General

Malware Config

Signatures

Files

• 58bf203410bc022b72c170dee3eb0fb8_JaffaCakes118

  .zip

  Password: infected

• eleonorev1.4.4 mod/el144/404.php
• eleonorev1.4.4 mod/el144/432.js

  .js
• eleonorev1.4.4 mod/el144/5734.jar

  .jar
• eleonorev1.4.4 mod/el144/Bol.CAB

  .cab
• Bol Downloader.ocx

  .dll regsvr32 windows:4 windows x86 arch:x86

  94d0297a571a7736a2354665a72fbd8c

  
  

  Code Sign

  70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  29-01-1996 00:00

  Not After

  01-08-2028 23:59

  Subject

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2013 23:59

  Subject

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88

  Certificate

  Issuer

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2008 23:59

  Subject

  CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  16-07-2004 00:00

  Not After

  15-07-2009 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  71:fb:ef:ca:7e:b7:0a:3e:3c:51:15:8a:1f:f3:8a:f4

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

  Not Before

  15-09-2005 00:00

  Not After

  16-09-2006 23:59

  Subject

  CN=Rediff.com India Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=India,O=Rediff.com India Limited,L=Mumbai,ST=Maharashtra,C=IN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  Signer

  Actual PE Digest

  Digest Algorithm

  PE Digest Matches

  false

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  user32

  RemovePropA

  GetClassLongA

  CreateWindowExA

  GetDlgCtrlID

  GetWindowTextA

  GetDlgItem

  RegisterClassA

  GetClassInfoA

  WinHelpA

  GetTopWindow

  GetPropA

  SetPropA

  AdjustWindowRectEx

  SetFocus

  SetActiveWindow

  MapWindowPoints

  SendDlgItemMessageA

  LoadIconA

  IsDialogMessageA

  SetWindowTextA

  MoveWindow

  ClientToScreen

  GetWindowDC

  BeginPaint

  GetMessageTime

  EqualRect

  EndPaint

  GetMessagePos

  UnregisterClassA

  InsertMenuA

  GetMenuStringA

  GetSysColorBrush

  LoadStringA

  DestroyIcon

  CharUpperA

  AppendMenuA

  RemoveMenu

  GetTabbedTextExtentA

  GetDialogBaseUnits

  GetDCEx

  SetForegroundWindow

  RegisterWindowMessageA

  DestroyWindow

  UnhookWindowsHookEx

  wsprintfA

  GetMenuCheckMarkDimensions

  LoadBitmapA

  GetMenuState

  ModifyMenuA

  SetMenuItemBitmaps

  CheckMenuItem

  EnableMenuItem

  GetFocus

  GetNextDlgTabItem

  GetMessageA

  TranslateMessage

  DispatchMessageA

  GetActiveWindow

  GetKeyState

  CallNextHookEx

  PeekMessageA

  GetCursorPos

  SetWindowsHookExA

  GetParent

  IsWindow

  GetWindowLongA

  MessageBoxA

  SetCursor

  SendMessageA

  PostMessageA

  PostQuitMessage

  EnableWindow

  GetForegroundWindow

  GetWindow

  GetWindowPlacement

  GetClassNameA

  SetRect

  GrayStringA

  EndDialog

  CreateDialogIndirectParamA

  SystemParametersInfoA

  DrawTextA

  TabbedTextOutA

  SetRectEmpty

  ReleaseDC

  GetCapture

  ReleaseCapture

  SetCapture

  LoadCursorA

  PtInRect

  GetSystemMetrics

  RegisterClipboardFormatA

  ScreenToClient

  IsChild

  IsRectEmpty

  IntersectRect

  FillRect

  DestroyMenu

  GetSysColor

  GetDesktopWindow

  GetMenuItemCount

  GetMenu

  GetSubMenu

  GetMenuItemID

  UpdateWindow

  InflateRect

  GetWindowRect

  ShowWindow

  OffsetRect

  InvalidateRect

  DrawEdge

  SetParent

  SetWindowPos

  IsIconic

  DefWindowProcA

  SetWindowLongA

  EnumChildWindows

  CallWindowProcA

  LockWindowUpdate

  IsWindowVisible

  ValidateRect

  GetDC

  GetClientRect

  CopyRect

  GetLastActivePopup

