0d1d00db277674c71f8c14aaadf10cb3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0d1d00db277674c71f8c14aaadf10cb3_JaffaCakes118
Size

664KB
MD5

0d1d00db277674c71f8c14aaadf10cb3
SHA1

cd301fe16204de6a42029207c038a2f08bcc1dff
SHA256

cbb7561ad01f3a7257d82ed203021aedccdfee102d8e2a683a624fa767d1c8d7
SHA512

5c9cbfc20c2660ce04476e3c02da57aab7f9c7b6b677dd3acd241ca76685bcc3ed9d089e2d2742eeec05c6a47c0f360cc32d2388a4bc2efbb37535a1e1723896
SSDEEP

12288:INdfDJG2Fgf+rgoAlMTkdsXIU4igj2akVYrzJx0OPxGeEOddH:INdfDJG1cW0AXrdVEOP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d1d00db277674c71f8c14aaadf10cb3_JaffaCakes118

Files

0d1d00db277674c71f8c14aaadf10cb3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

86891f79210209d15c30d0d0cedcb4a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\Sources\CURRENT\NeroSnap\Bin\Release\NSPluginMgr.pdb

Imports

mfc71

ord2020
ord1671
ord1670
ord1551
ord5912
ord1401
ord5203
ord4262
ord1123
ord630
ord2322
ord310
ord3088
ord2021
ord385
ord2884
ord2867
ord3641
ord3441
ord605
ord1395
ord6065
ord2372
ord4580
ord354
ord297
ord1191
ord1187
ord4125
ord6090
ord304
ord781
ord1482
ord1084
ord5320
ord6286
ord911
ord314
ord1486
ord3934
ord5563
ord2902
ord5529
ord1053
ord1091
ord907
ord3683
ord4038
ord4014
ord6278
ord3801
ord4326
ord2063
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord4481
ord4031
ord5975
ord3830
ord3321
ord557
ord3866
ord3864
ord1211
ord6003
ord5712
ord6006
ord784
ord5716
ord2306
ord1181
ord2259
ord745
ord5446
ord1159
ord908
ord865
ord1916
ord5717
ord564
ord755
ord2368
ord1279
ord5637
ord602
ord347
ord6017
ord2131
ord3849
ord1903
ord4035
ord2654
ord4118
ord3401
ord3952
ord2328
ord1068
ord2371
ord2899
ord3430
ord5702
ord2427
ord3070
ord3553
ord6067
ord3761
ord3552
ord3592
ord2018
ord1489
ord6118
ord299
ord2933
ord2248
ord5419
ord4109
ord4108
ord2272
ord3110
ord2990
ord757
ord1122
ord566
ord3684
ord4890
ord1934
ord3204
ord1280
ord5403
ord2468
ord2367
ord3337
ord760
ord1979
ord4353
ord1917
ord1161
ord3997
ord709
ord5642
ord6037
ord5731
ord501
ord6180
ord5833
ord3667
ord3668
ord1327
ord2036
ord1582
ord5212
ord4280
ord1521
ord4272
ord528
ord524
ord526
ord721
ord4583
ord5071
ord5072
ord5070
ord4797
ord4617
ord4867
ord4844
ord4190
ord4213
ord4736
ord5211
ord4720
ord519
ord516
ord518
ord718
ord2164
ord2657
ord4100
ord2094
ord3244
ord1955
ord1283
ord1063
ord2938
ord587
ord6276
ord2324
ord3576
ord2095
ord1591
ord4240
ord2991
ord3317
ord741
ord563
ord753
ord5613
ord1009
ord6255
ord2271
ord5715
ord1425
ord5727
ord782
ord3850
ord3182
ord2086
ord1545
ord4232
ord3164
ord1199
ord758
ord567
ord356
ord1096
ord5491
ord577
ord293
ord774
ord261
ord280
ord900
ord903
ord2130
ord898
ord776
ord300
ord283
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord1485
ord287
ord783
ord777
ord1481
ord904
ord5562
ord5528
ord4107
ord2269
ord3996
ord5182
ord765
ord315
ord1037
ord1206
ord1208
ord1098
ord371
ord1120
ord1201
ord1175
ord1177
ord1209
ord1092
ord1167
ord581
ord5444
ord1794
ord5868
ord3883
ord754
ord572
ord3328
ord4261
ord4486
ord3949
ord2644
ord3709
ord3719
ord3718
ord2987
ord2533
ord2646
ord2540
ord2862
ord2714
ord4307
ord2835
ord2731
ord2537
ord5200
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2408
ord2413
ord2394
ord2410
ord934
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4244
ord1402
ord3946
ord1617
ord1620
ord5915
ord1598
ord1654
ord722
ord530
ord3295
ord5714
ord6005
ord4735
ord4212
ord762
ord876
ord578
ord6297
ord5331
ord3255
ord1185
ord266
ord265
ord3210
ord764

