15fd063709bda8bc641d78f01e0ebcd9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15fd063709bda8bc641d78f01e0ebcd9_JaffaCakes118
Size

178KB
MD5

15fd063709bda8bc641d78f01e0ebcd9
SHA1

e78c0ad24b41773f0dd0f879356afc40dcfbe365
SHA256

cdfab802bdbb07f3971f6d0340a6a152bca7087dafd4099635091c44396a825a
SHA512

de4191ba54b2166e3e96a5e762139c37c312da527afbd04de32ddc5c7ccab95a5c7240e7016a0c1777771ec6b6c9f9dc77a700be60ac12825b23a277bfff1e19
SSDEEP

3072:rkZWY1EX8ARJe2CuROMe4Ox95/fIJyqzHOC3shsg:Ky7+NOlg/fIJyqzHOC36

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15fd063709bda8bc641d78f01e0ebcd9_JaffaCakes118

Files

15fd063709bda8bc641d78f01e0ebcd9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

4e467ea3a0e67aa6d37c670c4ac550cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\boost_1_49_0_build\bin.v2\libs\math\build\msvc-10.0\debug\threading-multi\boost_math_c99f-vc100-mt-gd-1_49.pdb

Imports

msvcp100d

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?max@?$numeric_limits@I@std@@SAIXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$ctype@D@std@@QBEDD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?quiet_NaN@?$numeric_limits@O@std@@SAOXZ
?epsilon@?$numeric_limits@O@std@@SAOXZ
?max@?$numeric_limits@_J@std@@SA_JXZ
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?infinity@?$numeric_limits@O@std@@SAOXZ
?is@?$ctype@D@std@@QBE_NFD@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?max@?$numeric_limits@O@std@@SAOXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?exceptions@ios_base@std@@QAEXH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flags@ios_base@std@@QAEHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?precision@ios_base@std@@QAE_J_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
?epsilon@?$numeric_limits@M@std@@SAMXZ
?min@?$numeric_limits@H@std@@SAHXZ
?max@?$numeric_limits@H@std@@SAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_BADOFF@std@@3_JB
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??Bios_base@std@@QBEPAXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?unsetf@ios_base@std@@QAEXH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?min@?$numeric_limits@_J@std@@SA_JXZ
?min@?$numeric_limits@J@std@@SAJXZ
?max@?$numeric_limits@J@std@@SAJXZ
?quiet_NaN@?$numeric_limits@M@std@@SAMXZ
?denorm_min@?$numeric_limits@M@std@@SAMXZ
?denorm_min@?$numeric_limits@O@std@@SAOXZ
??3@YAXPAXABU_DebugHeapTag_t@std@@PADH@Z
??2@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
?_DebugHeapTag_func@std@@YAABU_DebugHeapTag_t@1@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?min@?$numeric_limits@N@std@@SANXZ
?epsilon@?$numeric_limits@N@std@@SANXZ
?max@?$numeric_limits@N@std@@SANXZ
?max@?$numeric_limits@M@std@@SAMXZ
?infinity@?$numeric_limits@N@std@@SANXZ
?min@?$numeric_limits@M@std@@SAMXZ
?infinity@?$numeric_limits@M@std@@SAMXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?quiet_NaN@?$numeric_limits@N@std@@SANXZ

msvcr100d

??0exception@std@@QAE@XZ
memset
_purecall
_invalid_parameter
_CrtDbgReportW
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
memcmp
memchr
??8type_info@@QBE_NABV0@@Z
ldexp
abs
frexp
floor
sin
pow
ceil
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
_malloc_dbg
_free_dbg
_encoded_null
_CrtSetCheckCount
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
free
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_CxxThrowException
memmove
memcpy
strlen
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
exp
_errno
fabs
log
sqrt
_wassert

kernel32

DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
EncodePointer

Exports

Exports

??$fpclassify@M@tr1@math@boost@@YAHM@Z
??$isfinite@M@tr1@math@boost@@YA_NM@Z
??$isinf@M@tr1@math@boost@@YA_NM@Z
??$isnan@M@tr1@math@boost@@YA_NM@Z
??$isnormal@M@tr1@math@boost@@YA_NM@Z
??$signbit@M@tr1@math@boost@@YA_NM@Z
boost_acoshf
boost_asinhf
boost_atanhf
boost_cbrtf
boost_copysignf
boost_erfcf
boost_erff
boost_expm1f
boost_fmaxf
boost_fminf
boost_hypotf
boost_lgammaf
boost_llroundf
boost_log1pf
boost_lroundf
boost_nextafterf
boost_nexttowardf
boost_roundf
boost_tgammaf
boost_truncf

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e467ea3a0e67aa6d37c670c4ac550cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp100d

msvcr100d

kernel32

Exports

Exports

Sections

.text Size: 117KB - Virtual size: 116KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 3KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 117KB - Virtual size: 116KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 3KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 7KB