General

Malware Config

Signatures

Files

• b341f1bc5ac611eb57a63709a8cd6528_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  be41bf7b8cc010b614bd36bbca606973

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetFileTime

  CompareFileTime

  SearchPathW

  GetShortPathNameW

  GetFullPathNameW

  MoveFileW

  SetCurrentDirectoryW

  GetFileAttributesW

  GetLastError

  CreateDirectoryW

  SetFileAttributesW

  Sleep

  GetTickCount

  GetFileSize

  GetModuleFileNameW

  GetCurrentProcess

  CopyFileW

  ExitProcess

  GetWindowsDirectoryW

  GetTempPathW

  GetCommandLineW

  SetErrorMode

  lstrcpynA

  CloseHandle

  lstrcpynW

  GetDiskFreeSpaceW

  GlobalUnlock

  GlobalLock

  CreateThread

  LoadLibraryW

  CreateProcessW

  lstrcmpiA

  CreateFileW

  GetTempFileNameW

  lstrcatW

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  OpenProcess

  lstrcpyW

  GetVersionExW

  GetSystemDirectoryW

  GetVersion

  lstrcpyA

  RemoveDirectoryW

  lstrcmpA

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalAlloc

  WaitForSingleObject

  GetExitCodeProcess

  GlobalFree

  GetModuleHandleW

  LoadLibraryExW

  FreeLibrary

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  WideCharToMultiByte

  lstrlenA

  MulDiv

  WriteFile

  ReadFile

  MultiByteToWideChar

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  lstrlenW

  user32

  GetAsyncKeyState

  IsDlgButtonChecked

  ScreenToClient

  GetMessagePos

  CallWindowProcW

  IsWindowVisible

  LoadBitmapW

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  TrackPopupMenu

  GetWindowRect

  AppendMenuW

  CreatePopupMenu

  GetSystemMetrics

  EndDialog

  EnableMenuItem

  GetSystemMenu

  SetClassLongW

  IsWindowEnabled

  SetWindowPos

  DialogBoxParamW

  CheckDlgButton

  CreateWindowExW

  SystemParametersInfoW

  RegisterClassW

  SetDlgItemTextW

  GetDlgItemTextW

  MessageBoxIndirectW

  CharNextA

  CharUpperW

  CharPrevW

  wvsprintfW

  DispatchMessageW

  PeekMessageW

  wsprintfA

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  wsprintfW

  SendMessageTimeoutW

  LoadCursorW

  SetCursor

  GetWindowLongW

  GetSysColor

  CharNextW

  GetClassInfoW

  ExitWindowsEx

  IsWindow

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  EndPaint

  FindWindowExW

  gdi32

  SetBkColor

  GetDeviceCaps

  DeleteObject

  CreateBrushIndirect

  CreateFontIndirectW

  SetBkMode

  SetTextColor

  SelectObject

  shell32

  SHBrowseForFolderW

  SHGetPathFromIDListW

  SHGetFileInfoW

  ShellExecuteW

  SHFileOperationW

  SHGetSpecialFolderLocation

  advapi32

  RegEnumKeyW

  RegOpenKeyExW

  RegCloseKey

  RegDeleteKeyW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegQueryValueExW

  RegEnumValueW

  comctl32

  ImageList_AddMasked

  ImageList_Destroy

  ord17

  ImageList_Create

  ole32

  CoTaskMemFree

  OleInitialize

  OleUninitialize

  CoCreateInstance

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  Sections

  .text

  Size: 29KB - Virtual size: 28KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 458KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 724KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 155KB - Virtual size: 154KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/Sibuia.dll

  .dll windows:6 windows x86 arch:x86

  bae215655125f85f024711e789c27fe4

  
  

  Code Sign

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  27-04-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49

  Certificate

  Issuer

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  03:11:c1:64:07:d7:69:22:7e:af:c4:3e:26:87:3a:bd

  Certificate

  Issuer

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  21-04-2018 00:00

  Not After

  20-04-2020 23:59

  Subject

  CN=APREL Tehnologija d.o.o.,O=APREL Tehnologija d.o.o.,POSTALCODE=1000,STREET=Tacenska cesta 125c,L=Ljubljana,ST=Central Slovenia,C=SI

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09-05-2013 00:00

  Not After

  08-05-2028 23:59

  Subject

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  4b:de:50:cd:9e:7b:41:42:4e:a9:5a:50:c2:b8:1f:79:c3:6c:d3:31

