4346612f9e963468ae0d66286271241c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4346612f9e963468ae0d66286271241c_JaffaCakes118
Size

16KB
MD5

4346612f9e963468ae0d66286271241c
SHA1

930702a0b62485d6d84186a90be6798b80c14226
SHA256

0eb3b76938f785b200deb37dcc95d7fbdc383c3f162b94f843b2cbc6e0f1c43e
SHA512

ea3f9fc0737c112ae800f793673d9fb26a1cd2fb210a38dc37b5c73e5fb89ef5b65de0fec12b7faafaddc4b010f5f1f2ddac9de7d50ca30d88ec500ca3a0b758
SSDEEP

384:5bMKT+h2WqvMKLK9lJf2pwKNs3K3iFRnX:5bMeUqvIlJbaynX

Score

1^/10

Malware Config

Signatures

Files

4346612f9e963468ae0d66286271241c_JaffaCakes118
.xll windows:1 windows x86 arch:x86

08d31493d73d9d2f2228adbc7a81739d

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:d3:84:23:ae:f8:75:a1:0b:16:64:4d:05:82:97:e2
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

23/08/2021, 00:00

Not After

23/08/2022, 23:59

Subject

CN=TRUST DANMARK ApS,O=TRUST DANMARK ApS,ST=Midtjylland,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:9c:06:79:cc:cb:b1:e0:96:06:d1:43:50:51:3b:6f:56:77:28:9a
Signer

Actual PE Digest

b9:9c:06:79:cc:cb:b1:e0:96:06:d1:43:50:51:3b:6f:56:77:28:9a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

SelectClipPath
SetICMMode
RemoveFontResourceExA
GetMapMode
RemoveFontResourceExW
GetTextCharacterExtra
PaintRgn
GetEnhMetaFileHeader
CreateMetaFileA
CreatePenIndirect
GetDCOrgEx
CopyEnhMetaFileW
CreateCompatibleDC
GetRasterizerCaps
SelectBrushLocal
GetMiterLimit
SetDCPenColor
BitBlt
GdiDeleteSpoolFileHandle
CreateRectRgnIndirect
GetICMProfileW
GdiPlayPrivatePageEMF
SetBoundsRect
EnumFontFamiliesExW
SetBitmapDimensionEx
GetSystemPaletteEntries
FillRgn
GetROP2
GdiPlayEMF
SetDIBits
GdiStartPageEMF
GetEnhMetaFileA
GdiComment
CreateEllipticRgnIndirect
SetDIBColorTable
InvertRgn
GetDeviceCaps
GdiPlayDCScript
AddFontResourceW

oleaut32

VarDateFromUI4
VarUI1FromI2
VarDecRound
VarI4FromUI1
VarCyFromBool
VarBstrFromDec
VarBoolFromStr
SafeArrayGetElement
UnRegisterTypeLib
VarI2FromUI1
VarI8FromBool
SafeArrayCopy
VarI8FromR4
VariantChangeTypeEx
OleCreatePictureIndirect
VarInt
VarUI1FromR8
VarI4FromStr
VarImp
VarR8FromUI1
SafeArrayPutElement
SafeArrayGetVartype
VarDateFromCy
VarDecFromBool
RegisterTypeLib
VarUI1FromI8
VarBstrFromI8
OaBuildVersion
VarR4FromBool

msacm32

acmDriverDetailsA
acmDriverEnum
acmStreamClose
acmMessage32
acmFilterTagEnumA

icm32

CMTranslateColors

Exports

Exports

xlAutoOpen

Sections

.hrhet
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rery
Size: - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wegehrh
Size: - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ico
Size: - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 66B

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08d31493d73d9d2f2228adbc7a81739d

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

cf:d3:84:23:ae:f8:75:a1:0b:16:64:4d:05:82:97:e2Certificate

Extended Key Usages

Key Usages

b9:9c:06:79:cc:cb:b1:e0:96:06:d1:43:50:51:3b:6f:56:77:28:9aSigner

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

oleaut32

msacm32

icm32

Exports

Exports

Sections

.hrhet Size: 8KB - Virtual size: 7KB

.rery Size: - Virtual size: 512B

.wegehrh Size: - Virtual size: 512B

.ico Size: - Virtual size: 512B

.text Size: - Virtual size: 512B

.edata Size: 512B - Virtual size: 66B

.reloc Size: 512B - Virtual size: 8B

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

cf:d3:84:23:ae:f8:75:a1:0b:16:64:4d:05:82:97:e2
Certificate

b9:9c:06:79:cc:cb:b1:e0:96:06:d1:43:50:51:3b:6f:56:77:28:9a
Signer

.hrhet
Size: 8KB - Virtual size: 7KB

.rery
Size: - Virtual size: 512B

.wegehrh
Size: - Virtual size: 512B

.ico
Size: - Virtual size: 512B

.text
Size: - Virtual size: 512B

.edata
Size: 512B - Virtual size: 66B

.reloc
Size: 512B - Virtual size: 8B