JaffaCakes118_3d652b1acff9a80d693b62bddb418cec06fcb1a3c7e831382e11af1d32fed751

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_3d652b1acff9a80d693b62bddb418cec06fcb1a3c7e831382e11af1d32fed751
Size

603KB
MD5

c6aadbfc24bd504389d54a579f5108d3
SHA1

2ba53abe2e3880c625629ff12b122b51e678f3b3
SHA256

3d652b1acff9a80d693b62bddb418cec06fcb1a3c7e831382e11af1d32fed751
SHA512

c93150d940f71d6d62a31e12f44df44787069fb7ea156a102f4a6979fb0c1d597cfd0c453a2e43f66f38ea398fef90b97f234cc781e47cb42448ed0607a09fae
SSDEEP

12288:pf7Rf5HwpH/0cXmBoIKuE4QnzIovuUryR1E:pV9C/0cXmBEzmRy

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_3d652b1acff9a80d693b62bddb418cec06fcb1a3c7e831382e11af1d32fed751
.dll regsvr32 windows:6 windows x64 arch:x64

636c9ded01cdf6a0150c2a6661f44c55

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:ec:fc:7e:11:28:31:f7:45:e1:e2:29:71:5d:69:21
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-01-2022 00:00

Not After

28-01-2023 23:59

Subject

CN=CLARK ACCOMMODATION LIMITED,O=CLARK ACCOMMODATION LIMITED,ST=East Riding of Yorkshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

93:8c:86:3b:60:23:6d:ec:2e:f8:fd:0d:f0:0b:d4:cc:bb:9a:e2:ea
Signer

Actual PE Digest

93:8c:86:3b:60:23:6d:ec:2e:f8:fd:0d:f0:0b:d4:cc:bb:9a:e2:ea

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
FindNextFileA
FindClose
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetProcessHeap
GetTickCount
GetCurrentThread
AreFileApisANSI
GetCurrentProcessorNumber
SwitchToThread
GetUserDefaultUILanguage
IsSystemResumeAutomatic
GetACP
UnregisterApplicationRestart
GetCurrentThreadId
GetUserDefaultLangID
GetThreadLocale
SetFileApisToOEM
GetEnvironmentStringsW
GetOEMCP
GetSystemDefaultUILanguage
GetCommandLineA
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
GetSystemDirectoryA
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
lstrcmpiW
FreeLibrary
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetModuleHandleExW
GetTickCount64
LoadLibraryA
SetStdHandle
CreateFileW
WriteConsoleW
MultiByteToWideChar
RtlUnwind
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
FreeEnvironmentStringsW
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetCPInfo
GetStringTypeW
LCMapStringEx
EncodePointer
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCommandLineW

user32

GetDialogBaseUnits
GetActiveWindow
IsWow64Message
GetClipboardViewer
GetCursor
IsProcessDPIAware
CloseClipboard
AnyPopup
GetMessageTime
CreateMenu
GetForegroundWindow
CountClipboardFormats
SetCursor
LoadCursorW
CharNextW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemFree

oleaut32

VarUI4FromStr

wininet

InternetQueryDataAvailable

Exports

Exports

DllGetClassObject
DllRegisterServer
PluginInit
RunObject
ajmwvwge
avfxvavr
bffmjtmmsvsdwnt
bpaszkjzsfwzy
cbvyoyxk
chfdtduqmzqi
ckiarmaidueommyn
cnvzffpclrkafh
cotcwvynl
dohhecaz
dowruoxbdjvv
dqmxslggwh
dvdeiiknhir
dvgfbvznupyzben
eadgephr
enqvbeylil
enzquinhxgnut
eozqxdndinbv
eqcvdayt
eqkznoqmzvalqsrf
ezdhugwlctgnh
fhkofcf
frxkzzrykkvmhwxfh
ganonumiysckvrbu
glyjvgcvhhynolboj
gmjnxlb
gssuosvdizr
gsweaue
gwhwqkfktnttu
hbmemckaj
hdhjjfz
hnvalmod
hseseou
icrvtuo
iriksvmfnvl
jzdvjar
keaslpvi
krsugezpo
kwvifmlbdgnktmxjh
kzlgpwxxa
lgfsvucsmp
libtjlbsxumpd
mamgcadj
mgebpoaiibqfoxas
mmlmrpdr
mmthudpmbtocxoxn
mvlylsykuzquvoup
mykwnvzhjw
necmkrwrd
njmsntyzvmlnghcb
ntmiqugkdby
ntoephiad
oflfjeizyo
owdzniag
padxjaogg
pgvtqgmcroogkej
picvhfttu
pzwefmcfk
qalmaebdyvia
rgptfuul
rxqbxiu
stbbtwlj
tashcxxbqtlwpmjma
tgkigrtqjbaqy
tjhgxluzqg
tlqgsrogwixefazt
tmibriikdbf
tuymfvwdfulrk
twaqhkwsmpmgodtxq
tyiulbuozlmnmf
uarjqiplwtjfhpjhn
uccxjposzs
ugfdrzxj
uhwtbrictutlx
unmiiccjqtokmxoyk
urscjpzumqtq
uzmqmdkppqzvb
vcedtucyneyrs
vqtslhgmcqsbhpf
vrnkmop
wdbqavbuvvclmy
wqbyawj
wqqfayxormtvbxou
xcrdskhxsr
xsdnouvu
yicoyoxmogjcqvphd
yjydsvwkqaskuxhjl
yocityiuhwuvkcta
yrwnqohaybvdzml
ytmymaps
yyzvnrp
zcydynczsyqpaxmrd
zojkcpfmbfza
zxwaxcpz

Sections

.text
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

636c9ded01cdf6a0150c2a6661f44c55

Code Sign

01Certificate

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

f3:ec:fc:7e:11:28:31:f7:45:e1:e2:29:71:5d:69:21Certificate

Extended Key Usages

Key Usages

93:8c:86:3b:60:23:6d:ec:2e:f8:fd:0d:f0:0b:d4:cc:bb:9a:e2:eaSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 260KB

.rdata Size: 210KB - Virtual size: 210KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 10KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 97KB - Virtual size: 97KB

.reloc Size: 3KB - Virtual size: 2KB

01
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

f3:ec:fc:7e:11:28:31:f7:45:e1:e2:29:71:5d:69:21
Certificate

93:8c:86:3b:60:23:6d:ec:2e:f8:fd:0d:f0:0b:d4:cc:bb:9a:e2:ea
Signer

.text
Size: 260KB - Virtual size: 260KB

.rdata
Size: 210KB - Virtual size: 210KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 10KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 97KB - Virtual size: 97KB

.reloc
Size: 3KB - Virtual size: 2KB