cf6b6b9a6a7eac59dc1f71093f0370d4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf6b6b9a6a7eac59dc1f71093f0370d4_JaffaCakes118
Size

3.9MB
MD5

cf6b6b9a6a7eac59dc1f71093f0370d4
SHA1

c170ce4a38256e243f88898fedf1cfd521444872
SHA256

7aadb5bee2bc87f799d450ddd1dfbe7fece58c597d71489bd5fdd7a888441f6f
SHA512

60c59e6cf44c5943c3406557aad1b2f0ea60679aaa82787435de6830b1770b210562eb387a4141720d7218e4cfe9af460c2f899adb67b34bb05894bef23f7a52
SSDEEP

49152:dViZi2db5FchAWK9o5KsxMh4MjM78wVse4TDgT+K/wXUP:eoCvsa4p7UeXT+YwXUP

Score

1^/10

Malware Config

Signatures

Files

cf6b6b9a6a7eac59dc1f71093f0370d4_JaffaCakes118
.exe windows:6 windows x64 arch:x64

9abccceb11d98817c0bc7ac0d3e55d6c

Code Sign

79:3d:fd:34:df:3e:f5:ac:5f:e4:59:10:41:5b:7b:4a
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/06/2020, 00:00

Not After

12/06/2021, 23:59

Subject

CN=Intricus Software Limited,O=Intricus Software Limited,POSTALCODE=M1V 1Y4,STREET=122 Sadlee Cove Cres,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:22:9d:1a:1c:f7:1b:ba:f7:42:21:d4:46:61:50:c2:f3:3e:92:a2:ae:bc:e8:ff:d7:63:f1:76:1d:92:79:f0
Signer

Actual PE Digest

75:22:9d:1a:1c:f7:1b:ba:f7:42:21:d4:46:61:50:c2:f3:3e:92:a2:ae:bc:e8:ff:d7:63:f1:76:1d:92:79:f0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\f\save\bin\client\master\five\release\dbg\CitizenFX_SubProcess_game.pdb

Imports

kernel32

CreateFileW
GetFileAttributesW
GetFileAttributesExW
GetLastError
AddVectoredExceptionHandler
GetCurrentProcessId
ExitProcess
GetStartupInfoW
CreateFileMappingW
MapViewOfFile
GetModuleHandleW
LoadLibraryA
K32EnumProcessModules
CreateDirectoryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
CreateMutexW
OpenMutexW
CreateThread
GetCurrentThread
GetCurrentThreadId
GetSystemTime
GetTickCount64
GetModuleFileNameW
LocalFree
SystemTimeToFileTime
VerSetConditionMask
CloseHandle
OpenThread
SuspendThread
ResumeThread
LoadLibraryW
SetThreadContext
VirtualProtect
VerifyVersionInfoW
RtlAddFunctionTable
GetModuleFileNameA
GetPrivateProfileStringW
WritePrivateProfileStringW
DeleteFileW
GetFullPathNameW
CreateProcessW
CopyFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEvent
WaitForSingleObject
CreateEventW
GetExitCodeProcess
OpenProcess
GetSystemDirectoryW
IsProcessInJob
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetPrivateProfileIntW
SetDllDirectoryW
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
HeapReAlloc
GetProcAddress
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCommandLineW
GetThreadContext
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileSizeEx
GetConsoleCP
HeapAlloc
ReadConsoleW
GetConsoleMode
HeapFree
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
ExitThread
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
WriteFile
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
ResetEvent
WaitForMultipleObjects
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreW
GetProcessId
VirtualQueryEx
FreeLibrary
FormatMessageA
CreateEventA
WaitForSingleObjectEx
FoldStringW
LCMapStringW
CompareStringW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetLocaleInfoA
EnumSystemLocalesA
IsValidCodePage
IsDBCSLeadByteEx
FindClose
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
SetLastError
MoveFileExW
SwitchToThread
GetExitCodeThread
GetStringTypeW
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
RaiseException
GetSystemInfo
VirtualQuery
LoadLibraryExA
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
ReadFile
RtlUnwind

user32

FindWindowW
TranslateMessage
MessageBoxW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects

advapi32

GetTokenInformation
OpenProcessToken
RegGetValueW
RegSetKeyValueW

shell32

CommandLineToArgvW
SHCreateItemFromParsingName
SetCurrentProcessExplicitAppUserModelID
SHSetLocalizedName
ord709

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

AmdPowerXpressRequestHighPerformance
AsyncTrace
BeforeTerminateHandler
DllCanUnloadNow
NvOptimusEnablement
RemoteExceptionFunc
free
malloc
realloc

Sections

.cdummy
Size: - Virtual size: 97.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cld
Size: 22KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clr
Size: 289KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zdata
Size: 909KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.unwind
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_MEM_READ

.rd_pef
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9abccceb11d98817c0bc7ac0d3e55d6c

Code Sign

79:3d:fd:34:df:3e:f5:ac:5f:e4:59:10:41:5b:7b:4aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

75:22:9d:1a:1c:f7:1b:ba:f7:42:21:d4:46:61:50:c2:f3:3e:92:a2:ae:bc:e8:ff:d7:63:f1:76:1d:92:79:f0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ntdll

version

Exports

Exports

Sections

.cdummy Size: - Virtual size: 97.0MB

.pdata Size: 37KB - Virtual size: 40KB

_RDATA Size: 512B - Virtual size: 4KB

.cld Size: 22KB - Virtual size: 140KB

.clr Size: 289KB - Virtual size: 292KB

.zdata Size: 909KB - Virtual size: 912KB

.rsrc Size: 79KB - Virtual size: 80KB

.unwind Size: 1.6MB - Virtual size: 1.6MB

.rd_pef Size: 1.0MB - Virtual size: 1.0MB

79:3d:fd:34:df:3e:f5:ac:5f:e4:59:10:41:5b:7b:4a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

75:22:9d:1a:1c:f7:1b:ba:f7:42:21:d4:46:61:50:c2:f3:3e:92:a2:ae:bc:e8:ff:d7:63:f1:76:1d:92:79:f0
Signer

.cdummy
Size: - Virtual size: 97.0MB

.pdata
Size: 37KB - Virtual size: 40KB

_RDATA
Size: 512B - Virtual size: 4KB

.cld
Size: 22KB - Virtual size: 140KB

.clr
Size: 289KB - Virtual size: 292KB

.zdata
Size: 909KB - Virtual size: 912KB

.rsrc
Size: 79KB - Virtual size: 80KB

.unwind
Size: 1.6MB - Virtual size: 1.6MB

.rd_pef
Size: 1.0MB - Virtual size: 1.0MB