aab36b54d451e623b351fae0e536cb14_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aab36b54d451e623b351fae0e536cb14_JaffaCakes118
Size

163KB
MD5

aab36b54d451e623b351fae0e536cb14
SHA1

fd72fde7a9e8dd89202ffdc7c5bdc074f48244ef
SHA256

ce2617f0cfff7d66c227cafef0f5b0b69bd8816fe392b1d7d5cef6e80123bc65
SHA512

02d9300f0e0c4e39e6db9a24544c5d52440dcdef08f8ad6b51c4d190ed7e42032119fbb1e1d7a839944bc546c80d3308278028d6e7722effdca33119d503f1cd
SSDEEP

3072:zWMG0Bi83uZtGi5jKJZxgeejE253JFU90WZXH6boQn25+itg:zXi83nZSeeE253Ip6/nG

Score

1^/10

Malware Config

Signatures

Files

aab36b54d451e623b351fae0e536cb14_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cea8c40817a2b4cd58dac7cc076983bc

Code Sign

74:e6:09:22:15:93:c2:b3:4c:df:8e:63:06:01:02:95
Certificate

Issuer

CN=HGNBDUPQVKOKEYVAUO

Not Before

16/05/2019, 12:12

Not After

31/12/2039, 23:59

Subject

CN=HGNBDUPQVKOKEYVAUO

Extended Key Usages

ExtKeyUsageCodeSigning

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:f9:b8:0b:f6:ce:44:c7:81:03:c8:00:26:4d:20:e6:31:cc:35:68:cd:fd:09:f2:c1:11:01:24:5c:a1:1e:9e
Signer

Actual PE Digest

cf:f9:b8:0b:f6:ce:44:c7:81:03:c8:00:26:4d:20:e6:31:cc:35:68:cd:fd:09:f2:c1:11:01:24:5c:a1:1e:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceExW
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleMouseButtons
GetOEMCP
GetOverlappedResult
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessIoCounters
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetSystemTimes
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFindAtomA
GlobalFree
GlobalUnWire
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadReadPtr
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
GetConsoleScreenBufferInfo
LocalFree
LockFile
LockResource
MapViewOfFileEx
Module32FirstW
MoveFileW
MulDiv
MultiByteToWideChar
OpenEventA
OpenEventW
OpenMutexA
OpenMutexW
OpenProcess
OpenThread
OutputDebugStringW
PeekNamedPipe
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryPerformanceCounter
RaiseException
ReadConsoleInputA
ReadDirectoryChangesW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
ReplaceFile
ResetEvent
ResumeThread
RtlUnwind
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleCount
SetLastError
SetNamedPipeHandleState
SetStdHandle
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualLock
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleOutputCharacterA
WriteConsoleW
WriteFile
WritePrivateProfileSectionW
WritePrivateProfileStringW
_lclose
_lcreat
_llseek
_lopen
_lread
_lwrite
lstrcatA
lstrcmpA
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynA
lstrcpynW
lstrlen
lstrlenA
lstrlenW
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetConsoleAliasesW
GetCommandLineW
GetCommandLineA
GetCommState
GetCPInfoExA
GetCPInfo
GetAtomNameW
GetACP
FreeResource
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FreeConsole
FormatMessageW
FormatMessageA
FlushInstructionCache
FlushFileBuffers
FindResourceW
FindResourceExW
FindNextFileW
FindFirstFileW
FindFirstFileA
FindCloseChangeNotification
FindClose
FindAtomW
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
FileTimeToSystemTime
FileTimeToLocalFileTime
FatalAppExitA
ExitThread
ExitProcess
EnumSystemLocalesA
EnterCriticalSection
DuplicateHandle
DosDateTimeToFileTime
DisconnectNamedPipe
DeviceIoControl
DeleteVolumeMountPointW
DeleteFileW
DeleteFileA
DeleteCriticalSection
DeleteAtom
CreateWaitableTimerA
CreateToolhelp32Snapshot
CreateThread
CreateSemaphoreW
CreateSemaphoreA
CreateRemoteThread
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileExA
ConnectNamedPipe
CompareStringW
CompareStringA
CompareFileTime
CloseHandle
CancelIo
LocalFileTimeToFileTime
AddAtomW

user32

wvsprintfW
PostThreadMessageW
MessageBoxW
LoadStringW
GetMessageW
DispatchMessageW
CharNextW

gdi32

GetTextExtentPoint32W
GetStockObject
GetObjectW
GetBkMode
DeleteObject
DeleteDC
SelectObject
CreateFontIndirectW
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetTextColor
CreateFontW
SetDIBColorTable

advapi32

StartServiceW
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
SetEntriesInAclW
RevertToSelf
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
RegNotifyChangeKeyValue
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyA
RegCloseKey
ReadEventLogW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
OpenProcessToken
OpenEventLogW
LookupPrivilegeValueW
LookupAccountSidW
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetUserNameW
GetTokenInformation
GetNamedSecurityInfoW
FreeSid
EqualSid
DuplicateTokenEx
DuplicateToken
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CreateWellKnownSid
ConvertStringSidToSidW
ConvertSidToStringSidW
CloseServiceHandle
CloseEventLog
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
RegOpenKeyA

shell32

Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW
ShellExecuteA
SHLoadInProc
SHGetSpecialFolderPathW
SHGetMalloc
SHGetIconOverlayIndexW
SHGetFolderPathW
SHGetFolderPathA
SHFileOperationA
SHCreateDirectoryExW
SHChangeNotify
ExtractAssociatedIconExW
DragQueryFileA

shlwapi

StrCmpNA

comctl32

ord17

imm32

ImmDisableIME
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cea8c40817a2b4cd58dac7cc076983bc

Code Sign

74:e6:09:22:15:93:c2:b3:4c:df:8e:63:06:01:02:95Certificate

Extended Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

cf:f9:b8:0b:f6:ce:44:c7:81:03:c8:00:26:4d:20:e6:31:cc:35:68:cd:fd:09:f2:c1:11:01:24:5c:a1:1e:9eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

imm32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 21KB - Virtual size: 21KB

.rsrc Size: 12KB - Virtual size: 11KB

74:e6:09:22:15:93:c2:b3:4c:df:8e:63:06:01:02:95
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

cf:f9:b8:0b:f6:ce:44:c7:81:03:c8:00:26:4d:20:e6:31:cc:35:68:cd:fd:09:f2:c1:11:01:24:5c:a1:1e:9e
Signer

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 12KB - Virtual size: 11KB