cf2b81c824f5927d1ff64888d92c3c58_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

cf2b81c824f5927d1ff64888d92c3c58_JaffaCakes118
Size

398KB
MD5

cf2b81c824f5927d1ff64888d92c3c58
SHA1

2e6415d1721abafdcf5cb56254cdc196e30c5006
SHA256

3ea5e97103739a7170ce72b9b0b1f046fafbdbe3e7c1faa54842d3f8f9a855c2
SHA512

9ba506746ed8fb4d6288ce539eb1a10b24044327294a467cff16c52fa4487c61bef673c4691e1e9fc03022ea7a7c79bc0b0d7a04432a575b01121f05bcd6e1f4
SSDEEP

6144:V9ykYklEwrPmRPWEpWFn2E6lyDntvhhOU35RJEesN23wU7HuAmHK+c:j2wr03pdf8vhhOKJET8Byq+c

Score

1^/10

Malware Config

Signatures

Files

cf2b81c824f5927d1ff64888d92c3c58_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c0d4a888925cfdc2acf94edd6c75208f

Code Sign

38:98:9e:c6:1e:cd:b7:39:1f:f5:64:7f:7d:58:ad:18
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-02-2021 00:00

Not After

12-02-2022 23:59

Subject

CN=RotA Games ApS,O=RotA Games ApS,POSTALCODE=9000,STREET=Ved Stranden 9B,L=Aalborg,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:4f:a3:8f:a3:82:90:5f:0b:09:cd:99:48:e8:ab:8c:9e:0a:b8:80
Signer

Actual PE Digest

0a:4f:a3:8f:a3:82:90:5f:0b:09:cd:99:48:e8:ab:8c:9e:0a:b8:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
GetLastError
GetCurrentThreadId
lstrcmpA
CreateTimerQueue
FatalAppExitW
SystemTimeToFileTime
GetConsoleAliasExesW
GlobalAddAtomW
GetShortPathNameA
DebugActiveProcessStop
ExpandEnvironmentStringsA

user32

GetCursorInfo
GetWindowThreadProcessId
GetKeyboardType
GetGUIThreadInfo
GetWindowDC
GetCursorPos
SetRectEmpty
AllowForegroundActivation
DlgDirSelectComboBoxExW
GetKeyboardLayoutList
DrawTextExA
DdeEnableCallback

winspool.drv

DeviceCapabilities
SetPrinterDataA
SetPrinterDataW
GetJobW
AdvancedDocumentPropertiesA
SpoolerPrinterEvent
StartPagePrinter
ClosePrinter
DeletePrinterDataExA
ConfigurePortW
PrinterMessageBoxA
CreatePrinterIC
OpenPrinterW
DeleteFormA

oledlg

OleUIUpdateLinksW
OleUIChangeIconW
OleUIInsertObjectA
OleUIBusyA
OleUIChangeSourceA
OleUIInsertObjectW
OleUIAddVerbMenuA

oleaut32

VarDateFromCy
VarR8FromUI1
SafeArrayCreateEx
BSTR_UserFree
VarImp
CreateTypeLib
VarI4FromUI4
VarR8FromStr
VarUI1FromI8

advapi32

SaferSetLevelInformation
ConvertAccessToSecurityDescriptorW
InitializeSid
EncryptedFileKeyInfo
ComputeAccessTokenFromCodeAuthzLevel
LookupPrivilegeValueW
AccessCheckByTypeResultListAndAuditAlarmA

gdi32

DdEntry40
GdiGetSpoolFileHandle
AddFontResourceExA
SetLayout
EnumEnhMetaFile
SetPixelV
GetTextExtentExPointW
EnumFontFamiliesA
GetObjectType
GdiIsPlayMetafileDC
SetDCPenColor

winmm

timeGetSystemTime
waveInReset
midiOutGetNumDevs
mixerGetDevCapsA
waveOutPrepareHeader
waveOutGetVolume
mmioSeek
mmioRenameA

shell32

SHGetFolderPathAndSubDirA
DuplicateIcon
OpenAs_RunDLLW
PrintersGetCommand_RunDLLW
ILFindLastID
SHGetFileInfo
SHCLSIDFromString
DAD_DragEnterEx
StrChrA
SHAppBarMessage
SheChangeDirExW
SHCreateDirectory
PickIconDlg
DAD_SetDragImage

comctl32

CreateStatusWindow
GetEffectiveClientRect
ImageList_DragEnter
ImageList_Draw
CreateStatusWindowW
AddMRUStringW
_TrackMouseEvent
CreateMRUListW

comdlg32

PrintDlgExA
ChooseFontA
GetOpenFileNameA
FindTextW
ChooseFontW
GetSaveFileNameW
FindTextA
GetFileTitleA

shlwapi

PathGetArgsA
PathUnExpandEnvStringsA
wvnsprintfW
UrlCombineW
PathAddExtensionA
PathIsUNCServerW
PathIsSystemFolderA
PathMakeSystemFolderA

oleacc

DllGetClassObject
AccessibleObjectFromEvent
ObjectFromLresult
GetStateTextA
DllRegisterServer
CreateStdAccessibleProxyA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnRegisterServer

Sections

.code
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0d4a888925cfdc2acf94edd6c75208f

Code Sign

38:98:9e:c6:1e:cd:b7:39:1f:f5:64:7f:7d:58:ad:18Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0a:4f:a3:8f:a3:82:90:5f:0b:09:cd:99:48:e8:ab:8c:9e:0a:b8:80Signer

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

oledlg

oleaut32

advapi32

gdi32

winmm

shell32

comctl32

comdlg32

shlwapi

oleacc

Exports

Exports

Sections

.code Size: 311KB - Virtual size: 311KB

.data Size: 512B - Virtual size: 161B

.rdata Size: 80KB - Virtual size: 79KB

38:98:9e:c6:1e:cd:b7:39:1f:f5:64:7f:7d:58:ad:18
Certificate

01
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0a:4f:a3:8f:a3:82:90:5f:0b:09:cd:99:48:e8:ab:8c:9e:0a:b8:80
Signer

.code
Size: 311KB - Virtual size: 311KB

.data
Size: 512B - Virtual size: 161B

.rdata
Size: 80KB - Virtual size: 79KB