  IsWindowEnabled

  CreateMenu

  gdi32

  CreateFontA

  SetRectRgn

  GetDeviceCaps

  LPtoDP

  CreateBitmap

  CloseMetaFile

  DeleteDC

  DeleteMetaFile

  CreateMetaFileA

  PtVisible

  RectVisible

  CombineRgn

  ExtTextOutA

  Escape

  TextOutA

  GetClipBox

  SetTextColor

  SaveDC

  RestoreDC

  GetStockObject

  CreateRectRgnIndirect

  SelectObject

  SetBkMode

  SetMapMode

  SetROP2

  OffsetViewportOrgEx

  SetViewportExtEx

  SetViewportOrgEx

  SetWindowOrgEx

  ScaleViewportExtEx

  ScaleWindowExtEx

  SelectClipRgn

  SetWindowExtEx

  MoveToEx

  GetCurrentPositionEx

  DeleteObject

  CreateRectRgn

  CreatePen

  CreateSolidBrush

  CreatePatternBrush

  CopyMetaFileA

  CreateDCA

  GetTextMetricsA

  GetTextExtentPoint32A

  GetTextAlign

  CreateFontIndirectA

  PatBlt

  UnrealizeObject

  Rectangle

  SetBkColor

  GetObjectA

  shell32

  ExtractIconA

  ShellExecuteA

  ole32

  StgCreateDocfileOnILockBytes

  CreateILockBytesOnHGlobal

  OleLoadFromStream

  ReadClassStm

  OleDuplicateData

  CoCreateInstance

  CreateStreamOnHGlobal

  ReadFmtUserTypeStg

  StringFromCLSID

  CreateOleAdviseHolder

  ReleaseStgMedium

  CreateDataAdviseHolder

  OleDestroyMenuDescriptor

  OleCreateMenuDescriptor

  CoDisconnectObject

  CoTaskMemFree

  OleSaveToStream

  CoTaskMemAlloc

  CreateDataCache

  CoRevokeClassObject

  CoRegisterClassObject

  StringFromGUID2

  oleaut32

  SysAllocStringByteLen

  SysStringLen

  SysAllocStringLen

  VariantCopy

  SysAllocString

  VariantChangeType

  VariantClear

  LoadTypeLi

  RegisterTypeLi

  SysStringByteLen

  SysFreeString

  LoadRegTypeLi

  kernel32

  GetFileAttributesA

  GlobalSize

  CopyFileA

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  GetCPInfo

  GetOEMCP

  GetShortPathNameA

  GetFileSize

  GetFileTime

  SizeofResource

  GetProfileIntA

  GetTimeZoneInformation

  GetSystemTime

  GetLocalTime

  GetCommandLineA

  ExitProcess

  TerminateProcess

  HeapFree

  CreateThread

  ExitThread

  HeapAlloc

  RaiseException

  HeapSize

  HeapReAlloc

  GetACP

  SetStdHandle

  GetFullPathNameA

  RtlUnwind

  GetVolumeInformationA

  SetHandleCount

  GetStdHandle

  GetStartupInfoA

  FreeEnvironmentStringsA

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  GetEnvironmentStringsW

  HeapDestroy

  HeapCreate

  VirtualFree

  VirtualAlloc

  IsBadWritePtr

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStringTypeA

  GetStringTypeW

  IsBadReadPtr

  IsBadCodePtr

  CompareStringA

  CompareStringW

  SetEnvironmentVariableA

  ResetEvent

  ResumeThread

  FindFirstFileA

  FindClose

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  SetFilePointer

  WriteFile

  ReadFile

  CreateFileA

  GetCurrentProcess

  DuplicateHandle

  GetProcessVersion

  WritePrivateProfileStringA

  GlobalFlags

  SetErrorMode

  TlsGetValue

  LocalReAlloc

  TlsSetValue

  GlobalReAlloc

  TlsFree

  GlobalHandle

  TlsAlloc

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  LocalAlloc

  lstrcpynA

  EnterCriticalSection

  GetLastError

  FormatMessageA

  LocalFree

  MulDiv

  SetLastError

  TerminateThread

  LoadLibraryA

  LoadResource

  FreeLibrary

  FindResourceA

  lstrcatA

  LockResource

  GetVersion

  GlobalFindAtomA

  GlobalGetAtomNameA

  GlobalAddAtomA

  GetUserDefaultLCID

  GetModuleHandleA

  GetProcAddress

  GlobalUnlock

  IsDBCSLeadByte

  GlobalFree

  GetFileType

  WideCharToMultiByte

  GetCurrentThreadId

  GetCurrentThread

