26e44a5cf0faf8058e0c0493fff7ebaf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

26e44a5cf0faf8058e0c0493fff7ebaf_JaffaCakes118
Size

4.4MB
MD5

26e44a5cf0faf8058e0c0493fff7ebaf
SHA1

978ca9b5734dabada7fec0878129eca5b6f0b14d
SHA256

a222bdf089f24ea1da86f7a6a6335acff90fc329ee9e0f7a21003fa42624869e
SHA512

7bea0a15047681f29652f28dc054a64ea8540beb4f11562e0fb5f61ac6b73a5b808015264357a846274527ccd20eaee78092917719eaec016134712ac25018a7
SSDEEP

98304:pu0qCweSbKLidzk8+ooxnDPSyp4u9hSfbTU3ljckkGt9Kj0jpOOm/:pudLbHzkBDSu9hSU3l4o9003U

Score

1^/10

Malware Config

Signatures

Files

26e44a5cf0faf8058e0c0493fff7ebaf_JaffaCakes118
.zip
999网址导航.htm
.html
SkyDriveSetup.exe
.exe windows:6 windows x86 arch:x86

53eaa2c7b3f73aba7854ab77974794b6

Code Sign

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:19:cc:93:00:01:00:00:00:66
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-10-2011 20:32

Not After

10-01-2013 20:32

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:c1:71:8a:18:81:e9:11:18:6e:24:51:a4:fd:a7:88:d7:9e:d7:ec
Signer

Actual PE Digest

3e:c1:71:8a:18:81:e9:11:18:6e:24:51:a4:fd:a7:88:d7:9e:d7:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SkyDriveSetup.pdb

Imports

shell32

SHGetFolderPathW
ord165
SHGetSpecialFolderPathW
SHGetKnownFolderPath
ord709
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathA
SHLoadNonloadedIconOverlayIdentifiers

ole32

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CoCreateGuid
CoInitializeEx
CoUninitialize

shlwapi

PathFileExistsW
PathFindExtensionW
SHDeleteValueW
SHRegGetPathW
StrCmpIW
SHGetValueW
SHCreateStreamOnFileA
PathIsDirectoryA
PathGetDriveNumberA
PathFindFileNameA
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsA
SHSetValueW
PathIsDirectoryW
PathCombineW
StrStrIW
ord437
StrCmpNW
PathCanonicalizeW
SHDeleteKeyW
PathAppendW
SHCreateStreamOnFileEx

winhttp

WinHttpTimeFromSystemTime
WinHttpSetCredentials
WinHttpGetDefaultProxyConfiguration
WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpen

ws2_32

inet_ntoa
WSAStartup
WSACleanup
WSAGetLastError
gethostbyname

ntdll

NtQuerySystemTime
RtlFreeHeap
RtlAllocateHeap
RtlUnwind
VerSetConditionMask

wer

WerReportCloseHandle
WerReportSubmit
WerReportSetParameter
WerReportCreate

advapi32

CryptHashData
ConvertSidToStringSidW
RegOverridePredefKey
RegDeleteTreeW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyExW
CredDeleteW
RegQueryInfoKeyW
RegOpenKeyW
DuplicateTokenEx
CreateProcessWithTokenW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
EventWrite
EventUnregister
EventRegister
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegGetValueW
IsValidSid
GetUserNameW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
InitializeAcl
AddAce
RegEnumKeyExW
SetNamedSecurityInfoW
TraceEvent
GetSecurityDescriptorDacl
RevertToSelf
ImpersonateLoggedOnUser
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

