1639cd4c91b87f9ee079decdb033eeb8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1639cd4c91b87f9ee079decdb033eeb8_JaffaCakes118
Size

416KB
MD5

1639cd4c91b87f9ee079decdb033eeb8
SHA1

4ec0c85ed3550dfb7a8983980fc81a7939225ead
SHA256

33fc8426ab81037d0f1e912862d5a6bec79b5c82cab2b69a3004f2c37a3ae899
SHA512

bd4ac21494a46fe3056003e6c4b0cb965e38301f9dd02a6f0e0b6b400d9d47e83bb78c959ba6fe106a44675b96c1caf74b2832216e5c0f71cb99397d5a9f3eea
SSDEEP

12288:MwidLGtZqnatULtcVpxKA3nAbgnSVj/bgXVOZgVIiU:UdL8pctg773ePIXVuc1U

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/idocdown_v28/iDocDown.exe
unpack001/idocdown_v28/kini/score.cfg

Files

1639cd4c91b87f9ee079decdb033eeb8_JaffaCakes118
.rar
idocdown_v28/iDocDown.exe
.exe windows:4 windows x86 arch:x86

57a355ad45574e44b4786e35d2d920fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pdflib

PDF_place_image
PDF_close_image
PDF_open_image_file
PDF_set_info
PDF_end_page
PDF_begin_page
PDF_close
PDF_open_file
PDF_delete
PDF_shutdown
PDF_boot
PDF_new2
PDF_set_parameter
PDF_get_opaque

mfc42

ord269
ord800
ord801
ord860
ord6143
ord540
ord541
ord825
ord4277
ord6883
ord4278
ord6663
ord535
ord2915
ord858
ord924
ord922
ord2820
ord3811
ord668
ord2770
ord356
ord537
ord1997
ord5465
ord798
ord5194
ord533
ord6407
ord4129
ord5710
ord2818
ord1200
ord823
ord5856
ord5683
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3721
ord3619
ord640
ord795
ord323
ord567
ord3663
ord3626
ord2414
ord4275
ord3706
ord3571
ord2614
ord2764
ord5781
ord2860
ord5875
ord283
ord5785
ord1641
ord1640
ord755
ord470
ord3874
ord2379
ord6453
ord434
ord5575
ord2803
ord665
ord1979
ord6385
ord353
ord940
ord5442
ord3318
ord5186
ord354
ord2141
ord2464
ord926
ord6392
ord4058
ord3181
ord2781
ord941
ord538
ord2808
ord1844
ord3573
ord5789
ord6172
ord1848
ord2582
ord4402
ord3370
ord3640
ord809
ord693
ord556
ord4243
ord4284
ord600
ord2859
ord4774
ord3996
ord1146
ord5981
ord6283
ord6282
ord3301
ord2463
ord2122
ord2639
ord3752
ord1088
ord2864
ord4033
ord3797
ord4299
ord6880
ord818
ord1233
ord3138
ord3089
ord6215
ord2642
ord6128
ord6197
ord1949
ord6380
ord3920
ord3870
ord1175
ord1948
ord2396
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord4622
ord817
ord565
ord2726
ord4226
ord5715
ord3346
ord2393
ord5355
ord690
ord1988
ord5356
ord5808
ord6058
ord6426
ord5204
ord3229
ord1228
ord6059
ord389
ord939
ord536
ord3310
ord3733
ord810
ord2841
ord4271
ord2149
ord3296
ord3914
ord3303
ord3297
ord6008
ord3287
ord5572
ord4171
ord6605
ord4538
ord2971
ord2107
ord5450
ord5440
ord6383
ord6394
ord6449
ord2727
ord6467
ord2730
ord2729
ord3237
ord1168
ord1799
ord614
ord2623
ord290
ord2486
ord4003
ord3610
ord2575
ord4396
ord3574
ord5265
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord6743
ord656
ord609
ord641
ord324
ord6515
ord2302
ord4234
ord4853
ord4224
ord4376
ord1576
ord6199
ord4710
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord815
ord561
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord2621
ord1134
ord824
ord1205
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord3353
ord3579
ord426
ord726
ord826
ord686
ord2725
ord2135
ord4476
ord384
ord4160
ord2863
ord2919
ord4220
ord2584
ord3654
ord2438
ord2455
ord5788
ord472
ord1644
ord6907
ord3998
ord2452
ord2862
ord2096
ord6270
ord5807
ord1567
ord5207
ord268
ord4000
ord2652
ord1669
ord3499
ord2515
ord355
ord2086
ord2688
ord4034
ord1578
ord1243
ord1176
ord3092

msvcrt

_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fflush
exit
_onexit
fprintf
malloc
free
atoi
_CxxThrowException
_mbscmp
fopen
fputs
fclose
__CxxFrameHandler
__dllonexit
??1type_info@@UAE@XZ
sprintf
atof
__CxxLongjmpUnwind
_setjmp3
_setmbcp
wcslen
_open
_write
_close
_lseek
_read
memmove
strncpy
time
_ftol
longjmp
_errno
_iob
printf

