15075aba80fc63b613e07ddf9cc2159c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15075aba80fc63b613e07ddf9cc2159c_JaffaCakes118
Size

78KB
MD5

15075aba80fc63b613e07ddf9cc2159c
SHA1

5dbf4f63d8e636f797652a01fad05218cc64924c
SHA256

dd7a51df679e9cfa4609eda781fcf520dce1805d0da3e8d243140374c3619ed8
SHA512

3390a49a14a16160f0835efd08ef51d77c9fbf7dc4af951529d992b187f415e317f1e2733c22bf6eb8d916403d7b342b530b4ef7eb3b45e9ca4fc1e13e6d6fa3
SSDEEP

1536:as4Q8bWo72ZvRZ0HjHYAnmcfvzc8UXB6OqPMgrCKw:as4Go7s5qHUAmcjc8UXB6OqUM

Score

1^/10

Malware Config

Signatures

Files

15075aba80fc63b613e07ddf9cc2159c_JaffaCakes118
.exe windows:5 windows x64 arch:x64

fc54c59199694ba35d50fbd09ec71e33

Code Sign

7c:ba:24:26:f0:92:af:67:59:1b:6e:32:e5:2f:04:d7:c7:7c:63:80
Signer

Actual PE Digest

7c:ba:24:26:f0:92:af:67:59:1b:6e:32:e5:2f:04:d7:c7:7c:63:80

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\p4root\branches\2012\20120615_DELL_GOLD\Matrix_Projects\projects\_6032\Release\pcdoctor\bin\pcdrsysinfoperipheral.pdb

Imports

common

?getPriority@LogFactory@pcd@@SA?AW4LOGGER_PRIORITY@LoggerPriority@2@XZ
?createLogger@LogFactory@pcd@@SAXPEBDAEAPEAVLogger@2@@Z
??1TraceLogger@pcd@@QEAA@XZ
??0TraceLogger@pcd@@QEAA@PEAVLogger@1@PEBD1H@Z
?SprintfFormat@pcd@@YA?AVString@1@PEBDZZ
?logAssert@AssertionFailure@pcd@@SAXPEBD_K0@Z
?logAssert@AssertionFailure@pcd@@SAXPEBD_K0AEBVString@2@@Z
?getSystemErrorMsg@System@pcd@@SA?AVString@2@K@Z
?getSystemError@System@pcd@@SAKXZ
??0Exception@pcd@@QEAA@AEBV01@@Z
??HString@pcd@@QEBA?AV01@AEBV01@@Z
??9String@pcd@@QEBA_NAEBV01@@Z
?trim@String@pcd@@QEAAAEAV12@XZ
?toUpper@String@pcd@@QEAAAEAV12@XZ
?find@String@pcd@@QEBAIAEBV12@I@Z
?getUTF8String@String@pcd@@QEBA?AVCString@2@XZ
?size@String@pcd@@QEBAIXZ
??4String@pcd@@QEAAAEAV01@AEBV01@@Z
??1String@pcd@@QEAA@XZ
??0String@pcd@@QEAA@XZ
??0String@pcd@@QEAA@PEBD@Z
??0String@pcd@@QEAA@AEBV01@@Z
??0String@pcd@@QEAA@PEBG@Z
?EMPTY@String@pcd@@SAAEBV12@XZ
??BCString@pcd@@QEBAPEBDXZ
??1CString@pcd@@QEAA@XZ
