f45fc0ccbc9c6881f560978c8fe947df_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f45fc0ccbc9c6881f560978c8fe947df_JaffaCakes118
Size

87KB
MD5

f45fc0ccbc9c6881f560978c8fe947df
SHA1

2b278da4f6c0a4e5d9e4effb7fbded14c75fc383
SHA256

bee871d8d73b007544e40532e0616c250adc997f57abade38c89c4e5edbbd2b2
SHA512

b93bfd68f4be9d12dad048e8b9f617ca4e9eeee6b4b625d7e46567b2d2c44906d2c8b597e48b2ab1edff2cf0ad37f7cd439234dd8c38caac56821e40f9e150f3
SSDEEP

1536:+Rih3jnIqsApo/RAaeFecOD7L3o8bmzymjzVN3yI6xrYGIcKiSkoX2s6cYOI8:T58LtqNOD7L3XmDj3ISPGNOI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f45fc0ccbc9c6881f560978c8fe947df_JaffaCakes118

Files

f45fc0ccbc9c6881f560978c8fe947df_JaffaCakes118
.dll windows:4 windows x86 arch:x86

278a0d15124205e227f13a3eb6d58e70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\NPS_VSS_ROOT\NPS\bin\release\program files\Common.pdb

Imports

smllib

smlLibMemset
smlLibMemcpy
smlLibFree
smlLibMallocDbg
smlString2Pcdata

mfc80u

ord777
ord5487
ord3844
ord1182
ord3843
ord280
ord783
ord784
ord265
ord781
ord578
ord894
ord300
ord266
ord287
ord2468
ord304
ord3990
ord4103
ord5398
ord297
ord4100
ord1472
ord310
ord4074
ord5399
ord4078
ord2260
ord2469
ord5485
ord2445
ord900
ord899
ord293
ord776
ord896
ord577
ord2313
ord5559
ord774
ord2444
ord371
ord762
ord1093
ord1079
ord1168
ord764
ord283
ord277

msvcr80

strchr
strtol
?terminate@@YAXXZ
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
wcsftime
_gmtime64
_time64
_itoa
strtoul
isalpha
isdigit
strncmp
free
malloc
memset
__CxxFrameHandler3
memmove

kernel32

GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LocalAlloc

user32

wsprintfW

shell32

SHGetSpecialFolderPathW

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

Exports

Exports

??0CUtility@@QAE@ABV0@@Z
??0CUtility@@QAE@XZ
??1CUtility@@UAE@XZ
??4CUtility@@QAEAAV0@ABV0@@Z
??_7CUtility@@6B@
?Base64Decode@CUtility@@SAKPAEK0PAK@Z
?Base64Encode@CUtility@@SAKPAEK0PAK1I0@Z
?Base64EncodeGetRequiredLength@CUtility@@SAKK@Z
?CompareName@CUtility@@SAHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0H@Z
?CompareTaskAlarm@CUtility@@SA?AVCOleDateTime@ATL@@V23@@Z
?CompareTaskDate@CUtility@@SAHVCOleDateTime@ATL@@000HH@Z
?CompareTaskString@CUtility@@SAHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0H@Z
?CompareUTF8String@CUtility@@SAHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0H@Z
?Decode@CUtility@@CAXPAKPAEI@Z
?DecodeQP@CUtility@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V23@@Z
?Encode@CUtility@@CAXPAEPAKI@Z
?EncodeQP@CUtility@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V23@@Z
?FirstChrCompare@CUtility@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@@Z
?GetFileDirectory@CUtility@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetNextTok@CUtility@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAV23@_W@Z
?GetSubString@CUtility@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@HH@Z
?GetTaskString@CUtility@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@H@Z
?Int2Pcdata@CUtility@@SAPAUsml_pcdata_s@@H@Z
?MD5Final@CUtility@@SAXQADPAU_stMd5_ctx@@@Z
?MD5Init@CUtility@@SAXPAU_stMd5_ctx@@@Z
?MD5Transform@CUtility@@CAXQAKQAE@Z
?MD5Update@CUtility@@SAXPAU_stMd5_ctx@@PADI@Z
?MD5_memcpy@CUtility@@CAXPAE0I@Z
?MD5_memset@CUtility@@CAXPAEHI@Z
?MakeNextAnchor@CUtility@@SAXPA_W@Z
?QPDecode@CUtility@@SAHPAEHPADPAHK@Z
?QPEncode@CUtility@@SAHPAEHPADPAHK@Z
?QPEncodeGetRequiredLength@CUtility@@SAHH@Z
?Remove@CUtility@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@@Z
?RemoveSecTime@CUtility@@SA?AVCOleDateTime@ATL@@V23@H@Z
?UTF8Decoding@CUtility@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAD@Z
?UTF8Decoding@CUtility@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@@Z
?UTF8Decoding@CUtility@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@3@@Z
?UTF8Encoding@CUtility@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PB_W@Z
?UTF8Encoding@CUtility@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V23@@Z
?UTF8Encoding@CUtility@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@3@@Z
?UTF8EncodingEXT@CUtility@@SAHPBDHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?XmlParser_Clear@@YAXPAUXML_PARSER@@@Z
?XmlParser_Create@@YAPAUXML_PARSER@@XZ
?XmlParser_Parse@@YAFPAUXML_PARSER@@PAEH@Z
?XmlParser_SetCallback@@YAXPAUXML_PARSER@@P6AXPAXW4XmlCallback_t@@PBXH@Z@Z
?XmlParser_SetUserData@@YAXPAUXML_PARSER@@PAX@Z
?jA2U@CUtility@@SAPA_WPAD@Z
?jU2A@CUtility@@SAPADPA_W@Z
?jU2A@CUtility@@SAPADV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?nextBase64Char@CUtility@@CAHPAPAEPAK@Z
?smlPcdataCopy@CUtility@@SAPAXPAUsml_pcdata_s@@0@Z

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

278a0d15124205e227f13a3eb6d58e70

Headers

File Characteristics

PDB Paths

Imports

smllib

mfc80u

msvcr80

kernel32

user32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 56KB - Virtual size: 57KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 56KB - Virtual size: 57KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB