776a21be03b77fa1d890e5acf933787c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

776a21be03b77fa1d890e5acf933787c_JaffaCakes118
Size

5.4MB
MD5

776a21be03b77fa1d890e5acf933787c
SHA1

bc84960b69ea5a0c8fa81dc6b4ca70679326ea20
SHA256

10b82355b66d21c1686c3eae30692064ef7b238af24e939dbde32bb060bb1ad8
SHA512

954713e0d66d7d306e3b7f11e458f58dd07c534c5cb50ca882ac6b7689c36e90bf764a72b093abae63cf3182edb698b63c419ee5d51f622ce2ca5fb9f429dd6c
SSDEEP

98304:CX284r9ZIx5KSEKdRLfKJNZ+e/iLL9EOCg09At/WwNECSkUUXWH6lqQypGP:CmPpQsSxCJNZ+e/iLz7mhkUUy60i

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/swfplayercopy/Debug/vcImage.exe
unpack001/swfplayercopy/Release/SearchSwf.exe
unpack001/swfplayercopy/Release/vcImage.exe

Files

776a21be03b77fa1d890e5acf933787c_JaffaCakes118
.rar
swfplayercopy/13_28.bmp
swfplayercopy/CFullScreen.cpp
swfplayercopy/CFullScreen.h
swfplayercopy/CIniFile.cpp
swfplayercopy/CIniFile.h
swfplayercopy/CInternetTemp.cpp
swfplayercopy/CInternetTemp.h
swfplayercopy/CRenameFile.cpp
swfplayercopy/CRenameFile.h
swfplayercopy/CoolB.cpp
swfplayercopy/CoolB.h
swfplayercopy/Debug/CFullScreen.obj
swfplayercopy/Debug/CIniFile.obj
swfplayercopy/Debug/CRenameFile.obj
swfplayercopy/Debug/CoolB.obj
swfplayercopy/Debug/StdAfx.obj
swfplayercopy/Debug/shockwaveflash.obj
swfplayercopy/Debug/vc60.idb
swfplayercopy/Debug/vc60.pdb
swfplayercopy/Debug/vcImage.exe
.exe windows:4 windows x86 arch:x86

737f1613b038893025e6208704e43eeb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42d

ord4216
ord1566
ord5078
ord3002
ord4064
ord1344
ord4191
ord1830
ord1631
ord4205
ord2340
ord2481
ord2584
ord3691
ord2473
ord2585
ord2341
ord2432
ord2339
ord3143
ord3144
ord3142
ord2431
ord3367
ord3786
ord3658
ord1952
ord1228
ord4492
ord2875
ord574
ord492
ord317
ord728
ord4756
ord3670
ord2076
ord1857
ord2716
ord3657
ord2024
ord1288
ord533
ord709
ord684
ord1757
ord3524
ord734
ord880
ord4931
ord1505
ord4388
ord3170
ord454
ord3831
ord3948
ord2790
ord3629
ord3845
ord2230
ord646
ord558
ord1809
ord2120
ord877
ord2324
ord4458
ord1729
ord298
ord413
ord1383
ord3640
ord1365
ord699
ord470
ord519
ord474
ord299
ord3553
ord1775
ord1896
ord449
ord1042
ord2208
ord1041
ord3563
ord1928
ord1929
ord5005
ord3377
ord1934
ord3598
ord4566
ord4814
ord5072
ord3201
ord3355
ord3174
ord1105
ord5065
ord3309
ord3632
ord3889
ord4586
ord4231
ord3867
ord3870
ord562
ord4932
ord3097
ord302
ord2995
ord4297
ord1032
ord1629
ord5064
ord972
ord1902
ord1316
ord865
ord4461
ord573
ord1639
ord316
ord3755
ord680
ord736
ord478
ord1772
ord5056
ord4934
ord4676
ord3432
ord1087
ord717
ord1494
ord3317
ord485
ord3803
ord3552
ord5077
ord1880
ord1860
ord4415
ord3231
ord1033
ord559
ord2661
ord1310
ord3944
ord2104
ord3366
ord3826
ord4239
ord4215
ord4408
ord3784
ord2021
ord1285
ord2986
ord706
ord528
ord567
ord4143
ord308
ord2052
ord677
ord619
ord612
ord3702
ord4130
ord374
ord382
ord4195
ord721
ord714
ord4170
ord2593
ord812
ord3517
ord823
ord3481
ord4405
ord487
ord2435
ord4682
ord1603
ord4606
ord3282
ord4645
ord1886
ord1096
ord1212
ord3447
ord3070
ord4053
ord4951
ord3960
ord1906
ord4475
ord2993
ord3365
ord2069
ord4793
ord4805
ord4806
ord4669
ord2619
ord4896
ord3400
ord4061
ord2806
ord2747
ord632
ord5011
ord3068
ord3436
ord398
ord422
ord1805
ord3024
ord2508
ord2799
ord945
ord944
ord850
ord2640
ord1863
ord343
ord3573
ord4811
ord556
ord4741
ord2474
ord1370
ord3421
ord293
ord1808
ord2673
ord2671
ord5048
ord4720
ord2168
ord4716
ord3286
ord3862
ord3477
ord2409
ord668
ord1834
ord4933
ord879
ord1535
ord1727
ord1725
ord459
ord5015
ord1510
ord2636
ord4123
ord2488
ord590
ord2749
ord3048
ord342
ord593
ord2637
ord2489
ord3554
ord2129
ord2492
ord3338
ord2142
ord2133
ord345
ord554
ord1509
ord2044
ord5100
ord943
ord290
ord341
ord1788
ord3555
ord4269
ord4376
ord5018
ord1546
ord2487
ord4651
ord1790
ord5082
ord5080
ord3651
ord1364
ord3362
ord4753
ord1862
ord4017
ord3069
ord3618
ord2078
ord4208
ord1781
ord5076
ord4118
ord4227
ord4176
ord4229
ord1789
ord475
ord1190
ord1100