??1SerializationFailed@pcd@@UEAA@XZ
??0SerializationFailed@pcd@@QEAA@AEBVString@1@@Z
??0SerializationFailed@pcd@@QEAA@AEBV01@@Z
?deserializeEnd@Serializable@pcd@@MEAAXXZ
?deserializeBegin@Serializable@pcd@@MEAAXPEBVXmlElement@2@@Z
?getSerializedXML@Serializable@pcd@@MEAAXAEAVString@2@@Z
?serializeEnd@Serializable@pcd@@MEAAXXZ
?serializeBegin@Serializable@pcd@@MEAAXAEBVString@2@@Z
?deserializeUtf8@Serializable@pcd@@UEAAXPEBD@Z
?deserialize@Serializable@pcd@@UEAAXAEBVString@2@@Z
?doSerialization@Serializable@pcd@@UEAAXAEBVString@2@AEAV32@@Z
??1Serializable@pcd@@UEAA@XZ
??0Serializable@pcd@@QEAA@XZ
??1LoggerStream@pcd@@QEAA@XZ
??0LoggerStream@pcd@@QEAA@XZ
?log@Logger@pcd@@QEAA_NW4LOGGER_PRIORITY@LoggerPriority@2@AEBVLoggerStream@2@@Z
?resolvePriority@Logger@pcd@@QEBA?AW4LOGGER_PRIORITY@LoggerPriority@2@XZ
??Hpcd@@YA?AVString@0@PEBDAEBV10@@Z
?open@FileHandleResManager@pcd@@CAPEAXAEBVCreateFileOpenArgs@2@@Z
?destroy@FileHandleResManager@pcd@@CAXAEAPEAX@Z
?toString@PCDValue@pcd@@QEBA?AVString@2@I@Z
?nilValue@PCDValue@pcd@@SAIXZ
??1PCDValue@pcd@@UEAA@XZ
??0PCDValue@pcd@@QEAA@XZ
??0PCDValue@pcd@@QEAA@AEBI@Z
??0PCDValue@pcd@@QEAA@AEBVString@1@@Z
??1WindowsRegistryKey@@QEAA@XZ
??0WindowsRegistryKey@@QEAA@PEAUHKEY__@@@Z
??6LoggerStream@pcd@@QEAAAEAV01@AEBVString@1@@Z
??HLoggerStream@pcd@@QEAAAEAV01@AEBVString@1@@Z
??HLoggerStream@pcd@@QEAAAEAV01@PEBD@Z
??1Exception@pcd@@UEAA@XZ
?toString@Exception@pcd@@QEBA?AVString@2@XZ
?getDistribution@OperatingSystem@pcd@@QEBAAEBVOperatingSystemDistribution@2@XZ
?getMajor@OperatingSystem@pcd@@QEBAAEBVOperatingSystemMajorVersion@2@XZ
?getCurrentOperatingSystem@OperatingSystem@pcd@@SA?AV12@XZ
??1OperatingSystem@pcd@@UEAA@XZ
??1StructuredException@pcd@@QEAA@XZ
??1OperatingSystemDistribution@pcd@@UEAA@XZ
?WIN_PE@OperatingSystemDistribution@pcd@@SA?AV12@XZ
??1OperatingSystemMajorVersion@pcd@@UEAA@XZ
?WIN_2000@OperatingSystemMajorVersion@pcd@@SA?AV12@XZ
??6LoggerStream@pcd@@QEAAAEAV01@J@Z
?append@String@pcd@@QEAAAEAV12@PEBD@Z