MultiByteToWideChar
ReadFile
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetModuleHandleA
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
RaiseException
HeapSize
GetLocaleInfoW
GetProcessHeap
CreateFileA
CompareStringA
CompareStringW
GetLastError
GetFileSize
FindClose
GetLocalTime
CompareFileTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LoadLibraryW
DeleteFileW
CloseHandle
FindNextFileW
IsBadReadPtr
IsBadWritePtr
GetComputerNameW
WerRegisterFile
InterlockedCompareExchange
VirtualQuery
VirtualProtect
IsProcessorFeaturePresent
GetCurrentThreadId
GetTickCount64
GetSystemInfo
GlobalMemoryStatusEx
GetComputerNameExW
QueueUserWorkItem
CreateMutexW
WaitForMultipleObjects
ReleaseMutex
SetEvent
GetExitCodeProcess
Process32NextW
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetModuleFileNameA
GetStdHandle
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
WriteFile
ExitProcess
GetProcAddress
Sleep
GetCurrentProcessId
GetTickCount
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
CreateTimerQueueTimer
DeleteTimerQueueTimer
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
CreateProcessW
QueryFullProcessImageNameW
QueryPerformanceCounter
HeapFree
VirtualFree
HeapDestroy
HeapCreate
GetCurrentThread
FindFirstFileW
InterlockedDecrement
FlushInstructionCache
GlobalLock
GlobalAlloc
GetSystemDefaultLCID
GetSystemDefaultUILanguage
LocalAlloc
GetFileAttributesExW
CreateThread
GetExitCodeThread
GetNativeSystemInfo
GetProductInfo
GetUserDefaultLocaleName
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateEventW
GetFileAttributesW
SetFilePointerEx
SetFileAttributesW
OpenFileMappingW
ExpandEnvironmentStringsW
GetLongPathNameW
GlobalFree
FileTimeToSystemTime
ResetEvent
SetThreadPriority
GetThreadPriority
FreeResource
LoadLibraryExW
DuplicateHandle
FreeLibraryAndExitThread
OpenMutexW
lstrlenW
InitializeCriticalSection
SetFileTime
GetSystemTime
SystemTimeToFileTime
GetTempPathW
GetTempFileNameW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
CopyFileW
MoveFileExW
VerifyVersionInfoW
LockFileEx
UnlockFileEx
GetFileSizeEx
LockResource
LoadResource
SizeofResource
FindResourceW
FindResourceExW
GetUserDefaultUILanguage
GetShortPathNameW
GetTempPathA
GetTempFileNameA
CreateDirectoryA
RemoveDirectoryA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFullPathNameA
GetFileAttributesA
DeleteFileA
LocalFree
OpenProcess
WaitForSingleObject

user32

SetWindowPos
IsWindowVisible
BringWindowToTop
CreateDialogParamW
DialogBoxParamW
GetDlgItem
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
SetWindowTextW
GetClientRect
GetWindowRect
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetParent
ShowWindow
LoadIconW
MonitorFromWindow
GetMonitorInfoW
PostQuitMessage
AttachThreadInput
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
GetSystemMetrics
GetWindowThreadProcessId
GetShellWindow
FindWindowW
MsgWaitForMultipleObjects
GetWindow
DestroyWindow
PostMessageW
PostThreadMessageW
IsWindow
AllowSetForegroundWindow
UnregisterClassA

oleaut32

VariantInit
SysFreeString
VariantClear
VariantChangeType
SysStringLen
SysAllocStringLen
SysAllocString

cabinet

ord11
ord10
ord23
ord20
ord22
ord14
ord13

crypt32

CryptBinaryToStringW
CertVerifyCertificateChainPolicy
CryptStringToBinaryW

wintrust

WinVerifyTrustEx
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

comctl32

ord345

secur32

GetUserNameExW

gdiplus

GdiplusStartup
GdipFree
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipAlloc
GdipGetImagePixelFormat
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePaletteSize

gdi32

GetObjectW
SetDIBColorTable
CreateDIBSection
SelectObject
DeleteObject
CreateCompatibleDC
DeleteDC

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ذ˵.htm
.html

Sharing

General

Malware Config

Signatures

Files

53eaa2c7b3f73aba7854ab77974794b6

Code Sign

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:19:cc:93:00:01:00:00:00:66Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

3e:c1:71:8a:18:81:e9:11:18:6e:24:51:a4:fd:a7:88:d7:9e:d7:ecSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

ole32

shlwapi

winhttp

ws2_32

ntdll

wer

advapi32

kernel32

user32

oleaut32

cabinet

crypt32

wintrust

comctl32

secur32

gdiplus

gdi32

version

Sections

.text Size: 539KB - Virtual size: 538KB

.data Size: 16KB - Virtual size: 36KB

.rsrc Size: 4.4MB - Virtual size: 4.4MB

.reloc Size: 37KB - Virtual size: 36KB

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:19:cc:93:00:01:00:00:00:66
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

3e:c1:71:8a:18:81:e9:11:18:6e:24:51:a4:fd:a7:88:d7:9e:d7:ec
Signer

.text
Size: 539KB - Virtual size: 538KB

.data
Size: 16KB - Virtual size: 36KB

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

.reloc
Size: 37KB - Virtual size: 36KB