02e3ab3984b3c0875fbf369145c1c3df_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02e3ab3984b3c0875fbf369145c1c3df_JaffaCakes118
Size

459KB
MD5

02e3ab3984b3c0875fbf369145c1c3df
SHA1

6e01a4532f831f57e3f13a511ae15a05fac9a59d
SHA256

313cb134cbdf6e20c1e28453d91b171ec4857a6d5cd24ac16ba24287d40b75b7
SHA512

c7d8b001bb04d5149c3b829cae94032c105b206776994c9e76e5ba04f16bb6ee4e62afb5e7e9569ff5ad73706a3c60bed49cb287367b1a7af00e5a1fdcd2301d
SSDEEP

12288:m4SIoF1AiWlKneRbRuV5TotfL8/RWEDUkuHn9aX4i:m4SIoFSAneRRu3TotfL8/RWEYkVX4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02e3ab3984b3c0875fbf369145c1c3df_JaffaCakes118

Files

02e3ab3984b3c0875fbf369145c1c3df_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2e0b102a93b11c0260b390ccbe2c5a43

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\alienbrainWork\QQX5_Mainland\exe\server\base_util.pdb

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
Sleep
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetModuleFileNameA
GetModuleHandleA
FreeConsole
GetStdHandle
AllocConsole
WriteFile
SetConsoleTextAttribute
CloseHandle
DisconnectNamedPipe
ReadFile
ConnectNamedPipe
CreateNamedPipeW
GetCurrentProcessId
InitializeCriticalSection
GetOverlappedResult
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
GetVersionExA
GetCurrentProcess
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
CreateMutexA
ReleaseMutex
WaitForSingleObject
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
LoadLibraryA
CreateEventA
GetProcAddress
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapFree
HeapAlloc
DebugBreak
RaiseException
FreeLibrary
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
IsDebuggerPresent
InterlockedExchange

