d3f05e7df07e6ff1465102ad1f4ebbaa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d3f05e7df07e6ff1465102ad1f4ebbaa_JaffaCakes118
Size

527KB
MD5

d3f05e7df07e6ff1465102ad1f4ebbaa
SHA1

31f90c2de0adc9ef6d1a0308f7005458dc55a70c
SHA256

0381ac7c32001ac947ddd16eea9521400e7cae447ff65b9c3fcc29d6f648a6a0
SHA512

a2eee31b1870dfca3ed976d44a03e540e2776ae126edc1c5b31bf28bb42dcafc78c49960aaa6a22abe461b4fdb776e5ff0ccc599e9659c8fb02e9adbe4090e0b
SSDEEP

12288:PNNVudgGNvUm8DlayIjoBxqUBwFvxlFS95P4zgkv:PNXu9NvU7cFyxJKgkv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3f05e7df07e6ff1465102ad1f4ebbaa_JaffaCakes118

Files

d3f05e7df07e6ff1465102ad1f4ebbaa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

00b038886dfe40d248c7303055531c96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\_vss\Products\WinLine\WinAntiSpyware_3_0\UninstallationWizard\Release\UninstallationWizard.pdb

Imports

shell32

SHGetSpecialFolderPathA
ShellExecuteA

wininet

HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpQueryInfoA

iphlpapi

GetAdaptersInfo

mfc71

ord2372
ord2168
ord1084
ord4212
ord2164
ord4115
ord347
ord602
ord5637
ord1279
ord1934
ord3210
ord3161
ord1280
ord2263
ord6017
ord1930
ord1564
ord1063
ord1903
ord1185
ord6286
ord5320
ord6297
ord5331
ord3255
ord1929
ord6275
ord4580
ord2020
ord3835
ord5073
ord5203
ord605
ord354
ord356
ord3641
ord3441
ord709
ord501
ord4648
ord4394
ord4692
ord4118
ord3401
ord2719
ord1966
ord2367
ord2368
ord3204
ord1968
ord6065
ord6090
ord3989
ord1425
ord5731
ord865
ord577
ord774
ord293
ord2131
ord1482
ord589
ord330
ord280
ord651
ord416
ord287
ord783
ord2130
ord300
ord6020
ord6018
ord3684
ord3423
ord2086
ord1545
ord5915
ord1402
ord4232
ord5214
ord2991
ord3164
ord572
ord587
ord6120
ord3596
ord760
ord4078
ord6037
ord2160
ord1377
ord5833
ord5710
ord1916
ord6172
ord6178
ord1486
ord2264
ord2346
ord3287
ord3163
ord4100
ord2094
ord3244
ord1955
ord3174
ord747
ord559
ord758
ord567
ord5640
ord5641
ord2075
ord2234
ord1580
ord2233
ord5642
ord5727
ord4125
ord2095
ord1591
ord4240
ord3317
ord741
ord1397
ord6266
ord1933
ord1484
ord4099
ord2091
ord1570
ord4237
ord3229
ord657
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord591
ord1554
ord3195
ord620
ord1587
ord3307
ord731
ord1550
ord3178
ord599
ord1576
ord1575
ord3249
ord671
ord1652
ord1596
ord2985
ord3326
ord752
ord2654
ord1649
ord1593
ord4242
ord3319
ord743
ord2092
ord1641
ord1571
ord4238
ord2958
ord3230
ord658
ord1654
ord1598
ord2987
ord3328
ord754
ord1638
ord1559
ord3215
ord643
ord1647
ord1589
ord3315
ord739
ord1646
ord1588
ord3312
ord736
ord1643
ord1581
ord3292
ord715
ord2090
ord1637
ord1558
ord4236
ord3214
ord642
ord2098
ord1650
ord1594
ord4243
ord2983
ord3324
ord748
ord1635
ord1543
ord3157
ord583
ord1645
ord1586
ord3304
ord730
ord1644
ord1584
ord3298
ord1636
ord1548
ord3172
ord592
ord1639
ord1568
ord3227
ord656
ord1640
ord1569
ord3228
ord2370
ord1395
ord2794
ord5613
ord4035
ord2328
ord1265
ord777
ord2327
ord4032
ord282
ord2932
ord1264
ord4036
ord4037
ord2321
ord1262
ord4033
ord4034
ord2319
ord1260
ord259
ord908
ord1283
ord2371
ord1971
ord2938
ord4109
ord1092
ord3233
ord423
ord660
ord4063
ord866
ord5466
ord1979
ord3454
ord3348
ord2074
ord3474
ord2802
ord3563
ord2292
ord5658
ord5991
ord4761
ord5994
ord2451
ord3406
ord3430
ord3488
ord4001
ord4123
ord502
ord5647
ord5059
ord3551
ord3139
ord3571
ord3676
ord3583
ord4085
ord3680
ord3587
ord3799
ord2876
ord3651
ord3302
ord5634
ord326
ord2882
ord2873
ord5746
ord2495
ord4104
ord5871
ord3473
ord3574
ord3437
ord1207
ord2469
ord907
ord5491
ord2272
ord4081
ord6173
ord2933
ord1489
ord299
ord1249
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord2248
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord4481
ord4261
ord3333
ord1439
ord6288
ord629
ord383
ord2468
ord1054
ord3830
ord757
ord566
ord4541
ord3683
ord784
ord781
ord304
ord911
ord2322
ord769
ord5403
ord3397
ord297
ord3934
ord5182
ord4735
ord4890
ord1671
ord1670
ord1551
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord5152
ord1908
ord4185
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4262
ord2594
ord2902
ord2657
ord3761
ord876
ord6067
ord578
ord310
ord764
ord762
ord265
ord1187
ord1191
ord266
ord2097

msvcr71

malloc
_purecall
__RTDynamicCast
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_wcsdup
_setmbcp
??0exception@@QAE@XZ
free
realloc
_mbslwr
__CxxFrameHandler
_except_handler3
_CxxThrowException
_mbscmp
wcslen
memmove
strtoul
atoi
_mbsnbcpy
sprintf
_vscwprintf
vswprintf
_controlfp
__security_error_handler
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
memset
strtol
_mbsicmp
vsprintf
_vscprintf