matrix

?capsWithHighestPriority@CapabilityImp@pcd@@QEBA?AV12@XZ
??1CapabilityImp@pcd@@UEAA@XZ
?description@CapabilityImp@pcd@@QEBA?AVString@2@XZ

dapi5

?createGeneric@SysInfoDevice@dapi5@@SAPEAV12@AEBVDeviceCapability@2@0AEBVDapiString@2@111@Z
?STRINGARRAY@DataType@dapi5@@SAAEBV12@XZ
?STRING@DataType@dapi5@@SAAEBV12@XZ
?imp@DeviceCapability@dapi5@@QEAAAEAVCapabilityImp@pcd@@XZ
??8DeviceCapability@dapi5@@QEBA_NAEBV01@@Z
?toString@DeviceCapability@dapi5@@QEBAAEBVDapiString@2@XZ
??1DeviceCapability@dapi5@@QEAA@XZ
??4DeviceCapability@dapi5@@QEAAAEAV01@AEBV01@@Z
??0DeviceCapability@dapi5@@QEAA@XZ
?WiMouseTest@DeviceCapability@dapi5@@SAAEBV12@XZ
?Mouse@DeviceCapability@dapi5@@SAAEBV12@XZ
?WiMouse@DeviceCapability@dapi5@@SAAEBV12@XZ
?WiKeyboard@DeviceCapability@dapi5@@SAAEBV12@XZ
?Keyboard@DeviceCapability@dapi5@@SAAEBV12@XZ
?NIL@DeviceCapability@dapi5@@SAAEBV12@XZ
?toPCDString@Value@dapi5@@QEBAAEBVString@pcd@@XZ
?getStringInArray@Value@dapi5@@QEBAAEBVDapiString@2@I@Z
?stringArraySize@Value@dapi5@@QEBAIXZ
?valueString@Value@dapi5@@QEBAAEBVDapiString@2@XZ
??1Value@dapi5@@QEAA@XZ
??0Value@dapi5@@QEAA@AEBVString@pcd@@@Z
?pcdString@DapiString@dapi5@@QEBAAEBVString@pcd@@XZ
??1DapiString@dapi5@@QEAA@XZ
??0DapiString@dapi5@@QEAA@PEBD@Z
??0DapiString@dapi5@@QEAA@AEBVString@pcd@@@Z
?value@Parameter@dapi5@@QEBA?AVValue@2@XZ
?createParameter@SysInfoModule@dapi5@@SAPEAVParameter@2@AEBVDapiString@2@AEBVDataType@2@0_N2@Z
?property@SysInfoDevice@dapi5@@QEBAPEAVDeviceProperty@2@AEBVDapiString@2@@Z
?deviceCapabilities@SysInfoDevice@dapi5@@QEBA?AVDeviceCapability@2@XZ
?setName@SysInfoDevice@dapi5@@QEAAPEAV12@AEBVDapiString@2@@Z
?addDeviceCapability@SysInfoDevice@dapi5@@QEAAPEAV12@AEBVDeviceCapability@2@@Z
?addProperty@SysInfoDevice@dapi5@@QEAAPEAV12@PEBVDeviceProperty@2@@Z
?createUnknown@SysInfoDevice@dapi5@@SAPEAV12@AEBVDeviceCapability@2@0AEBVDapiString@2@111@Z
?setValue@DeviceProperty@dapi5@@QEAAPEAV12@AEBVValue@2@@Z
?value@DeviceProperty@dapi5@@QEBA?AVValue@2@XZ
?BOOLEAN@DataType@dapi5@@SAAEBV12@XZ
?UINT32@DataType@dapi5@@SAAEBV12@XZ
??UDeviceCapability@dapi5@@QEBA?AV01@AEBV01@@Z
?KeyboardTest@DeviceCapability@dapi5@@SAAEBV12@XZ
?MouseTest@DeviceCapability@dapi5@@SAAEBV12@XZ
?Joystick@DeviceCapability@dapi5@@SAAEBV12@XZ
?Printer@DeviceCapability@dapi5@@SAAEBV12@XZ
??0Value@dapi5@@QEAA@J@Z
??0Value@dapi5@@QEAA@I@Z
??0Value@dapi5@@QEAA@K@Z
??0Value@dapi5@@QEAA@_N@Z
??0Value@dapi5@@QEAA@PEBG@Z
??UPropertyCategory@dapi5@@QEBA?AV01@AEBV01@@Z
??1PropertyCategory@dapi5@@QEAA@XZ
?Tier3@PropertyCategory@dapi5@@SAAEBV12@XZ
?Tier2@PropertyCategory@dapi5@@SAAEBV12@XZ
?Tier1@PropertyCategory@dapi5@@SAAEBV12@XZ
?Profile@PropertyCategory@dapi5@@SAAEBV12@XZ
?Summary@PropertyCategory@dapi5@@SAAEBV12@XZ
?Internal@PropertyCategory@dapi5@@SAAEBV12@XZ
?RequiredForTests@PropertyCategory@dapi5@@SAAEBV12@XZ
?Key@PropertyCategory@dapi5@@SAAEBV12@XZ
?SysInfo@PropertyCategory@dapi5@@SAAEBV12@XZ
?localizedString@LocalizedString@dapi5@@QEBAAEBVDapiString@2@XZ
?registerLibrary@DiagModule@dapi5@@SAXAEBVDapiString@2@@Z
?addDevice@SysInfoModule@dapi5@@SAXPEAVSysInfoDevice@2@@Z
?createLocalizedString@SysInfoModule@dapi5@@SAPEAVLocalizedString@2@AEBVDapiString@2@@Z
?createDeviceProperty@SysInfoModule@dapi5@@SAPEAVDeviceProperty@2@AEBVDapiString@2@AEBVPropertyCategory@2@AEBVDataType@2@AEBVDeviceCapability@2@@Z
?start@SysInfoModule@dapi5@@SAHXZ
?addModuleEnumerationRequirement@SysInfoModule@dapi5@@SAXAEBVString@pcd@@_N@Z
?setModuleCapabilities@SysInfoModule@dapi5@@SAXAEBVDeviceCapability@2@@Z
?setCmdLineArgs@SysInfoModule@dapi5@@SAXHQEAPEBD@Z
?setVersion@SysInfoModule@dapi5@@SAXIIAEBVDapiString@2@@Z
?setModuleInitCallback@SysInfoModule@dapi5@@SAXP6AXXZ@Z
?setDiscoverDevicesCallback@SysInfoModule@dapi5@@SAXP6AXXZ@Z

