07777b7a8040ee68007b426cae88bb18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07777b7a8040ee68007b426cae88bb18_JaffaCakes118
Size

3.0MB
MD5

07777b7a8040ee68007b426cae88bb18
SHA1

5f94531b5df302074fbc7d19fd1bf9d1659c3677
SHA256

c240add4d7dc2d57d89afb5f47edb671b441f680563a08ed8144306654c9f10a
SHA512

517ed51826c1b4b27292d3f9df0176e2cbaa3435c30fca6f6fafb0bd427e02ca227589efe61c83cbba636d802ddfe76d6d0462721313890bc47f6dd0bef50a55
SSDEEP

49152:Ns5giVRlfSz4uxpn+a2yMuZgdDOtgaDlFEiSv0j7ndBVk1OyJhWHV5:WnRlfWZn+aQxdDeFzSvUnTQOChWHV5

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SharkBot 1.9.3/Component Register.exe
unpack001/SharkBot 1.9.3/MSSTDFMT.DLL
unpack001/SharkBot 1.9.3/SHDOCVW.DLL

Files

07777b7a8040ee68007b426cae88bb18_JaffaCakes118
.rar
SharkBot 1.9.3/Component Register.exe
.exe windows:4 windows x86 arch:x86

b4eae13e6ecb6fd25f7856ee92a80605

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaStrToAnsi
__vbaVarDup
ord617
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SharkBot 1.9.3/Frasi.ini
SharkBot 1.9.3/FrasiO.ini
SharkBot 1.9.3/Impostazioni.ini
SharkBot 1.9.3/MSSTDFMT.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

76114d56c8c1282d8a004aefa0d9031b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetLocaleInfoW
FreeLibrary
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
GetVersion
GetFileAttributesA
lstrcatA
GetModuleFileNameA
IsDBCSLeadByte
MultiByteToWideChar
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GetLastError
LockResource
LoadResource
FindResourceA
GetModuleHandleA
CompareStringW
LeaveCriticalSection
EnterCriticalSection
EnumSystemLocalesA
lstrcpynA
EnumDateFormatsA
CompareStringA
lstrcmpA
EnumTimeFormatsA
lstrlenA
InterlockedIncrement
InterlockedDecrement
HeapAlloc
GetLocaleInfoA
GetProcessHeap
GetThreadLocale
HeapFree
HeapReAlloc
lstrcpyA
GetSystemTime
lstrcmpiA
WideCharToMultiByte
lstrlenW

user32

ReleaseCapture
SetCapture
CallWindowProcA
PtInRect
GetFocus
InvalidateRect
MessageBoxA
GetDlgItemTextA
GetCapture
EqualRect
ShowWindow
SetDlgItemTextA
GetWindowRect
SetParent
SetWindowLongA
CharNextA
GetDC
ReleaseDC
UnregisterClassA
DestroyWindow
GetSystemMetrics
SetWindowRgn
IntersectRect
GetActiveWindow
OffsetRect
ClientToScreen
BeginPaint
MoveWindow
SetFocus
SetWindowPos
GetClientRect
EndPaint
CreateWindowExA
GetDlgItemInt
RegisterClassA
GetWindowLongA
CreateDialogIndirectParamA
IsDlgButtonChecked
IsWindowEnabled
GetKeyState
IsChild
IsDialogMessageA
GetNextDlgTabItem
GetWindow
LoadStringA
WinHelpA
SetDlgItemInt
ScrollWindowEx
wsprintfA
SendMessageA
SendDlgItemMessageA
GetDlgItem
EnableWindow
IsWindowVisible
GetParent
DefWindowProcA

ole32

CreateOleAdviseHolder
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc

advapi32

RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SetErrorInfo
LoadRegTypeLi
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SystemTimeToVariantTime
OleLoadPicture
RegisterTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
VariantChangeType
VariantChangeTypeEx
SafeArrayDestroy
SysAllocStringLen
VariantInit
SysReAllocStringLen
SysAllocString
SysStringLen
VariantCopy
SysFreeString
VariantClear
OleCreatePropertyFrame

gdi32

SetMapMode
LPtoDP
DeleteDC
SetWindowOrgEx
SetViewportOrgEx
CreateDCA
SetViewportExtEx
GetDeviceCaps
SetWindowExtEx
GetViewportExtEx
GetWindowExtEx
CreateRectRgnIndirect

