edf9d033cabdc6fc040c59d432e31fdd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

edf9d033cabdc6fc040c59d432e31fdd_JaffaCakes118
Size

336KB
MD5

edf9d033cabdc6fc040c59d432e31fdd
SHA1

77324d841a2aa9d97b10e217b77254ad910f2965
SHA256

974f5cdec21bc00b0a2dbbfb0aaaebb7a3a3f0b535664d57d99d5b7de7f1f68d
SHA512

486d778623461810247de159b4571d699c92e61718792d11b514f0bf460960d9c377ea90de1705ebca88e8a17fe541635112c68b9dffd89023c39bbb565b8983
SSDEEP

6144:Ztmi8Q50BpswjMAfyjH5Wdy1FUOxcTZwnqqD72puXUu70:vqQ50BGPb5W4nUGcTyqqXAe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edf9d033cabdc6fc040c59d432e31fdd_JaffaCakes118

Files

edf9d033cabdc6fc040c59d432e31fdd_JaffaCakes118
.exe windows:6 windows x86 arch:x86

eed9f63bb7307637a1094c119536579b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Vail-WSE\src\dev\CPM\DesktopClient\WDC\Release\WDC.pdb

Imports

stlport_vc71.5.1

?put@?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV12@D@Z
?flush@?$basic_ostream@_WV?$char_traits@_W@stlp_std@@@stlp_std@@QAEAAV12@XZ
?put@?$basic_ostream@_WV?$char_traits@_W@stlp_std@@@stlp_std@@QAEAAV12@_W@Z
?widen@?$basic_ios@_WV?$char_traits@_W@stlp_std@@@stlp_std@@QBE_WD@Z
??1?$allocator@_W@stlp_std@@QAE@XZ
??1?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAE@XZ
??0?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAE@PB_WABV?$allocator@_W@1@@Z
?replace@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAEAAV12@IIPB_W@Z
?erase@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAEPA_WPA_W@Z
??0?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAE@ABV01@@Z
?_M_append@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@IAEAAV12@PB_W0@Z
??0?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAE@U_String_reserve_t@1@IABV?$allocator@_W@1@@Z
?get_allocator@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QBE?AV?$allocator@_W@2@XZ
?_M_put_nowiden@?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXPBD@Z
?_M_put_nowiden@?$basic_ostream@_WV?$char_traits@_W@stlp_std@@@stlp_std@@QAEXPB_W@Z
?get_allocator@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QBE?AV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@2@XZ
??0?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@IABQAU_Slist_node_base@priv@1@ABV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@1@@Z
?swap@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXAAV12@@Z
?__splice_after@?$_Sl_global@_N@priv@stlp_std@@SAXPAU_Slist_node_base@23@00@Z
??0?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@ABV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@1@@Z
??1?$allocator@PAU_Slist_node_base@priv@stlp_std@@@stlp_std@@QAE@XZ
??1?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@XZ
?_S_next_size@?$_Stl_prime@_N@priv@stlp_std@@SAII@Z
?reserve@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXI@Z
?_M_fill_assign@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXIABQAU_Slist_node_base@priv@2@@Z
?push_back@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXD@Z
?find@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QBEI_WI@Z
?reserve@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAEXI@Z
?rfind@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QBEI_WI@Z
?erase@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAEAAV12@II@Z
??Y?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@D@Z
?resize@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAEXI@Z
?find@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QBEIABV12@I@Z
?replace@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAEAAV12@IIABV12@@Z
?get_allocator@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBE?AV?$allocator@D@2@XZ
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@U_String_reserve_t@1@IABV?$allocator@D@1@@Z
?_M_append@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@IAEAAV12@PBD0@Z
??Y?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAEAAV01@_W@Z
?find@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIPBDII@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@ABV01@@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@ABV?$allocator@D@1@@Z
??1?$allocator@D@stlp_std@@QAE@XZ
?clear@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAEXXZ
??4?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QBEIPB_WII@Z
?substr@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QBE?AV12@II@Z
?_Rebalance@?$_Rb_global@_N@priv@stlp_std@@SAXPAU_Rb_tree_node_base@23@AAPAU423@@Z
?_Rebalance_for_erase@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@AAPAU423@11@Z
??0?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAE@V?$__move_source@V?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@@1@@Z
??1?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@XZ
?_M_assign@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@IAEAAV12@PBD0@Z
?_M_assign@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@IAEAAV12@PB_W0@Z
?allocate@__node_alloc@stlp_std@@SAPAXAAI@Z
?_M_compare@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@SAHPB_W000@Z
?_M_decrement@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@@Z
?deallocate@__node_alloc@stlp_std@@SAXPAXI@Z
?_M_increment@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@@Z
?wcout@stlp_std@@3V?$basic_ostream@_WV?$char_traits@_W@stlp_std@@@1@A
??6?$basic_ostream@_WV?$char_traits@_W@stlp_std@@@stlp_std@@QAEAAV01@K@Z
??6?$basic_ostream@_WV?$char_traits@_W@stlp_std@@@stlp_std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@stlp_std@@3V?$basic_ostream@DV?$char_traits@D@stlp_std@@@1@A
??6?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?compare@?$char_traits@_W@stlp_std@@SAHPB_W0I@Z
?flush@?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV12@XZ

