f3788748c62dfd913c4a056c4401ab3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f3788748c62dfd913c4a056c4401ab3d_JaffaCakes118
Size

184KB
MD5

f3788748c62dfd913c4a056c4401ab3d
SHA1

69b032c7c2acbc48ec30b9aea6d8c06cc8bf6a20
SHA256

6ae8bdec4c68534d7cf296acc11b35c124adbfb77cc0be2a0e430dd3e8bec50f
SHA512

c6da8605bb5bb09153bfaadcc3da3bc3b3c45c5cef38fba55c25cab761f96897eb2dad6bd4790d64deac3b5377088e61f6f397031d5ab24eba4c455759371b05
SSDEEP

3072:daHvEDO+eQ+6avv54bkrpP4bcv/C8YewUBTwlTlEwmDE3jYSRvcOFaWIPAjoCI20:d4vEDO+Pavv54KeQvqw7kTlEfecSRvgh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3788748c62dfd913c4a056c4401ab3d_JaffaCakes118

Files

f3788748c62dfd913c4a056c4401ab3d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d6e75746d10ebbb9efff3ce9ffb3d122

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\z00105600_view_UTPS_LATEST\Tc_utps_code\Utps_v100r001\utps\solution\win32\CallPlugin\Release\CallPlugin.pdb

Imports

filemanager

?RemoveRecord@CFileManager@@QAEJH@Z
?AddRecord@CFileManager@@QAEJPBVIRecord@@@Z
?CreateNewRecord@CFileManager@@QAEPAVIRecord@@XZ
?GetRecordCount@CFileManager@@QBEIXZ
?GetFieldCount@CFileManager@@QBEIXZ
??0CFileManager@@QAE@XZ
?ReadRecord@CFileManager@@QAEPAVIRecord@@H@Z
?UpdateRecord@CFileManager@@QAEJPBVIRecord@@@Z
?Open@CFileManager@@QAEJABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?Close@CFileManager@@QAEXXZ
?SetFieldInfo@CFileManager@@QAEJABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
??1CFileManager@@QAE@XZ

shlwapi

PathFileExistsW

kernel32

GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
GetModuleFileNameW
CloseHandle
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetModuleFileNameA
SetFileAttributesW
DeleteFileW
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
ExitProcess

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?_Nomemory@std@@YAXXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

msvcr71

_CxxThrowException
_purecall
??1exception@@UAE@XZ
??0exception@@QAE@XZ
difftime
__RTDynamicCast
sprintf
atoi
wcscpy
sscanf
time
??_V@YAXPAX@Z
malloc
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
_except_handler3
__dllonexit
_onexit
free
_initterm
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
??3@YAXPAX@Z
_itoa

Exports

Exports

CreatePlugin

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d6e75746d10ebbb9efff3ce9ffb3d122

Headers

File Characteristics

PDB Paths

Imports

filemanager

shlwapi

kernel32

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 112KB - Virtual size: 112KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 112KB - Virtual size: 112KB