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SharkBot 1.9.3/RegComponent.bat
SharkBot 1.9.3/SHDOCVW.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

eb2bef47b927b97beb626d416d4a3a8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExW
GetVersionExA
ExitProcess
GetSystemTime
LocalFileTimeToFileTime
ReleaseMutex
SetEvent
WaitForSingleObject
FindClose
GetFileSize
ReadFile
SetFilePointer
SetCurrentDirectoryA
DebugBreak
HeapDestroy
GlobalUnlock
GlobalLock
GlobalFlags
GlobalSize
GlobalReAlloc
SetLastError
IsBadReadPtr
GetLocalTime
IsBadWritePtr
OpenSemaphoreA
FileTimeToSystemTime
OpenMutexA
UnhandledExceptionFilter
CreateSemaphoreA
ReleaseSemaphore
ResetEvent
SetErrorMode
GetCurrentDirectoryA
DisableThreadLibraryCalls
GetDateFormatA
RtlUnwind
FileTimeToLocalFileTime
IsBadCodePtr
GetTimeFormatA
InterlockedExchange
GetCurrentProcessId
LoadLibraryA
SystemTimeToFileTime
WriteFile
CreateDirectoryA
CreateFileA
IsDBCSLeadByte
LeaveCriticalSection
InterlockedIncrement
DeleteCriticalSection
InterlockedDecrement
LocalFree
EnterCriticalSection
LocalSize
lstrlenW
LocalAlloc
GlobalFree
GetLastError
GlobalAlloc
GetProcAddress
GetUserDefaultLCID
FreeLibrary
WideCharToMultiByte
MulDiv
lstrcpynA
Sleep
CreateMutexA
GetTickCount
LocalReAlloc
GetACP
CloseHandle
GetWindowsDirectoryA
lstrcmpiA
lstrlenA
lstrcmpA
GetCurrentThreadId
GetSystemDirectoryA
MultiByteToWideChar
GetSystemInfo
CreateThread
GetSystemTimeAsFileTime
CompareFileTime
GetSystemDefaultLCID
GetLocaleInfoW
GetModuleHandleA
InitializeCriticalSection
CreateEventA
RaiseException

shlwapi

UrlCombineA
ord51
ord286
ord218
PathIsURLW
UrlGetLocationW
ord376
StrToIntW
ord281
ord158
ord28
UrlHashW
ord156
StrRChrW
ord39
ord154
ord360
ord137
StrChrIA
ord41
ord352
ord351
ord350
SHDeleteValueW
wvnsprintfA
ord341
ord403
ord57
ord305
ord354
wvnsprintfW
SHOpenRegStream2W
ord81
ord401
ord263
PathParseIconLocationW
PathAppendW
PathIsPrefixW
PathSearchAndQualifyW
ord73
ord112
ord296
ord89
PathRenameExtensionW
SHCreateStreamWrapper
ord12
ord96
ord313
ord65
ord370
ord236
ord74
ord369
StrPBrkW
ord98
AssocQueryStringW
UrlCombineW
UrlIsW
StrTrimA
ord295
ord260
PathGetArgsW
ord121
ord119
StrCpyW
ord306
ord43
ord362
ord177
ord195
ord363
ord197
ord61
ord91
ord53
ord312
ord103
ord113
SHCreateStreamOnFileW
PathCompactPathExW
ord132
ord355
SHSkipJunction
ord269
UrlEscapeW
AssocCreate
ord342
PathIsContentTypeW
ord216
UrlCreateFromPathW
ord206
ord241
ord242
AssocQueryKeyW
ord167
ord189
ord304
ord188
ord274
ord347
ord366
ord280
ord372
ord371
ord48
ord315
SHRegDuplicateHKey
ord278
ord10
ord9
ord8
ord439
StrToIntExA
UrlUnescapeA
UrlUnescapeW
SHRegEnumUSValueW
UrlApplySchemeW
ord248
ord398
StrCSpnW
StrSpnW
ord367
ord368
ord85
ord214
ord310
PathRemoveExtensionA
HashData
ord361
ord289
ord266
ord223
ord222
ord357
ord353
ord319
PathCombineA
PathIsURLA
PathRemoveBackslashW
ord93
PathIsFileSpecW
ord431
ord378
ord418
ord414
ord416
ord239
SHCreateShellPalette
StrFormatKBSizeW
ord311
ChrCmpIW
ord229
ord138
ord149
ord108
ord106
ord425
ord427
ord426
ord394
ord116
ord60
ord283
PathCreateFromUrlW
PathRemoveFileSpecW
ord56
ord299
SHGetValueW
ord97
PathCombineW
ord75
ord335
ord193
ord139
ord303
ord192
ord302
ord120
SHQueryValueExW
SHSetValueW
ord123
ord125
ord128
ord436
StrStrIW
ord15
wnsprintfW
ord124
SHEnumValueW
ord83
ord340
ord168
ord198
ord55
ord100
ord237
ord181
ord186
ord68
StrToIntExW
ord373
ord90
ord294
SHDeleteValueA
SHDeleteKeyA
PathRemoveFileSpecA
SHDeleteOrphanKeyA
ord126
SHGetValueA
wnsprintfA
SHSetValueA
StrCmpNIA
PathFindFileNameA
StrCatBuffA
SHQueryValueExA
ord437
PathAddBackslashW
StrRetToStrW
ord36
ord314
StrRetToBufW
StrTrimW
PathCommonPrefixW
ord333
ord140
ord87
ord134
ord334
PathRemoveExtensionW
StrCatW
ord308
PathIsRelativeW
ord215
ord52
ord72
ord331
PathCompactPathW
ord67
ord231
SHCreateThread
ord99
ord49
ord336
PathUndecorateW
ord130
StrFromTimeIntervalW
StrFormatByteSizeW
PathQuoteSpacesW
ord165
ord143
ord2
StrChrIW
StrCatBuffW
StrStrW
SHStrDupW
SHRegSetUSValueW
ord105
ord107
ord101
ord59
ord212
ord184
ord94
ord37
ord234
ord141
ord71
StrCmpW
UrlCompareW
StrDupW
StrCmpNIW
StrChrW
ord346
ord318
PathFindExtensionW
ord287
PathFindFileNameW
ord276
ord175
ord249
PathFileExistsW
ord102
ord171
ord84
ord178
ord240
ord282
ord284
ord174
ord133
ord163
SHRegGetUSValueW
UrlGetPartW
StrCmpIW
ord117
ord169
StrCpyNW
ord136
ord164
ord199
ord172
ord204
ord176
ord219
ord161
ord221
ord220
ord173
PathUnquoteSpacesW
ord95
PathRemoveBlanksW
ord196
ord40
ord146
StrCmpNW
StrStrIA
ord79
ord13
ord127
ord217
SHRegOpenUSKeyW
ord122
StrDupA
SHRegGetBoolUSValueW
SHRegDeleteUSValueW
SHRegCloseUSKey
ord338
UrlCanonicalizeW
ord50
ord24
ord298
ord80
ord389
SHDeleteKeyW
ord406
ord104
ord309
ord402
ord135
UrlIsNoHistoryW
ord76
PathIsDirectoryW
ord243
ord1