hid

HidD_GetHidGuid
HidD_GetManufacturerString
HidD_GetAttributes

sysinfo

?enumeratePrinters@libSysinfo@@YA_NXZ
?pDriverVersion@CommonProperties@libSysinfo@@2PEAVDeviceProperty@dapi5@@EA
?pDriver@CommonProperties@libSysinfo@@2PEAVDeviceProperty@dapi5@@EA
?pDescription@CommonProperties@libSysinfo@@2PEAVDeviceProperty@dapi5@@EA
?pDriverProvider@CommonProperties@libSysinfo@@2PEAVDeviceProperty@dapi5@@EA
?initPrinters@libSysinfo@@YA_NXZ

libmodulecommon

?GetDriver@CEnumDriver@@SAXAEBVWindowsRegistryKey@@AEBVString@pcd@@AEAV34@222@Z

libsynaptics

?enumerate@SynapticsEnumerator@@QEAA_NAEAV?$Array@PEAVSysInfoDevice@dapi5@@@pcd@@@Z
??1SynapticsEnumerator@@QEAA@XZ
??0SynapticsEnumerator@@QEAA@PEAVSysInfoDevice@dapi5@@@Z

oswindows

?isDecendentOf@WindowsDevice@libOSWindows@@QEBA_NAEBV12@PEAI@Z
?getDescription@WindowsDevice@libOSWindows@@QEBAAEBVString@pcd@@XZ
?getDisplayName@WindowsDevice@libOSWindows@@QEBAXAEAVString@pcd@@AEBV34@@Z
?getServiceName@WindowsDevice@libOSWindows@@QEBA_NAEAVString@pcd@@@Z
?getDeviceInstanceId@WindowsDevice@libOSWindows@@QEBAAEBVString@pcd@@XZ
?getEnumerator@WindowsDevice@libOSWindows@@QEBAAEBVString@pcd@@XZ
??0WindowsDevice@libOSWindows@@QEAA@AEBVString@pcd@@@Z
?getStringRegistryProperty@WindowsDevice@libOSWindows@@QEBA_NKAEAVString@pcd@@W4RegPropType@2@@Z
?openRegistryKey@WindowsDevice@libOSWindows@@QEBAPEAUHKEY__@@W4RegKeyType@2@@Z
??0WindowsDeviceSet@libOSWindows@@QEAA@PEBU_GUID@@0I@Z
?size@WindowsDeviceSet@libOSWindows@@QEBAIXZ
??AWindowsDeviceSet@libOSWindows@@QEAAAEAVWindowsDevice@1@I@Z
??1WindowsDevice@libOSWindows@@QEAA@XZ
??1WindowsDeviceSet@libOSWindows@@QEAA@XZ
?getOsLocator@WindowsDevice@libOSWindows@@QEBAAEBVString@pcd@@XZ

msvcr90

_amsg_exit
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__crt_debugger_hook
__set_app_type
_fmode
printf
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
__iob_func
fprintf
sprintf
__C_specific_handler
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_CxxThrowException
__getmainargs
_XcptFilter
_exit
_cexit
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode

kernel32

GetModuleHandleW
GetCurrentProcessId
LoadLibraryA
GetLastError
FreeLibrary
GetProcAddress
LocalAlloc
GetSystemTimeAsFileTime
RaiseException
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc54c59199694ba35d50fbd09ec71e33

Code Sign

7c:ba:24:26:f0:92:af:67:59:1b:6e:32:e5:2f:04:d7:c7:7c:63:80Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

common

matrix

dapi5

hid

sysinfo

libmodulecommon

libsynaptics

oswindows

msvcr90

kernel32

ole32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 488B

7c:ba:24:26:f0:92:af:67:59:1b:6e:32:e5:2f:04:d7:c7:7c:63:80
Signer

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 488B