aabff187ed54db3574c258b2bcd2ed1d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

aabff187ed54db3574c258b2bcd2ed1d_JaffaCakes118
Size

1.0MB
MD5

aabff187ed54db3574c258b2bcd2ed1d
SHA1

4649a229197a17c0aff4616c2344dd184d7ad54f
SHA256

47e99707d47f0cf5db549b9e515b7147eb780ee8393409522f864c2d1a7b93b2
SHA512

7375047a3b80682583bc67c6a77127eaa6d60ed8b3d0a13efd6de287d19e59a0e2da7c5850aedaadd6fa3e02e2f2313f58d7c4851f0853acda6a6459f0aa23f6
SSDEEP

24576:conxaINj3hEUQYtQDTozw3q4lZUeh/9qCuDb93hV5Nu:dnfh0UehYCyb93hvNu

Score

1^/10

Malware Config

Signatures

Files

aabff187ed54db3574c258b2bcd2ed1d_JaffaCakes118
.exe windows:6 windows x86 arch:x86

c29f84282859da3ce9aac9a7b59d0e40

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:c0:6d:94:61:ba:ea:13:08:c6:62:8a:6d:33:b1:d9:e1:b5:d0:f8:a9:ac:4b:a8:15:eb:dc:5c:41:3c:df:3d
Signer

Actual PE Digest

90:c0:6d:94:61:ba:ea:13:08:c6:62:8a:6d:33:b1:d9:e1:b5:d0:f8:a9:ac:4b:a8:15:eb:dc:5c:41:3c:df:3d

Digest Algorithm

sha256

PE Digest Matches

true

13:b5:7b:50:a1:bd:54:ad:7d:13:e8:30:da:b9:e2:7e:50:d6:12:28
Signer

Actual PE Digest

13:b5:7b:50:a1:bd:54:ad:7d:13:e8:30:da:b9:e2:7e:50:d6:12:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringW
GetCurrentDirectoryW
AddConsoleAliasW
GetPrivateProfileSectionNamesA
InitializeCriticalSection
UnmapViewOfFile
DecodePointer
GetUserDefaultUILanguage
OpenProcess
SetUnhandledExceptionFilter
FreeLibraryAndExitThread
GetCurrentProcessId
WaitForSingleObjectEx
GetSystemInfo
QueryPerformanceCounter
GetNumberFormatA
OutputDebugStringW
ConvertThreadToFiber
GetConsoleCP
SetConsoleOutputCP
SetConsoleCtrlHandler
FileTimeToSystemTime
GetCurrentThread
LocalFree
GetSystemDefaultUILanguage
GetTickCount
FormatMessageA
GetCPInfo
DeleteAtom
GetFileAttributesTransactedW
GlobalFree
CloseHandle
GetProcessHeap
CreateToolhelp32Snapshot
TlsSetValue
FindFirstFileExW
GetFileInformationByHandle
WriteConsoleW
CreateFileW
GetEnvironmentVariableA
GlobalAlloc
ReadFile
CreateThread
GetConsoleMode
SignalObjectAndWait
EncodePointer
SetSystemTimeAdjustment
SetEndOfFile
GetModuleFileNameW
FindFirstFileW
GetPrivateProfileStringW
GetBinaryTypeA
FindNextFileW
DeleteCriticalSection
GlobalLock
TlsFree
GetModuleHandleW
GlobalAddAtomW
InitializeCriticalSectionAndSpinCount
Process32NextW
Sleep
GetEnvironmentStringsW
GlobalHandle
CreateMutexW
InitializeSListHead
MapViewOfFileEx
TlsAlloc
LoadLibraryA
GetModuleHandleA
GetStringScripts
WriteFile
UnhandledExceptionFilter
RtlUnwind
GetCurrentThreadId
GetTimeZoneInformation
GetFullPathNameTransactedA
GetProcAddress
LocalAlloc
TlsGetValue
HeapFree
InitializeCriticalSectionEx
FileTimeToLocalFileTime
GetLocaleInfoW
CreateEventW
GetStringTypeW
LockFile
IsValidCodePage
GlobalGetAtomNameW
FindFirstFileNameTransactedW
VerifyVersionInfoA
CreateMutexA
LoadLibraryExW
LocalReAlloc
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsW
FormatMessageW
FlushViewOfFile
HeapSize
EnterCriticalSection
GetFileInformationByHandleEx
GetEnvironmentVariableW
WaitForMultipleObjects
SetFilePointer
GetSystemDirectoryA
DeleteFileW
GetVolumeInformationW
SizeofResource
LoadLibraryW
FindResourceW
FindClose
SetLastError
GetModuleHandleExW
MoveFileExA
CreateFileA
BackupRead
TerminateProcess
HeapReAlloc
PeekNamedPipe
GlobalFlags
GlobalUnlock
LCMapStringW
CompareStringW
GetFileAttributesExW
WaitForSingleObject
SearchPathA
DnsHostnameToComputerNameA
GetPrivateProfileIntW
GetLastError
GlobalFindAtomW
GetACP
IsDebuggerPresent
MultiByteToWideChar
GetCurrentProcess
LockFileEx
GetComputerNameW
OpenMutexA
QueryPerformanceFrequency
CreateFileMappingW
SetConsoleDisplayMode
OutputDebugStringA
VerSetConditionMask
RaiseException
GetVersionExW
SetEvent
MulDiv
CreateProcessW
ExitThread
GetStdHandle
LoadResource
FreeLibrary
SetErrorMode
GlobalDeleteAtom
GetCommandLineA
SetFilePointerEx
GetFullPathNameW
SleepEx
GetOverlappedResult
lstrcmpA
SetEnvironmentVariableW
CloseThreadpoolWork
GetFileSize
GetDriveTypeW
IsProcessorFeaturePresent
GetFileType
ExitProcess
UnlockFile
WideCharToMultiByte
lstrcmpW
GetSystemTimeAsFileTime
CancelThreadpoolIo
GetStartupInfoW
HeapQueryInformation
SetStdHandle
GetSystemDirectoryW
FlushFileBuffers
ReleaseMutex
GetVersion
LeaveCriticalSection
GetCommandLineW
HeapAlloc
GlobalReAlloc
ReadConsoleW
SetNamedPipeHandleState
GetCommConfig
GetOEMCP
ReleaseActCtx
LockResource
GetFileSizeEx

user32

CheckMenuItem
ScreenToClient
BeginDeferWindowPos
GetMonitorInfoW
GetCapture
LoadIconW
CreateWindowExW
GetNextDlgTabItem
BeginPaint
GetMenuCheckMarkDimensions
LoadCursorW
OemToCharBuffW
FindWindowW
MessageBoxW
GetClassNameW
GetWindowLongW
SetDlgItemTextW
GetClassInfoExW
CopyRect
SetWindowLongW
MonitorFromWindow
DefWindowProcW
CharUpperBuffA
PeekMessageW
CharPrevW
SetWindowsHookExW
CreateDialogIndirectParamW
DeferWindowPos
GetWindowRect
IsWindow
GetMessageW
TabbedTextOutW
SetCursor
InvalidateRect
SetDlgItemInt
UnregisterClassW
DispatchMessageW
GetTopWindow
SendMessageW
GetMenu
GetSysColor
IsZoomed
GetSysColorBrush
DrawIcon
TranslateMessage
RealChildWindowFromPoint
PostMessageW
GetForegroundWindow
SetForegroundWindow
SetMenuItemBitmaps
GetMessageTime
FindWindowExW
UpdateWindow
RedrawWindow
GetSubMenu
GetClientRect
RegisterWindowMessageW
GetWindowDC
IsIconic
GetWindowThreadProcessId
DestroyWindow
MapWindowPoints
CallNextHookEx
IsDialogMessageW
EnableMenuItem
ReleaseDC
GetLastActivePopup
SetCaretBlinkTime
GetDlgCtrlID
GetDlgItem
BroadcastSystemMessageW
GetMessagePos
SetUserObjectInformationA
GetFocus
GetPropW
PtInRect
RemovePropW
GetKeyboardLayoutList
SetWindowPos
GetSystemMetrics
SetPropW
GetDesktopWindow
SetWindowTextW
SendDlgItemMessageA
GetDC
CallWindowProcW
SetActiveWindow
OffsetRect
RegisterClassW
EndDialog
SetTimer
GetScrollPos
GetMenuItemID
EndDeferWindowPos
GetClassLongW
SetMenuItemInfoW
WinHelpW
SetMenu
GetMenuItemCount
GetWindow
LoadBitmapW
IsWindowEnabled
EnableWindow
SetFocus
DrawTextW
AdjustWindowRectEx
GetWindowTextW
IsChild
GetCursorPos
SetRectEmpty
GrayStringW
PostQuitMessage
ShowWindow
DrawTextExW
ValidateRect
GetMenuItemInfoA
EndPaint
GetKeyState
IsWindowVisible
RegisterWindowMessageA
GetClassInfoW
UnhookWindowsHookEx
CharUpperW
KillTimer
GetParent
IsMenu
DestroyMenu
GetActiveWindow
ClientToScreen

gdi32

DeleteObject
SetBkColor
SelectObject
SetViewportExtEx
Escape
SetWindowExtEx
GetStockObject
ScaleWindowExtEx
PtVisible
GetClipBox
OffsetViewportOrgEx
SetViewportOrgEx
ScaleViewportExtEx
CreateBitmap
ExtTextOutW
RectVisible
DeleteDC
RestoreDC
SetTextColor
SetMapMode
SaveDC
GetObjectW
GetDeviceCaps
TextOutW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
ImpersonateAnonymousToken
AdjustTokenPrivileges
CryptGenRandom
CryptImportKey
OpenEventLogW
CredUnprotectA
RegDeleteKeyTransactedW
LookupPrivilegeValueW
RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegCreateKeyExW
CryptReleaseContext
AccessCheckByTypeResultListAndAuditAlarmByHandleW
CryptDestroyKey
EventProviderEnabled
CryptDestroyHash
IsValidSid
RegDeleteKeyW
RegisterEventSourceA
RegUnLoadKeyW
CryptEncrypt
OpenProcessToken
CredReadA
RegCloseKey
LookupAccountSidA
RegOpenKeyExW
GetTrusteeTypeW
CryptGetHashParam
ConvertToAutoInheritPrivateObjectSecurity
CryptAcquireContextA
InitializeSecurityDescriptor
CryptCreateHash
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
RegOpenKeyExA
RegSaveKeyExW
GetSidSubAuthorityCount
RegDeleteValueW
SetPrivateObjectSecurity
RegQueryValueW
RegEnumKeyExW
CryptHashData

shell32

ExtractIconExW
SHCreateDefaultPropertiesOp
SHGetSpecialFolderPathW
SHGetDriveMedia
SHCreateShellItemArrayFromDataObject
CommandLineToArgvW
SHGetUnreadMailCountW
ShellExecuteW

comctl32

ord17

shlwapi

PathGetDriveNumberA
PathFileExistsW
PathIsRelativeW
StrNCatW
SHRegGetBoolUSValueA
PathFindExtensionW
PathRemoveBlanksW
PathFindFileNameW
PathStripToRootW
ColorHLSToRGB
SHRegGetUSValueA
ord154
ord153
PathAppendW
PathIsUNCW

ole32

CoInitialize
CoCreateGuid
CoTaskMemFree
CoInitializeSecurity
CoCreateInstance
CoUninitialize

oleaut32

VarCyRound
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString
OleLoadPicture
LHashValOfNameSysA
VarUI8FromI8
VarI1FromUI1
VarBoolFromCy
VarBoolFromDate
VarI2FromBool
VarR4CmpR8
VarDecInt

wtsapi32

WTSSetUserConfigA
WTSQueryUserToken
WTSEnumerateProcessesA
WTSVirtualChannelPurgeOutput
WTSCloseServer

oleacc

LresultFromObject
CreateStdAccessibleObject

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord217
ord143
ord46

crypt32

CertCloseStore
CertCreateCertificateChainEngine
CryptStringToBinaryA
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateChain
PFXImportCertStore
CryptDecodeObjectEx
CertGetNameStringA
CertFreeCertificateContext
CertEnumCertificatesInStore
CryptQueryObject
CertGetCertificateChain
CertAddCertificateContextToStore
CertFreeCertificateChainEngine
CertFindExtension

ws2_32

gethostname
sendto
recvfrom
WSAIoctl
select
__WSAFDIsSet
ioctlsocket
closesocket
htonl
accept
WSACleanup
WSAStartup
getaddrinfo
WSASetLastError
socket
listen
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
ntohl
freeaddrinfo

Sections

.text
Size: 667KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.resc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text9
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c29f84282859da3ce9aac9a7b59d0e40

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

90:c0:6d:94:61:ba:ea:13:08:c6:62:8a:6d:33:b1:d9:e1:b5:d0:f8:a9:ac:4b:a8:15:eb:dc:5c:41:3c:df:3dSigner

13:b5:7b:50:a1:bd:54:ad:7d:13:e8:30:da:b9:e2:7e:50:d6:12:28Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

wtsapi32

oleacc

wldap32

crypt32

ws2_32

Sections

.text Size: 667KB - Virtual size: 666KB

.resc Size: 2KB - Virtual size: 1KB

.text9 Size: 1024B - Virtual size: 632B

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 28KB - Virtual size: 40KB

.rsrc Size: 161KB - Virtual size: 161KB

.reloc Size: 32KB - Virtual size: 31KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

90:c0:6d:94:61:ba:ea:13:08:c6:62:8a:6d:33:b1:d9:e1:b5:d0:f8:a9:ac:4b:a8:15:eb:dc:5c:41:3c:df:3d
Signer

13:b5:7b:50:a1:bd:54:ad:7d:13:e8:30:da:b9:e2:7e:50:d6:12:28
Signer

.text
Size: 667KB - Virtual size: 666KB

.resc
Size: 2KB - Virtual size: 1KB

.text9
Size: 1024B - Virtual size: 632B

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 28KB - Virtual size: 40KB

.rsrc
Size: 161KB - Virtual size: 161KB

.reloc
Size: 32KB - Virtual size: 31KB