d49d5741eaf74add5ef5c42ce24ec9c0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d49d5741eaf74add5ef5c42ce24ec9c0_JaffaCakes118
Size

1.0MB
MD5

d49d5741eaf74add5ef5c42ce24ec9c0
SHA1

24d5850623abb992e35e6a5ab8078bb37b7f5bd9
SHA256

fa3947358cc0351f41bc7d45055bb22231e5ccda29830dd0c98544f1762dc556
SHA512

fa25894ca0ef0451dff038abc10238ffa5cda161c5dc06f6528765d0de4c2674091011dedf9fe7c868f365582e42e44aa5fb5fb41f7aa02dd714a2be88fe72c9
SSDEEP

24576:D/7TbYcDa6BSSEkmfSRmjNr0HmO0g9miDnP9GAj61MU8Hv:D7TajSENNO79FDPze+z

Score

1^/10

Malware Config

Signatures

Files

d49d5741eaf74add5ef5c42ce24ec9c0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8518b06ea7fad0e863419e0cb8e6fe3c

Code Sign

64:4d:a5:84:ba:53:61:5a:b4:65:3c:f5:92:a1:3e:50
Certificate

Issuer

CN=VHRGUMCPBKMFRGRSFG

Not Before

08-08-2019 16:56

Not After

31-12-2039 23:59

Subject

CN=VHRGUMCPBKMFRGRSFG

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d8:7b:c9:92:1d:04:56:10:fb:fd:b0:fc:40:a4:94:67:72:20:a2:91
Signer

Actual PE Digest

d8:7b:c9:92:1d:04:56:10:fb:fd:b0:fc:40:a4:94:67:72:20:a2:91

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileSize
GetFileType
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetThreadLocale
GetTickCount
GetTimeFormatW
GetUserDefaultUILanguage
GetVersionExA
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
FlushFileBuffers
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
FreeEnvironmentStringsW
ReleaseSemaphore
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetConsoleDisplayMode
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadLocale
SetThreadUILanguage
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcatA
lstrcatW
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcpynW
lstrlenA
lstrlenW
HeapSize
IsValidCodePage
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
ExpandEnvironmentStringsW
ExitProcess
EnterCriticalSection
DuplicateHandle
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateSemaphoreW
CreateProcessA
CreateFileW
FreeEnvironmentStringsA
ReleaseMutex
FormatMessageW
CreateEventW
MultiByteToWideChar
CloseHandle

user32

LoadStringW
MessageBoxW
PeekMessageW
PostMessageW
PostThreadMessageW
RegisterClassExW
RegisterClassW
SendMessageTimeoutW
SetTimer
SetWindowLongW
TranslateMessage
UnregisterClassA
LoadIconA
LoadCursorW
KillTimer
IsWindow
GetWindowLongW
GetMessageW
GetClassInfoExW
GetActiveWindow
FindWindowW
ExitWindowsEx
DispatchMessageW
DestroyWindow
DefWindowProcW
CreateWindowExW
CharNextW
CallWindowProcW

gdi32

PathToRegion
GetStockObject

advapi32

OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegOpenKeyExA
LookupPrivilegeValueW

shlwapi

wvnsprintfW
UrlGetPartA
StrStrIW
StrStrIA
StrCpyNW
StrCmpNIW
StrCmpIW
SHGetValueW
PathRemoveFileSpecW
PathIsDirectoryW
PathFindFileNameW
PathFileExistsW
PathAppendW
PathCombineW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 866KB - Virtual size: 866KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8518b06ea7fad0e863419e0cb8e6fe3c

Code Sign

64:4d:a5:84:ba:53:61:5a:b4:65:3c:f5:92:a1:3e:50Certificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

d8:7b:c9:92:1d:04:56:10:fb:fd:b0:fc:40:a4:94:67:72:20:a2:91Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 866KB - Virtual size: 866KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 140KB - Virtual size: 1.1MB

64:4d:a5:84:ba:53:61:5a:b4:65:3c:f5:92:a1:3e:50
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

d8:7b:c9:92:1d:04:56:10:fb:fd:b0:fc:40:a4:94:67:72:20:a2:91
Signer

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 866KB - Virtual size: 866KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 140KB - Virtual size: 1.1MB