d1780cd673a999ac20772f560f6e95cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1780cd673a999ac20772f560f6e95cf_JaffaCakes118
Size

593KB
MD5

d1780cd673a999ac20772f560f6e95cf
SHA1

ecde9bac7f4070f19262f127bc5899801ebe3c2a
SHA256

f402171401261b06a53ee38517e2625f4e693e9f268b301387a74f4c6ebb4acf
SHA512

86218fd65e847309e4d6797f450e801827034f58f6d388ababc04a5b214ce7c5c271312f426779c99f246f503cdabaae051908ed499c3948291beabf39959bf0
SSDEEP

12288:m4RjkzKX1XS5FV1rZ2GFAeRsKDPQ4copR5pbR:jdAy1i5ZMPKDPhf1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1780cd673a999ac20772f560f6e95cf_JaffaCakes118

Files

d1780cd673a999ac20772f560f6e95cf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ab2d59fcef1915d1ab27b755e9fb4db0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\ljfile\vshare_sjzsPC\bin\release\vvDownload.pdb

Imports

common

?GetMacAddress@common@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?Base64Decode@common@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z
?CString_to_String@common@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@I@Z

http

?setBody@HttpRequest@Http@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0HttpResponse@Http@@QAE@XZ
??1HttpResponse@Http@@QAE@XZ
?execute@HttpClient@Http@@QAEHPAVHttpRequest@2@PAVHttpResponse@2@@Z
?addHeaderField@HttpRequest@Http@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
??1HttpRequest@Http@@QAE@XZ
??0HttpRequest@Http@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
??1HttpClient@Http@@QAE@XZ
??0HttpClient@Http@@QAE@H@Z

mfc100u

ord12007
ord11786
ord11870
ord11511
ord11493
ord12628
ord12157
ord5826
ord880
ord13342
ord1734
ord4355
ord7929
ord11940
ord919
ord341
ord6870
ord8821
ord917
ord5802
ord8264
ord2746
ord3446
ord4290
ord1987
ord948
ord1934
ord1905
ord1226
ord897
ord6086
ord8346
ord9333
ord4792
ord6922
ord6932
ord6931
ord5468
ord4623
ord4794
ord4645
ord5143
ord4901
ord8483
ord5115
ord4923
ord4642
ord11159
ord2852
ord2951
ord2952
ord3491
ord11116
ord2339
ord5276
ord12557
ord10725
ord6156
ord13388
ord7109
ord13382
ord2665
ord3992
ord14067
ord3999
ord4383
ord4379
ord4413
ord4434
ord4392
ord4421
ord4430
ord4400
ord4404
ord4408
ord4396
ord4425
ord4388
ord1519
ord1512
ord1514
ord1508
ord1501
ord11244
ord11246
ord12724
ord2853
ord8393
ord10045
ord6247
ord11210
ord8112
ord13380
ord10937
ord3402
ord11081
ord8277
ord11999
ord14059
ord4512
ord4150
ord7624
ord7548
ord11784
ord13854
ord4744
ord2164
ord11476
ord11477
ord13381
ord7108
ord13387
ord8530
ord3684
ord3625
ord11864
ord7126
ord1739
ord14162
ord10976
ord13267
ord11469
ord7179
ord13570
ord13567
ord13572
ord13569
ord13571
ord13568
ord3416
ord5261
ord11228
ord11236
ord7391
ord9498
ord11240
ord11209
ord11845
ord5118
ord9328
ord6140
ord4086
ord2620
ord12753
ord849
ord1895
ord7176
ord1292
ord890
ord6869
ord9447
ord7524
ord14132
ord14149
ord14145
ord14147
ord14148
ord14146
ord2418
ord7385
ord2884
ord2887
ord12610
ord5558
ord2824
ord2939
ord979
ord421
ord385
ord6346
ord296
ord280
ord4519
ord3846
ord902
ord868
ord2068
ord286
ord1298
ord1300
ord12944
ord4606
ord6243
ord12182
ord12871
ord12548
ord12933
ord8036
ord12930
ord11933
ord12940
ord11936
ord265
ord266
ord8599
ord9149
ord4511
ord11494
ord1476
ord1479
ord5855
ord5862
ord7006
ord14060
ord1282
ord4416
ord5799
ord13208
ord4805
ord4360
ord2407
ord1313
ord12948
ord3978
ord12945
ord12172
ord2614
ord970
ord5846
ord1266
ord6117
ord8273
ord2844
ord3763
ord1312
ord11801
ord11838
ord11123
ord8179
ord10058
ord10412
ord3627
ord2981
ord2980
ord2756
ord5556
ord12606
ord2417
ord8372
ord8347
ord12186
ord8497
ord3413
ord2077
ord320
ord1861
ord3985
ord285
ord5264
ord2629
ord1310
ord2015
ord7529
ord7967
ord11982
ord2184
ord945
ord374
ord4356
ord1212
ord788
ord13047
ord8550
ord3397
ord11164
ord12951
ord2185
ord6096
ord7973
ord9525
ord6713
ord2089
ord3261
ord950
ord7393
ord5801

