3653e889d90c065830709937502fb037_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3653e889d90c065830709937502fb037_JaffaCakes118
Size

182KB
MD5

3653e889d90c065830709937502fb037
SHA1

aa8a6ab09b3f51547503f75f4cee988152e3231f
SHA256

9024f082f8098105ae2896897abc34127be24a5bc2648b6211818009efd6340a
SHA512

1e6656477a1cfd9cdb8c8db56d282ffbd9998d85575dcf1795fcd6d676ea872826264579fb1226b829fa445bd78ca2cf0dc99e0abc9a030ec17e4b1f4b6c961a
SSDEEP

3072:YeOuXwWSQ43zxm2pCQ+wS8uKMrri65durt8AVNmSTx2rED2qWD3VOD31JuC4iLRL:Yy43ZnWPHRdet8AVNmSt2RID31DRLRpF

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cvery.comvc61644626264/0008.exe
unpack001/cvery.comvc61644626264/CWPrintOcx.ocx

Files

3653e889d90c065830709937502fb037_JaffaCakes118
.rar
cvery.comvc61644626264/0008.clw
cvery.comvc61644626264/0008.cpp
cvery.comvc61644626264/0008.dsp
cvery.comvc61644626264/0008.dsw
cvery.comvc61644626264/0008.exe
.exe windows:4 windows x86 arch:x86

ae736bf4a722ed8ecbc84f0c76dc1205

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4079
ord2396
ord3346
ord5300
ord5302
ord1089
ord5199
ord4698
ord5307
ord5289
ord5714
ord2982
ord2725
ord3147
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3259
ord561
ord3738
ord815
ord641
ord818
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord825
ord5065
ord1727
ord3922
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord6055
ord1776
ord5290
ord3402
ord1146
ord4673
ord567
ord2135
ord2302
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord2915
ord2818
ord939
ord858
ord924
ord3337
ord3811
ord823
ord1949
ord4034
ord4396
ord3574
ord609
ord4275
ord3573
ord3693
ord3626
ord3663
ord2414
ord3920
ord5788
ord1641
ord5787
ord2380
ord3874
ord5875
ord2859
ord4133
ord4297
ord2567
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5261
ord3749
ord1168
ord1576

msvcrt

_setmbcp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_initterm
__getmainargs
_acmdln
__dllonexit
_onexit
__CxxFrameHandler
_XcptFilter
_adjust_fdiv
__setusermatherr
exit
_exit

kernel32

GetModuleHandleA
GetStartupInfoA

user32

IsIconic
InvalidateRect
GetWindowLongA
GetSystemMetrics
SendMessageA
GetSystemMenu
AppendMenuA
EnableWindow
LoadIconA
CopyRect
DrawIcon
GetClientRect

gdi32

GetStockObject
CreatePen
RoundRect

comctl32

_TrackMouseEvent

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comvc61644626264/0008.h
cvery.comvc61644626264/0008.rc
cvery.comvc61644626264/0008Dlg.cpp
cvery.comvc61644626264/0008Dlg.h
cvery.comvc61644626264/CWPrintOcx.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