gdi32

SetPaletteEntries
SelectPalette
GetStockObject
RealizePalette
GetDeviceCaps
CreatePalette
DeleteObject
SetBkMode
SetBkColor
LineTo
MoveToEx
SelectObject
RestoreDC
SetTextColor
SetViewportOrgEx
SetMapMode
IntersectClipRect
SaveDC
CreateDCA
LPtoDP
SetWindowExtEx
GetPaletteEntries
CloseMetaFile
SetWindowOrgEx
CloseEnhMetaFile
CreateEnhMetaFileA
CreateRectRgnIndirect
Rectangle
DeleteDC
StretchBlt
CreateCompatibleDC
BitBlt
DeleteMetaFile
GetTextCharset

user32

InsertMenuW
InsertMenuA
LoadMenuW
LoadMenuA
SendMessageTimeoutW
RedrawWindow
SendMessageTimeoutA
wsprintfW
GetWindowThreadProcessId
EqualRect
SetWindowRgn
CopyRect
SetRectEmpty
ChangeClipboardChain
DrawIconEx
UpdateWindow
IsRectEmpty
GetKeyState
GetMessagePos
SetMenuDefaultItem
SetClipboardViewer
OffsetRect
IntersectRect
GetSystemMetrics
ChildWindowFromPoint
EnumWindows
GetActiveWindow
CharNextA
CharLowerBuffA
GetLastActivePopup
DdeNameService
DdeUninitialize
DdeFreeStringHandle
DdeConnect
DdeClientTransaction
DdeDisconnect
GetForegroundWindow
DdeGetData
DdeCreateDataHandle
LoadStringA
IsIconic
MsgWaitForMultipleObjects
GetWindowPlacement
SetWindowPlacement
CreatePopupMenu
CheckMenuRadioItem
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetSysColorBrush
FillRect
GetAsyncKeyState
GetShellWindow
ShowWindowAsync
AdjustWindowRect
MapWindowPoints
GetWindow
SetParent
IsChild
DestroyIcon
PostQuitMessage
WaitMessage
GetSystemMenu
InflateRect
MoveWindow
MessageBeep
EndDialog
CreateMenu
RemoveMenu
CharPrevA
GetDesktopWindow
GetWindowRect
SetForegroundWindow
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetSubMenu
GetMenuItemID
CheckMenuItem
EnableMenuItem
GetDlgCtrlID
ScreenToClient
ChildWindowFromPointEx
TranslateMessage
GetWindowLongA
GetDlgItem
EnableWindow
KillTimer
SetTimer
IsWindow
BeginPaint
EndPaint
SetCursor
GetParent
GetDC
ReleaseDC
IsWindowVisible
IsWindowEnabled
SetWindowPos
GetCapture
SetRect
InvalidateRect
GetClientRect
GetMenuItemCount
DestroyWindow
SetFocus
GetFocus
ShowWindow
UnionRect
PtInRect
GetNextDlgTabItem
GetSysColor

