fa54a3c933a463110318f79c6cbfa994_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa54a3c933a463110318f79c6cbfa994_JaffaCakes118
Size

1.4MB
MD5

fa54a3c933a463110318f79c6cbfa994
SHA1

abc573198b3828a8475af6bab2a96b0bfddc472f
SHA256

53bcce49c8ba623c0ff283329cfc7791a6695f2ed1bc4efb609ac3c88b084630
SHA512

14631096fb3f412faeacda90b867354608d4ed9da19b561812c991d8f4abbe29c6b4b48d47f39bb33517b060dc36edfe9bd9d59903cb09acc981768ef54adb64
SSDEEP

24576:/BKEL9TPTyOZjAjtTwuEvV+4qIU9xhXZPMBGFrL4D4U6KmAqKw+MVrDq:/BKEL9TyOZk5TStEIU9xbPMBG9ZUc+MA

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Evil-usb/AutoRun.exe
unpack001/Evil-usb/application.exe
unpack001/Evil-usb/launcher.exe
unpack001/Evil-usb/nc.exe
unpack003/nc.exe

Files

fa54a3c933a463110318f79c6cbfa994_JaffaCakes118
.zip
Chapter 2/Ex-2.2-Complete.txt
Chapter 2/Ex2-1-Disable-port-security.txt
Chapter 2/Ex2-1.txt
Chapter 2/Ex2-2.txt
Chapter 2/Shut-no-Shut.txt
Chapter 3/Ex3-1.txt
Chapter 3/Ex3-2.txt
Chapter 3/Shut-no-Shut.txt
Chapter 4/Ex-4.1.txt
Chapter 4/Shut-no-Shut.txt
Chapter 6/DNS-No-Tunnel.cap
Chapter 6/Disable-Firewall.bat
Chapter 6/Remove-Agent.bat
Evil-usb/AutoRun.exe
.exe windows:4 windows x86 arch:x86

658b743d4e3d4a183ba917bafce0dc2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
Sleep
GetPrivateProfileStringA
SetCurrentDirectoryA
lstrlenA
GetModuleFileNameA
GetFileAttributesA
lstrcpyA
GetLastError
CreateMutexA
WaitForSingleObject
ExitProcess
GetModuleHandleA
GetStartupInfoA
CloseHandle

user32

SendDlgItemMessageA
LoadImageA
UpdateWindow
wsprintfA
MessageBoxA
ShowWindow
IsWindowVisible
SetDlgItemTextA
DestroyWindow
CreateDialogParamA

shell32

ShellExecuteExA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 685B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Evil-usb/Ex3-1.txt
Evil-usb/Ex3-2.txt
Evil-usb/FOLDER.ICO
Evil-usb/TopSecret.html
Evil-usb/TopSecret.txt
Evil-usb/TopSecret.zip
.zip
TopSecret.txt
Evil-usb/application.exe
.exe windows:6 windows x64 arch:x64

ca7337bd1dfa93fd45ff30b369488a37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

calc.pdb

Imports

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellAboutW
ord165
ShellExecuteExW

shlwapi

ord225

gdiplus

GdipCloneImage
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipCloneBitmapAreaI
GdipSetPageUnit
GdipFillRectangleI
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipDrawArcI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDeleteGraphics
GdipDrawLineI
GdipGetImageGraphicsContext

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegGetValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
EventUnregister
EventRegister
RegCloseKey
RegCreateKeyExW
EventWrite

oleaut32

SysFreeString
SysAllocStringByteLen
VariantClear
SysStringLen
SysAllocString
VariantInit

uxtheme

IsThemeActive

ole32

CoUninitialize
CoInitialize
CoCreateInstance

comctl32

ImageList_Destroy
ImageList_Create
ImageList_Add
ord413
CreatePropertySheetPageW
PropertySheetW
ord380
ord410
ord392

ntdll

WinSqmAddToStreamEx
RtlInitUnicodeString
WinSqmAddToStream
WinSqmIncrementDWORD
NtQueryLicenseValue