9cbc34ac13e07250bfa989814e145b5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2648
ord2055
ord6376
ord4436
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord796
ord674
ord554
ord529
ord366
ord825
ord807
ord6000
ord2117
ord5852
ord6215
ord2258
ord4457
ord1233
ord5252
ord4427
ord1168
ord823
ord4589
ord5076
ord4341
ord4349
ord4723
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord4078
ord5240
ord5290
ord4441
ord3748
ord1725
ord4432
ord5261
ord755
ord470
ord3619
ord3626
ord3663
ord4899
ord2414
ord4133
ord4297
ord800
ord537
ord1641
ord4613
ord3078
ord3517
ord4464
ord2379
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord4424
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord6467
ord1227
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord3798
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord1665
ord4837
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord5241
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord2860
ord2541
ord4949
ord1842
ord2514
ord324
ord2915
ord2818
ord540
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord4713
ord6052
ord1775
ord6371
ord5286
ord4438
ord3279
ord4625
ord4425
ord449
ord746
ord2278
ord858
ord2820
ord3811
ord3698
ord567
ord765
ord4275
ord3573
ord5875
ord6172
ord3571
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord640
ord6194
ord5785
ord1640
ord323
ord4710
ord5280
ord3597
ord4234
ord2575
ord4396
ord3402
ord3574
ord2582
ord4402
ord3370
ord3640
ord693
ord609
ord1146
ord860
ord3790
ord2302
ord4299
ord3797
ord4160
ord2863
ord6199
ord2092
ord5484
ord6907
ord6007
ord3998
ord3996
ord535
ord1200
ord3286
ord1105
ord6453
ord4224
ord3499
ord2515
ord355
ord1175
ord5440
ord6383
ord5450
ord6394
ord3302
ord1920
ord4370
ord5260
ord517
ord784
ord4262
ord3092
ord2535
ord1199
ord484
ord6090
ord2884
ord2087
ord327
ord2233
ord3495
ord4588
ord1904
ord4515
ord5228
ord1721
ord4892
ord4887
ord480
ord761
ord4256
ord4535
ord4348
ord4407
ord1776
ord4077
ord6055
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord4303
ord4467
ord5103
ord5100
ord3059
ord2390
ord2723
ord4242
ord4353
ord2649
ord5282
ord2385
ord6374
ord5163
ord4409
ord5237
ord4603
ord4636
ord641
ord1577
ord269
ord1182
ord600
ord1578
ord826
ord1131
ord1132
ord1116
ord1176
ord1575
ord1253
ord342
ord1243
ord1197
ord1570
ord1255

msvcrt

free
_initterm
??1type_info@@UAE@XZ
malloc
_adjust_fdiv
fwrite
memmove
_sopen
_chsize
_write
_stricmp
_read
_close
_onexit
__dllonexit
_ismbcdigit
_ftol
fopen
localtime
fclose
_errno
sprintf
_locking
atoi
atof
time
_lseek
difftime
__CxxFrameHandler

kernel32

GetCurrentDirectoryA
CopyFileA
lstrcpyA
DeleteFileA
lstrlenA
lstrcmpA
Sleep
LocalAlloc
LocalFree
SetCurrentDirectoryA

user32

InvalidateRect
DrawIcon
GetSystemMenu
AppendMenuA
GetDesktopWindow
GetWindowRect
SetTimer
LoadIconA
GrayStringA
DrawTextA
TabbedTextOutA
GetClientRect
SetRect
SendMessageA
GetSysColor
FillRect
KillTimer
UpdateWindow
IsIconic
GetSystemMetrics
EnableWindow
LoadCursorA

gdi32

GetCurrentObject
GetObjectA
CreateFontIndirectA
GetDeviceCaps
GetStockObject
CreateSolidBrush
CreateCompatibleBitmap
Ellipse
CreateCompatibleDC
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
BitBlt

comctl32

_TrackMouseEvent

oleaut32

LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cvery.comvc61644626264/StdAfx.cpp
cvery.comvc61644626264/StdAfx.h
cvery.comvc61644626264/XPButton.cpp
cvery.comvc61644626264/XPButton.h
cvery.comvc61644626264/cwprintocx.cpp
cvery.comvc61644626264/cwprintocx.h
cvery.comvc61644626264/res/0008.ico
cvery.comvc61644626264/res/0008.rc2
cvery.comvc61644626264/resource.h
cvery.comvc61644626264/下载说明.htm
.html .js polyglot
cvery.comvc61644626264/申请说明.doc
.doc windows office2003
cvery.comvc61644626264/说明.txt

Sharing

General

Malware Config

Signatures

Files

ae736bf4a722ed8ecbc84f0c76dc1205

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comctl32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 744B

.rsrc Size: 4KB - Virtual size: 2KB

9cbc34ac13e07250bfa989814e145b5b

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comctl32

oleaut32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 744B

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 5KB