feed27f6481161ad5d0686a8e88a6531_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

feed27f6481161ad5d0686a8e88a6531_JaffaCakes118
Size

3.2MB
MD5

feed27f6481161ad5d0686a8e88a6531
SHA1

a191dd95fa5c7166a4780c547284a997975701ec
SHA256

ee2124bfce8c0ef96c6a0686838d56457fa5c366310d59b25a342f5c190c56c4
SHA512

4e0fe72ef231b6b1a9d1c52991ab3a4097e871bc89bd72db5c6bc21ac3629eb6170aaaa54329d89b5ccdcdfa4aa32f57beca42dfafcb9092c1d83ead689b6c5e
SSDEEP

49152:t9UXoQjdO88hpBxDgyR18zTgarJIV4U8H9ED/EUT+dx53R479fQy:zTQjdOhPxDgyR1K1oE2X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
feed27f6481161ad5d0686a8e88a6531_JaffaCakes118

Files

feed27f6481161ad5d0686a8e88a6531_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0c42c864bdcf34ecebc448090a613129

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\user\sandbox_2011_0125_105646_SmallUpdate2011-03_Avg10VC9\source\avg10\setupMSI\setupMSI_vs90\bin\Release_Unicode_MT_SLL_vs90\Win32\avgmfapx.pdb

Imports

comctl32

ImageList_LoadImageW
ImageList_GetImageInfo
InitCommonControlsEx
_TrackMouseEvent
ImageList_Destroy
ImageList_Draw

msimg32

AlphaBlend
TransparentBlt

kernel32

HeapFree
HeapAlloc
lstrlenW
GetTempPathA
GetFileInformationByHandle
FileTimeToLocalFileTime
CloseHandle
GetFileAttributesA
CreateFileA
FileTimeToDosDateTime
GetDiskFreeSpaceExW
GetLastError
LoadLibraryW
FreeLibrary
GetSystemDefaultUILanguage
GetProcAddress
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetModuleHandleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetProcessHeap
GetACP
GetCPInfo
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
RtlUnwind
RaiseException
HeapSize
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetStartupInfoA
SetHandleCount
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
GetCurrentProcess
CreateProcessW
FormatMessageW
GetCommandLineW
MulDiv
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
FileTimeToSystemTime
FindClose
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
PeekNamedPipe
GetVersionExA
SleepEx
FormatMessageA
GetOEMCP
OutputDebugStringW
GetStdHandle
ExitProcess
Sleep
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
SetFilePointer
GetFileType
MultiByteToWideChar
DeleteFileA
GetUserDefaultLangID
WaitForMultipleObjects
CreateEventW
SetUnhandledExceptionFilter
GetFileSize
GetCurrentThreadId
VirtualAlloc
VirtualFree
FindResourceExW
LoadLibraryA
GetTempPathW
GetSystemDirectoryA
GetVersion
QueryDosDeviceW
CreateFileW
GetExitCodeProcess
SetLastError
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentProcessId
GetDriveTypeW
ReadFile

user32

ScreenToClient
SetWindowTextW
SetWindowPos
OffsetRect
LoadImageW
GetWindow
IsRectEmpty
KillTimer
GetDC
ReleaseDC
SetTimer
EnableWindow
MapWindowPoints
LoadIconW
GetMessagePos
MoveWindow
GetSystemMenu
PostQuitMessage
TrackPopupMenu
SetRectEmpty
PtInRect
InflateRect
GetWindowRgn
UpdateWindow
DestroyIcon
ClientToScreen
FillRect
GetScrollRange
GetScrollInfo
RedrawWindow
SetScrollInfo
GetScrollPos
SystemParametersInfoW
GetNextDlgTabItem
GetNextDlgGroupItem
RegisterWindowMessageW
GetKeyState
GetClassInfoExW
RegisterClassExW
SendMessageTimeoutW
GetAsyncKeyState
LoadBitmapW
DefWindowProcW
CallWindowProcW
SendMessageW
IsWindow
GetSysColor
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
SetWindowLongW
GetDlgItem
GetWindowLongW
InvalidateRect
GetWindowTextLengthW
GetCursorPos
SetCursorPos
PostMessageW
SendInput
GetWindowRect
DestroyWindow
FrameRect
ShowWindow
SetFocus
IsWindowEnabled
GetDlgCtrlID
DrawFrameControl
CallNextHookEx
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemCount
GetWindowTextW
GetMenuItemInfoW
GetMenuStringW
GetSubMenu
GetTopWindow
GetMenuItemID
IsMenu
GetSystemMetrics
CreateWindowExW
GetDesktopWindow
EndDialog
GetClientRect
DialogBoxParamW
DrawIconEx
SetRect
DrawFocusRect
BeginPaint
LoadCursorW
TrackMouseEvent
GetParent
GetFocus
DrawTextW
SetCursor
EndPaint
CreateDialogParamW
EnumChildWindows
CopyRect
GetMonitorInfoW
UnhookWindowsHookEx
SetWindowsHookExW