msvcrtd

_except_handler3
_initterm
__getmainargs
_acmdln
__set_app_type
_controlfp
__p__fmode
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
memset
strcmp
memcpy
_adjust_fdiv
__p__commode
exit
_XcptFilter
__setusermatherr
__CxxFrameHandler
_setmbcp
_chkesp
strcat
strcpy
atoi
_ftol

kernel32

GetLastError
GetPrivateProfileSectionA
GetFileAttributesA
GetPrivateProfileStringA
GlobalAddAtomA
WritePrivateProfileStringA
GetCurrentDirectoryA
GetModuleHandleA
GetStartupInfoA
WritePrivateProfileSectionA
CreateMutexA

user32

RegisterHotKey
GetCursorPos
LoadImageA
ReleaseCapture
LoadAcceleratorsA
TranslateAcceleratorA
GetIconInfo
GetSysColor
DestroyIcon
LoadIconA
GetSystemMetrics
MessageBoxA

gdi32

DeleteObject
GetObjectA
SetPixel
GetPixel
CreateCompatibleBitmap

shell32

Shell_NotifyIconA
SHGetMalloc
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
DragFinish
DragQueryFileA

mfco42d

ord1055
ord798

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swfplayercopy/Debug/vcImage.ilk
swfplayercopy/Debug/vcImage.obj
swfplayercopy/Debug/vcImage.pch
swfplayercopy/Debug/vcImage.pdb
swfplayercopy/Debug/vcImage.res
swfplayercopy/Debug/vcImageDlg.obj
swfplayercopy/Flash16.ico
swfplayercopy/Flash1616.bmp
swfplayercopy/Flash32.ico
swfplayercopy/Flash3216.ico
swfplayercopy/Play.bmp
swfplayercopy/Release/CFullScreen.obj
swfplayercopy/Release/CIniFile.obj
swfplayercopy/Release/CInternetTemp.obj
swfplayercopy/Release/CRenameFile.obj
swfplayercopy/Release/CoolB.obj
swfplayercopy/Release/FINDFILE.AVI
swfplayercopy/Release/SearchSwf.exe
.exe windows:4 windows x86 arch:x86

fc0ec376b9cdfc754d221b0533c668b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3346
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord602
ord800
ord2514
ord2621
ord6055
ord1776
ord5290
ord3402
ord3567
ord5265
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord2396
ord5300
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord1168
ord860
ord4673
ord567
ord324
ord2289
ord2370
ord2301
ord2302
ord4234
ord6334
ord823
ord4710
ord2379
ord755
ord470
ord2645
ord4224
ord2642
ord3092
ord941
ord940
ord537
ord668
ord3181
ord1980
ord858
ord3319
ord3178
ord4058
ord2781
ord2770
ord356
ord939
ord535
ord3922
ord5199
ord1089
ord2554
ord5731
ord2512
ord4274
ord4486
ord6375
ord3798
ord4837
ord540
ord1576

msvcrt

__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
__p__fmode
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
atoi
__CxxFrameHandler
__p__commode
_setmbcp

kernel32

GetPrivateProfileSectionA
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetCurrentDirectoryA
DeleteFileA
CopyFileA
CreateDirectoryA
GetStartupInfoA
GetModuleHandleA

user32

GetSystemMetrics
GetClientRect
TranslateMessage
DispatchMessageA
IsIconic
DrawIcon
SendMessageA
PeekMessageA
EnableWindow
LoadIconA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
swfplayercopy/Release/StdAfx.obj
swfplayercopy/Release/StdAfx.sbr
swfplayercopy/Release/default.swfl
swfplayercopy/Release/shockwaveflash.obj
swfplayercopy/Release/tSwfDir.ini
swfplayercopy/Release/vc60.idb
swfplayercopy/Release/vcImage.bsc
swfplayercopy/Release/vcImage.exe
.exe windows:4 windows x86 arch:x86

a8e5d047eb85082807a66ed19649a150

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2446
ord2124
ord5277
ord5261
ord2982
ord3147
ord3259
ord4465
ord3136
ord5065
ord1727
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord2985
ord3262
ord3597
ord567
ord324
ord2135
ord825
ord818
ord800
ord2302
ord4234
ord858
ord6195
ord6605
ord5655
ord4710
ord4853
ord2864
ord4376
ord2379
ord3663
ord3573
ord3626
ord755
ord641
ord540
ord1641
ord470
ord2414
ord2575
ord3574
ord4396
ord609
ord556
ord809
ord4275
ord2567
ord2859
ord4284
ord5875
ord3874
ord1168
ord613
ord6197
ord289
ord1088
ord2122
ord6358
ord640
ord1640
ord323
ord3721
ord795
ord860
ord2370
ord6334
ord6199
ord1146
ord823
ord1949
ord4034
ord535
ord4673
ord4274
ord6375
ord2554
ord2512
ord5731
ord3922
ord1089
ord2396
ord3346
ord5787
ord1795
ord2725
ord4079
ord4698
ord5307
ord5289
ord6376
ord3749
ord3738
ord815
ord561
ord617
ord790
ord693
ord686
ord5214
ord296
ord2621
ord1134
ord4486
ord5199
ord3716
ord2582
ord4402
ord3370
ord3640
ord384
ord4224
ord4202
ord5710
ord537
ord3092
ord2862
ord2097
ord2558
ord4160
ord2863
ord6215
ord2645
ord3301
ord4220
ord6055
ord3654
ord2438
ord6270
ord1644
ord3499
ord941
ord940
ord2515
ord355
ord4299
ord3571
ord3138
ord6907
ord2818
ord6905
ord3998
ord3706
ord2452
ord3126
ord6928
ord665
ord1979
ord3318
ord5186
ord3177
ord3452
ord354
ord668
ord3319
ord3178
ord4277
ord2764
ord3181
ord2781
ord2770
ord356
ord603
ord1969
ord2614
ord6404
ord939
ord273
ord353
ord6648
ord4278
ord5461
ord5645
ord6930
ord3176
ord6380
ord6378
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord5265
ord4424
ord3402
ord5290
ord1776
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord5714
ord4622
ord5300
ord5302
ord2584
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_controlfp
_exit
__CxxFrameHandler
_mbscmp
atoi
_ftol
__dllonexit
_onexit
??1type_info@@UAE@XZ
_setmbcp
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

kernel32

GetFileAttributesA
GetPrivateProfileStringA
CreateMutexA
GetLastError
GlobalAddAtomA
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetModuleHandleA
GetStartupInfoA
GetCurrentDirectoryA
GetPrivateProfileSectionA
Sleep

