f582da103c51f7bcdc2ee396fad2bd2c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f582da103c51f7bcdc2ee396fad2bd2c_JaffaCakes118
Size

267KB
MD5

f582da103c51f7bcdc2ee396fad2bd2c
SHA1

a2ff74690436924198255a26bd473065092c85fb
SHA256

67fd9afb3d59d1bbeb53cc212fd4d66c0d0af5274afa3a0f0dc82b018266a516
SHA512

8f2f9ac4f775d50e72e3c241e7ebba48791f5fd8d1e84c8631cf09965f910676b7381b4fcdafaed3fd17c2106d26008420912bf2e9c17cf8ba4c503fdc16baa1
SSDEEP

6144:oRX2o6JvwA1DXDdNHvbyVfbWWbyHjaSKzdbybbybnv4ZPTlebuSE:oRB6JvdbDdNHvbyVfbWWbyHjaSabybb0

Score

1^/10

Malware Config

Signatures

Files

f582da103c51f7bcdc2ee396fad2bd2c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2c9589d291f668b30a81a6d72bf6b4cc

Code Sign

47:c7:27:1f:af:79:a8:51:bd:ed:2a:04:18:c2:09:93
Certificate

Issuer

CN=XSNXKYNVJIFYSFTWRA

Not Before

13/05/2019, 11:27

Not After

31/12/2039, 23:59

Subject

CN=XSNXKYNVJIFYSFTWRA

Extended Key Usages

ExtKeyUsageCodeSigning

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:70:cd:a0:cd:ed:83:05:e8:de:ed:5a:f1:e5:11:48:f3:7b:aa:1c:4f:67:93:98:d2:39:58:42:d3:8a:35:f4
Signer

Actual PE Digest

a8:70:cd:a0:cd:ed:83:05:e8:de:ed:5a:f1:e5:11:48:f3:7b:aa:1c:4f:67:93:98:d2:39:58:42:d3:8a:35:f4

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GlobalSize
MulDiv
GetTickCount
FileTimeToSystemTime
GetDiskFreeSpaceExW
LocalUnlock
LocalLock
GetVolumeInformationW
GetCurrentProcessId
ExpandEnvironmentStringsA
CreateFileW
SetFilePointer
ReadFile
WriteFile
GetFileTime
GetFileSize
GetFileAttributesW
DeleteFileW
GetTempFileNameW
WideCharToMultiByte
FormatMessageW
LocalAlloc
LocalFree
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesExW
AreFileApisANSI
CreateMutexW
CreateEventW
ReleaseMutex
SetEvent
TerminateThread
GetExitCodeProcess
ResetEvent
PeekNamedPipe
WaitForMultipleObjects
CreatePipe
DuplicateHandle
CreateProcessW
TerminateProcess
GetTimeZoneInformation
GetDriveTypeW
DeviceIoControl
ExitProcess
QueryPerformanceCounter
GetFileType
SetHandleCount
LoadLibraryW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
HeapSize
HeapReAlloc
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetCPInfo
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineW
RtlUnwind
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetNumberFormatW
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
DosDateTimeToFileTime
CompareFileTime
GetTempPathW
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetLocalTime
GetDateFormatW
LockResource
lstrlenA
lstrcpynW
lstrcmpW
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FreeLibrary
lstrcmpiW
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
lstrlenW
lstrcpyW
lstrcatW
SetLastError
CreateThread
WaitForSingleObject
Sleep
CloseHandle
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetEnvironmentStringsW
lstrcmpiA
SwitchToThread
GetSystemInfo
GetVersion
VirtualQuery
GetSystemDefaultUILanguage
GetStartupInfoA
GetUserDefaultUILanguage
ExitThread
WritePrivateProfileStringW
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualProtect
SystemTimeToTzSpecificLocalTime
SuspendThread
SetThreadPriority
SetThreadLocale
SetErrorMode
SetEndOfFile
ResumeThread
OutputDebugStringW
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAddAtomW
GetWindowsDirectoryW
GetThreadPriority
GetThreadLocale
GetPrivateProfileStringW
GetModuleFileNameA
GetFullPathNameW
GetExitCodeThread
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentThread
GetCPInfoExW
FreeResource
InterlockedExchangeAdd
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumCalendarInfoW
CopyFileW

user32

GetDesktopWindow
GetClipboardOwner
GetThreadDesktop
GetCaretBlinkTime
DestroyWindow
GetKeyState
IsIconic
GetTopWindow
GetSysColor
GetListBoxInfo
IsWindowVisible

gdi32

GetTextAlign
GetDCPenColor
CloseMetaFile
CreateMetaFileA
FillPath
GetFontLanguageInfo
GetSystemPaletteUse
GetLayout

advapi32

RegOpenKeyA
RegQueryValueExA

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_controlfp

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c9589d291f668b30a81a6d72bf6b4cc

Code Sign

47:c7:27:1f:af:79:a8:51:bd:ed:2a:04:18:c2:09:93Certificate

Extended Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

a8:70:cd:a0:cd:ed:83:05:e8:de:ed:5a:f1:e5:11:48:f3:7b:aa:1c:4f:67:93:98:d2:39:58:42:d3:8a:35:f4Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 72KB - Virtual size: 72KB

.rsrc Size: 162KB - Virtual size: 162KB

47:c7:27:1f:af:79:a8:51:bd:ed:2a:04:18:c2:09:93
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a8:70:cd:a0:cd:ed:83:05:e8:de:ed:5a:f1:e5:11:48:f3:7b:aa:1c:4f:67:93:98:d2:39:58:42:d3:8a:35:f4
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 162KB - Virtual size: 162KB