kernel32

lstrlenA
GetStartupInfoW
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
WideCharToMultiByte
GetVersionExA
DeleteCriticalSection
GetCurrentProcessId
LeaveCriticalSection
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetSystemTime
WaitForSingleObject
CreateEventW
CreateThread
ResetEvent
SetEvent
CloseHandle
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
lstrcmpW
MulDiv
GlobalFindAtomW
GetLastError
MultiByteToWideChar
GetLocalTime
GetDateFormatW
GetLocaleInfoW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpiW
LoadLibraryW
GetProcAddress
GetLocaleInfoEx
FreeLibrary
LoadLibraryExA
DelayLoadFailureHook
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
Wow64DisableWow64FsRedirection
GetVersionExW
Wow64RevertWow64FsRedirection
GetFileAttributesW
GetModuleFileNameW
FreeLibraryAndExitThread
IsWow64Process
LocalFree
LocalAlloc
LocalReAlloc
GetProfileStringW
lstrlenW
CompareStringW
RegisterApplicationRecoveryCallback
ApplicationRecoveryInProgress
Sleep
ApplicationRecoveryFinished
RegisterApplicationRestart
GetTempFileNameW
SystemTimeToFileTime
CompareFileTime
FileTimeToSystemTime
CreateFileW
DeleteFileW
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
EnterCriticalSection
InitializeCriticalSection

user32

SetWindowLongW
SetWindowLongPtrW
GetWindowLongPtrW
EnableWindow
GetWindowTextLengthW
GetWindowTextW
PostMessageW
IsWindowEnabled
CharNextA
IsClipboardFormatAvailable
GetMenuState
GetFocus
OpenClipboard
GetClipboardData
InvalidateRect
CloseClipboard
EmptyClipboard
SetClipboardData
PostQuitMessage
DefWindowProcW
LoadAcceleratorsW
InsertMenuItemW
RegisterClassExW
SetWindowPlacement
SetForegroundWindow
GetMessageW
TranslateAcceleratorW
GetMessageExtraInfo
TranslateMessage
DispatchMessageW
GetKeyState
IsDialogMessageW
GetClassNameW
GetDC
ReleaseDC
GetSystemMetrics
GetWindowLongW
DrawTextW
EnumChildWindows
SetPropW
SystemParametersInfoW
GetWindowPlacement
UpdateWindow
SendDlgItemMessageW
IsDlgButtonChecked
MoveWindow
SetDlgItemInt
GetDlgItemInt
SetClassLongW
GetNextDlgTabItem
MonitorFromWindow
GetMonitorInfoW
OffsetRect
EqualRect
MonitorFromRect
GetClassWord
EnumDesktopWindows
EnumDisplayMonitors
IntersectRect
CopyRect
CreateDialogParamW
GetProcessDefaultLayout
CreatePopupMenu
TrackPopupMenu
GetAncestor
FindWindowW
DialogBoxParamW
CheckMenuItem
GetSysColor
SetClassLongPtrW
GetClassLongPtrW
EndDialog
SetWindowPos
GetDlgItem
GetWindowRect
SendMessageW
MessageBeep
LoadCursorW
SetCursor
DrawMenuBar
SetMenuItemInfoW
AppendMenuW
LoadStringW
GetSubMenu
RemoveMenu
CheckMenuRadioItem
SetFocus
MapWindowPoints
EnableMenuItem
GetParent
GetMenu
GetClientRect
LoadImageW
UnregisterClassA
FillRect
SetWindowTextW
ShowWindow
CreateWindowExW
CheckRadioButton
DestroyWindow

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

winmm

timeGetTime

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

gdi32

CreatePatternBrush
DeleteObject
SetBkMode
SelectObject
GetTextExtentPointW
DeleteDC
GetRgnBox
CreateSolidBrush
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
ExtCreatePen
MoveToEx
LineTo
CreateCompatibleBitmap
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
EqualRgn
CreateDIBSection
CreateFontIndirectW
CreateCompatibleDC
GetDeviceCaps
SetTextColor
GetStockObject
SetBkColor