user32

PostMessageA
RegisterHotKey
LoadAcceleratorsA
AppendMenuA
MessageBoxA
GetSystemMenu
DrawIcon
IsIconic
SetTimer
GetSystemMetrics
GetSubMenu
DrawFocusRect
UpdateWindow
SetRect
SetMenuItemBitmaps
CheckMenuItem
LoadBitmapA
DeleteMenu
SendMessageA
LoadIconA
SetForegroundWindow
GetDC
SetWindowRgn
TranslateAcceleratorA
LoadImageA
GetIconInfo
SetRectEmpty
OffsetRect
IsRectEmpty
DrawStateA
CopyRect
GetSysColor
InflateRect
DestroyIcon
EnableWindow
GetClientRect
FillRect
GetActiveWindow
GetParent
ReleaseCapture
PtInRect
SetCapture
GetMenuItemCount
InvalidateRect
GetMenu
GetCursorPos
GetWindowRect
LoadMenuA
KillTimer

gdi32

BitBlt
CreateSolidBrush
DeleteObject
GetObjectA
GetTextExtentPoint32A
SetPixel
GetPixel
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
LPtoDP
CombineRgn
CreateRoundRectRgn
CreateRectRgn

shell32

ShellExecuteExA
SHGetMalloc
DragFinish
SHGetPathFromIDListA
Shell_NotifyIconA
SHBrowseForFolderA
DragQueryFileA

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swfplayercopy/Release/vcImage.ilk
swfplayercopy/Release/vcImage.obj
swfplayercopy/Release/vcImage.pch
swfplayercopy/Release/vcImage.res
swfplayercopy/Release/vcImageDlg.obj
swfplayercopy/SAFlashPlayer16.bmp
swfplayercopy/SAFlashPlayer16.ico
swfplayercopy/SAFlashPlayer32.ico
swfplayercopy/StdAfx.cpp
swfplayercopy/StdAfx.h
swfplayercopy/SwfList.swfl
swfplayercopy/backwardgo.bmp
swfplayercopy/bitmap1.bmp
swfplayercopy/bwbj.bmp
swfplayercopy/comm.bmp
swfplayercopy/csnfilex.cpp
swfplayercopy/csnfilex.h
swfplayercopy/default.swfl
swfplayercopy/end.bmp
swfplayercopy/font.cpp
swfplayercopy/font.h
swfplayercopy/forwardgo.bmp
swfplayercopy/ico00001.ico
swfplayercopy/icon1.ico
swfplayercopy/icon2.ico
swfplayercopy/mplay.bmp
swfplayercopy/res/vcImage.ico
swfplayercopy/res/vcImage.rc2
swfplayercopy/resource.h
swfplayercopy/resource.h.bak
swfplayercopy/shockwaveflash.cpp
swfplayercopy/shockwaveflash.h
swfplayercopy/start.bmp
swfplayercopy/stop.bmp
swfplayercopy/tSwfDir.ini
swfplayercopy/tempstop.bmp
swfplayercopy/vcImage.aps
swfplayercopy/vcImage.clw
swfplayercopy/vcImage.cpp
swfplayercopy/vcImage.dep
swfplayercopy/vcImage.dsp
swfplayercopy/vcImage.dsw
swfplayercopy/vcImage.h
swfplayercopy/vcImage.mak
swfplayercopy/vcImage.ncb
swfplayercopy/vcImage.opt
.js
swfplayercopy/vcImage.plg
.html
swfplayercopy/vcImage.rc
swfplayercopy/vcImageDlg.cpp
.js
swfplayercopy/vcImageDlg.h
swfplayercopy/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

737f1613b038893025e6208704e43eeb

Headers

File Characteristics

Imports

mfc42d

msvcrtd

kernel32

user32

gdi32

shell32

mfco42d

Sections

.text Size: 136KB - Virtual size: 136KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 96KB - Virtual size: 94KB

.reloc Size: 8KB - Virtual size: 8KB

fc0ec376b9cdfc754d221b0533c668b0

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

shell32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 28KB

a8e5d047eb85082807a66ed19649a150

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 96KB - Virtual size: 94KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 136KB - Virtual size: 136KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 96KB - Virtual size: 94KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 96KB - Virtual size: 94KB

.reloc
Size: 8KB - Virtual size: 5KB