Static task
static1
Behavioral task
behavioral1
Sample
51eaa32612411be993de698a49c3abc6_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
51eaa32612411be993de698a49c3abc6_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
51eaa32612411be993de698a49c3abc6_JaffaCakes118
-
Size
726KB
-
MD5
51eaa32612411be993de698a49c3abc6
-
SHA1
25ee28b2095f52b134415153a7ce1374e37aa82a
-
SHA256
ac11a79a2832c9c5852e1f2b8a3acd86fed55eaf5e59caf95561ccb05ea15c75
-
SHA512
a7742a64d52c70ebd0668bc94d673b256bc7c4d9ae0fd3be844d77eda4476fd1fdb4f9b0b05f8717eb5d37a2f008c3be4859f782e584b8a33523117899f75884
-
SSDEEP
12288:YTaM4elnctRXH6zey6Q2v6MoK7LaekzDkY1Ui9e0WVkNCa/we:YTjlnyRKzF6B7LahNUiBMU5
Malware Config
Signatures
Files
-
51eaa32612411be993de698a49c3abc6_JaffaCakes118.exe windows:4 windows x86 arch:x86
9f38190b259991cfbe5eeb8dbe371a84
Code Sign
70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before29/01/1996, 00:00Not After01/08/2028, 23:59SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04/12/2003, 00:00Not After03/12/2008, 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
48:71:64:68:eb:ca:df:37:b0:19:ee:25:6d:c1:c9:e9Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before10/07/2006, 00:00Not After03/10/2007, 23:59SubjectCN=Seekmo,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Seekmo,O=Seekmo,L=Bellevue,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
43:25:fd:5d:01:61:a4:a5:c0:f3:cb:97:a5:18:da:e2:d2:92:d6:1fSigner
Actual PE Digest43:25:fd:5d:01:61:a4:a5:c0:f3:cb:97:a5:18:da:e2:d2:92:d6:1fDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
e:\061025_223343_build_cli\Client_Build_Guinness_IE7_Patch_8_60_19\source\bin\Release\SeekmoInstaller\SeekmoInstaller.pdb
Imports
kernel32
CreateProcessA
CreateEventA
GetCurrentProcessId
GetModuleFileNameA
GetShortPathNameA
Sleep
OpenEventA
OpenProcess
lstrcpynA
GetFileAttributesA
GetCurrentProcess
RemoveDirectoryA
OpenFile
GetComputerNameA
GetVolumeInformationA
GetDriveTypeA
SetErrorMode
OutputDebugStringA
GlobalAlloc
GetSystemDirectoryA
WaitForSingleObject
GetUserDefaultLangID
GetSystemDefaultLangID
FileTimeToSystemTime
DosDateTimeToFileTime
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
CreateThread
LocalFree
FormatMessageA
MulDiv
FlushInstructionCache
GlobalUnlock
GlobalLock
ReleaseMutex
CreateMutexA
MoveFileA
lstrcatA
ResumeThread
GetModuleHandleA
GetTickCount
GetFileSize
ReadFile
SetFilePointer
FreeResource
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
GetWindowsDirectoryA
HeapDestroy
HeapReAlloc
HeapSize
SetLastError
DebugBreak
ExitProcess
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
VirtualProtect
CopyFileA
lstrcpyA
LoadLibraryA
GetTempPathA
GetTempFileNameA
SetFileAttributesA
DeleteFileA
LoadLibraryExA
GetProcAddress
FreeLibrary
InterlockedDecrement
SetEvent
InterlockedIncrement
GetCurrentThreadId
lstrcmpA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
GetSystemInfo
VirtualQuery
GetOEMCP
RtlUnwind
user32
SetPropA
IsIconic
DrawIcon
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
ShowWindow
RegisterClassExA
GetClassInfoExA
LoadCursorA
CreateAcceleratorTableA
RedrawWindow
IsWindow
DestroyAcceleratorTable
GetFocus
IsChild
GetWindow
SetFocus
BeginPaint
EndPaint
InvalidateRgn
InvalidateRect
GetClientRect
EndDialog
SetCapture
ReleaseCapture
GetSysColor
DialogBoxParamA
GetParent
GetPropA
CallWindowProcA
DestroyWindow
CreateWindowExA
GetWindowLongA
SetWindowLongA
wsprintfA
SetDlgItemTextA
GetDC
ReleaseDC
GetDlgItem
GetWindowRect
ScreenToClient
SetWindowPos
GetSystemMetrics
FillRect
RemovePropA
PostMessageA
GetClassNameA
RegisterWindowMessageA
SendMessageA
GetDesktopWindow
DefWindowProcA
WaitForInputIdle
MessageBoxA
CharNextA
PostThreadMessageA
wvsprintfA
UnregisterClassA
CharUpperA
CharLowerA
FindWindowA
gdi32
CreateSolidBrush
GetStockObject
GetObjectA
GetTextExtentPoint32A
DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
advapi32
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegGetKeySecurity
RegSetKeySecurity
CryptHashData
CryptDecrypt
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegOpenKeyA
CryptDestroyHash
CryptCreateHash
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
ole32
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromString
StringFromGUID2
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CoTaskMemAlloc
oleaut32
LoadTypeLi
SysFreeString
SysAllocStringLen
SysStringByteLen
SysAllocString
SysStringLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
rpcrt4
UuidCreate
Sections
.text Size: 100KB - Virtual size: 99KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 560KB - Virtual size: 559KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