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ResetEvent
ResumeThread
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
LockResource
GlobalAlloc
SizeofResource
WideCharToMultiByte
FindResourceA
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
SetEvent
CreateThread
CreateEventA
lstrcpyA
lstrlenA
SetPriorityClass
OpenProcess
WaitForSingleObject
InterlockedDecrement
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
MultiByteToWideChar
CloseHandle
lstrlenW
RaiseException
GetLastError
lstrcmpiA
CreateMutexA
GetModuleFileNameA
GetCommandLineA
CreateDirectoryA
CreateProcessA
TerminateProcess
GetProcAddress
LoadLibraryA
FreeLibrary
InterlockedIncrement
lstrcpynA
lstrcmpA
FindResourceExA
WriteProcessMemory
GetCurrentProcess
VirtualProtect
SetLastError
FindResourceW
FindResourceExW
GetModuleHandleA
GetCurrentThreadId
LocalFree
GetPrivateProfileStringA
GetStartupInfoA
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LoadResource

user32

TrackPopupMenu
TranslateMessage
DispatchMessageA
GetWindowThreadProcessId
GetParent
SendMessageA
SetWindowLongA
GetWindowLongA
GetDC
ReleaseDC
GetSysColor
InvalidateRect
SetWindowPos
GetWindowTextA
GetAsyncKeyState
GetKeyState
DrawFocusRect
GetCapture
GetComboBoxInfo
SetParent
DestroyCursor
IsWindowVisible
LoadMenuA
IsWindowEnabled
EnableScrollBar
SetScrollPos
KillTimer
SetTimer
MapWindowPoints
CallWindowProcA
DestroyMenu
IsRectEmpty
IsZoomed
IsIconic
GetMenuItemID
SetMenuDefaultItem
EnableMenuItem
AppendMenuA
CreatePopupMenu
SetRect
SetWindowsHookExA
CallNextHookEx
GetSubMenu
WindowFromPoint
UnhookWindowsHookEx
LoadImageW
LoadImageA
LoadCursorW
LoadIconW
LoadBitmapW
LoadStringW
LoadStringA
SystemParametersInfoA
UpdateWindow
SetRectEmpty
GetMenuItemRect
UnionRect
TrackPopupMenuEx
PeekMessageA
FrameRect
SetMenuItemInfoA
SetMenuItemBitmaps
GetMenuItemInfoA
GetMenuDefaultItem
InflateRect
GetMenuItemCount
GetMenuState
IsMenu
InsertMenuItemA
ReleaseCapture
SetCapture
ValidateRect
GetDlgCtrlID
DrawTextA
LoadCursorA
OffsetRect
SetCursor
CopyImage
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
FindWindowExA
GetCursorPos
GetWindow
GetClassNameA
GetWindowRect
SetWindowRgn
LoadBitmapA
PtInRect
GetSystemMenu
DrawStateA
DestroyIcon
IsWindow
CopyRect
ClientToScreen
ScreenToClient
LoadIconA
GetSystemMetrics
GetDesktopWindow
GetWindowDC
GetClientRect
PostMessageA
SetFocus
RedrawWindow
ShowWindow
PostThreadMessageA
EnableWindow
CreateWindowExA
RegisterClassExA
EndPaint
FillRect
BeginPaint

gdi32

PatBlt
ExtCreatePen
CreateRectRgnIndirect
GetTextMetricsA
CreateFontA
SetPixel
GetBitmapBits
SetBitmapBits
GetPixel
Rectangle
CreateBrushIndirect
TextOutA
GetBkColor
GetBkMode
SetBkMode
CreatePen
MoveToEx
LineTo
GetTextColor
SetTextColor
CreateDIBitmap
CreateEllipticRgn
GetTextExtentPoint32A
CreateRectRgn
CombineRgn
SetStretchBltMode
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
GetStockObject
CreateFontIndirectA
GetDIBits
StretchBlt
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps

msimg32

AlphaBlend

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_Draw
ImageList_DrawEx
ImageList_GetIcon
_TrackMouseEvent
ImageList_AddMasked
ImageList_GetIconSize

shlwapi

PathRemoveFileSpecA
PathFileExistsA
PathRenameExtensionA
PathAppendA

ole32

OleRun
CoInitializeEx
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysStringLen
VariantCopy
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
VariantInit
SysFreeString
SysAllocStringLen

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 377KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 541B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00b038886dfe40d248c7303055531c96

Headers

File Characteristics

PDB Paths

Imports

shell32

wininet

iphlpapi

mfc71

msvcr71

kernel32

user32

gdi32

msimg32

advapi32

comctl32

shlwapi

ole32

oleaut32

msvcp71

imagehlp

Sections

.text Size: 377KB - Virtual size: 376KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 7KB - Virtual size: 10KB

.tls Size: 1024B - Virtual size: 541B

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 377KB - Virtual size: 376KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 7KB - Virtual size: 10KB

.tls
Size: 1024B - Virtual size: 541B

.rsrc
Size: 40KB - Virtual size: 40KB