  Signer

  Actual PE Digest

  4b:de:50:cd:9e:7b:41:42:4e:a9:5a:50:c2:b8:1f:79:c3:6c:d3:31

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  C:\Users\DevUser\source\repos\Sibl\Release\Sibuia.pdb

  Imports

  kernel32

  GetFileTime

  SystemTimeToTzSpecificLocalTime

  GlobalFlags

  GetCurrentDirectoryW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  InitializeSListHead

  WriteConsoleW

  ReadConsoleW

  GetStringTypeW

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCPInfo

  GetOEMCP

  IsValidCodePage

  GetFileAttributesExW

  GetTimeZoneInformation

  SetStdHandle

  SetFilePointerEx

  GetConsoleMode

  GetConsoleCP

  GetStdHandle

  ExitProcess

  GetCommandLineW

  GetCommandLineA

  HeapQueryInformation

  GetModuleHandleExW

  FreeLibraryAndExitThread

  GetFileType

  GetDriveTypeW

  InterlockedFlushSList

  RtlUnwind

  MoveFileExW

  FindNextFileW

  RemoveDirectoryW

  CreateDirectoryW

  LCMapStringW

  lstrlenW

  OutputDebugStringW

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  ResumeThread

  CreateEventW

  SetErrorMode

  LocalReAlloc

  LocalAlloc

  GlobalHandle

  GlobalReAlloc

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSection

  CompareStringW

  GlobalFindAtomW

  GlobalAddAtomW

  lstrcmpW

  GlobalDeleteAtom

  GetSystemDirectoryW

  EncodePointer

  GetCurrentProcessId

  GetFileSizeEx

  lstrcmpA

  LoadLibraryA

  LoadLibraryExW

  WriteFile

  UnlockFile

  SetEndOfFile

  LockFile

  GetVolumeInformationW

  GetFullPathNameW

  GetFileSize

  FlushFileBuffers

  FindFirstFileW

  FindClose

  GetModuleHandleA

  InitializeCriticalSectionAndSpinCount

  LeaveCriticalSection

  EnterCriticalSection

  SetLastError

  OutputDebugStringA

  GetACP

  DeleteCriticalSection

  DecodePointer

  HeapReAlloc

  HeapSize

  InitializeCriticalSectionEx

  GlobalFree

  ExitThread

  LocalFree

  FormatMessageW

  lstrcpynW

  RaiseException

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  VirtualFreeEx

  ReadProcessMemory

  WriteProcessMemory

  VirtualAllocEx

  OpenProcess

  MulDiv

  QueryInformationJobObject

  VirtualAlloc

  VirtualFree

  CreateThread

  GetVersionExW

  HeapFree

  GetProcessHeap

  HeapAlloc

  GetCurrentThread

  GetTempFileNameW

  GetTempPathW

  GetFileAttributesW

  SetFilePointer

  CreateFileW

  FreeLibrary

  LoadLibraryW

  WideCharToMultiByte

  TerminateProcess

  Sleep

  AssignProcessToJobObject

  CreateJobObjectW

  GetCurrentThreadId

  ExpandEnvironmentStringsW

  SetFileAttributesW

  SetFileTime

  CopyFileW

  SetCurrentDirectoryW

  MultiByteToWideChar

  DuplicateHandle

  GetExitCodeProcess

  WaitForSingleObject

  CreateProcessW

  DeleteFileW

  ReadFile

  GetModuleHandleW

  GetProcAddress

  CloseHandle

  GetCurrentProcess

  GetModuleFileNameW

  GetLastError

  FindResourceW

  LoadResource

  LockResource

  FindFirstFileExW

  SizeofResource

  user32

  GetMonitorInfoW

  MonitorFromWindow

  WinHelpW

  LoadIconW

  CallNextHookEx

  UnhookWindowsHookEx

  SetWindowsHookExW

  GetTopWindow

  GetClassNameW

  GetClassLongW

  SetWindowLongW

  PtInRect

  GetSysColor

  MapWindowPoints

  AdjustWindowRectEx

  GetWindowRect

  RemovePropW

  GetPropW

  SetPropW

  RedrawWindow

  ValidateRect

  EndPaint

  BeginPaint

  SetForegroundWindow

  GetForegroundWindow

  SetMenu

  GetMenu

  GetCapture

  GetKeyState

