42e75b60f4a8d0e7244766cd93779da7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42e75b60f4a8d0e7244766cd93779da7_JaffaCakes118
Size

444KB
MD5

42e75b60f4a8d0e7244766cd93779da7
SHA1

8373462e97db2f7f45c9e6f90bc5117d06fdf93d
SHA256

9bc9c96e40701dbcb60480603816d328531a4b4bf00109d9f24892f07e28c7a9
SHA512

ebe33e9670b98244d93554f989888d228b39ef7081da48391b47f2286b93f9fa069415a319e4581c0b57efbf23bcfedc9211b421baa8c0f0bb5c8943bc89b79e
SSDEEP

6144:E/jDfR/CSHhwmoHY/wjkEzTxsCsuygIT0xJ8GzJNiHhmV:ujdaSBt/+JB+0xJ8GlNiH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42e75b60f4a8d0e7244766cd93779da7_JaffaCakes118

Files

42e75b60f4a8d0e7244766cd93779da7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53b2adbbf5b75853f8bf8c3f8e783100

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\Prj\Project\1_CodeClean\Src\2007\2007092700_last\CodeClean\CodeClean31\Release\CodeClean31.pdb

Imports

wininet

InternetReadFile
HttpSendRequestA
InternetConnectA
InternetSetStatusCallback
InternetOpenA
HttpOpenRequestA
HttpQueryInfoA
InternetCloseHandle

mfc71

ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2862
ord2991
ord4486
ord3317
ord572
ord741
ord5182
ord4735
ord4890
ord1671
ord1670
ord1551
ord5912
ord1401
ord4244
ord4262
ord3182
ord605
ord354
ord1794
ord5613
ord6067
ord4580
ord4749
ord709
ord501
ord1024
ord6236
ord1955
ord6144
ord3441
ord4320
ord3210
ord1934
ord3161
ord1279
ord5637
ord602
ord1929
ord347
ord2368
ord6037
ord5642
ord3997
ord907
ord3934
ord1643
ord1581
ord3292
ord715
ord618
ord5807
ord5731
ord2654
ord3684
ord3421
ord3204
ord1545
ord4232
ord587
ord753
ord563
ord1968
ord2367
ord3761
ord722
ord530
ord6007
ord6006
ord6035
ord4115
ord3163
ord3302
ord6003
ord2527
ord5611
ord6060
ord5608
ord6054
ord4161
ord6057
ord5888
ord5727
ord5647
ord5523
ord5588
ord5414
ord5401
ord5921
ord5719
ord2396
ord6062
ord370
ord3139
ord3401
ord2264
ord5634
ord3680
ord3587
ord2878
ord2346
ord1654
ord1598
ord754
ord5868
ord3991
ord3255
ord3799
ord865
ord2884
ord1580
ord2876
ord5331
ord6297
ord5320
ord6286
ord3337
ord760
ord657
ord731
ord1397
ord6266
ord1933
ord1484
ord4099
ord2091
ord1570
ord4237
ord3229
ord1587
ord3307
ord5985
ord3348
ord5833
ord782
ord2585
ord3990
ord3473
ord1637
ord1558
ord4236
ord642
ord4951
ord2370
ord2075
ord4001
ord4123
ord5641
ord502
ord2083
ord3651
ord3406
ord6120
ord2794
ord2092
ord1641
ord1571
ord4238
ord3230
ord658
ord5866
ord3879
ord651
ord416
ord2882
ord326
ord2866
ord2873
ord3402
ord5873
ord1161
ord1425
ord1892
ord2164
ord1247
ord1248
ord384
ord3875
ord3795
ord629
ord1439
ord6288
ord5089
ord2451
ord1565
ord1793
ord2748
ord2176
ord1308
ord1554
ord3195
ord620
ord2475
ord1412
ord655
ord5104
ord5781
ord2783
ord421
ord5323
ord2497
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord591
ord1486
ord1532
ord5446
ord785
ord4085
ord3883
ord1564
ord5448
ord2496
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4240
ord1402
ord3946
ord1617
ord1620
ord5915
ord1591
ord2095
ord1903
ord4125
ord1063
ord1283
ord2371
ord3244
ord2094
ord4100
ord1091
ord5203
ord4212
ord4353
ord3641
ord6090
ord1126
ord3830
ord1054
ord5975
ord564
ord6174
ord6180
ord755
ord4081
ord2272
ord2131
ord5403
ord1395
ord6282
ord6065
ord4108
ord5491
ord4035
ord2468
ord557
ord745
ord386
ord5563
ord911
ord2280
ord2288
ord2751
ord3931
ord631
ord2248
ord2372
ord1482
ord2933
ord299
ord6118
ord1489
ord2322
ord2902
ord297
ord304
ord5529
ord4109
ord876
ord265
ord266
ord1280
ord1084
ord762
ord764
ord781
ord2020
ord5715
ord5716
ord1185
ord5717
ord566
ord310
ord784
ord757
ord578
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord1187
ord1191
ord3683
ord4541
ord912
ord3180
ord1207

