privateloader | 23a9c76fb8ce240d7b7b1b413eb4c046_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23a9c76fb8ce240d7b7b1b413eb4c046_JaffaCakes118
Size

53.7MB
MD5

23a9c76fb8ce240d7b7b1b413eb4c046
SHA1

2ded5e3e579de8b61e81c6eb136a94f3ef974708
SHA256

6231f9d7b8989422b7576efad7880d58b8fcc7f89c42c50a881c82b7e24683ab
SHA512

eaf35c025ed5ca27b98a69e2d9984bf4cdfa31cff533841cc88bb0b8278b5d4184caed89e0e273b914ac9c2e5bbc677c734a913b9883f7241fc91e65c208102a
SSDEEP

1572864:i9n/WTsK2CfuswU1u2+vwKwW/PX0ourikPrFATUzyDx:i9/WTsKJfZwcKwSf0ouWkPrcUux

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Files

23a9c76fb8ce240d7b7b1b413eb4c046_JaffaCakes118
.exe windows:5 windows x86 arch:x86

14e3daa4777aa1efc6c14a4dad0f009a

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:5e:8f:c4:18:d9:46:9c:65:80:3d:91:1a:0c:3e:20:e6:91:e0:da
Signer

Actual PE Digest

55:5e:8f:c4:18:d9:46:9c:65:80:3d:91:1a:0c:3e:20:e6:91:e0:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\build\SetupNew\Release\Setup.pdb

Imports

kernel32

MulDiv
GetDriveTypeW
GetLogicalDriveStringsW
GetWindowsDirectoryW
lstrcpyW
GetFullPathNameW
CreateFileMappingW
GetFileSize
UnmapViewOfFile
FormatMessageW
GetVolumeInformationW
OpenProcess
CompareFileTime
GetSystemInfo
GlobalMemoryStatusEx
GetVersionExW
CreateMutexW
GetCommandLineW
TerminateProcess
CreateProcessW
FindAtomW
GlobalAddAtomW
WideCharToMultiByte
GetTickCount
GetDiskFreeSpaceExW
GetLocalTime
QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenA
SystemTimeToFileTime
GetFileSizeEx
GetFileTime
MoveFileW
MoveFileExW
GetPrivateProfileStringW
GetFileAttributesW
GetTempPathW
lstrcmpiA
lstrcmpA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetLocaleInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringA
GetStartupInfoA
SetHandleCount
GetFileType
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
GlobalFindAtomW
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetModuleHandleA
HeapCreate
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
LCMapStringW
IsValidCodePage
GlobalAlloc
GetACP
GetCPInfo
GetStartupInfoW
CreateThread
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
TlsFree
DeleteAtom
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
OutputDebugStringW
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
GlobalFree
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LoadLibraryExW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
Sleep
WriteFile
GetLastError
CreateDirectoryW
WritePrivateProfileStringW
SetFileAttributesW
GetModuleFileNameW
RemoveDirectoryW
DeleteFileW
GetSystemDirectoryW
GetProcAddress
ReadFile
SetFilePointer
GetCurrentProcessId
CreateFileW
DeviceIoControl
LoadLibraryW
MultiByteToWideChar
WaitForSingleObject
FreeLibrary
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetStdHandle
SetEndOfFile
SetFileTime
GetFileAttributesExW
MapViewOfFile
UnlockFile
LockFile
ResetEvent
SetEvent
CreateEventW
ReadProcessMemory
GetExitCodeProcess
GetLongPathNameW
GetEnvironmentVariableW
FindFirstFileW
RaiseException
FindNextFileW
FindClose
GetModuleHandleW
LocalAlloc
LocalFree
CopyFileW
GetOEMCP
GetTempFileNameW
CloseHandle
EnumSystemLocalesA

user32

GetParent
wvsprintfW
PostMessageW
MessageBoxW
GetActiveWindow
SendMessageW
UnregisterClassA
ExitWindowsEx
SendMessageTimeoutW
FindWindowW
CharNextW
IsWindow
SetWindowLongW
UpdateLayeredWindow
GetWindowThreadProcessId
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
BringWindowToTop
GetCursorPos
PtInRect
GetSystemMetrics
LoadImageW
LoadIconW
SystemParametersInfoW
IsIconic
PostQuitMessage
InflateRect
GetSystemMenu
EnableMenuItem
DialogBoxParamW
EndPaint
BeginPaint
CopyRect
KillTimer
SetWindowRgn
CreateDialogParamW
GetWindowTextLengthW
MessageBeep
SetFocus
RedrawWindow
InvalidateRect
FindWindowExW
GetWindowTextW
ReleaseDC
GetDC
PeekMessageW
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScreenToClient
GetClientRect
SetWindowPos
MoveWindow
SetWindowTextW
EndDialog
IsRectEmpty
IsWindowVisible
SetDlgItemTextW
ShowWindow
IsWindowEnabled
GetDlgItem
EnableWindow
CreateWindowExW
RegisterClassExW
CallWindowProcW
GetWindowLongW
RegisterWindowMessageW
DefWindowProcW
DestroyWindow
LoadCursorW
GetClassInfoExW

gdi32

CreatePolygonRgn
SetBkColor
ExtTextOutW
DeleteObject
SetViewportOrgEx
CreateRectRgn
DeleteDC
CombineRgn
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt

advapi32

RegQueryInfoKeyW
RegEnumKeyExA
OpenProcessToken
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
GetUserNameW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetExplicitEntriesFromAclW
GetTrusteeNameW
EqualSid
DeleteAce
LookupAccountSidW
LookupAccountNameW
RegOpenKeyW
RegEnumKeyExW
RegCloseKey
RegQueryValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExA

shell32

SHGetPathFromIDListW
ShellExecuteW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
SHCreateDirectoryExW
ord165
SHBrowseForFolderW
CommandLineToArgvW
ShellExecuteExW
ord680
SHGetSpecialFolderPathA
SHFileOperationW

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
OleRun
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysAllocString
SysFreeString
VariantInit
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysStringLen

shlwapi

PathIsPrefixW
wnsprintfW
PathAppendA
PathCombineA
SHSetValueA
PathAddBackslashW
PathFindExtensionW
StrStrIW
StrRetToStrW
PathMatchSpecW
PathIsDirectoryW
PathRemoveExtensionW
PathFindFileNameW
StrCmpIW
SHDeleteKeyW
PathRemoveFileSpecW
PathIsRelativeW
PathAppendW
PathCombineW
SHGetValueA
PathFileExistsA
PathFileExistsW
SHDeleteValueW
SHGetValueW
SHSetValueW

comctl32

InitCommonControlsEx

crypt32

CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertCloseStore
CertGetNameStringW
CertEnumCertificatesInStore
CertOpenStore
CertCompareCertificate

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcesses

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

netapi32

Netbios

setupapi

SetupIterateCabinetW

Sections

.text
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14e3daa4777aa1efc6c14a4dad0f009a

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

55:5e:8f:c4:18:d9:46:9c:65:80:3d:91:1a:0c:3e:20:e6:91:e0:daSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

crypt32

version

psapi

urlmon

iphlpapi

wininet

netapi32

setupapi

Sections

.text Size: 419KB - Virtual size: 418KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 43KB - Virtual size: 59KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 38KB - Virtual size: 37KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

55:5e:8f:c4:18:d9:46:9c:65:80:3d:91:1a:0c:3e:20:e6:91:e0:da
Signer

.text
Size: 419KB - Virtual size: 418KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 43KB - Virtual size: 59KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 38KB - Virtual size: 37KB