  GetThreadDesktop

  GetFocus

  GetDlgCtrlID

  IsIconic

  EndDeferWindowPos

  DeferWindowPos

  BeginDeferWindowPos

  IsMenu

  IsWindow

  GetClassInfoW

  RegisterClassW

  CallWindowProcW

  GetMessageTime

  GetMessagePos

  PeekMessageW

  DispatchMessageW

  RegisterWindowMessageW

  GetWindow

  GetWindowTextW

  GetScrollPos

  GetLastActivePopup

  GetWindowLongW

  SetWindowTextW

  GetDC

  ReleaseDC

  GetSysColorBrush

  LoadCursorW

  DrawTextW

  DrawTextExW

  GrayStringW

  TabbedTextOutW

  CreateDesktopW

  SetThreadDesktop

  CloseDesktop

  DestroyWindow

  CreateWindowExW

  DefWindowProcW

  ShowWindow

  CopyRect

  SetWindowPos

  GetWindowThreadProcessId

  IsWindowVisible

  EnumWindows

  ScreenToClient

  PostMessageW

  GetClientRect

  SendMessageW

  ClientToScreen

  OpenClipboard

  EmptyClipboard

  SetClipboardData

  CloseClipboard

  MessageBoxW

  FindWindowExW

  SetDlgItemTextW

  GetDlgItem

  wsprintfW

  UnregisterClassW

  SetRectEmpty

  OffsetRect

  GetParent

  RealChildWindowFromPoint

  DestroyMenu

  CheckMenuItem

  EnableMenuItem

  SetMenuItemBitmaps

  GetMenuCheckMarkDimensions

  SetMenuItemInfoW

  LoadBitmapW

  PostQuitMessage

  GetSubMenu

  GetMenuItemID

  GetMenuItemCount

  CharUpperW

  GetSystemMetrics

  EnableWindow

  IsWindowEnabled

  GetClassInfoExW

  gdi32

  PtVisible

  RectVisible

  RestoreDC

  SaveDC

  SelectObject

  SetMapMode

  TextOutW

  ExtTextOutW

  SetViewportExtEx

  SetViewportOrgEx

  SetWindowExtEx

  OffsetViewportOrgEx

  ScaleViewportExtEx

  ScaleWindowExtEx

  GetStockObject

  GetClipBox

  Escape

  DeleteObject

  CreateBitmap

  SetTextColor

  SetBkColor

  GetDeviceCaps

  DeleteDC

  winspool.drv

  OpenPrinterW

  DocumentPropertiesW

  ClosePrinter

  advapi32

  CopySid

  GetLengthSid

  GetTokenInformation

  OpenThreadToken

  DeregisterEventSource

  ReportEventW

  RegisterEventSourceW

  RegUnLoadKeyW

  RegLoadKeyW

  RegQueryValueExW

  RegEnumKeyExW

  RegQueryInfoKeyW

  RegOpenKeyExW

  RegCloseKey

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  shell32

  SHGetFolderPathW

  ord51

  shlwapi

  PathFindFileNameW

  UrlUnescapeW

  PathFileExistsW

  PathIsUNCW

  PathFindExtensionW

  PathStripToRootW

  PathMatchSpecW

  ole32

  CoUninitialize

  CoCreateInstance

  CoInitializeEx

  CoInitialize

  oleaut32

  SysAllocString

  SysFreeString

  SafeArrayCreateVector

  SafeArrayPutElement

  VariantChangeType

  VarBstrFromDate

  SystemTimeToVariantTime

  VariantTimeToSystemTime

  SysAllocStringLen

  SafeArrayDestroy

  VariantClear

  VariantInit

  rpcrt4

  UuidToStringW

  RpcStringFreeW

  UuidCreate

  winhttp

  WinHttpCloseHandle

  WinHttpQueryHeaders

  WinHttpReceiveResponse

  WinHttpReadData

  WinHttpOpenRequest

  WinHttpConnect

  WinHttpSetOption

  WinHttpOpen

  WinHttpCrackUrl

  WinHttpQueryDataAvailable

  WinHttpSendRequest

  ws2_32

  freeaddrinfo

  connect

  WSAStartup

  socket

  getaddrinfo

  WSACleanup

  closesocket

  WSAGetLastError

  send

  oleacc

  CreateStdAccessibleObject

  LresultFromObject

  Exports

  Exports

  install

  uninstall

  Sections

  .text

  Size: 394KB - Virtual size: 394KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 86KB - Virtual size: 86KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 18KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