efb7a3e2cb8f232021f1c5e081073998_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

efb7a3e2cb8f232021f1c5e081073998_JaffaCakes118
Size

163KB
MD5

efb7a3e2cb8f232021f1c5e081073998
SHA1

0f7143d8798ea1ef4a3611410442732a9a23b13a
SHA256

273b13b692817e33ad527583c8594e133d378bfc4fdbd09be1c9228253024192
SHA512

b6b46eb1addb6598798e220b3727532dff13eb3287da23b6ad42eaca0f4f46c35703cfc4c1e19eb1d47c04fd06003a7c6b01ce1fbf0118125ef27d1c1b90d69e
SSDEEP

3072:4WMG0BC83uZtGi5jKJZxgedEZoj53JwU90WZXH6woQnk5+iIg:4XC83nZSedEZoj53lp6Inz

Score

1^/10

Malware Config

Signatures

Files

efb7a3e2cb8f232021f1c5e081073998_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a3fd6a30f1fc81f632731e429f276f0e

Code Sign

74:e6:09:22:15:93:c2:b3:4c:df:8e:63:06:01:02:95
Certificate

Issuer

CN=HGNBDUPQVKOKEYVAUO

Not Before

16-05-2019 12:12

Not After

31-12-2039 23:59

Subject

CN=HGNBDUPQVKOKEYVAUO

Extended Key Usages

ExtKeyUsageCodeSigning

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:af:95:01:b7:17:42:bc:13:5e:00:22:16:46:d2:1d:a3:dd:05:07:3f:a6:84:29:96:4f:70:62:88:c5:92:d7
Signer

Actual PE Digest

18:af:95:01:b7:17:42:bc:13:5e:00:22:16:46:d2:1d:a3:dd:05:07:3f:a6:84:29:96:4f:70:62:88:c5:92:d7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceExW
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleMouseButtons
GetOEMCP
GetOverlappedResult
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessIoCounters
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetSystemTimes
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFindAtomA
GlobalFree
GlobalUnWire
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadReadPtr
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
GetConsoleScreenBufferInfo
LocalFree
LockFile
LockResource
MapViewOfFileEx
Module32FirstW
MoveFileW
MulDiv
MultiByteToWideChar
OpenEventA
OpenEventW
OpenMutexA
OpenMutexW
OpenProcess
OpenThread
OutputDebugStringW
PeekNamedPipe
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryPerformanceCounter
RaiseException
ReadConsoleInputA
ReadDirectoryChangesW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
ReplaceFile
ResetEvent
ResumeThread
RtlUnwind
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleCount
SetLastError
SetNamedPipeHandleState
SetStdHandle
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualLock
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleOutputCharacterA
WriteConsoleW
WriteFile
WritePrivateProfileSectionW
WritePrivateProfileStringW
_lclose
_lcreat
_llseek
_lopen
_lread
_lwrite
lstrcatA
lstrcmpA
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynA
lstrcpynW
lstrlen
lstrlenA
lstrlenW
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetConsoleAliasesW
GetCommandLineW
GetCommandLineA
GetCommState
GetCPInfoExA
GetCPInfo
GetAtomNameW
GetACP
FreeResource
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FreeConsole
FormatMessageW
FormatMessageA
FlushInstructionCache
FlushFileBuffers
FindResourceW
FindResourceExW
FindNextFileW
FindFirstFileW
FindFirstFileA
FindCloseChangeNotification
FindClose
FindAtomW
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
FileTimeToSystemTime
FileTimeToLocalFileTime
FatalAppExitA
ExitThread
ExitProcess
EnumSystemLocalesA
EnterCriticalSection
DuplicateHandle
DosDateTimeToFileTime
DisconnectNamedPipe
DeviceIoControl
DeleteVolumeMountPointW
DeleteFileW
DeleteFileA
DeleteCriticalSection
DeleteAtom
CreateWaitableTimerA
CreateToolhelp32Snapshot
CreateThread
CreateSemaphoreW
CreateSemaphoreA
CreateRemoteThread
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileExA
ConnectNamedPipe
CompareStringW
CompareStringA
CompareFileTime
CloseHandle
CancelIo
LocalFileTimeToFileTime
AddAtomW

user32

wvsprintfW
PostThreadMessageW
MessageBoxW
LoadStringW
GetMessageW
DispatchMessageW
CharNextW

gdi32

GetTextExtentPoint32W
GetStockObject
GetObjectW
GetBkMode
DeleteObject
DeleteDC
SelectObject
CreateFontIndirectW
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetTextColor
CreateFontW
SetDIBColorTable

advapi32

StartServiceW
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
SetEntriesInAclW
RevertToSelf
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
RegNotifyChangeKeyValue
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyA
RegCloseKey
ReadEventLogW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
OpenProcessToken
OpenEventLogW
LookupPrivilegeValueW
LookupAccountSidW
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetUserNameW
GetTokenInformation
GetNamedSecurityInfoW
FreeSid
EqualSid
DuplicateTokenEx
DuplicateToken
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CreateWellKnownSid
ConvertStringSidToSidW
ConvertSidToStringSidW
CloseServiceHandle
CloseEventLog
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
RegOpenKeyA

shell32

ShellExecuteA
SHLoadInProc
SHGetMalloc
SHGetIconOverlayIndexW
SHGetFolderPathA
SHFileOperationA
ExtractAssociatedIconExW
DragQueryFileA

shlwapi

StrCmpNA

comctl32

ord17

imm32

ImmDisableIME
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3fd6a30f1fc81f632731e429f276f0e

Code Sign

74:e6:09:22:15:93:c2:b3:4c:df:8e:63:06:01:02:95Certificate

Extended Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

18:af:95:01:b7:17:42:bc:13:5e:00:22:16:46:d2:1d:a3:dd:05:07:3f:a6:84:29:96:4f:70:62:88:c5:92:d7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

imm32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 21KB - Virtual size: 21KB

.rsrc Size: 12KB - Virtual size: 11KB

74:e6:09:22:15:93:c2:b3:4c:df:8e:63:06:01:02:95
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

18:af:95:01:b7:17:42:bc:13:5e:00:22:16:46:d2:1d:a3:dd:05:07:3f:a6:84:29:96:4f:70:62:88:c5:92:d7
Signer

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 12KB - Virtual size: 11KB