msvcr100

__CxxFrameHandler3
memcpy
_CxxThrowException
_CIsqrt
memset
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
sscanf
strpbrk
_purecall
sprintf_s
_vswprintf_c_l
_gmtime32
malloc
calloc
free
_localtime64_s
wcsftime
_endthreadex
_time64
_beginthreadex
wcsstr
wcsncpy
_wtol
wcscpy_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
memmove
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
CreateSemaphoreW
GetFileType
GetCurrentDirectoryW
CreateFileW
ReadFile
WriteFile
SetFileTime
CreateDirectoryW
GetCurrentProcess
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
FlushViewOfFile
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
UnmapViewOfFile
DeleteCriticalSection
InitializeCriticalSection
Sleep
GetNativeSystemInfo
ResetEvent
SetEvent
LockResource
SizeofResource
LoadResource
FindResourceW
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
CloseHandle
CreateEventW
FreeLibrary
LoadLibraryW
GetWindowsDirectoryW
MulDiv
WaitForSingleObject
GetProcAddress
GetModuleHandleW
GetPrivateProfileStringW
GetSystemDefaultLCID
DeleteFileW
GetTickCount
ResumeThread
GetLastError
MultiByteToWideChar
WideCharToMultiByte
IsProcessorFeaturePresent

user32

RemovePropW
SetPropW
SetWindowRgn
ScreenToClient
SetForegroundWindow
PtInRect
GetClientRect
PostMessageW
EnableWindow
MessageBoxW
FindWindowW
GetPropW
GetWindow
FillRect
SetRect
CopyIcon
InflateRect
ReleaseDC
SetCapture
RedrawWindow
ReleaseCapture
GetSysColor
GetDC
GetWindowRgn
MoveWindow
DestroyWindow
SetWindowPos
SetWindowLongW
ShowWindow
GetWindowLongW
CreateWindowExW
RegisterClassExW
DefWindowProcW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
IsWindow
GetWindowRect
GetParent
EqualRect
LoadCursorW
SetCursor
AllowSetForegroundWindow
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
UpdateWindow
GetDesktopWindow
InvalidateRect
SendMessageW
LoadIconW

gdi32

RectVisible
TextOutW
ExtTextOutW
BitBlt
CreateCompatibleBitmap
GetStockObject
SelectObject
CreatePen
StretchBlt
CreateCompatibleDC
PtVisible
CreateSolidBrush
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
GetObjectW
PtInRegion
CreateRectRgn
DeleteDC
DeleteObject
CreateDIBSection
Escape
CreateRoundRectRgn

shell32

Shell_NotifyIconW
ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

gdiplus

GdiplusStartup
GdipLoadImageFromStream
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImageRectI
GdipCloneBitmapAreaI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGetImageWidth
GdipReleaseDC
GdipDrawImagePointRectI
GdipDrawString
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipGetImageHeight
GdipGetImageThumbnail
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown

wininet

InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetErrorDlg
InternetCloseHandle
InternetOpenW

msvcp100

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xlength_error@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1_Container_base12@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab2d59fcef1915d1ab27b755e9fb4db0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

common

http

mfc100u

msvcr100

kernel32

user32

gdi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

wininet

msvcp100

Sections

.text Size: 139KB - Virtual size: 139KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 4KB - Virtual size: 35KB

.rsrc Size: 364KB - Virtual size: 363KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 139KB - Virtual size: 139KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 4KB - Virtual size: 35KB

.rsrc
Size: 364KB - Virtual size: 363KB

.reloc
Size: 21KB - Virtual size: 20KB