msvcr71

atof
atoi
_time64
fread
strftime
_localtime64
strncat
_purecall
_strnicmp
strchr
isalpha
fopen
fwrite
fclose
_stat
_strdup
strrchr
_makepath
_except_handler3
sprintf
atol
_mkdir
strstr
rename
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_splitpath
_open
_filelength
_close
malloc
__CxxFrameHandler
free
_mktime64
fprintf
localtime
time
_access
memmove
_stricmp
_strupr
_strlwr
_chdir
_strcmpi
_setmbcp
fgets
_iob
fseek
calloc
memset
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
ftell
_controlfp

kernel32

lstrlenA
MultiByteToWideChar
CreateFileA
GetFileTime
CloseHandle
GetSystemInfo
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
LoadLibraryA
FreeLibrary
GetProcAddress
TerminateProcess
GetVersionExA
GetThreadLocale
GetLocaleInfoA
lstrcpyA
InterlockedExchange
GetDiskFreeSpaceExA
GetCurrentProcess
MoveFileA
GetProcessHeap
GetFileInformationByHandle
GetModuleHandleA
LocalFree
IsBadReadPtr
FindClose
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetStartupInfoA
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
MulDiv
GetFileAttributesA
DeleteFileA
RemoveDirectoryA
CopyFileA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
WideCharToMultiByte
GetVersion
lstrcmpiA
GetFullPathNameA
CreateDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
WriteFile
FileTimeToSystemTime
GetACP
FileTimeToLocalFileTime
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
lstrcatA
lstrcpynA
ReadFile
WinExec
SystemTimeToTzSpecificLocalTime
GetTickCount
GlobalFree
GlobalAlloc
SetThreadPriority
GetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
FindFirstFileA
SetFileAttributesA
FindNextFileA
Sleep
GetLastError
GetDriveTypeA
GlobalMemoryStatus

user32

GetLastActivePopup
FindWindowA
RedrawWindow
BringWindowToTop
IsIconic
wsprintfA
SetRect
DestroyCursor
ExitWindowsEx
IsWindowVisible
GetMessagePos
LoadCursorA
UpdateWindow
ReleaseDC
GetDC
DrawEdge
FrameRect
PtInRect
InflateRect
RegisterWindowMessageA
IsWindow
SetScrollPos
GetParent
ScreenToClient
GetFocus
GetKeyState
GrayStringA
DrawTextExA
TabbedTextOutA
FillRect
OffsetRect
PostMessageA
SetCursor
DestroyIcon
SetForegroundWindow
GetSysColor
DrawStateA
InvalidateRect
DispatchMessageA
TranslateMessage
KillTimer
SetTimer
DrawTextA
LoadBitmapA
GetCursorPos
GetSystemMetrics
LoadImageA
LoadIconA
EnableWindow
GetClientRect
GetWindowRect
SetWindowRgn
SendMessageA
LoadMenuA
GetSubMenu
SetMenuDefaultItem
DrawIcon
MessageBoxA

gdi32

GetBkColor
CreateRectRgnIndirect
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
GetWindowOrgEx
GetViewportOrgEx
CreateCompatibleBitmap
GetStockObject
GetBitmapDimensionEx
CreateSolidBrush
GetDeviceCaps
GetMapMode
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
CreateDIBSection
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
DeleteObject
CreateRectRgn
DeleteDC
GetCurrentObject

advapi32

GetUserNameA
SetSecurityInfo
ControlService
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityInfo
RegEnumValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegFlushKey
RegCloseKey
RegCreateKeyExA
OpenSCManagerA
EnumServicesStatusA
OpenServiceA
QueryServiceConfigA
CloseServiceHandle
SetEntriesInAclA

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA
SHEmptyRecycleBinA

comctl32

ImageList_GetImageInfo
ImageList_GetBkColor
ImageList_SetBkColor
_TrackMouseEvent
ord17
ImageList_AddMasked

shlwapi

SHDeleteKeyA
StrStrIA

ole32

OleInitialize
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocStringLen
VarUdateFromDate
SystemTimeToVariantTime
VariantClear

ws2_32

WSAStartup
gethostbyname

msvcp71

?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1ostrstream@std@@UAE@XZ
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
?freeze@strstreambuf@std@@QAEX_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JHH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?clear@ios_base@std@@QAEXH_N@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

iphlpapi

GetAdaptersInfo

winmm

waveOutGetDevCapsA
waveOutGetNumDevs

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53b2adbbf5b75853f8bf8c3f8e783100

Headers

File Characteristics

PDB Paths

Imports

wininet

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

msvcp71

iphlpapi

winmm

Sections

.text Size: 328KB - Virtual size: 327KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 16KB - Virtual size: 13KB