msvcr71

strcat
memcpy
_mbsnbcpy
_mbsstr
fseek
fgetpos
fread
strncmp
strncpy
fwrite
_mbsrchr
_wcslwr
memmove
sprintf
fopen
fgets
strtok
strlen
sscanf
fclose
_strdup
_splitpath
_makepath
memset
_mbsinc
wcsncpy
atoi
??0exception@@QAE@XZ
_mbscmp
_except_handler3
??1exception@@UAE@XZ
_mbsicmp
_resetstkoflw
malloc
_localtime64
strftime
_mktime64
free
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
wcscpy
realloc
_stricmp
_purecall
strtoul
_mbsnbcat
_findclose
_findfirsti64
_stat
??1type_info@@UAE@XZ
__security_error_handler
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_mbschr

kernel32

CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetWindowsDirectoryA
GetFileSize
lstrcatA
GetSystemDefaultLangID
GetUserDefaultLangID
LockResource
LocalAlloc
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetFileTime
GetLastError
CreateFileA
CompareFileTime
GetProcAddress
LoadLibraryA
LocalFree
FormatMessageA
WideCharToMultiByte
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersion
lstrcmpiA
lstrcmpiW
lstrlenW
lstrlenA
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
EnumResourceNamesA
GetModuleFileNameA
LoadResource
SizeofResource
FindResourceA
lstrcpyA
WinExec
LeaveCriticalSection
EnterCriticalSection
FreeLibrary

user32

GetClientRect
CopyRect
SystemParametersInfoA
EnableWindow
GetWindowRect
SendMessageA
LoadStringA
ShowWindow
MapDialogRect
KillTimer
GetCursorPos
SetTimer
MessageBeep
GetDesktopWindow
SetWindowLongA
CopyIcon
SetCursor
DestroyCursor
RedrawWindow
InflateRect
PtInRect
LoadMenuA
ModifyMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
EnumChildWindows
GetDlgCtrlID
SetWindowTextA
IsWindowVisible
GetWindowLongA
GetClassNameA
GetWindowTextA
GetKeyState
ScreenToClient
GetSysColor
AdjustWindowRect
GetSystemMetrics
ReleaseCapture
GetSysColorBrush
LoadCursorA
IsWindow
DestroyWindow
SetCapture
InvalidateRect
ReleaseDC
GetDC
OffsetRect
SetRect
IsMenu
GetMenu
GetWindow
IsChild
WinHelpA
GetWindowPlacement
IsIconic
IsZoomed
MessageBoxA
GetParent
GetFocus
PostMessageA
UnregisterClassA
CharUpperW
CharUpperA
CharLowerW
CharLowerA

gdi32

SetTextJustification
TextOutA
GetStockObject
GetTextFaceA
GetTextExtentPoint32A
CreateFontA
CreateFontIndirectA
CreateDIBSection
DeleteObject
CreateBitmap
GetObjectA
StretchBlt
BitBlt
CreateCompatibleDC
SelectObject

advapi32

RegSetValueExA
RegEnumKeyExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA

shell32

ShellExecuteA

comctl32

ord17

ole32

StringFromIID
IIDFromString
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree

oleaut32

SysAllocStringLen
SysFreeString

msvcp71

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@V312@G@Z
??0locale@std@@QAE@XZ
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IABV12@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBG@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIABV12@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?at@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?is@?$ctype@G@std@@QBE_NFG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

GetPluginMgr

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86891f79210209d15c30d0d0cedcb4a6

Headers

File Characteristics

PDB Paths

Imports

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp71

version

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 164KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 180KB - Virtual size: 182KB

.rsrc Size: 224KB - Virtual size: 222KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 180KB - Virtual size: 182KB

.rsrc
Size: 224KB - Virtual size: 222KB

.reloc
Size: 24KB - Virtual size: 20KB