  InterlockedDecrement

  lstrlenW

  lstrlenA

  MultiByteToWideChar

  lstrcpyA

  SuspendThread

  InterlockedIncrement

  CreateEventA

  CloseHandle

  SetThreadPriority

  SetEvent

  GlobalAlloc

  GetModuleFileNameA

  GlobalLock

  lstrcmpiA

  GlobalDeleteAtom

  lstrcmpA

  LCMapStringA

  LCMapStringW

  WaitForSingleObject

  comctl32

  ord17

  olepro32

  ord251

  ord252

  ord250

  ord253

  urlmon

  URLDownloadToCacheFileA

  wininet

  HttpSendRequestA

  HttpOpenRequestA

  InternetCloseHandle

  InternetCanonicalizeUrlA

  InternetConnectA

  InternetOpenA

  InternetCrackUrlA

  winspool.drv

  OpenPrinterA

  ClosePrinter

  DocumentPropertiesA

  comdlg32

  GetFileTitleA

  advapi32

  RegCloseKey

  RegEnumKeyA

  RegOpenKeyA

  RegSetValueExA

  RegCreateKeyExA

  RegSetValueA

  RegCreateKeyA

  RegDeleteKeyA

  RegOpenKeyExA

  RegQueryValueA

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  Sections

  .text

  Size: 172KB - Virtual size: 169KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 48KB - Virtual size: 47KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 12KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 8KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 28KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Bol.inf
• eleonorev1.4.4 mod/el144/GeoIP.dat
• eleonorev1.4.4 mod/el144/config.php
• eleonorev1.4.4 mod/el144/crypt.php

  .js
• eleonorev1.4.4 mod/el144/dx_ds.gif
• eleonorev1.4.4 mod/el144/exp.php

  .js
• eleonorev1.4.4 mod/el144/functions.php
• eleonorev1.4.4 mod/el144/geoip.php

  .js
• eleonorev1.4.4 mod/el144/i/1.png

  .png
• eleonorev1.4.4 mod/el144/i/Thumbs.db
• eleonorev1.4.4 mod/el144/i/clear.gif

  .gif
• eleonorev1.4.4 mod/el144/i/country.gif

  .gif
• eleonorev1.4.4 mod/el144/i/file.gif

  .gif
• eleonorev1.4.4 mod/el144/i/footer.jpg

  .jpg
• eleonorev1.4.4 mod/el144/i/form_inputtext.jpg

  .jpg
• eleonorev1.4.4 mod/el144/i/heading_background.jpg

  .jpg
• eleonorev1.4.4 mod/el144/i/ifr.gif

  .gif
• eleonorev1.4.4 mod/el144/i/index.css
• eleonorev1.4.4 mod/el144/i/logout.gif

  .gif
• eleonorev1.4.4 mod/el144/i/main.gif

  .gif
• eleonorev1.4.4 mod/el144/i/referer.gif

  .gif
• eleonorev1.4.4 mod/el144/i/sell.gif

  .gif
• eleonorev1.4.4 mod/el144/i/submit.jpg

  .jpg
• eleonorev1.4.4 mod/el144/i/wrapper-a.jpg

  .jpg
• eleonorev1.4.4 mod/el144/i/wrapper-b.gif

  .gif
• eleonorev1.4.4 mod/el144/index.php
• eleonorev1.4.4 mod/el144/install.php

  .html
• eleonorev1.4.4 mod/el144/load.php
• eleonorev1.4.4 mod/el144/load/load.dat
• eleonorev1.4.4 mod/el144/nem2378pdf

  .pdf
• eleonorev1.4.4 mod/el144/pdf.php
• eleonorev1.4.4 mod/el144/readme.txt
• eleonorev1.4.4 mod/el144/robots.txt
• eleonorev1.4.4 mod/el144/sellrs.php
• eleonorev1.4.4 mod/el144/site.php
• eleonorev1.4.4 mod/el144/soc.php

  .vbs
• eleonorev1.4.4 mod/el144/stat.php

  .js
• eleonorev1.4.4 mod/el144/up/ff_add.php
• eleonorev1.4.4 mod/el144/up/src/chrome.manifest
• eleonorev1.4.4 mod/el144/up/src/chrome/content/dlhelper.js

  .js
• eleonorev1.4.4 mod/el144/up/src/chrome/content/dlhelper.xul
• eleonorev1.4.4 mod/el144/up/src/install.rdf
• eleonorev1.4.4 mod/el144/x.x

  .js
• eleonorev1.4.4 mod/fudfiles/1ebb.jar

  .jar
• eleonorev1.4.4 mod/fudfiles/432.js

  .js
• eleonorev1.4.4 mod/fudfiles/8c9d.jar

  .jar
• eleonorev1.4.4 mod/fudfiles/crypt.php

  .js
• eleonorev1.4.4 mod/fudfiles/exp.php

  .js
• eleonorev1.4.4 mod/fudfiles/functions.php
• eleonorev1.4.4 mod/fudfiles/nem2378pdf

  .pdf
• eleonorev1.4.4 mod/fudfiles/pdf.php