Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
Behavioral task
behavioral1
Sample
0day warez.url
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
0day warez.url
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
CPLApp.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
CPLApp.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
patch.exe
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
patch.exe
Resource
win10v2004-20240709-en
Target
5e4ade4705a4d9740ab401dd57a2481a_JaffaCakes118
Size
164KB
MD5
5e4ade4705a4d9740ab401dd57a2481a
SHA1
b45dd4f3c4a93b7bccf0662e471326fc93012fc9
SHA256
acdc87381a6782f5c23afc0eb76ece013baa0b10357e5d003af3468fdd3af3c3
SHA512
d97ed5c221913310b0bb9f19b62e8eca22ca854c0ef7f05fab6312b76bab61b103abea0434ec4db5851fc71ab37f794e63a588278e24997fa393ed8cd27593ea
SSDEEP
3072:QfaTgpRM+TqOsz+a98A+c1cbaIB8gJfdMNvsbRTg+n:Wvwts/JFi0bRTg+n
pony
http://travisok.mcdir.ru/images/redirect.php
http://www.sm-tecnology.com/style/images/redirect.php
http://asgardtattoo.eu/css/redirect.php
http://vanhoye.com/flash/com/greensock/redirect.php
http://alzamilco.com/ar/style/redirect.php
http://e-harel.info/images/style/redirect.php
http://posaliege.be/message/images/redirect.php
http://billfinnell.com/inc/redirect.php
http://www.loisirsetculture.com/sites/default/1213.dat
http://e-harel.info/images/style/1213.dat
http://posaliege.be/message/images/1213.dat
http://www.tdgd.eu/test/php/1213.dat
http://billfinnell.com/inc/1213.dat
http://asgardtattoo.eu/css/1213.exe
http://vanhoye.com/flash/com/greensock/1213.exe
Checks for missing Authenticode signature.
Processes:
resource |
---|
unpack001/patch.exe |
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
D:\FP_Win_NF\FP_Ellis_135\code\build\win\results\FlashPlayerCPLApp\Release\Win32\FlashPlayerCPLApp.pdb
GetCommandLineW
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
ShellExecuteExA
CPlApplet
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
CreateFileA
ReadFile
CloseHandle
WriteFile
lstrlenA
GlobalLock
GlobalUnlock
LocalFree
LocalAlloc
GetTickCount
lstrcpyA
lstrcatA
GetFileAttributesA
ExpandEnvironmentStringsA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LoadLibraryA
GetProcAddress
GetTempPathA
CreateDirectoryA
DeleteFileA
GetCurrentProcess
WideCharToMultiByte
GetLastError
lstrcmpA
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
FindFirstFileA
lstrcmpiA
FindNextFileA
FindClose
GetModuleHandleA
GetVersionExA
GetLocaleInfoA
GetSystemInfo
GetWindowsDirectoryA
GetPrivateProfileStringA
SetCurrentDirectoryA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetCurrentDirectoryA
lstrlenW
MultiByteToWideChar
Sleep
LCMapStringA
ExitProcess
SetUnhandledExceptionFilter
CreateStreamOnHGlobal
GetHGlobalFromStream
CoCreateGuid
CoTaskMemFree
CoCreateInstance
OleInitialize
wsprintfA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegEnumKeyExA
RegCreateKeyA
RegSetValueExA
IsTextUnicode
RegOpenCurrentUser
RegEnumValueA
GetUserNameA
ShellExecuteA
InternetCrackUrlA
InternetCreateUrlA
StrStrIA
StrRChrIA
StrToIntA
StrStrA
StrCmpNIA
StrStrIW
inet_addr
gethostbyname
socket
connect
closesocket
send
select
recv
setsockopt
WSAStartup
LoadUserProfileA
UnloadUserProfile
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE