToEx
GdiPlayDCScript
CreateRoundRectRgn
CreatePatternBrush
SetBrushOrgEx
FillRgn
FrameRgn
BeginPath
GetBkMode
GetTextExtentPoint32W
GetCurrentObject
GetObjectW
SetDIBColorTable
GetDIBColorTable
CreatePen
CreateDIBSection
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
CreateSolidBrush
CreateFontW
FillPath
CreateFontIndirectW
DPtoLP
GetMapMode
LPtoDP

advapi32

GetUserNameA
RegOpenKeyW
RegQueryValueExW
RegCloseKey
OpenProcessToken
RegQueryValueW
GetUserNameW
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW

shell32

ExtractAssociatedIconExW
DuplicateIcon
SHGetFolderPathW
SHInvokePrinterCommandA
SHBindToParent
FindExecutableW
SHLoadNonloadedIconOverlayIdentifiers
SHGetDiskFreeSpaceExW
SHBrowseForFolderA
SHBrowseForFolderW
DragQueryFileW
ShellExecuteEx
SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetDesktopFolder

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

shlwapi

StrStrIA
StrCmpNIW
PathFindExtensionW
PathStripToRootW
PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text6
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text5
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8fbc14f7eea01467161e1f292b81fe7

Code Sign

fe:41:94:14:64:b9:99:2a:69:b7:31:74:18:ae:8e:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

01Certificate

Key Usages

7b:b7:d3:1a:0f:84:6f:60:d3:13:31:4e:46:23:57:c5:c7:f6:ee:d0Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 512B - Virtual size: 306B

.data Size: 4.1MB - Virtual size: 4.1MB

.text6 Size: 512B - Virtual size: 130B

.text5 Size: 512B - Virtual size: 130B

.rsrc Size: 76KB - Virtual size: 75KB

fe:41:94:14:64:b9:99:2a:69:b7:31:74:18:ae:8e:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

01
Certificate

7b:b7:d3:1a:0f:84:6f:60:d3:13:31:4e:46:23:57:c5:c7:f6:ee:d0
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 306B

.data
Size: 4.1MB - Virtual size: 4.1MB

.text6
Size: 512B - Virtual size: 130B

.text5
Size: 512B - Virtual size: 130B

.rsrc
Size: 76KB - Virtual size: 75KB