ddf932f409cd8d649618fd8aedaef56d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ddf932f409cd8d649618fd8aedaef56d_JaffaCakes118
Size

1.2MB
MD5

ddf932f409cd8d649618fd8aedaef56d
SHA1

558d33ef044455fac798b2a047dee5aa2c1ad31b
SHA256

28a2431ffd24d8041bdbf471fcc3eebb98c9e53c980617e4c468f7ad9cdf9d31
SHA512

08a80671f29c5776a936a48e8e4a481a20004c1ff9e54e683812df20918cf8a73897fed302543c0bd961a9f3e36be2a4113dd38b5a31971d3b6ae32225d68409
SSDEEP

6144:MmZY0vyoLlju376DEoS5rOA9xRK4VtJuchq+WPMJ/9BCa0KLDIHShQo5G3g:o0vgr6AoS5lxRKbcRWPa7Ca0Koo/

Score

1^/10

Malware Config

Signatures

Files

ddf932f409cd8d649618fd8aedaef56d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

95e37e5c4d2518022ed29eb0cbd1eec1

Code Sign

fe:41:94:14:64:b9:99:2a:69:b7:31:74:18:ae:8e:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08-09-2020 00:00

Not After

08-09-2021 23:59

Subject

CN=Milsean Software Limited,O=Milsean Software Limited,POSTALCODE=X91 A26N,STREET=9 BÁN ÁRD ABBEYLANDS FERRYBANK,L=Waterford,C=IE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:c7:37:5a:aa:cf:c5:4c:e5:44:d7:9b:9c:3b:72:bc:d6:93:9c:d1
Signer

Actual PE Digest

2d:c7:37:5a:aa:cf:c5:4c:e5:44:d7:9b:9c:3b:72:bc:d6:93:9c:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
GetACP
GetConsoleCP
FlushViewOfFile
OutputDebugStringA
SignalObjectAndWait
GetComPlusPackageInstallStatus
GlobalCompact
TerminateProcess
SetThreadUILanguage
SearchPathA
FindNextVolumeA
UnregisterWait
SetConsoleScreenBufferSize

user32

GetCaretBlinkTime
FindWindowExW
MessageBeep
SetWindowContextHelpId
OpenIcon
IsCharUpperW
DdeImpersonateClient
DdeReconnect
SetInternalWindowPos
MessageBoxExA
TranslateAccelerator
LoadLocalFonts
VkKeyScanA
IsClipboardFormatAvailable
MsgWaitForMultipleObjects
SetClipboardData
SetKeyboardState
InsertMenuW
GetClipboardFormatNameA
RegisterSystemThread
SetRect
TranslateMDISysAccel
IsWindowEnabled
SetMenuInfo
ScrollWindow
ArrangeIconicWindows
SetSysColors
DefMDIChildProcW
DrawTextExW
DestroyMenu
GetUpdateRect
GetMonitorInfoA
ScrollChildren

gdi32

GetGlyphOutlineWow
EngMultiByteToUnicodeN
GdiIsPlayMetafileDC
GdiEntry15
ResetDCW
EndFormPage
SetMagicColors
GdiCreateLocalMetaFilePict
DdEntry35
DdEntry46
GetBitmapDimensionEx
SetColorAdjustment
GetFontResourceInfoW
GetTextMetricsA
GetViewportExtEx
GdiRealizationInfo
DdEntry48
EngBitBlt
SetBrushAttributes
FONTOBJ_pQueryGlyphAttrs
GetCharWidthI
DdEntry6
GetObjectA
DdEntry32
SetColorSpace
GdiEntry6
GetRegionData
GdiGetPageHandle
DdEntry40
GetTextAlign
CopyEnhMetaFileW
GetLogColorSpaceW

winspool.drv

XcvDataW
SpoolerPrinterEvent
SetPrinterDataW
DeviceCapabilitiesA
StartDocPrinterA
FlushPrinter
GetPrinterW
EXTDEVICEMODE
SetPrinterDataA
EnumPrintProcessorsW
OpenPrinterA
SetDefaultPrinterA
GetDefaultPrinterW
ConfigurePortA
EnumPrinterKeyA
AddPortExW
EndPagePrinter
DeleteMonitorA
EnumPrintProcessorDatatypesW
ConnectToPrinterDlg
DeletePrinterDataExW
AddPrintProvidorA
DeletePrinterDriverExA
ClosePrinter
ConvertAnsiDevModeToUnicodeDevmode
DeletePrintProvidorW
DeletePrinterDriverA
SetJobW
StartDocDlgA

ole32

OleCreate
DllGetClassObject
CoGetComCatalog
DllRegisterServer
CoCreateGuid
StgCreateDocfileOnILockBytes
CLIPFORMAT_UserFree
IsValidInterface
CoAllowSetForegroundWindow
HGLOBAL_UserUnmarshal
HBITMAP_UserMarshal
HWND_UserSize
CreateStreamOnHGlobal
HICON_UserMarshal
GetClassFile
GetHGlobalFromStream
CoGetStdMarshalEx
HDC_UserFree
HWND_UserUnmarshal
ReadStringStream
OleCreateMenuDescriptor
CreateBindCtx
WriteStringStream
PropVariantChangeType
HPALETTE_UserSize
CoGetCancelObject
HDC_UserSize
HBITMAP_UserUnmarshal
HBRUSH_UserMarshal
WriteFmtUserTypeStg
HBITMAP_UserFree
OleCreateLinkEx
CoGetClassObject

oleacc

AccessibleChildren
GetOleaccVersionInfo
GetStateTextW
CreateStdAccessibleProxyA
LIBID_Accessibility
ObjectFromLresult
GetStateTextA
CreateStdAccessibleObject
AccessibleObjectFromPoint
GetRoleTextA
IID_IAccessible
AccessibleObjectFromWindow
DllUnregisterServer
AccessibleObjectFromEvent
IID_IAccessibleHandler
WindowFromAccessibleObject

oleaut32

VarI2FromUI4
VarI8FromDate
DispInvoke
UnRegisterTypeLibForUser
VarDateFromUI1
VarI4FromI1
SafeArrayCreateVector
SafeArrayAllocDescriptor
VarR8FromDate
VarI1FromUI1
VarCmp
VarUI8FromR4
VarCyCmpR8
VarBstrCat
VarUI1FromDec
VarUI1FromUI8
VarCyFromUI1
SafeArrayGetLBound
VarDateFromR4
VarI4FromUI8
VarDateFromStr
VarBstrCmp
VarBstrFromUI4
VarR4FromDate
VarI4FromUI1
VarCyAbs
VarCySub
VarBoolFromUI8
RegisterTypeLibForUser
VARIANT_UserUnmarshal
VarUI1FromDisp
VarI4FromR8
VarDecFromCy
VarI2FromBool
VarMul
SafeArrayDestroyData
VarR4FromI1
VarDecSub
VarCyFromI4
VarUI1FromI8
SysAllocStringLen
VarMonthName

gdiplus

GdipSetPenMode
GdipGetDpiY
GdipCombineRegionPath
GdipSetLineLinearBlend
GdipDrawImagePointsI
GdipBitmapLockBits
GdipCreatePathGradientFromPath
GdipSetTextRenderingHint
GdipResetPenTransform
GdipSetPathGradientCenterPoint
GdipGetGenericFontFamilySerif
GdipSetPathGradientLinearBlend
GdipGetGenericFontFamilySansSerif
GdipSetPathFillMode
GdipSaveImageToFile
GdipSetStringFormatHotkeyPrefix
GdipDrawImagePointsRect
GdipMultiplyPenTransform
GdipIsVisiblePointI
GdipIsVisibleRectI
GdipSetPenMiterLimit
GdipCreateMetafileFromWmfFile
GdipCreateRegionHrgn
GdipAddPathPie
GdipGetAllPropertyItems
GdipVectorTransformMatrixPointsI
GdipCloneMatrix
GdipDrawCurve2
GdipGetMetafileHeaderFromFile
GdipDrawImageI
GdipGetPenCustomStartCap
GdipIsVisiblePoint
GdipDeletePen

advapi32

IdentifyCodeAuthzLevelW
SaferCreateLevel
ConvertStringSecurityDescriptorToSecurityDescriptorA
LsaICLookupNamesWithCreds
LsaQuerySecurityObject
LsaQueryInfoTrustedDomain
ElfFlushEventLog
LsaDeleteTrustedDomain
GetSidSubAuthorityCount
I_ScSetServiceBitsA
CloseCodeAuthzLevel
GetTraceEnableFlags
LsaEnumeratePrivilegesOfAccount
GetPrivateObjectSecurity
SaferiSearchMatchingHashRules
RegisterServiceCtrlHandlerW
StopTraceW
FindFirstFreeAce
PrivilegedServiceAuditAlarmA
RegGetKeySecurity
LsaLookupPrivilegeValue
DeleteAce
GetAclInformation
CryptAcquireContextW
GetUserNameW
GetSecurityDescriptorGroup
RegQueryValueW
ImpersonateLoggedOnUser
ElfReadEventLogW
CryptSignHashW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTrusteeNameW
ConvertStringSDToSDRootDomainA
CredDeleteA
GetMultipleTrusteeW

comctl32

ImageList_LoadImage
ImageList_SetFlags
UninitializeFlatSB
AddMRUStringW
CreateStatusWindowW
ImageList_EndDrag
ImageList_LoadImageW
LBItemFromPt
InitCommonControls
PropertySheetA
ImageList_Draw
ImageList_Read
ImageList_Add
ImageList_Duplicate
ImageList_Copy
CreateToolbarEx
ImageList_BeginDrag
ImageList_GetImageRect
DSA_InsertItem
DPA_Search
ImageList_GetBkColor

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95e37e5c4d2518022ed29eb0cbd1eec1

Code Sign

fe:41:94:14:64:b9:99:2a:69:b7:31:74:18:ae:8e:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

01Certificate

Key Usages

2d:c7:37:5a:aa:cf:c5:4c:e5:44:d7:9b:9c:3b:72:bc:d6:93:9c:d1Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

ole32

oleacc

oleaut32

gdiplus

advapi32

comctl32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 512B - Virtual size: 4KB

.data Size: 5KB - Virtual size: 21KB

.rdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 484B

fe:41:94:14:64:b9:99:2a:69:b7:31:74:18:ae:8e:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

01
Certificate

2d:c7:37:5a:aa:cf:c5:4c:e5:44:d7:9b:9c:3b:72:bc:d6:93:9c:d1
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 512B - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 21KB

.rdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 484B