3bcac3742aa088203c8c5d415dcc0882_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bcac3742aa088203c8c5d415dcc0882_JaffaCakes118
Size

203KB
MD5

3bcac3742aa088203c8c5d415dcc0882
SHA1

373f66485903821ffa04e481bd4715255f7d052a
SHA256

fbd2e308fac9aafebd7d7272cb16f0d86f56b3d1c17ca82a7bfe31009d6b037d
SHA512

743c64daf35f13fa56b1f30c5bea9e2f21e6a8d645b1644c6aa1da3dc13778e49638bdbc05d029d5bdbf3db7a749d671b92213641d2baa7ea88569e37b1d7489
SSDEEP

6144:xrsDUzcX786oWHhfod5XoGJ5IRIsI+8ADoFNm6RN/e:xYDccA6oWHY5XVKdI+REFN+

Score

1^/10

Malware Config

Signatures

Files

3bcac3742aa088203c8c5d415dcc0882_JaffaCakes118
.rar
AdExplorer/ADExplorer.exe
.exe windows:5 windows x86 arch:x86

e6d02b6babb3deb30cc9241ab86f6a18

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cd:7c:7e:23:9e:af:d3:b8:16:05:7a:f5:6e:7e:5d:38:59:18:b8:c9
Signer

Actual PE Digest

cd:7c:7e:23:9e:af:d3:b8:16:05:7a:f5:6e:7e:5d:38:59:18:b8:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\ADExplorer\Release\ADExplorer.pdb

Imports

netapi32

NetUserGetGroups
NetUserGetLocalGroups

rpcrt4

UuidFromStringW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

LCMapStringW
GetStdHandle
ExitProcess
HeapCreate
IsProcessorFeaturePresent
GetCurrentThreadId
SetLastError
TlsFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStringTypeW
TerminateProcess
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapReAlloc
HeapQueryInformation
DecodePointer
EncodePointer
CreateThread
ResumeThread
ExitThread
HeapSize
HeapAlloc
HeapFree
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
LoadLibraryA
ExpandEnvironmentStringsA
WideCharToMultiByte
lstrlenA
WriteFile
FileTimeToLocalFileTime
GetCurrentProcess
FreeLibrary
GetSystemInfo
GetLastError
Sleep
GetSystemTimeAsFileTime
MultiByteToWideChar
CreateFileW
ReadFile
GetSystemDirectoryW
OutputDebugStringW
GetFileSize
TlsAlloc
FormatMessageW
TlsSetValue
GetUserDefaultLangID
TlsGetValue
GetSystemDefaultLangID
LocalAlloc
LocalFree
GetTimeZoneInformation
FileTimeToSystemTime
GetTimeFormatW
CompareFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetDateFormatW
DeleteFileW
CloseHandle
DeleteCriticalSection
CreateFileMappingW
GlobalFree
EnterCriticalSection
GetProcAddress
GlobalUnlock
CompareStringW
GetModuleFileNameW
GetFileAttributesW
WriteConsoleW
LeaveCriticalSection
GetVersionExW
LoadLibraryW
GlobalAlloc
InitializeCriticalSection
GetTickCount
GetModuleHandleW
GlobalLock
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetCommandLineW
SetStdHandle
FlushFileBuffers
GetProcessHeap
VirtualQuery
UnhandledExceptionFilter

