JaffaCakes118_377b341ab6d8a58238c711bbc541e24967860d203485617ff1a1917e6a21d072

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_377b341ab6d8a58238c711bbc541e24967860d203485617ff1a1917e6a21d072
Size

1.5MB
MD5

2b190db0a58b22bb86c952bc69078305
SHA1

3dd399bc3598f80f3206b096b548d40c04946b53
SHA256

377b341ab6d8a58238c711bbc541e24967860d203485617ff1a1917e6a21d072
SHA512

dddf68d5ba3b669b53ce4480b5a5e05bc378c199789f756ae88fcb45eb0471602fdb0e73959603666659640131eda89b12f1a4af41e37973986fd5db8f123a55
SSDEEP

49152:/gwV+SDJgAP4m827VLkzjF0a9oVgzjFBTJfFTJfU:/gjSDJ3P4GJ

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_377b341ab6d8a58238c711bbc541e24967860d203485617ff1a1917e6a21d072
.exe windows:0 windows x86 arch:x86

fadb03432906cb0b1086222508551a23

Code Sign

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:ca
Certificate

Issuer

CN=Eldon Tyrell,1.2.840.113549.1.9.1=#0c1c656c646f6e2e747972656c6c40747972656c6c2d636f72702e636f6d

Not Before

30-03-2022 08:15

Not After

30-03-2023 08:35

Subject

CN=Eldon Tyrell,1.2.840.113549.1.9.1=#0c1c656c646f6e2e747972656c6c40747972656c6c2d636f72702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:87:7a:0a:6f:16:52:61:55:5b:ea:ae:58:97:52:12:05:e3:55:62:6f:ce:80:2d:45:24:b3:2a:09:3c:99:83
Signer

Actual PE Digest

ca:87:7a:0a:6f:16:52:61:55:5b:ea:ae:58:97:52:12:05:e3:55:62:6f:ce:80:2d:45:24:b3:2a:09:3c:99:83

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_SYSTEM

Imports

kernel32

SetDefaultCommConfigA
HeapCompact
SetPriorityClass
lstrlenA
GetDriveTypeW
BuildCommDCBAndTimeoutsA
FreeLibrary
SystemTimeToTzSpecificLocalTime
GetQueuedCompletionStatus
SetEnvironmentVariableW
CreateJobObjectW
SetTapeParameters
WriteFile
SetProcessPriorityBoost
TlsSetValue
ActivateActCtx
GlobalAlloc
LoadLibraryW
GetConsoleMode
CopyFileW
GetPrivateProfileStructW
GetConsoleWindow
GetVersionExW
IsDBCSLeadByte
lstrcatA
GetBinaryTypeW
RaiseException
GetPrivateProfileSectionNamesW
GetConsoleOutputCP
GetCurrentDirectoryW
SetLastError
VirtualAlloc
IsValidCodePage
GetConsoleDisplayMode
EnterCriticalSection
_hwrite
LoadLibraryA
BeginUpdateResourceA
PostQueuedCompletionStatus
AddAtomA
GetOEMCP
EnumDateFormatsA
GetThreadPriority
CreateIoCompletionPort
GetCommTimeouts
DebugBreakProcess
CreateMutexA
VirtualProtect
SetThreadAffinityMask
LocalSize
CopyFileExA
CommConfigDialogW
GetNamedPipeHandleStateW
GetComputerNameA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapCreate
VirtualFree
TlsGetValue
TlsAlloc
TlsFree
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetConsoleCP
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA
WriteConsoleW
SetStdHandle
CreateFileA

user32

GetAncestor

advapi32

SetThreadToken

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 597KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 708KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fadb03432906cb0b1086222508551a23

Code Sign

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:caCertificate

Extended Key Usages

Key Usages

ca:87:7a:0a:6f:16:52:61:55:5b:ea:ae:58:97:52:12:05:e3:55:62:6f:ce:80:2d:45:24:b3:2a:09:3c:99:83Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 597KB - Virtual size: 597KB

.data Size: 7KB - Virtual size: 4.0MB

.rsrc Size: 30KB - Virtual size: 30KB

.00cfg Size: 37KB - Virtual size: 37KB

.bss Size: 708KB - Virtual size: 708KB

.bss Size: 34KB - Virtual size: 34KB

.ndata Size: 34KB - Virtual size: 34KB

.ndata Size: 9KB - Virtual size: 9KB

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:ca
Certificate

ca:87:7a:0a:6f:16:52:61:55:5b:ea:ae:58:97:52:12:05:e3:55:62:6f:ce:80:2d:45:24:b3:2a:09:3c:99:83
Signer

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 597KB - Virtual size: 597KB

.data
Size: 7KB - Virtual size: 4.0MB

.rsrc
Size: 30KB - Virtual size: 30KB

.00cfg
Size: 37KB - Virtual size: 37KB

.bss
Size: 708KB - Virtual size: 708KB

.bss
Size: 34KB - Virtual size: 34KB

.ndata
Size: 34KB - Virtual size: 34KB

.ndata
Size: 9KB - Virtual size: 9KB