advapi32

AddAccessAllowedAceEx
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
LookupAccountNameW
IsValidSid
InitializeSecurityDescriptor
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AddAccessDeniedAceEx
InitializeAcl
SetNamedSecurityInfoW
CreateWellKnownSid
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
StartServiceCtrlDispatcherW
ControlService
QueryServiceStatus
OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegisterServiceCtrlHandlerW
SetServiceStatus
RegOpenKeyW
RegSetValueExW
RegCloseKey

xerces-c_2_6

??1DocumentHandler@xercesc_2_6@@UAE@XZ
??_7ErrorHandler@xercesc_2_6@@6B@
??_7DocumentHandler@xercesc_2_6@@6B@
??1SAXParser@xercesc_2_6@@UAE@XZ
?parse@SAXParser@xercesc_2_6@@UAEXQB_W@Z
?setErrorHandler@SAXParser@xercesc_2_6@@UAEXQAVErrorHandler@2@@Z
?setDocumentHandler@SAXParser@xercesc_2_6@@UAEXQAVDocumentHandler@2@@Z
??0SAXParser@xercesc_2_6@@QAE@QAVXMLValidator@1@QAVMemoryManager@1@QAVXMLGrammarPool@1@@Z
?fgMemoryManager@XMLPlatformUtils@xercesc_2_6@@2PAVMemoryManager@2@A
?Initialize@XMLPlatformUtils@xercesc_2_6@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@@Z
?fgXercescDefaultLocale@XMLUni@xercesc_2_6@@2QBDB
?Terminate@XMLPlatformUtils@xercesc_2_6@@SAXXZ
?getLineNumber@SAXParseException@xercesc_2_6@@QBEHXZ
?getColumnNumber@SAXParseException@xercesc_2_6@@QBEHXZ
??1ErrorHandler@xercesc_2_6@@UAE@XZ

winhttp5

WinHttpSendRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpOpen
WinHttpConnect
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpQueryDataAvailable

mpr

WNetGetUniversalNameW

shlwapi

PathFindFileNameW
PathIsUNCW

psapi

EnumProcessModules

ws2_32

select
WSAStartup
htons
ntohs
closesocket
connect
socket
inet_addr
accept
listen
WSAGetLastError
getsockname
gethostbyaddr
gethostbyname
inet_ntoa
WSACleanup
send
recv
ntohl
htonl
shutdown
bind

user32

MessageBoxA
wsprintfW

netapi32

NetWkstaGetInfo
NetApiBufferFree

iphlpapi

GetIpAddrTable
GetIpForwardTable
GetIfTable
GetBestInterface

ole32

CoCreateGuid

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

_wfopen
wcsrchr
perror
_ultoa
_vsnwprintf
wcstod
_snprintf
_itow
malloc
wcscat
_wrename
_wcsicmp
wcscpy
towupper
wcstok
fwprintf
fclose
swscanf
localtime
mktime
_beginthreadex
free
??_V@YAXPAX@Z
_CxxThrowException
??0exception@@QAE@ABV0@@Z
swprintf
wcsncpy
_controlfp
?terminate@@YAXXZ
_wremove
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
__p___winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
srand
rand
memmove
wcscmp
wprintf
atoi
_errno
_iob
fprintf
fflush
getenv
realloc
_except_handler3
calloc
_purecall
??3@YAXPAX@Z
__CxxFrameHandler
_wtoi
wcslen
time
_snwprintf
_wchdir
_kbhit

kernel32

GetEnvironmentVariableW
GetModuleHandleW
GetTimeFormatW
GetDateFormatW
GetCurrentProcess
GetLocalTime
CreateMutexA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
InitializeCriticalSection
ReleaseMutex
GetTickCount
GetVersionExW
SetLastError
GetOverlappedResult
CreateFileW
InterlockedExchange
InterlockedIncrement
CreateDirectoryW
SetFileAttributesW
GlobalMemoryStatus
FormatMessageW
LocalFree
SetCurrentDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
TerminateThread
SetUnhandledExceptionFilter
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
WideCharToMultiByte
ResetEvent
SetWaitableTimer
CreateWaitableTimerW
GetFileAttributesW
CreateFileMappingW
CreateProcessW
GetComputerNameW
GetFileAttributesExW
Sleep
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
OutputDebugStringA
WaitForMultipleObjects
WaitForSingleObject
OpenEventW
SetEvent
DeviceIoControl
GetLastError
CloseHandle
GetCommandLineW
OutputDebugStringW
CreateEventW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
GetModuleFileNameW
CreateMutexW
SleepEx

winmm

waveInReset
waveInStop
waveInAddBuffer
waveInPrepareHeader
waveInStart
waveInClose
waveInOpen
waveInGetDevCapsA

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eed9f63bb7307637a1094c119536579b

Headers

File Characteristics

PDB Paths

Imports

stlport_vc71.5.1

advapi32

xerces-c_2_6

winhttp5

mpr

shlwapi

psapi

ws2_32

user32

netapi32

iphlpapi

ole32

msvcp71

msvcr71

kernel32

winmm

Sections

.text Size: 231KB - Virtual size: 230KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 13KB - Virtual size: 15KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 231KB - Virtual size: 230KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 13KB - Virtual size: 15KB

.rsrc
Size: 3KB - Virtual size: 2KB