0bd92745d449964665b64d3f63451c2d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0bd92745d449964665b64d3f63451c2d_JaffaCakes118
Size

268KB
MD5

0bd92745d449964665b64d3f63451c2d
SHA1

be92865189564949cb53768b0225dbed94d98abe
SHA256

25324604d816685491373ef3ca88561b9bf1009b37f0eaa60507de383ad922b6
SHA512

53b1da9d6aed34f9514fdafaf24e92b9049e7a873cd47d1f1d194d6eab67719fbfd1fc32f8f3eac0f18caecd1919628519cfa67eb315ba7113f5468212831db5
SSDEEP

6144:vQ0tF5T62fCoBWmNfS6E1AnOxcxA4fNAHNl:o0tF16CNNanWnOd4NA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bd92745d449964665b64d3f63451c2d_JaffaCakes118

Files

0bd92745d449964665b64d3f63451c2d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4defacc0bec4725dda5cc9be26acb946

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sync20

SyncReadSystemInfo
ord22
SyncGetDesktopTrustStatus
ord40
ord41
SyncGenerateBackupFileName
SyncBackupSecurityData
ord23
SyncIsDatabaseBackupNeeded
ord33
ord27
SyncGetDBRecordCount
ord28
ord26
SyncCloseDBEx
ord38
SyncReadDBSortInfoBlock
SyncDmReadRecordByIndex
ord36
SyncReadResRecordByIndex
PrvIsDlpVersionSupported
SyncDmReadResourceRecordByIndex
ord39
ord37
ord31
ord32
SyncChangeCategory
SyncBackupDatabase

pdcmn50

??1CHotSyncBackupDlg@@UAE@XZ
InitPdCmnDLL
??0CHotSyncBackupDlg@@QAE@PAVCWnd@@@Z

hslog20

LogAddFormattedEntry
ord52
ord56

palmcmn

ord2
ord3

condmgr

ord90

i18nnomfc

?DeleteBackslashOrSlash@@YAXAAVCPString@@@Z
?AppendBackslash@@YAXAAVCPString@@@Z

table22_psi

?IsNone@CBaseRecord@@QAEHXZ
?FindIndex@CCategoryMgr@@QAE?AW4CatError@@HAAPAVCCategory@@@Z
?GetName@CCategory@@QAEAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetID@CCategory@@QAEHXZ
?FindFirst@CCategoryMgr@@QAE?AW4CatError@@AAPAVCCategory@@@Z
?FindNext@CCategoryMgr@@QAE?AW4CatError@@AAPAVCCategory@@@Z
?SetNameDirty@CCategory@@QAEXH@Z
?GetRecordCount@CBaseTable@@QAEJXZ
??0CBaseRecord@@QAE@AAVCBaseTable@@G@Z
??0CBaseIterator@@QAE@AAVCBaseTable@@@Z
?FindFirst@CBaseIterator@@QAEJAAVCBaseRecord@@H@Z
?SetStatus@CBaseRecord@@QAEJH@Z
?SetRecordId@CBaseRecord@@QAEJH@Z
?FindNext@CBaseIterator@@QAEJAAVCBaseRecord@@H@Z
?IsDeleted@CBaseRecord@@QAEHXZ
??1CBaseIterator@@QAE@XZ
??1CBaseRecord@@UAE@XZ
?PurgeDeletedRecords@CBaseTable@@QAEJXZ
?OpenFrom@CBaseTable@@QAEJAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@J@Z
?Delete@CCategoryMgr@@QAE?AW4CatError@@H@Z
?GetNameDirty@CCategory@@QAEHXZ
?FindName@CCategoryMgr@@QAE?AW4CatError@@AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAPAVCCategory@@@Z
?IsArchived@CBaseRecord@@QAEHXZ
?SaveTo@CBaseTable@@QAEJAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?Serialize@CCategoryMgr@@UAEXAAVCArchive@@@Z
?GetRuntimeClass@CCategoryMgr@@UBEPAUCRuntimeClass@@XZ
??0CCategoryMgr@@QAE@XZ
??1CCategoryMgr@@UAE@XZ
?Serialize@CCategory@@UAEXAAVCArchive@@@Z
?GetRuntimeClass@CCategory@@UBEPAUCRuntimeClass@@XZ
?Add@CCategoryMgr@@QAE?AW4CatError@@PAVCCategory@@@Z
?SetName@CCategory@@QAEXAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetIndex@CCategory@@QAEHXZ
??0CCategory@@QAE@XZ
?SetID@CCategory@@QAEXH@Z
?SetIndex@CCategory@@QAEXH@Z
?DeleteAllCategories@CCategoryMgr@@QAEXH@Z
??1CCategory@@UAE@XZ
?SetCategoryId@CBaseRecord@@QAEJH@Z
?GetCategoryId@CBaseRecord@@QAEJAAH@Z
?GetRecordId@CBaseRecord@@QAEJAAH@Z
?FindID@CCategoryMgr@@QAE?AW4CatError@@HAAPAVCCategory@@@Z
?GetFreeIndex@CCategoryMgr@@QAEHXZ
?SortByRecordStatus@CBaseIterator@@QAEJXZ
?GetStatus@CBaseRecord@@QAEJAAH@Z
?IsAdded@CBaseRecord@@QAEHXZ
?SortByRecordId@CBaseIterator@@QAEJXZ
?FindByRecordId@CBaseIterator@@QAEJHAAVCBaseRecord@@H@Z
?IsModified@CBaseRecord@@QAEHXZ
?GetCurrentRowPosition@CBaseIterator@@QAEJAAJ@Z
?SetArchiveBit@CBaseRecord@@QAEJH@Z
?GetFileName@CCategory@@QAEAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?SortByCatId@CBaseIterator@@QAEJXZ
?GetCategoryManager@CBaseTable@@QAEPAVCCategoryMgr@@XZ
?PurgeAllRecords@CBaseTable@@QAEJXZ
?IsPending@CBaseRecord@@QAEHXZ