msvcrt

_wcsdup
_i64tow_s
_wtoi64
sprintf_s
_strtoi64
_strtoui64
memchr
strcspn
wcsrchr
wcstoul
isalpha
time
difftime
memmove
memset
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
_callnewh
__CxxFrameHandler3
setlocale
__pctype_func
___lc_codepage_func
___lc_handle_func
localeconv
_errno
___mb_cur_max_func
__mb_cur_max
__crtGetStringTypeW
__crtLCMapStringW
__uncaught_exception
tolower
isspace
abort
isalnum
__getmainargs
_XcptFilter
_exit
_ismbblead
_cexit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
??1type_info@@UEAA@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
iswalpha
iswdigit
_wcslwr_s
_wcsnicmp
wcsncmp
_itow_s
calloc
wcschr
_wcsicmp
_itoa
_wtoi
_vsnwprintf
wcscat_s
wcscpy_s
wcstol
mbstowcs_s
exit
isdigit
isxdigit
toupper
_purecall
malloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
free
memcpy
_wcsrev

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Evil-usb/autorun.inf
Evil-usb/evil-dc1-file.bat
Evil-usb/evil.bat
Evil-usb/evil.reg
Evil-usb/good.bat
Evil-usb/good.reg
Evil-usb/launcher.exe
.exe windows:1 windows x86 arch:x86

59c270577b395e90ed645fdf5a5a856d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind

user32

MessageBoxA

crtdll

_execlp
_iob
_itoa
__GetMainArgs
_strnicmp
abort
exit
fputc
fwrite
getenv
localeconv
malloc
memcpy
memmove
memset
pow
raise
signal
strcat
strchr
strcmp
strncmp
strncpy
strtol
wcslen
wctomb

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 608B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 904B - Virtual size: 904B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Evil-usb/nc.exe
.exe windows:4 windows x86 arch:x86

b47060fbcbd9d8ec9716eb4a0fdbc38f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\netcat\Release\netcat.pdb

Imports

ws2_32

__WSAFDIsSet
select
listen
getsockname
recvfrom
accept
WSASetLastError
socket
setsockopt
bind
connect
htons
getservbyport
ntohs
getservbyname
inet_addr
gethostbyname
inet_ntoa
gethostbyaddr
WSAGetLastError
WSAStartup
WSACleanup
shutdown
closesocket
recv
send

kernel32

GetSystemTimeAsFileTime
CreateFileA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
SetStdHandle
SetFilePointer
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
GetCPInfo
MultiByteToWideChar
CompareStringA
VirtualQuery
InterlockedExchange
GetLastError
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
Sleep
ReadFile
PeekNamedPipe
WriteFile
CreatePipe
DisconnectNamedPipe
TerminateProcess
WaitForMultipleObjects
TerminateThread
CreateThread
GetStdHandle
FreeConsole
ExitProcess
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
SetEndOfFile
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Evil-usb/nc111nt.zip
.zip
doexec.c
generic.h
getopt.c
getopt.h
hobbit.txt
license.txt
makefile
nc.exe
.exe windows:4 windows x86 arch:x86

b47060fbcbd9d8ec9716eb4a0fdbc38f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\netcat\Release\netcat.pdb

Imports

ws2_32

__WSAFDIsSet
select
listen
getsockname
recvfrom
accept
WSASetLastError
socket
setsockopt
bind
connect
htons
getservbyport
ntohs
getservbyname
inet_addr
gethostbyname
inet_ntoa
gethostbyaddr
WSAGetLastError
WSAStartup
WSACleanup
shutdown
closesocket
recv
send

kernel32

GetSystemTimeAsFileTime
CreateFileA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
SetStdHandle
SetFilePointer
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
GetCPInfo
MultiByteToWideChar
CompareStringA
VirtualQuery
InterlockedExchange
GetLastError
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
Sleep
ReadFile
PeekNamedPipe
WriteFile
CreatePipe
DisconnectNamedPipe
TerminateProcess
WaitForMultipleObjects
TerminateThread
CreateThread
GetStdHandle
FreeConsole
ExitProcess
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
SetEndOfFile
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
netcat.c
readme.txt
Evil-usb/run-backdoor.bat
Evil-usb/run-calc-OK.bat
Evil-usb/run-calc.bat
Evil-usb/unInstaller.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:97:e4:01:34:82:4b
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

23/11/2010, 18:28

Not After

23/11/2011, 18:28

Subject

CN=FUHU\, Inc.,O=FUHU\, Inc.,L=El Segundo,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4d:bd:f1:b2:a7:af:66:3b:a2:1a:45:f5:fd:0b:a4:2c:8e:86:b2:29
Signer

