e49b9fb3fec1f330b1c46b0d13b234b3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e49b9fb3fec1f330b1c46b0d13b234b3_JaffaCakes118
Size

1.2MB
MD5

e49b9fb3fec1f330b1c46b0d13b234b3
SHA1

90764eb97f33e80ce13eb28854612672e2eb37ac
SHA256

71f24bd6e0a181c04f0fabc5801480a4e3991d2fdf8b35a72b1e91c60ba3eb03
SHA512

624839c7472e7eb16c736e1c196bd7ea5590420c60a0179b66630aab47fd8ad3d9594479d3a93a3547c7b096cee7308ba75480c1ae66530ef27706c0e87b0bbf
SSDEEP

6144:ImZY0vyoLlju376DEoS5rOA9xRK4VtJuchq+WPMJ/9BCa0KLDIHShQo5GTr:s0vgr6AoS5lxRKbcRWPa7Ca0Koos

Score

1^/10

Malware Config

Signatures

Files

e49b9fb3fec1f330b1c46b0d13b234b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

95e37e5c4d2518022ed29eb0cbd1eec1

Code Sign

fe:41:94:14:64:b9:99:2a:69:b7:31:74:18:ae:8e:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08-09-2020 00:00

Not After

08-09-2021 23:59

Subject

CN=Milsean Software Limited,O=Milsean Software Limited,POSTALCODE=X91 A26N,STREET=9 BÁN ÁRD ABBEYLANDS FERRYBANK,L=Waterford,C=IE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:e9:9c:9a:1d:be:96:d5:b3:7f:0c:0f:e4:97:aa:5c:45:69:2b:bb
Signer

Actual PE Digest

ce:e9:9c:9a:1d:be:96:d5:b3:7f:0c:0f:e4:97:aa:5c:45:69:2b:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
GetACP
GetConsoleCP
FlushViewOfFile
OutputDebugStringA
SignalObjectAndWait
GetComPlusPackageInstallStatus
GlobalCompact
TerminateProcess
SetThreadUILanguage
SearchPathA
FindNextVolumeA
UnregisterWait
SetConsoleScreenBufferSize

user32

GetCaretBlinkTime
FindWindowExW
MessageBeep
SetWindowContextHelpId
OpenIcon
IsCharUpperW
DdeImpersonateClient
DdeReconnect
SetInternalWindowPos
MessageBoxExA
TranslateAccelerator
LoadLocalFonts
VkKeyScanA
IsClipboardFormatAvailable
MsgWaitForMultipleObjects
SetClipboardData
SetKeyboardState
InsertMenuW
GetClipboardFormatNameA
RegisterSystemThread
SetRect
TranslateMDISysAccel
IsWindowEnabled
SetMenuInfo
ScrollWindow
ArrangeIconicWindows
SetSysColors
DefMDIChildProcW
DrawTextExW
DestroyMenu
GetUpdateRect
GetMonitorInfoA
ScrollChildren

gdi32

GetGlyphOutlineWow
EngMultiByteToUnicodeN
GdiIsPlayMetafileDC
GdiEntry15
ResetDCW
EndFormPage
SetMagicColors
GdiCreateLocalMetaFilePict
DdEntry35
DdEntry46
GetBitmapDimensionEx
SetColorAdjustment
GetFontResourceInfoW
GetTextMetricsA
GetViewportExtEx
GdiRealizationInfo
DdEntry48
EngBitBlt
SetBrushAttributes
FONTOBJ_pQueryGlyphAttrs
GetCharWidthI
DdEntry6
GetObjectA
DdEntry32
SetColorSpace
GdiEntry6
GetRegionData
GdiGetPageHandle
DdEntry40
GetTextAlign
CopyEnhMetaFileW
GetLogColorSpaceW

winspool.drv

XcvDataW
SpoolerPrinterEvent
SetPrinterDataW
DeviceCapabilitiesA
StartDocPrinterA
FlushPrinter
GetPrinterW
EXTDEVICEMODE
SetPrinterDataA
EnumPrintProcessorsW
OpenPrinterA
SetDefaultPrinterA
GetDefaultPrinterW
ConfigurePortA
EnumPrinterKeyA
AddPortExW
EndPagePrinter
DeleteMonitorA
EnumPrintProcessorDatatypesW
ConnectToPrinterDlg
DeletePrinterDataExW
AddPrintProvidorA
DeletePrinterDriverExA
ClosePrinter
ConvertAnsiDevModeToUnicodeDevmode
DeletePrintProvidorW
DeletePrinterDriverA
SetJobW
StartDocDlgA

ole32

OleCreate
DllGetClassObject
CoGetComCatalog
DllRegisterServer
CoCreateGuid
StgCreateDocfileOnILockBytes
CLIPFORMAT_UserFree
IsValidInterface
CoAllowSetForegroundWindow
HGLOBAL_UserUnmarshal
HBITMAP_UserMarshal
HWND_UserSize
CreateStreamOnHGlobal
HICON_UserMarshal
GetClassFile
GetHGlobalFromStream
CoGetStdMarshalEx
HDC_UserFree
HWND_UserUnmarshal
ReadStringStream
OleCreateMenuDescriptor
CreateBindCtx
WriteStringStream
PropVariantChangeType
HPALETTE_UserSize
CoGetCancelObject
HDC_UserSize
HBITMAP_UserUnmarshal
HBRUSH_UserMarshal
WriteFmtUserTypeStg
HBITMAP_UserFree
OleCreateLinkEx
CoGetClassObject

oleacc

AccessibleChildren
GetOleaccVersionInfo
GetStateTextW
CreateStdAccessibleProxyA
LIBID_Accessibility
ObjectFromLresult
GetStateTextA
CreateStdAccessibleObject
AccessibleObjectFromPoint
GetRoleTextA
IID_IAccessible
AccessibleObjectFromWindow
DllUnregisterServer
AccessibleObjectFromEvent
IID_IAccessibleHandler
WindowFromAccessibleObject

oleaut32

VarI2FromUI4
VarI8FromDate
DispInvoke
UnRegisterTypeLibForUser
VarDateFromUI1
VarI4FromI1
SafeArrayCreateVector
SafeArrayAllocDescriptor
VarR8FromDate
VarI1FromUI1
VarCmp
VarUI8FromR4
VarCyCmpR8
VarBstrCat
VarUI1FromDec
VarUI1FromUI8
VarCyFromUI1
SafeArrayGetLBound
VarDateFromR4
VarI4FromUI8
VarDateFromStr
VarBstrCmp
VarBstrFromUI4
VarR4FromDate
VarI4FromUI1
VarCyAbs
VarCySub
VarBoolFromUI8
RegisterTypeLibForUser
VARIANT_UserUnmarshal
VarUI1FromDisp
VarI4FromR8
VarDecFromCy
VarI2FromBool
VarMul
SafeArrayDestroyData
VarR4FromI1
VarDecSub
VarCyFromI4
VarUI1FromI8
SysAllocStringLen
VarMonthName

gdiplus

GdipSetPenMode
GdipGetDpiY
GdipCombineRegionPath
GdipSetLineLinearBlend
GdipDrawImagePointsI
GdipBitmapLockBits
GdipCreatePathGradientFromPath
GdipSetTextRenderingHint
GdipResetPenTransform
GdipSetPathGradientCenterPoint
GdipGetGenericFontFamilySerif
GdipSetPathGradientLinearBlend
GdipGetGenericFontFamilySansSerif
GdipSetPathFillMode
GdipSaveImageToFile
GdipSetStringFormatHotkeyPrefix
GdipDrawImagePointsRect
GdipMultiplyPenTransform
GdipIsVisiblePointI
GdipIsVisibleRectI
GdipSetPenMiterLimit
GdipCreateMetafileFromWmfFile
GdipCreateRegionHrgn
GdipAddPathPie
GdipGetAllPropertyItems
GdipVectorTransformMatrixPointsI
GdipCloneMatrix
GdipDrawCurve2
GdipGetMetafileHeaderFromFile
GdipDrawImageI
GdipGetPenCustomStartCap
GdipIsVisiblePoint
GdipDeletePen

advapi32

IdentifyCodeAuthzLevelW
SaferCreateLevel
ConvertStringSecurityDescriptorToSecurityDescriptorA
LsaICLookupNamesWithCreds
LsaQuerySecurityObject
LsaQueryInfoTrustedDomain
ElfFlushEventLog
LsaDeleteTrustedDomain
GetSidSubAuthorityCount
I_ScSetServiceBitsA
CloseCodeAuthzLevel
GetTraceEnableFlags
LsaEnumeratePrivilegesOfAccount
GetPrivateObjectSecurity
SaferiSearchMatchingHashRules
RegisterServiceCtrlHandlerW
StopTraceW
FindFirstFreeAce
PrivilegedServiceAuditAlarmA
RegGetKeySecurity
LsaLookupPrivilegeValue
DeleteAce
GetAclInformation
CryptAcquireContextW
GetUserNameW
GetSecurityDescriptorGroup
RegQueryValueW
ImpersonateLoggedOnUser
ElfReadEventLogW
CryptSignHashW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTrusteeNameW
ConvertStringSDToSDRootDomainA
CredDeleteA
GetMultipleTrusteeW

comctl32

ImageList_LoadImage
ImageList_SetFlags
UninitializeFlatSB
AddMRUStringW
CreateStatusWindowW
ImageList_EndDrag
ImageList_LoadImageW
LBItemFromPt
InitCommonControls
PropertySheetA
ImageList_Draw
ImageList_Read
ImageList_Add
ImageList_Duplicate
ImageList_Copy
CreateToolbarEx
ImageList_BeginDrag
ImageList_GetImageRect
DSA_InsertItem
DPA_Search
ImageList_GetBkColor

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95e37e5c4d2518022ed29eb0cbd1eec1

Code Sign

fe:41:94:14:64:b9:99:2a:69:b7:31:74:18:ae:8e:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

01Certificate

Key Usages

ce:e9:9c:9a:1d:be:96:d5:b3:7f:0c:0f:e4:97:aa:5c:45:69:2b:bbSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

ole32

oleacc

oleaut32

gdiplus

advapi32

comctl32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 512B - Virtual size: 4KB

.data Size: 5KB - Virtual size: 21KB

.rdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 484B

fe:41:94:14:64:b9:99:2a:69:b7:31:74:18:ae:8e:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

01
Certificate

ce:e9:9c:9a:1d:be:96:d5:b3:7f:0c:0f:e4:97:aa:5c:45:69:2b:bb
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 512B - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 21KB

.rdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 484B