b2f15e01ef413617c05fbcd9c6ecba8f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2f15e01ef413617c05fbcd9c6ecba8f_JaffaCakes118
Size

488KB
MD5

b2f15e01ef413617c05fbcd9c6ecba8f
SHA1

fc89ca3aa081d1389a7b220266fedd4793435e04
SHA256

e1eb948dd8c84f6bac96fe4efec077f45ad508d962b2860bac479b008c8dce78
SHA512

42f6f7ddaba8bde7a0e4ec906065fd4c7da38915e3614e5209900c109731ab0ec5587e889ca75ece83ba7f8a75f03d14a5b8c5429b5dcb27373f7158b30716b7
SSDEEP

12288:AaxAYriyq45BkdGKhZR4Z7VLwDgTXhAFxmeIEdO:Hh0SZVsg7iFceldO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2f15e01ef413617c05fbcd9c6ecba8f_JaffaCakes118

Files

b2f15e01ef413617c05fbcd9c6ecba8f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e568951b38f9a86aa8df3c03a4782ed1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\longliang20080818(勿动)\C133\代码\Utps v100r001b002d03sp32c133\utps C133\solution\win32\UpdateUI\Release\UpdateUI.pdb

Imports

wininet

InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetGetLastResponseInfoW
HttpQueryInfoW
InternetOpenW
InternetSetOptionW
HttpSendRequestW
InternetErrorDlg
InternetReadFile

winmm

timeGetTime

skinmagicu

ord3
ord1
ord2
ord8

mfc71u

ord776
ord2461
ord1079
ord2239
ord1472
ord3635
ord3435
ord5178
ord4206
ord4729
ord4884
ord1662
ord1661
ord1542
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord5199
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2856
ord4480
ord4256
ord620
ord1906
ord587
ord605
ord354
ord2086
ord1582
ord5911
ord1393
ord4234
ord5210
ord2985
ord3311
ord572
ord2077
ord1536
ord4226
ord3158
ord1545
ord3189
ord1785
ord5829
ord2155
ord1403
ord6063
ord4574
ord3756
ord3176
ord715
ord658
ord1058
ord2083
ord1632
ord1562
ord4232
ord2952
ord3224
ord1634
ord1572
ord3286
ord2651
ord4112
ord1386
ord3927
ord4026
ord1271
ord2365
ord4119
ord1894
ord5727
ord5609
ord4743
ord709
ord501
ord2895
ord2361
ord2788
ord6161
ord6086
ord5867
ord5869
ord2311
ord3869
ord3873
ord2867
ord2876
ord4101
ord5558
ord1479
ord282
ord2926
ord6111
ord290
ord3198
ord3204
ord1925
ord872
ord5559
ord5525
ord578
ord781
ord3991
ord2263
ord305
ord5484
ord1086
ord6159
ord287
ord3824
ord1049
ord5971
ord900
ord2011
ord757
ord566
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord3677
ord4535
ord265
ord266
ord283
ord293
ord2460
ord5398
ord5524
ord3990
ord774
ord280
ord896
ord899
ord870
ord577
ord762
ord764
ord741
ord1198

msvcr71

_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
_cexit
_XcptFilter
_exit
_c_exit
_wcsicmp
wcsncpy
wcstok
wcsrchr
wcscat
_itow
wcsncmp
_mktime64
time
localtime
wcscmp
_wtoi
wcscpy
exit
memmove
wcslen
memcpy
strcmp
??0exception@@QAE@ABQBD@Z
free
_except_handler3
swprintf
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strtol
strstr
strlen
strchr
fwrite
fopen
fseek
ftell
fread
fclose
_purecall
_CxxThrowException
??0exception@@QAE@ABV0@@Z
sprintf
__CxxFrameHandler
memset
strncmp

kernel32

GetVersionExA
EnterCriticalSection
ReadFile
CloseHandle
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateThread
TerminateThread
GetModuleFileNameW
GetLastError
lstrlenW
SetFileAttributesA
GetTempPathW
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GetPrivateProfileStringW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
FindResourceW
LeaveCriticalSection
LockResource
LoadResource
FindResourceExW
LoadLibraryA
CreateSemaphoreA
GetCommandLineW
CreateSemaphoreW
WritePrivateProfileStringW
CreateFileW
DeleteFileW
Sleep
SetFilePointer
SetFileAttributesW
GetFileSize
CopyFileW
GetFileAttributesW
GetExitCodeProcess
SetCurrentDirectoryW
CreateProcessW
CreateDirectoryW
GetModuleHandleW
LocalUnlock
LocalFree
LocalLock
LocalAlloc
GetModuleHandleA
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SizeofResource

user32

EnableMenuItem
CheckDlgButton
SetFocus
SetWindowPos
MoveWindow
GetParent
SetTimer
SetWindowTextW
EndDialog
WinHelpW
GetWindowTextW
RedrawWindow
DestroyIcon
LoadStringW
SystemParametersInfoW
SetRect
DrawTextW
GetDialogBaseUnits
BeginPaint
GetWindowLongW
GetClassNameW
GetActiveWindow
MessageBoxW
MessageBeep
GetPropW
KillTimer
PostQuitMessage
GetLastActivePopup
UpdateWindow
InvalidateRect
GetDC
GetClientRect
IsIconic
DrawIcon
GetSystemMetrics
GetWindowRect
GetSystemMenu
PostMessageW
AppendMenuW
SetPropA
LoadIconW
EnableWindow
GetWindow
IsWindow
GetPropA
SetForegroundWindow
SendMessageW
GetDesktopWindow
GetDlgItem
SetWindowLongW
DialogBoxIndirectParamW
EndPaint

gdi32

SelectObject
CreateFontW
DeleteDC
CreateFontIndirectW
CreateDCW
DeleteObject

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW

shell32

ShellExecuteExW
SHFileOperationW
CommandLineToArgvW

comctl32

ord17

shlwapi

PathFileExistsW

msvcp71

?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?width@ios_base@std@@QBEHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JHH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
??Bios_base@std@@QBEPAXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??1strstreambuf@std@@UAE@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?freeze@strstreambuf@std@@QAEX_N@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1strstream@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.irdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e568951b38f9a86aa8df3c03a4782ed1

Headers

File Characteristics

PDB Paths

Imports

wininet

winmm

skinmagicu

mfc71u

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

msvcp71

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 172KB - Virtual size: 170KB

.irdata Size: 76KB - Virtual size: 76KB

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 172KB - Virtual size: 170KB

.irdata
Size: 76KB - Virtual size: 76KB