c986ab0238da0ede2ca4a5737a25723e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c986ab0238da0ede2ca4a5737a25723e_JaffaCakes118
Size

212KB
MD5

c986ab0238da0ede2ca4a5737a25723e
SHA1

299918d865d1256b22c01b1b4f83f36591db17db
SHA256

fbb2905d9fbb5a97761a54403dbe6e7acb2a3a594d3f969b335a3d572bf60e0b
SHA512

fbc6b517af7df9e1e029026f95a1ebba0de3cda7b2dedf4e7abfa5611a1e92847cb4f705a3c6e435b0fd1292f2c6b4f370b7a84b81d3509fdda4c99c1d57a066
SSDEEP

6144:0uhbXRt++WAc9uGxubSSk+/qLqGO+qm64z6TDZmn:0uhbX+vhuu+/qjdCTDZQ

Score

1^/10

Malware Config

Signatures

Files

c986ab0238da0ede2ca4a5737a25723e_JaffaCakes118
.cab
ShareBoxCtrl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a9813644fe3809ed65540e5c464ae89c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\스마트필터웹하드\Activex\SHAREBOX\ShareBoxCtrl\ShareBoxCtrl\Release\ShareBoxCtrl.pdb

Imports

urlmon

URLDownloadToFileA

wininet

InternetGetCookieA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetCrackUrlA
DeleteUrlCacheEntry
HttpOpenRequestA

kernel32

FreeResource
TlsGetValue
GlobalReAlloc
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GetFileTime
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
GetDriveTypeA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetCommandLineA
ExitProcess
HeapSize
lstrcmpW
GetFileType
VirtualFree
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LocalAlloc
GetCurrentProcessId
GlobalAddAtomA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalDeleteAtom
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
GetModuleFileNameW
FormatMessageA
LocalFree
LoadLibraryA
GetProcAddress
HeapDestroy
HeapCreate
TerminateThread
WaitForSingleObject
CreateDirectoryA
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
GetThreadLocale
SetThreadLocale
GlobalHandle
GlobalFree
CreateFileA
GetFileSizeEx
GetSystemDirectoryA
Sleep
GetModuleHandleA
LoadLibraryExA
FreeLibrary
SetLastError
GlobalLock
GlobalUnlock
GetModuleFileNameA
MulDiv
lstrcmpA
GetProcessHeap
HeapAlloc
HeapFree
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetCurrentThreadId
OutputDebugStringA
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
lstrcmpiA
lstrlenA
GetFileAttributesA
GetVersionExA
GetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
FindNextFileA
GlobalFindAtomA
InterlockedCompareExchange
SetStdHandle
IsProcessorFeaturePresent

user32

TabbedTextOutA
IsDialogMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetActiveWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetLastActivePopup
SetCursor
SetWindowsHookExA
GetMessageA
TranslateMessage
DrawTextA
IsWindowVisible
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
IsWindowEnabled
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetSubMenu
CallNextHookEx
GetSystemMetrics
MessageBoxA
MapDialogRect
SetWindowContextHelpId
EnableWindow
UpdateWindow
EndDialog
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
BringWindowToTop
SendDlgItemMessageA
KillTimer
SetTimer
GetWindowRect
CharUpperA
GetKeyState
UnionRect
PtInRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
ShowWindow
GetActiveWindow
DialogBoxIndirectParamA
DrawTextExA
GrayStringA
GetNextDlgTabItem
CreateDialogIndirectParamA
DestroyMenu
GetSysColorBrush
DispatchMessageA
UnregisterClassA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
FindWindowA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
DestroyAcceleratorTable
IsWindow
SendMessageA
GetDesktopWindow
SetFocus
GetFocus
GetWindow
BeginPaint
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
DefWindowProcA
DestroyWindow
CharNextA
InvalidateRect
GetWindowLongA
SetWindowLongA
GetMenuItemCount

gdi32

ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
SelectObject
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
LPtoDP
SetMapMode
SetViewportOrgEx
CreateDCA
GetClipRgn
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
TextOutA
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

ShellExecuteExA
SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

StrFormatByteSizeA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathRemoveFileSpecA
PathFindExtensionA
UrlUnescapeA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoGetObject
StringFromGUID2
CoInitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
OleLoadFromStream
CreateOleAdviseHolder
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
WriteClassStm
OleSaveToStream

oleaut32

RegisterTypeLi
UnRegisterTypeLi
OleCreatePropertyFrame
VariantChangeType
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
OleCreateFontIndirect

iphlpapi

GetAdaptersInfo

ws2_32

inet_addr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShareBoxCtrl.inf

Sharing

General

Malware Config

Signatures

Files

a9813644fe3809ed65540e5c464ae89c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76Certificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

urlmon

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 286KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 40KB - Virtual size: 36KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 288KB - Virtual size: 286KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 40KB - Virtual size: 36KB