9572d5ab474a7b720b89b193c7450de4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9572d5ab474a7b720b89b193c7450de4_JaffaCakes118
Size

65KB
MD5

9572d5ab474a7b720b89b193c7450de4
SHA1

39aa6cff534098e7eb51648af0ce632de343cd6f
SHA256

cab2bc434164fbc168f28cecb8bde9ae472b11c552f1e92b0a371606210133da
SHA512

9a77f3fa4c411d527f834b651fd5c5f4931acf37fe690301f3a0fcc07e39fc3314a76d3a28ba5dee430a6f3f94908ae5ad401b2376126fabb14ad6fff4d533d7
SSDEEP

1536:4ZRubFAWnYa4zJTrE5A1OnFPcuGbB/5qyKp43Pa2/Z3MLj:OIhnYaYsA1OnFcuGl/IyB3Pa1j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1363823/WebDraw.exe

Files

9572d5ab474a7b720b89b193c7450de4_JaffaCakes118
.rar
1363823/CntrItem.cpp
1363823/CntrItem.h
1363823/ConnectDlg.cpp
1363823/ConnectDlg.h
1363823/IpFrame.cpp
1363823/IpFrame.h
1363823/MainFrm.cpp
1363823/MainFrm.h
1363823/RES/IToolbar.bmp
1363823/RES/Toolbar.bmp
1363823/RES/WebDraw.ico
1363823/RES/WebDraw.rc2
1363823/RES/WebDrawDoc.ico
1363823/Resource.h
1363823/SrvrItem.cpp
1363823/SrvrItem.h
1363823/StdAfx.cpp
1363823/StdAfx.h
1363823/WebDraw.aps
1363823/WebDraw.clw
1363823/WebDraw.cpp
1363823/WebDraw.dsp
1363823/WebDraw.dsw
1363823/WebDraw.exe
.exe windows:4 windows x86 arch:x86

a5a2e526bd18c592ab458b9bcbb20530

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42d

ord2584
ord3691
ord2473
ord2341
ord2432
ord2481
ord2339
ord2682
ord3143
ord3144
ord3142
ord2431
ord3367
ord3784
ord3657
ord728
ord5051
ord1042
ord3382
ord1041
ord3369
ord1048
ord2103
ord1784
ord2412
ord4078
ord4081
ord3692
ord3575
ord2679
ord4021
ord973
ord2717
ord2223
ord2222
ord4756
ord3361
ord1365
ord3651
ord4174
ord1781
ord4118
ord5076
ord3618
ord2077
ord1309
ord1857
ord3069
ord3944
ord3666
ord2076
ord1566
ord5078
ord3002
ord4064
ord1344
ord1830
ord1631
ord4205
ord2585
ord3786
ord3661
ord4492
ord697
ord516
ord1179
ord1855
ord2055
ord2054
ord3450
ord1656
ord450
ord4771
ord4183
ord1417
ord3530
ord4279
ord3429
ord4210
ord681
ord599
ord479
ord354
ord4689
ord1624
ord3685
ord1239
ord1969
ord470
ord877
ord4929
ord3779
ord3776
ord3774
ord3552
ord5077
ord3702
ord1880
ord1860
ord4415
ord3231
ord1033
ord4130
ord1789
ord2661
ord4227
ord4229
ord2104
ord3366
ord3826
ord4239
ord4215
ord4408
ord2021
ord719
ord2340
ord706
ord528
ord1886
ord5065
ord4951
ord4228
ord567
ord4143
ord308
ord4295
ord2063
ord996
ord4846
ord4607
ord468
ord3446
ord4820
ord2052
ord1135
ord4195
ord3629
ord3948
ord4017
ord3831
ord1862
ord4753
ord3362
ord1364
ord4176
ord4208
ord2078
ord1310
ord3670
ord4191
ord3658
ord1952
ord1228
ord2875
ord317
ord574
ord3524
ord5058
ord1858
ord1876
ord4304
ord2484
ord3636
ord2753
ord2509
ord4749
ord3373
ord4901
ord3785
ord3778
ord3777
ord1490
ord3551
ord3305
ord3758
ord4068
ord3611
ord3616
ord3970
ord3729
ord3739
ord3738
ord3726
ord3728
ord3725
ord4004
ord4002
ord4175
ord4216
ord3001
ord1343
ord3664
ord704
ord422
ord526
ord4190
ord1066
ord3836
ord1871
ord3978
ord3716
ord2084
ord1408
ord1172
ord282
ord1313
ord1183
ord4015
ord4653
ord4036
ord1284
ord2020
ord550
ord284
ord880
ord684
ord1136
ord562
ord648
ord3415
ord3570
ord4460
ord415
ord302
ord3867
ord730
ord3870
ord736
ord492
ord1772
ord4268
ord1285
ord2986
ord3889
ord1100
ord1190