kernel32

GetTickCount
MoveFileA
CopyFileA
CreateDirectoryA
WinExec
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
GetVersion
GetLastError
lstrcpyA
lstrcatA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
GetStartupInfoA
GetModuleHandleA
LocalAlloc
LocalFree
GetComputerNameA
GetExitCodeProcess
TerminateProcess
CreateProcessA
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
TerminateThread
GetModuleFileNameA
CreateFileA
WriteFile
CloseHandle
GetCurrentThreadId

user32

LoadBitmapA
GetWindowRect
IsWindow
GetCursorPos
PostMessageA
GetParent
IsRectEmpty
SetCapture
PtInRect
CopyRect
ReleaseDC
GetDC
ReleaseCapture
ScreenToClient
SetParent
SetWindowLongA
GetWindowLongA
GetSystemMetrics
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
DrawFrameControl
DrawIconEx
SetRectEmpty
GetDesktopWindow
ClipCursor
LockWindowUpdate
ClientToScreen
UpdateWindow
BringWindowToTop
GetCapture
GetDCEx
ShowCursor
EqualRect
CallNextHookEx
SetRect
DispatchMessageA
GetMessageA
PeekMessageA
PostQuitMessage
LoadIconA
SetForegroundWindow
SetActiveWindow
AppendMenuA
GetSystemMenu
DrawIcon
IsIconic
ModifyMenuA
GetMenuItemID
GetSubMenu
GetMenuStringA
GetMenuItemCount
LoadImageA
SystemParametersInfoA
ShowWindow
LoadMenuA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
OffsetRect
LoadCursorA
SetCursor
KillTimer
SetTimer
InvalidateRect
GetClientRect
FillRect
SendMessageA
GetSysColor
wsprintfA
EnableWindow

gdi32

SelectObject
DeleteDC
DeleteObject
CreateDiscardableBitmap
GetTextMetricsA
CreateSolidBrush
CreateFontA
GetStockObject
GetObjectA
CreateFontIndirectA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextExtentPoint32A
StretchBlt
Rectangle
GetDeviceCaps

advapi32

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
CryptGetHashParam

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHAppBarMessage
DragQueryFileA
ShellExecuteA
DragFinish
Shell_NotifyIconA

comctl32

ImageList_DragEnter
_TrackMouseEvent
ImageList_Destroy
ImageList_EndDrag
ImageList_ReplaceIcon
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_BeginDrag
ImageList_GetImageInfo
ImageList_Remove
ImageList_Create
ImageList_AddMasked

ole32

CoInitialize
CoCreateInstance
OleRun
CoUninitialize

oleaut32

SysAllocString
GetErrorInfo
SysFreeString
VariantClear

urlmon

ObtainUserAgentString
UrlMkSetSessionOption

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

wininet

InternetQueryDataAvailable
HttpQueryInfoA

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 376KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
idocdown_v28/kdocin/jpg/Thumbs.db
idocdown_v28/kini/score.cfg
.exe windows:4 windows x86 arch:x86

ee83dcf53e253217048f0a9b7ef4d9de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord818
ord801
ord800
ord2514
ord2621
ord1134
ord1199
ord1247
ord4234
ord2688
ord6055
ord1776
ord5290
ord3402
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord5199
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord2614
ord2818
ord1146
ord1168
ord541
ord540
ord567
ord324
ord2135
ord2302
ord4160
ord4299
ord4287
ord4710
ord2379
ord755
ord470
ord6199
ord537
ord823
ord1140
ord5710
ord858
ord4129
ord2763
ord6877
ord6143
ord939
ord1601
ord2764
ord539
ord535
ord1949
ord4034
ord690
ord1988
ord2393
ord924
ord5356
ord5207
ord6059
ord389
ord6883
ord3752
ord861
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4837
ord4673
ord1576

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
wcscmp
__getmainargs
sprintf
time
srand
__CxxFrameHandler
_snprintf
atoi
rand
_setmbcp
_strupr
_CxxThrowException
wcslen
_acmdln
exit
_onexit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_mbscmp

kernel32

InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetLastError
WideCharToMultiByte
LocalFree
lstrlenA

user32

KillTimer
FindWindowExA
PostMessageA
PostQuitMessage
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
SystemParametersInfoA
SetTimer
LoadIconA

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

msvcp60

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57a355ad45574e44b4786e35d2d920fb

Headers

File Characteristics

Imports

pdflib

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

msvcp60

wininet

Exports

Exports

Sections

.text Size: 376KB - Virtual size: 372KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

ee83dcf53e253217048f0a9b7ef4d9de

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

ole32

oleaut32

msvcp60

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 376KB - Virtual size: 372KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 20KB - Virtual size: 18KB