e66882f22b810a54b4ba736b788a80f6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e66882f22b810a54b4ba736b788a80f6_JaffaCakes118
Size

1.1MB
MD5

e66882f22b810a54b4ba736b788a80f6
SHA1

7d3162c4808c2dfec6fc9e4aaf2ec13669a99eba
SHA256

e53225b0bc4289135057d05fcbd0aaf79e5a25cf842e8dfd7f1dcaf60f154296
SHA512

d954bf093048f8e1e644e690b5692b9c12047d8324f5880057756e04c97c1a0b6ae90386902168111970d387426892526cd5272afb87fe405b4c97ea7e9e092a
SSDEEP

6144:CUg69tR5KCcCg8nqVbkQSaPOnNxRQVwSav4dyxDYoQYJUpg1MwE4s0m+Z1Af6kX:999trKTX84bkQfUO/aQdeMo3e+k4jACA

Score

1^/10

Malware Config

Signatures

Files

e66882f22b810a54b4ba736b788a80f6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3bd7c16a16ad7d5b3966a30a82496732

Code Sign

f8:c2:e0:84:38:bb:0e:9a:dc:95:5e:4b:49:3e:58:21
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08-09-2020 00:00

Not After

08-09-2021 23:59

Subject

CN=DocsGen Software Solutions Inc.,OU=IT,O=DocsGen Software Solutions Inc.,POSTALCODE=M5H 3E5,STREET=250 University Ave,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:4d:f9:98:17:6d:6d:5e:78:6e:0a:15:21:3f:11:27:b3:76:1d:d4
Signer

Actual PE Digest

74:4d:f9:98:17:6d:6d:5e:78:6e:0a:15:21:3f:11:27:b3:76:1d:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
lstrcmpA
ReadConsoleInputExA
GetCommModemStatus
GetConsoleOutputCP
SizeofResource
RegisterConsoleIME
DefineDosDeviceA
GetConsoleAliasesW
FillConsoleOutputCharacterW
GetSystemDefaultLCID
OpenThread
GetCommState
GetCurrentActCtx
CancelDeviceWakeupRequest
Heap32Next
SetLastConsoleEventActive
ReadFileEx
EnumCalendarInfoA
SetThreadLocale
CopyFileExA
OpenSemaphoreW
SetProcessPriorityBoost

user32

GetWindowThreadProcessId
UnhookWindowsHook
DefMDIChildProcW
SetMenuContextHelpId
GetOpenClipboardWindow
IsRectEmpty
SendMessageTimeoutA
EqualRect
DrawTextW
GetClipCursor
GetDlgCtrlID
PrivateExtractIconsA
ClientToScreen
EnumDisplayDevicesW
CalcMenuBar
LoadMenuA
SendMessageW
DlgDirSelectComboBoxExA
RegisterClipboardFormatA
NotifyWinEvent
GetDlgItemTextW
SetWindowPlacement
OemToCharW
UnregisterClassA
LoadMenuIndirectA
SetClassWord
GetWindowModuleFileName
FindWindowExW
SetKeyboardState
GetWindowTextW
UpdateWindow
GetMenuBarInfo
GetAsyncKeyState
SetWindowRgn
GetPropA
MessageBoxIndirectW
BuildReasonArray
DestroyReasons

comctl32

FlatSB_SetScrollPos
CreateStatusWindowW
UninitializeFlatSB
FlatSB_GetScrollProp
CreateStatusWindow
DestroyPropertySheetPage
DrawStatusTextW
FlatSB_SetScrollInfo
DSA_DeleteAllItems
ImageList_GetImageCount
DPA_GetPtr
ImageList_SetBkColor
ImageList_EndDrag
ImageList_GetFlags
DSA_Create
CreatePropertySheetPageW
ImageList_DragEnter
ImageList_Draw
InitCommonControls
FlatSB_GetScrollPos
DSA_InsertItem
DPA_Destroy
ImageList_SetFlags
EnumMRUListW
ImageList_Read
ImageList_Copy
_TrackMouseEvent
ImageList_LoadImageA
CreateStatusWindowA
DPA_DeletePtr
ImageList_Create
ImageList_DrawEx
MakeDragList
DSA_GetItemPtr
CreateUpDownControl
FlatSB_SetScrollRange
PropertySheetW

oleaut32

VarI4FromR4
VarCyFromUI4
OleLoadPictureFile
VarUI2FromR4
VariantTimeToDosDateTime
BSTR_UserUnmarshal
DllRegisterServer
VarI1FromUI2
DllCanUnloadNow
VarDecFromBool
VarUI4FromUI8
BSTR_UserFree
VarI8FromBool
VarCyFix
VarI8FromCy
VarUI8FromI2
VarI2FromDisp
VarUI8FromUI4
BSTR_UserMarshal
VarBstrFromI2
VarCat
VarUI2FromStr
VarI4FromI8
VarDecFromDate
OleCreatePropertyFrame
VarR4FromI4
GetErrorInfo
OleLoadPictureFileEx
VarR4FromDec
VarDateFromStr