user32

PeekMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects

stlport_x5.5.2

?reserve@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXI@Z
??Y?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@D@Z
?rfind@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIPBDII@Z
??6?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV12@XZ
?_M_put_nowiden@?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXPBD@Z
?_M_open@_Filebuf_base@stlp_std@@QAE_NPBDH@Z
??0?$basic_ifstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@PBDH@Z
??1?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@UAE@XZ
??0?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@XZ
??_D?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXXZ
?_M_compute_next_size@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@AAEII@Z
?_M_construct_null@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@ABEXPAD@Z
?_M_deallocate_block@?$_String_base@DV?$allocator@D@stlp_std@@@priv@stlp_std@@IAEXXZ
??0?$_Isentry@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@AAV?$basic_istream@DV?$char_traits@D@stlp_std@@@1@_N@Z
?max_size@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIXZ
?sbumpc@?$basic_streambuf@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEHXZ
?push_back@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXD@Z
??1?$_Isentry@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@XZ
?find@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIDI@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@U_String_reserve_t@priv@1@IABV?$allocator@D@1@@Z
?_M_append@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@AAEAAV12@PBD0@Z
?append@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV12@ABV12@@Z
?find@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIPBDII@Z
?substr@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBE?AV12@II@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@V?$__move_source@V?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@@1@@Z
??0?$basic_ifstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@XZ
?open@?$basic_ifstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXPBDH@Z
?read@?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV12@PAD_J@Z
?close@?$basic_filebuf@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEPAV12@XZ
?setstate@?$basic_ios@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXH@Z
??1?$basic_ifstream@DV?$char_traits@D@stlp_std@@@stlp_std@@UAE@XZ
??_7?$basic_ios@DV?$char_traits@D@stlp_std@@@stlp_std@@6B@
??1ios_base@stlp_std@@UAE@XZ
??_D?$basic_ifstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXXZ
?_S_prev_sizes@?$_Stl_prime@_N@priv@stlp_std@@SAXIAAPBI0@Z
?get_allocator@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QBE?AV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@2@XZ
??0?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@IABQAU_Slist_node_base@priv@1@ABV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@1@@Z
?swap@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXAAV12@@Z
?__splice_after@?$_Sl_global@_N@priv@stlp_std@@SAXPAU_Slist_node_base@23@00@Z
?get@?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEHXZ
?peek@?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEHXZ
?_M_throw_out_of_range@?$_String_base@DV?$allocator@D@stlp_std@@@priv@stlp_std@@IBEXXZ
?open@?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXPBDH@Z
?close@?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXXZ
??_D?$basic_fstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXXZ
??1?$basic_ios@DV?$char_traits@D@stlp_std@@@stlp_std@@UAE@XZ
??1?$basic_fstream@DV?$char_traits@D@stlp_std@@@stlp_std@@UAE@XZ
?write@?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV12@PBD_J@Z
??0?$basic_fstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@XZ
?erase@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV12@II@Z
?find_first_not_of@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIDI@Z
?size@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIXZ
?get_allocator@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBE?AV?$allocator@D@2@XZ
??0?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@ABV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@1@@Z
??1?$allocator@PAU_Slist_node_base@priv@stlp_std@@@stlp_std@@QAE@XZ
??1?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@XZ
?size@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QBEIXZ
?_S_next_size@?$_Stl_prime@_N@priv@stlp_std@@SAII@Z
?reserve@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXI@Z
?_M_fill_assign@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXIABQAU_Slist_node_base@priv@2@@Z
?_Transfer@?$_List_global@_N@priv@stlp_std@@SAXPAU_List_node_base@23@00@Z
?compare@?$char_traits@D@stlp_std@@SAHPBD0I@Z
?_M_compare@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@SAHPBD000@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@ABV01@@Z
?allocate@?$_STLP_alloc_proxy@PADDV?$allocator@D@stlp_std@@@priv@stlp_std@@QAEPADIAAI@Z
?__stl_throw_length_error@stlp_std@@YAXPBD@Z
??0?$_STLP_alloc_proxy@PADDV?$allocator@D@stlp_std@@@priv@stlp_std@@QAE@ABV?$allocator@D@2@PAD@Z
?deallocate@?$allocator@D@stlp_std@@QAEXPADI@Z
??1?$_STLP_alloc_proxy@PADDV?$allocator@D@stlp_std@@@priv@stlp_std@@QAE@XZ
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@XZ
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@ABV?$allocator@D@1@@Z
??1?$allocator@D@stlp_std@@QAE@XZ
?_Rebalance@?$_Rb_global@_N@priv@stlp_std@@SAXPAU_Rb_tree_node_base@23@AAPAU423@@Z
?_Rebalance_for_erase@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@AAPAU423@11@Z
?allocate@__node_alloc@stlp_std@@SAPAXAAI@Z
?_M_decrement@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@@Z
?deallocate@__node_alloc@stlp_std@@SAXPAXI@Z
?_M_increment@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@@Z
?_M_assign@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@AAEAAV12@PBD0@Z
?replace@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV12@IIABV12@@Z
?clear@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXXZ

msvcr90

raise
__iob_func
_stricmp
_mkdir
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strchr
strncmp
isalnum
isalpha
isspace
_vsnprintf_s
fputc
ferror
fseek
fread
strstr
fopen_s
srand
atof
__RTtypeid
_mktime32
tolower
fputs
fflush
_time64
_ctime64
_localtime32_s
sscanf
_vswprintf_c_l
atoi
toupper
strncpy
strncat
_atoi64
strrchr
_time32
_errno
_beginthread
__RTDynamicCast
vsprintf
memset
sprintf
memcpy
memmove
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
sprintf_s
_purecall
_vsnprintf
fopen
ftell
fclose
printf
fprintf
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
setvbuf
??0exception@std@@QAE@ABQBDH@Z
free
malloc

ws2_32

getsockopt
WSARecvFrom
WSAGetOverlappedResult
WSAStartup
accept
listen
send
getpeername
recv
inet_ntoa
WSAIoctl
bind
recvfrom
sendto
getsockname
ioctlsocket
WSAGetLastError
closesocket
socket
htons
inet_addr
gethostbyname
htonl
ntohl
ntohs
setsockopt

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

vfsdllproj

?Hfclose@VFS@@YAHPAVIFile@1@@Z
?Hfread@VFS@@YAIPAXIIPAVIFile@1@@Z
?Hfopen@VFS@@YAPAVIFile@1@PBD00@Z

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptGenRandom

Exports

Exports

_DestroyBiboRegistry
_GetBiboRegistry

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e0b102a93b11c0260b390ccbe2c5a43

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

stlport_x5.5.2

msvcr90

ws2_32

version

vfsdllproj

advapi32

Exports

Exports

Sections

.text Size: 324KB - Virtual size: 323KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 7KB - Virtual size: 45KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 324KB - Virtual size: 323KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 7KB - Virtual size: 45KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 39KB - Virtual size: 39KB