Actual PE Digest

4d:bd:f1:b2:a7:af:66:3b:a2:1a:45:f5:fd:0b:a4:2c:8e:86:b2:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\E\urDrive Project\branches\V2Momentum\urDrive\UnInstaller\obj\x86\Release\unInstaller.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Evil-usb/urDrive.exe
.exe windows:5 windows x86 arch:x86

05e23b57a2ad3036e80f333f65911340

Code Sign

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:97:e4:01:34:82:4b
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

23/11/2010, 18:28

Not After

23/11/2011, 18:28

Subject

CN=FUHU\, Inc.,O=FUHU\, Inc.,L=El Segundo,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d8:91:63:8e:a5:3d:cb:7e:43:6e:f9:65:80:0a:0a:85:f3:94:b8:ab
Signer

Actual PE Digest

d8:91:63:8e:a5:3d:cb:7e:43:6e:f9:65:80:0a:0a:85:f3:94:b8:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
IsDebuggerPresent
WriteConsoleW
SetEnvironmentVariableA
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
LoadLibraryExW
CreateThread
ExitThread
ExitProcess
RaiseException
RtlUnwind
HeapReAlloc
HeapFree
HeapAlloc
DecodePointer
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
VirtualProtect
GetNumberFormatW
GetWindowsDirectoryW
Sleep
GetProfileIntW
GetTickCount
SearchPathW
GetTempPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
GetFileAttributesExW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
CreateFileW
GetFileSize
InitializeCriticalSectionAndSpinCount
GetStringTypeW
EncodePointer
GlobalFlags
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToSystemTime
lstrlenA
GlobalGetAtomNameW
GlobalFindAtomW
GetVersionExW
CompareStringW
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
FreeResource
GetCurrentProcessId
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetModuleFileNameW
CompareStringA
ActivateActCtx
DeactivateActCtx
lstrcmpW
InterlockedExchange
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
SetLastError
MultiByteToWideChar
WideCharToMultiByte
VerifyVersionInfoW
VerSetConditionMask
LocalFree
FormatMessageW
GetCurrentDirectoryW
MoveFileExW
RemoveDirectoryW
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
DeleteFileW
GetFileAttributesW
WaitForSingleObject
CreateProcessW
CloseHandle
GetLastError
CreateMutexW
LockResource
SizeofResource
LoadResource
FindResourceW
GetSystemDefaultLangID
GetUserDefaultLangID
GetLocaleInfoW
lstrcpyW
lstrlenW
EnumResourceLanguagesW
GetVersion
GetModuleHandleW
ConvertDefaultLocale
GetSystemInfo
LoadLibraryW
FreeLibrary
SetErrorMode
GetProcAddress
GetConsoleMode

user32

DefFrameProcW
IsClipboardFormatAvailable
MapVirtualKeyExW
GetKeyNameTextW
IsCharLowerW
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetCursorPos
SetRect
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
GetMenuItemInfoW
UnregisterClassW
EmptyClipboard
CloseClipboard
SetClipboardData
CopyImage
OpenClipboard
DrawStateW
RegisterClipboardFormatW
EnumChildWindows
LockWindowUpdate
IsRectEmpty
InflateRect
IsMenu
SetCapture
GetSystemMenu
MonitorFromPoint
UnpackDDElParam
ReuseDDElParam
LoadImageW
DestroyIcon
ReleaseCapture
InsertMenuItemW
IntersectRect
BringWindowToTop
TranslateAcceleratorW
SetClassLongW
WindowFromPoint
SetParent
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableW
LoadAcceleratorsW
DestroyAcceleratorTable
GetAsyncKeyState
CharUpperW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DestroyMenu
WaitMessage
PostThreadMessageW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
KillTimer
SetTimer
InvalidateRect
RealChildWindowFromPoint
DeleteMenu
LoadCursorW
GetSysColorBrush
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
DefMDIChildProcW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetWindowRect
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetWindowTextLengthW
GetWindowTextW
SetFocus
SetWindowPos
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
CheckDlgButton
GetWindow
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
CharUpperBuffW
DestroyCursor
GetWindowRgn
MapDialogRect
GetDoubleClickTime
CreateMenu
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetCursor
SetWindowsHookExW
GetNextDlgGroupItem
GetIconInfo
HideCaret
InvertRect
SubtractRect
RemovePropW
CopyIcon
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
SystemParametersInfoW
OffsetRect
MessageBeep
RedrawWindow
IsZoomed
PostMessageW
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
IsWindow
PostQuitMessage
PeekMessageW
MessageBoxExW
LoadStringW
EnableWindow
DrawIcon
GetClientRect
IsIconic
SendMessageW
LoadIconW
MessageBoxW
GetSystemMetrics
SetRectEmpty