shlwapi

UrlUnescapeW
SHRegisterValidateTemplate
PathFindSuffixArrayA
PathCreateFromUrlW
StrChrNIW
PathIsURLA
PathStripPathA
PathIsContentTypeA
StrCmpIW
PathIsSystemFolderW
StrCpyNW
SHRegGetPathA
PathSetDlgItemPathA
UrlEscapeW
StrIsIntlEqualW
SHDeleteEmptyKeyW
StrStrNIW
PathFindNextComponentA
PathRemoveFileSpecA
PathRemoveExtensionA
PathAddExtensionA
StrIsIntlEqualA
wnsprintfW
SHReleaseThreadRef
SHRegDeleteEmptyUSKeyA
SHRegSetUSValueA
SHRegDeleteUSValueW
PathCombineW
PathCompactPathW
SHRegWriteUSValueA
AssocCreate
PathCompactPathExA
StrNCatA
SHGetViewStatePropertyBag
PathUnmakeSystemFolderA
wvnsprintfW

winspool.drv

AddPortExW
ScheduleJob
CommitSpoolData
GetPrinterDataExA
DeleteMonitorW
PlayGdiScriptOnPrinterIC
ConvertUnicodeDevModeToAnsiDevmode
AddFormA
QuerySpoolMode
DeletePrinter
EnumPrintProcessorsW
IsValidDevmodeA
AdvancedDocumentPropertiesW
AddPortExA
GetPrinterA
DeletePrinterDriverW
EnumFormsW
SpoolerPrinterEvent
DeletePrinterDriverA
GetPrinterW
FindNextPrinterChangeNotification
GetPrinterDriverA
SetPrinterDataW
SetFormA
FindClosePrinterChangeNotification
SetPrinterDataA
PerfOpen
ResetPrinterA
ReadPrinter
EnumJobsA
AddPrinterDriverExW
DeleteFormA
ConfigurePortW
SplDriverUnloadComplete

winmm

mmsystemGetVersion
waveOutGetPlaybackRate
mixerGetID
midiInMessage
PlaySoundA
mciGetDeviceIDW
wid32Message
midiOutCacheDrumPatches
waveOutGetPosition
WOW32ResolveMultiMediaHandle
mciGetDeviceIDFromElementIDA
mixerSetControlDetails
waveOutOpen
joyGetDevCapsA
waveOutPrepareHeader
mmioRenameW
mmDrvInstall
joyReleaseCapture
PlaySoundW
sndPlaySoundW
waveInGetErrorTextW
midiOutGetDevCapsA
WOWAppExit
sndPlaySoundA
midiInGetErrorTextA
waveOutMessage
mmTaskBlock
midiOutCachePatches

imagehlp

ImageDirectoryEntryToDataEx
ImageNtHeader
SymEnumerateModules
SymGetSymFromName
GetTimestampForLoadedLibrary
FindFileInPath
SymGetOptions
TouchFileTimes
FindExecutableImage
ImageGetCertificateHeader
ImageDirectoryEntryToData
SymGetModuleBase64
MapFileAndCheckSumA
RemovePrivateCvSymbolic
SymEnumerateSymbolsW
SymGetTypeInfo
ImageGetCertificateData
ImageAddCertificate
SymFunctionTableAccess
SymGetSymNext
CheckSumMappedFile
ImageEnumerateCertificates
SymRegisterCallback64
SplitSymbols
BindImageEx
SymGetModuleInfoW
SymFindFileInPath
SymEnumerateSymbolsW64
MapDebugInformation
ReBaseImage64
ImageLoad

advapi32

RegQueryValueExW
BuildTrusteeWithSidA
SystemFunction010
LsaCreateSecret
DecryptFileA
CryptGetDefaultProviderW
GetMultipleTrusteeOperationW
LsaAddAccountRights
LsaICLookupSids
LsaSetSystemAccessAccount
WmiOpenBlock
CryptEnumProviderTypesA
NotifyBootConfigStatus
RegCreateKeyA
RegEnumValueW
AddAccessAllowedObjectAce
SystemFunction024
SaferiCompareTokenLevels
AccessCheckByTypeAndAuditAlarmW
CommandLineFromMsiDescriptor
ImpersonateLoggedOnUser
SystemFunction040
UnregisterTraceGuids
FindFirstFreeAce
A_SHAFinal
CryptSetProviderA
LogonUserA
LookupPrivilegeDisplayNameW
CryptHashData
RegSaveKeyA
A_SHAInit
InstallApplication
AdjustTokenGroups
GetSecurityInfo
FreeEncryptedFileKeyInfo

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bd7c16a16ad7d5b3966a30a82496732

Code Sign

f8:c2:e0:84:38:bb:0e:9a:dc:95:5e:4b:49:3e:58:21Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

01Certificate

Key Usages

74:4d:f9:98:17:6d:6d:5e:78:6e:0a:15:21:3f:11:27:b3:76:1d:d4Signer

Headers

File Characteristics

Imports

kernel32

user32

comctl32

oleaut32

shlwapi

winspool.drv

winmm

imagehlp

advapi32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 1024B - Virtual size: 8KB

.data Size: 93KB - Virtual size: 93KB

.rdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 484B

f8:c2:e0:84:38:bb:0e:9a:dc:95:5e:4b:49:3e:58:21
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

01
Certificate

74:4d:f9:98:17:6d:6d:5e:78:6e:0a:15:21:3f:11:27:b3:76:1d:d4
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 1024B - Virtual size: 8KB

.data
Size: 93KB - Virtual size: 93KB

.rdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 484B