d5134f77ca508e33eace820c4877e6c0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d5134f77ca508e33eace820c4877e6c0_JaffaCakes118
Size

918KB
MD5

d5134f77ca508e33eace820c4877e6c0
SHA1

95f1d5ee8c95b24ffb62d61d597ac1e1c5e44b31
SHA256

c3cba8b38b1c9d930d6352803848798e6e9b8ef37e52523b97d5b94dd52fc732
SHA512

c161ecd58dcab38a338e548ca04d3c9bb959c6b235edb2bb08caec87bfdd292bd7e667e7f3679388147ba08c4233456f40c8083581daff26758ce5872f24850d
SSDEEP

6144:x3bDksaZLLP8OvtzpfzzlPFAAfwG44X0m+Z1Af61g8nKB17M1hRJZ:VvksaZLwOvTzRP6Af44ajACi8Kr7M1j

Score

1^/10

Malware Config

Signatures

Files

d5134f77ca508e33eace820c4877e6c0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a847cd72b1f7bfaf97d49dd38246ae25

Code Sign

70:e1:eb:d1:70:db:81:02:d8:c2:8e:58:39:2e:56:32
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05-09-2020 00:00

Not After

05-09-2021 23:59

Subject

CN=Equal Cash Technologies Limited,OU=IT,O=Equal Cash Technologies Limited,POSTALCODE=S4R 8J6,STREET=1252 North Galloway Street,L=Regina,ST=Saskatchewan,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:7d:ec:ba:3e:b4:09:08:1d:7a:b2:be:4f:49:af:88:33:4d:7b:b1
Signer

Actual PE Digest

6e:7d:ec:ba:3e:b4:09:08:1d:7a:b2:be:4f:49:af:88:33:4d:7b:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
GetTickCount
GetSystemTimeAsFileTime
GetConsoleTitleA
GetTempFileNameW
LZCopy
FindNextFileA
GetThreadLocale
InterlockedPushEntrySList
CreateActCtxA
GetTapeStatus
MapUserPhysicalPagesScatter
SetInformationJobObject
FindNextVolumeW

user32

GetAsyncKeyState
GetUpdateRgn
GetClipCursor
GetInputDesktop
DrawCaption
CloseClipboard
IsWindowVisible
CopyAcceleratorTableA
DdeCmpStringHandles
GetKeyboardState
DdeDisconnectList
RegisterClipboardFormatA
SetWindowsHookA
ReplyMessage
GetAltTabInfoA
GetAltTabInfoW
DrawStateW
GetWindowPlacement
GetKeyboardLayout
CreateDialogIndirectParamA
MessageBoxW
GetKeyboardType
WINNLSEnableIME
CsrBroadcastSystemMessageExW
GetKeyState
OemToCharBuffW
MsgWaitForMultipleObjects
PackDDElParam
LoadMenuIndirectW
BroadcastSystemMessage
GetMouseMovePointsEx
DrawTextExA
ValidateRgn

shell32

StrChrIA
SHCreateFileExtractIconW
StrStrA
SHGetSetSettings
SHGetDesktopFolder
SHGetNewLinkInfo
ILAppendID
PifMgr_SetProperties
SHFreeNameMappings
ILIsEqual
StrNCmpIA
DAD_AutoScroll
IsLFNDriveA
SHCreateQueryCancelAutoPlayMoniker
DAD_SetDragImage
ExtractAssociatedIconExW
PathYetAnotherMakeUniqueName
SHOpenFolderAndSelectItems
ShellExecuteEx
Control_RunDLLA
SHGetDiskFreeSpaceA
SHGetFolderPathA
RealShellExecuteA
IsNetDrive
SHFileOperationA
SHGetIconOverlayIndexA
SHChangeNotification_Unlock
StrRChrW
SHPropStgCreate

comctl32

UninitializeFlatSB
FlatSB_GetScrollProp
DestroyPropertySheetPage
SetWindowSubclass
ImageList_SetIconSize
ImageList_SetFilter
ImageList_DrawEx
ImageList_Replace
CreatePropertySheetPageW
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_GetImageCount
DPA_Sort
CreateStatusWindowW
ImageList_Draw
CreateUpDownControl
CreateStatusWindowA
CreateToolbarEx
FlatSB_GetScrollPos
DSA_Destroy
GetEffectiveClientRect
FlatSB_SetScrollRange
DrawStatusTextW
ImageList_GetImageRect
FlatSB_SetScrollInfo
AddMRUStringW

oleaut32

VarMod
VarAnd
VarSub
VARIANT_UserSize
VarBoolFromI1
VarOr
VarBoolFromI2
VarI8FromI1
GetActiveObject
DllGetClassObject
VarI2FromI1
OaBuildVersion
VarR4CmpR8
BSTR_UserFree
DllRegisterServer
VariantCopyInd
VarI1FromCy
VarR8FromDec
GetAltMonthNames
VarCyNeg
VarDateFromUI1
VarDecFromI2
LHashValOfNameSysA
OleCreateFontIndirect
SysFreeString
VarDecFromR4
VarBstrFromUI4
VarCyFromStr
BstrFromVector

winspool.drv

DocumentPropertiesA
QueryColorProfile
ConnectToPrinterDlg
AddPrinterDriverW
DeletePrinterDataA
FlushPrinter
PrinterMessageBoxA
EnumJobsW
EnumFormsA
DeleteMonitorA
AddFormW
EnumMonitorsA
EnumPrinterKeyW
GetPrinterW
AbortPrinter
PerfOpen
PerfClose
GetPrinterDriverDirectoryA
DeletePrinterIC
EnumPrintersW
GetPrintProcessorDirectoryA
AdvancedDocumentPropertiesA
GetPrinterDriverDirectoryW
SpoolerPrinterEvent
AddMonitorW
EnumPrinterDataExA
AddPrinterW
EnumPrintProcessorDatatypesW
OpenPrinterW

advapi32

WmiReceiveNotificationsA
FileEncryptionStatusW
UpdateTraceA
FindFirstFreeAce
InitiateSystemShutdownW
UnregisterIdleTask
SaferiIsExecutableFileType
RegQueryMultipleValuesA
SystemFunction003
RegisterEventSourceW
RegSaveKeyExW
GetTrusteeFormW
SaferGetLevelInformation
InitializeSecurityDescriptor
ConvertSecurityDescriptorToAccessW
RegQueryValueExW
RegDisablePredefinedCacheEx
CredReadA
RegNotifyChangeKeyValue
WmiExecuteMethodA
CryptImportKey
ClearEventLogA
LookupSecurityDescriptorPartsW
ConvertSecurityDescriptorToAccessNamedA
CredEnumerateA
SystemFunction028
ElfBackupEventLogFileW
DeregisterEventSource
LsaSetQuotasForAccount
ConvertAccessToSecurityDescriptorA
CryptSetProviderExA
ConvertSecurityDescriptorToStringSecurityDescriptorA
BuildTrusteeWithObjectsAndSidW
RegQueryValueExA
ObjectOpenAuditAlarmA
GetWindowsAccountDomainSid
SetEntriesInAccessListW
EnumServicesStatusExW
SystemFunction032
AllocateAndInitializeSid
CredGetTargetInfoW
LsaSetSystemAccessAccount

winmm

mmioFlush
waveInGetDevCapsA
mciLoadCommandResource
mci32Message
waveOutPause
midiOutLongMsg
mixerMessage
midiInStop
waveOutBreakLoop
mmioInstallIOProcW
DefDriverProc
mmioCreateChunk
mixerGetDevCapsA
auxOutMessage
waveOutGetPitch
mixerOpen
waveInGetID
joySetCapture
wod32Message
midiStreamProperty
waveOutOpen
waveOutGetErrorTextW
midiOutMessage
midiStreamPosition
midiOutSetVolume
joyGetThreshold
mciGetDriverData
waveInReset
midiOutCacheDrumPatches
waveInGetNumDevs
mixerGetControlDetailsW
PlaySound
midiStreamClose
sndPlaySoundA
mixerGetNumDevs

imagehlp

SymGetLineFromName
SymUnloadModule64
SymGetModuleInfo64
SymEnumerateModules
ImageRvaToVa
UnDecorateSymbolName
SymLoadModule
ImageLoad
EnumerateLoadedModules64
TouchFileTimes
FindFileInSearchPath
SearchTreeForFile
SymSetOptions
SymGetSymFromName
FindDebugInfoFile
ImageNtHeader
ImageRvaToSection
ImagehlpApiVersionEx
MapAndLoad
SymMatchFileName
ImagehlpApiVersion
SymGetLinePrev64
ReBaseImage
GetImageConfigInformation
GetTimestampForLoadedLibrary
StackWalk
SymGetModuleInfo

Sections

.text
Size: 808KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a847cd72b1f7bfaf97d49dd38246ae25

Code Sign

70:e1:eb:d1:70:db:81:02:d8:c2:8e:58:39:2e:56:32Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

01Certificate

Key Usages

6e:7d:ec:ba:3e:b4:09:08:1d:7a:b2:be:4f:49:af:88:33:4d:7b:b1Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

comctl32

oleaut32

winspool.drv

advapi32

winmm

imagehlp

Sections

.text Size: 808KB - Virtual size: 808KB

.rdata Size: 512B - Virtual size: 4KB

.data Size: 93KB - Virtual size: 93KB

.rdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 484B

70:e1:eb:d1:70:db:81:02:d8:c2:8e:58:39:2e:56:32
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

01
Certificate

6e:7d:ec:ba:3e:b4:09:08:1d:7a:b2:be:4f:49:af:88:33:4d:7b:b1
Signer

.text
Size: 808KB - Virtual size: 808KB

.rdata
Size: 512B - Virtual size: 4KB

.data
Size: 93KB - Virtual size: 93KB

.rdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 484B