user32

DialogBoxParamW
GetSubMenu
DeleteMenu
GetFocus
LoadCursorW
GetParent
DrawTextW
PostMessageW
MsgWaitForMultipleObjects
IsZoomed
DispatchMessageW
MoveWindow
CheckMenuItem
SetCapture
LoadImageW
TrackPopupMenu
PostQuitMessage
GetMessageW
GetWindowRect
ScreenToClient
GetDlgItemInt
TranslateAcceleratorW
CloseClipboard
GetWindowTextLengthW
SetCursor
SetWindowPlacement
DestroyWindow
ClientToScreen
EndPaint
DialogBoxIndirectParamW
CopyIcon
MessageBeep
MenuItemFromPoint
GetClientRect
SetFocus
GetMenuItemInfoW
BeginPaint
PtInRect
SetPropW
InsertMenuItemW
TranslateMessage
LoadAcceleratorsW
InflateRect
ChildWindowFromPoint
SetDlgItemInt
GetMenu
IsDialogMessageW
RegisterClassExW
LoadIconW
GetWindowPlacement
OffsetRect
InvalidateRect
LoadMenuW
GetWindowLongW
AppendMenuW
DefWindowProcW
CallWindowProcW
GetPropW
DrawFrameControl
EndDeferWindowPos
DestroyIcon
SetWindowTextW
DestroyMenu
SetClipboardData
GetWindowTextW
PeekMessageW
GetClassNameW
EnableMenuItem
EmptyClipboard
GetDlgItem
SetWindowLongW
EndDialog
SendDlgItemMessageW
GetSysColor
SetWindowPos
CheckDlgButton
EnumChildWindows
ShowWindow
CreatePopupMenu
GetSysColorBrush
IsDlgButtonChecked
CreateDialogParamW
DrawMenuBar
GetActiveWindow
GetMenuItemCount
CreateWindowExW
SetMenuDefaultItem
OpenClipboard
DeferWindowPos
MessageBoxW
ReleaseCapture
BeginDeferWindowPos
GetSystemMetrics
IsWindowVisible
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
MapWindowPoints
UpdateWindow
EnableWindow

gdi32

SetBkColor
ExtTextOutW
EndPage
StartPage
GetDeviceCaps
SetMapMode
EndDoc
SetTextColor
SetBkMode
SelectObject
GetObjectW
StartDocW
GetStockObject
CreateFontIndirectW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW

advapi32

GetSecurityDescriptorLength
RegQueryValueExW
RegCreateKeyW
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSid
GetSecurityDescriptorOwner
RegEnumValueW
RegSetValueExW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLengthSid
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegCloseKey
GetSidIdentifierAuthority
GetSidSubAuthority
MapGenericMask
GetSidSubAuthorityCount
EqualSid
GetAce
LookupAccountSidW
AllocateAndInitializeSid
RegDeleteValueW

shell32

ShellExecuteW
CommandLineToArgvW

ole32

CoInitialize
CreateBindCtx
CoUninitialize
CoCreateInstance
IIDFromString
StringFromGUID2

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayGetUBound
SafeArrayGetElement
VarDateFromStr
VariantChangeType
VariantInit
SysAllocStringByteLen
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString
SysFreeString

comctl32

ImageList_Draw
CreateToolbarEx
CreatePropertySheetPageW
ImageList_Create
ImageList_ReplaceIcon
ImageList_EndDrag
ImageList_DragMove
ImageList_BeginDrag
ImageList_DragLeave
ImageList_DragEnter
ord17
CreateStatusWindowW
PropertySheetW

activeds

ord9
ord20
ord7
ord13
ord12
ord15

wldap32

ord155
ord118
ord14
ord73
ord145
ord13
ord188
ord88

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AdExplorer/AdExplorer.chm
.chm
AdExplorer/Eula.txt

Sharing

General

Malware Config

Signatures

Files

e6d02b6babb3deb30cc9241ab86f6a18

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

cd:7c:7e:23:9e:af:d3:b8:16:05:7a:f5:6e:7e:5d:38:59:18:b8:c9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

rpcrt4

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

activeds

wldap32

Sections

.text Size: 263KB - Virtual size: 263KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 31KB - Virtual size: 40KB

.rsrc Size: 41KB - Virtual size: 40KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

cd:7c:7e:23:9e:af:d3:b8:16:05:7a:f5:6e:7e:5d:38:59:18:b8:c9
Signer

.text
Size: 263KB - Virtual size: 263KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 31KB - Virtual size: 40KB

.rsrc
Size: 41KB - Virtual size: 40KB