mfc71

ord1167
ord1092
ord1209
ord1177
ord1175
ord1201
ord1120
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord581
ord2933
ord299
ord1489
ord297
ord1486
ord2322
ord2321
ord4035
ord304
ord265
ord266
ord2020
ord762
ord314
ord764
ord1084
ord757
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3683
ord911
ord1916
ord2451
ord578
ord781
ord3997
ord5529
ord5403
ord2468
ord310
ord2248
ord4541
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718

msvcr71

__security_error_handler
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
memset
atoi
_ismbcdigit
wcslen
vsprintf
memmove
_ismbcspace
_mbclen
_mbsupr
_mbslwr
_mbsinc
_mbsicmp
_mbsrev
_mbsstr
_mbsspn
_mbsrchr
_mbsnbcpy
_mbscspn
_mbschr
remove
_strdup
free
__CxxFrameHandler
malloc
_except_handler3
_mbscmp
sprintf
_ltoa
islower
_stricmp
realloc
fclose
fread
fseek
fopen
fwrite
_mbspbrk

kernel32

GetLastError
lstrlenA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetVersionExA
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GetThreadLocale
GetLocaleInfoA
GetACP
GlobalFree
MoveFileExA
MoveFileA
GetTickCount
IsDBCSLeadByte
GetFileAttributesA
CompareFileTime
CopyFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
InterlockedExchange

user32

wsprintfA
CharNextA
LoadStringA

Exports

Exports

?GetMFCVersion@@YAKXZ
CfgConduit
ConfigureConduit
GetConduitInfo
GetConduitName
GetConduitVersion
OpenConduit

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4defacc0bec4725dda5cc9be26acb946

Headers

File Characteristics

Imports

sync20

pdcmn50

hslog20

palmcmn

condmgr

i18nnomfc

table22_psi

mfc71

msvcr71

kernel32

user32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 176KB - Virtual size: 176KB

.rsrc Size: 20KB - Virtual size: 16KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 176KB - Virtual size: 176KB

.rsrc
Size: 20KB - Virtual size: 16KB

.reloc
Size: 8KB - Virtual size: 5KB