gdi32

CreateDIBitmap
CreateFontIndirectW
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
OffsetRgn
GetRgnBox
CreateRoundRectRgn
GetTextColor
GetTextExtentPoint32W
SetDIBColorTable
PatBlt
GetDIBits
RealizePalette
CombineRgn
StretchBlt
SetPixel
CreateDIBSection
SetRectRgn
DPtoLP
CreatePolygonRgn
GetBkColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
Rectangle
CreateHatchBrush
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
GetWindowOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
SetViewportOrgEx
SelectObject
Escape
CreateSolidBrush
OffsetViewportOrgEx
ExtTextOutW
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
CreatePalette
GetDeviceCaps
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDCW
CopyMetaFileW
SetViewportExtEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExW
RegEnumValueW
RegQueryValueW

shell32

SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW
DragQueryFileW
DragFinish
SHBrowseForFolderW

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
OleGetClipboard
DoDragDrop
OleLockRunning
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoTaskMemFree

oleaut32

SysFreeString
VarBstrFromDate
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageRectI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup/setup-switch-config.txt

Sharing

General

Malware Config

Signatures

Files

658b743d4e3d4a183ba917bafce0dc2b

Headers

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 800B

.data Size: 1024B - Virtual size: 685B

.rsrc Size: 3KB - Virtual size: 2KB

ca7337bd1dfa93fd45ff30b369488a37

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

shlwapi

gdiplus

advapi32

oleaut32

uxtheme

ole32

comctl32

ntdll

kernel32

user32

rpcrt4

winmm

version

gdi32

msvcrt

Sections

.text Size: 387KB - Virtual size: 387KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 19KB - Virtual size: 19KB

.pdata Size: 25KB - Virtual size: 25KB

.rsrc Size: 394KB - Virtual size: 393KB

.reloc Size: 1024B - Virtual size: 892B

59c270577b395e90ed645fdf5a5a856d

Headers

File Characteristics

Imports

kernel32

user32

crtdll

Sections

.text Size: 25KB - Virtual size: 25KB

.bss Size: - Virtual size: 608B

.rdata Size: 88B - Virtual size: 88B

.data Size: 3KB - Virtual size: 3KB

.idata Size: 904B - Virtual size: 904B

b47060fbcbd9d8ec9716eb4a0fdbc38f

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 7KB

b47060fbcbd9d8ec9716eb4a0fdbc38f

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 12KB - Virtual size: 9KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 800B

.data
Size: 1024B - Virtual size: 685B

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 387KB - Virtual size: 387KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 19KB - Virtual size: 19KB

.pdata
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 394KB - Virtual size: 393KB

.reloc
Size: 1024B - Virtual size: 892B

.text
Size: 25KB - Virtual size: 25KB

.bss
Size: - Virtual size: 608B

.rdata
Size: 88B - Virtual size: 88B

.data
Size: 3KB - Virtual size: 3KB

.idata
Size: 904B - Virtual size: 904B

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 7KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 7KB

03:01
Certificate

07:97:e4:01:34:82:4b
Certificate

4d:bd:f1:b2:a7:af:66:3b:a2:1a:45:f5:fd:0b:a4:2c:8e:86:b2:29
Signer

.text
Size: 330KB - Virtual size: 329KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B

03:01
Certificate

07:97:e4:01:34:82:4b
Certificate

d8:91:63:8e:a5:3d:cb:7e:43:6e:f9:65:80:0a:0a:85:f3:94:b8:ab
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 267KB - Virtual size: 266KB

.data
Size: 23KB - Virtual size: 53KB

.rsrc
Size: 288KB - Virtual size: 287KB

.reloc
Size: 162KB - Virtual size: 161KB