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumValueA

comctl32

ImageList_Destroy
ord332
ImageList_LoadImageW
ord334
ord236
ord327
ord339
ord234
ord337
ord335
ord72
ord71
ord73
ord326
ord388
ord325
ord322
ord321
ord331
ord10
ord9
ord338
ord11
ord385
ord414
ImageList_ReplaceIcon
ord323
ord320
ord324
ord413
ord412
ord410
ord386
ord328
PropertySheetW
ord336
ord329
ImageList_GetIconSize
ImageList_DrawEx
DestroyPropertySheetPage
ImageList_GetIcon
ImageList_Create
ImageList_SetBkColor
ImageList_SetOverlayImage
InitCommonControlsEx
CreatePropertySheetPageW

shell32

ord102
ord155
ord24
ord25
ord17
ord59
ord90
ord100
ord196
ord152
ord23
ord4
SHGetSpecialFolderLocation
ord16
ord77
ord129
ord132
ord136
ord89
ord195
ShellExecuteA
ord74
ord26
ord165
ord19
ord67
ord88
ord151
ord137
ord21
ShellExecuteW
ord27
SHGetFileInfoA
ord71
ord153
ord18
ord134
SHLoadInProc
ord131
ord72
ord157
ord171
ord147
ord175
ord162
ord63
ord85
ord75
ord62
ord73
ord174
SHGetDesktopFolder

Exports

Exports

AddUrlToFavorites
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllRegisterWindowClasses
DllUnregisterServer
DoAddToFavDlg
DoAddToFavDlgW
DoFileDownload
DoFileDownloadEx
DoOrganizeFavDlg
DoOrganizeFavDlgW
HlinkFindFrame
HlinkFrameNavigate
HlinkFrameNavigateNHL
IEWriteErrorLog
OpenURL
SHAddSubscribeFavorite
SHGetIDispatchForFolder
SetQueryNetSessionCount
SetShellOfflineState
SoftwareUpdateMessageBox
URLQualifyA
URLQualifyW

Sections

.text
Size: 616KB - Virtual size: 615KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SharkBot 1.9.3/vbs2008.zip
.zip
vbsetup.exe
.exe windows:5 windows x86 arch:x86

092eb6daba2f17cbda102fd1a32acd00

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:9d:cf:83:a9:da:de:be:84:0d:d1:86:0a:38:79:78:2f:be:c5:2b
Signer

Actual PE Digest

6b:9d:cf:83:a9:da:de:be:84:0d:d1:86:0a:38:79:78:2f:be:c5:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateFileA
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
ExpandEnvironmentStringsA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CloseHandle
DeviceIoControl
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetErrorMode
GetTickCount
CreateDirectoryA
GetLastError
RemoveDirectoryA
MoveFileExA
SetFilePointer
FindClose
ReadFile

msvcrt

strchr
_strnicmp
_stricmp
strrchr
_strlwr
strncpy
strstr
_snprintf
sprintf

advapi32

AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA

ntdll

NtShutdownSystem
NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4eae13e6ecb6fd25f7856ee92a80605

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 24KB

76114d56c8c1282d8a004aefa0d9031b

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 6KB

eb2bef47b927b97beb626d416d4a3a8e

Headers

File Characteristics

Imports

kernel32

shlwapi

gdi32

user32

advapi32

comctl32

shell32

Exports

Exports

Sections

.text Size: 616KB - Virtual size: 615KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 256KB - Virtual size: 256KB

.reloc Size: 36KB - Virtual size: 35KB

092eb6daba2f17cbda102fd1a32acd00

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

6b:9d:cf:83:a9:da:de:be:84:0d:d1:86:0a:38:79:78:2f:be:c5:2bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

user32

ntdll

.text
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 24KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 616KB - Virtual size: 615KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 256KB - Virtual size: 256KB

.reloc
Size: 36KB - Virtual size: 35KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6b:9d:cf:83:a9:da:de:be:84:0d:d1:86:0a:38:79:78:2f:be:c5:2b
Signer

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 68KB

.rsrc
Size: 2.5MB - Virtual size: 5KB