msvcrtd

_acmdln
_XcptFilter
??3@YAXPAX@Z
__CxxFrameHandler
_chkesp
__dllonexit
_onexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
exit
??1type_info@@UAE@XZ
_exit
_setmbcp

kernel32

GetModuleHandleA
GetStartupInfoA
MultiByteToWideChar

user32

wsprintfA

mfco42d

ord2607
ord2067
ord1690
ord2550
ord2283
ord1380
ord1377
ord2975
ord1697
ord1665
ord1002
ord350
ord1225
ord598
ord1078
ord1174
ord1435
ord1164
ord1379
ord971
ord1637
ord1010
ord3162
ord2755
ord1698
ord2264
ord949
ord1396
ord1482
ord1425
ord2803
ord2572
ord2623
ord2501
ord2564
ord2404
ord2376
ord2266
ord2197
ord2358
ord2575
ord2268
ord2277
ord2538
ord2367
ord753
ord1028
ord2356
ord1239
ord2780
ord2937
ord2066
ord1681
ord344
ord592
ord2220
ord1574
ord2224
ord1580
ord2269
ord2868
ord934
ord2085
ord983
ord873
ord1266
ord970
ord2157
ord2523
ord1663
ord1188
ord922
ord2566
ord2805
ord2258
ord2760
ord2127
ord2682
ord595
ord591
ord359
ord347
ord343
ord607
ord2767
ord1040
ord2254
ord877
ord1271
ord957
ord2536
ord1740
ord2557
ord2507
ord2512
ord2517
ord2394
ord2378
ord2459
ord2570
ord2625
ord2491
ord2357
ord2479
ord2481
ord2559
ord2294
ord2335
ord2574
ord1283
ord2342
ord286
ord555
ord2089
ord2364
ord1248
ord1771
ord869
ord1260
ord1575
ord369
ord603
ord3147
ord2772
ord1014
ord798
ord809
ord2308
ord2617
ord2303
ord2630
ord2635
ord2636
ord2161
ord2535
ord2464
ord2439
ord1611
ord2527
ord1186
ord1075
ord2573
ord2280
ord2351
ord2496
ord2563
ord2270
ord2267
ord887
ord1553
ord2561
ord2237
ord2615
ord2773
ord2343
ord2369
ord2852
ord2130
ord1510
ord1751
ord2578
ord1809
ord3140
ord2797
ord770
ord1774
ord1913
ord1659
ord2382
ord3011
ord1554
ord2674
ord2846
ord938
ord2804
ord2242
ord2534
ord2463
ord1176
ord1303
ord1669
ord1689
ord2244
ord609
ord366
ord2438
ord285
ord2870

ole32

CoCreateInstanceEx
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocStringLen

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1363823/WebDraw.h
1363823/WebDraw.ncb
1363823/WebDraw.opt
1363823/WebDraw.plg
.html
1363823/WebDraw.rc
1363823/WebDraw.reg
1363823/WebDrawDoc.cpp
1363823/WebDrawDoc.h
1363823/WebDrawView.cpp
.js
1363823/WebDrawView.h
1363823/下载说明.htm
.html .js polyglot
1363823/无标题.drw

Sharing

General

Malware Config

Signatures

Files

a5a2e526bd18c592ab458b9bcbb20530

Headers

File Characteristics

Imports

mfc42d

msvcrtd

kernel32

user32

mfco42d

ole32

oleaut32

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 4KB - Virtual size: 3KB