gdi32

CreateFontIndirectW
LineTo
MoveToEx
TextOutW
SetTextJustification
DeleteDC
DPtoLP
SelectObject
CreateCompatibleDC
SetDIBits
StretchBlt
GetTextExtentPoint32W
ExtTextOutW
CreatePen
RoundRect
BitBlt
GetDeviceCaps
CreateCompatibleBitmap
GetTextMetricsW
SetPixel
CreateRectRgn
Polygon
Ellipse
GetDIBits
FrameRgn
SetDCPenColor
CreateSolidBrush
DeleteObject
SetBkColor
SetTextColor
GetStockObject
SetBkMode
GetObjectW

advapi32

CreateProcessAsUserW
QueryServiceLockStatusW
OpenProcessToken
AdjustTokenPrivileges
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatus
OpenEventLogW
GetNumberOfEventLogRecords
ReadEventLogW
CloseEventLog
CreateRestrictedToken
StartServiceW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation
SHBrowseForFolderW
ShellExecuteW

ntdll

memmove
_stricmp
towupper
RtlFreeHeap
RtlInitUnicodeString
RtlAllocateHeap
strncmp
isspace
isdigit
LdrUnloadDll
RtlInitAnsiString
LdrGetProcedureAddress
LdrLoadDll
NtResumeThread
NtTerminateThread
CsrClientCallServer
RtlCreateUserThread
ZwDelayExecution
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlUnicodeStringToOemString
RtlxOemStringToUnicodeSize
RtlxAnsiStringToUnicodeSize
RtlOemStringToUnicodeString
RtlxUnicodeStringToAnsiSize
NlsMbOemCodePageTag
RtlxUnicodeStringToOemSize
RtlUpcaseUnicodeString
RtlDowncaseUnicodeString
RtlCompareUnicodeString
iswspace
RtlCreateUnicodeString
RtlFreeUnicodeString
LdrGetDllHandle
_aullrem
_allshr

wininet

DetectAutoProxyUrl

ws2_32

closesocket
gethostbyname
gethostbyaddr
WSASetLastError
getservbyname
getservbyport
ntohs
htons
WSAGetLastError
htonl
inet_addr
inet_ntoa
gethostname
WSAStartup
select
WSACleanup
socket
bind
recv
setsockopt
getsockname
connect
send
sendto
recvfrom
__WSAFDIsSet
ioctlsocket
listen
accept
getsockopt

msi

ord96
ord145
ord169
ord70
ord205
ord113
ord49
ord19
ord47
ord8
ord94
ord74
ord88
ord139
ord137
ord141
ord160
ord159
ord32
ord114
ord116
ord115
ord118
ord58
ord173
ord111
ord54
ord34

htmlayout

HTMLiteSetMediaType
HTMLiteGetRootElement
HTMLiteLoadHtmlFromMemory
HTMLiteLoadHtmlFromFile
HTMLayout_UnuseElement
HTMLiteRender
HTMLiteMeasure
HTMLayoutGetAttributeByName
HTMLayoutAttachEventHandlerEx
HTMLiteCreateInstance
HTMLiteSetTag
HTMLiteTraverseUIEvent
HTMLiteDestroyInstance
HTMLayoutSetStyleAttribute
HTMLiteSetCallback
HTMLayout_UseElement
HTMLiteGetTag
HTMLayoutGetElementInnerTextCB

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 244KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 321KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c42c864bdcf34ecebc448090a613129

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

msimg32

kernel32

user32

gdi32

advapi32

shell32

ntdll

wininet

ws2_32

msi

htmlayout

version

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 539KB - Virtual size: 538KB

.data Size: 244KB - Virtual size: 270KB

.rsrc Size: 86KB - Virtual size: 86KB

.reloc Size: 321KB - Virtual size: 324KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 539KB - Virtual size: 538KB

.data
Size: 244KB - Virtual size: 270KB

.rsrc
Size: 86KB - Virtual size: 86KB

.reloc
Size: 321KB - Virtual size: 324KB