2446d6297e8e243d1334459f0f653f1f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2446d6297e8e243d1334459f0f653f1f_JaffaCakes118
Size

213KB
MD5

2446d6297e8e243d1334459f0f653f1f
SHA1

8f5baa00e4edcbfe01da00ebc87f6c9964f73019
SHA256

6f3afea50a3f2bbf8d56da2e103cb87ee2b99c9d0e05fdf56b87cc5bd9678b29
SHA512

76684a6ea6624d6c22eb4b189e8012f01dac375604dc1e303636639c6c3fbf850de9634c9ad8318d8ec8d0d31199392a5e252b6a59224ef16e01b1133f6360de
SSDEEP

6144:Vlm3fC+U0bS7qRPa7pX43oKTUit9JPCuB:ODuiDLvJ6K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2446d6297e8e243d1334459f0f653f1f_JaffaCakes118

Files

2446d6297e8e243d1334459f0f653f1f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdb0fdc0e0d0d0ff815a33d73f2d9eee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\global\Release\bin\acad\AddPlWiz.pdb

Imports

hcreg8

hcreg_SetErrorHandler
?GetPlotStylesDirectory@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetPMPDirectory@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetDriverDirectory@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetProgramName@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetCompanyName@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetPlottersDirectory@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?FindHelpPathname@@YA_NPBDAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
_DoHtmlHelp
SetAppKeyFromPlotterWizardOnly
?GetAppDirectory@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetHelpDirectory@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetAppKey@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetProductName@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ

heidi8

??0HT_String@@QAE@PBD@Z
??1HT_String@@UAE@XZ
??H@YA?AVHT_String@@ABV0@0@Z
?Format@HT_String@@QAAHPBDZZ
?copy@HT_String@@QAEXPBD@Z
??2HT_Object@@SAPAXI@Z
??3HT_Object@@SAXPAX@Z
??3HT_String@@SAXPAX@Z
??1HT_Object@@UAE@XZ
?copy@HT_String@@QAEXABV1@@Z

plotcfg8

??0HT_Std_System_IO_Capabilities@@QAE@XZ
?what@HT_Exception@@UBEPBDXZ
??1HT_Exception@@UAE@XZ
?SPMP@@YAPAVHT_SPMem_Pool@@XZ

pm8

?deletePath@PM_Object@@QAEXPBD@Z
?extract_compound_str_ex@@YA_NPBDAAVHT_String@@1@Z
?nextNode@PM_Iterator@@QAEPBDAAW4NodeType@PM_Object@@@Z
?newIterator@PM_Object@@QBEPAVPM_Iterator@@PBDH@Z
?load@PM_Object@@QAEXPBDW4FileType@1@0@Z
??1PM_Object@@UAE@XZ
??0PM_Object@@QAE@PAVHT_Error_Handler@@@Z
?GetProperty@PM_Object@@QBE_NPBDPADIH@Z
?getPropertySize@PM_Object@@QBEIPBDH@Z

plcfmgr

??0HT_Plot_Config_Manager@@QAE@AAVHT_String@@00V?$HT_Smart_Pointer@VHT_Error_Handler@@@@K@Z
?driver_tag_line@HT_Plot_Config_Manager@@QAE?AVHT_String@@PBD@Z
?pm3_to_config@HT_Plot_Config_Manager@@QAE?AW4Enum@HT_Config_Return@@V?$HT_Smart_Pointer@VHT_Plot_Config@@@@PBDJ@Z
?load_DEVMODE@HT_Plot_Config_Manager@@QAE?AV?$HT_Smart_Pointer@VHT_Plot_Config@@@@PBDPBU_devicemodeA@@@Z
?config_to_pm3@HT_Plot_Config_Manager@@QAE?AW4Enum@HT_Config_Return@@V?$HT_Smart_Pointer@VHT_Plot_Config@@@@PBDJ_N@Z
?load_drc@HT_Plot_Config_Manager@@QAE?AV?$HT_Smart_Pointer@VHT_Plot_Config@@@@PBD0@Z
?save_pc3@HT_Plot_Config_Manager@@QAE?AW4Enum@HT_Config_Return@@PBD0@Z
?load_pcp@HT_Plot_Config_Manager@@QAE?AW4Enum@HT_Config_Return@@PBD000AAVHT_String@@JV?$HT_Smart_Pointer@VHT_Plot_Config@@@@@Z
?load_pc2@HT_Plot_Config_Manager@@QAE?AW4Enum@HT_Config_Return@@PBD000AAVHT_String@@JV?$HT_Smart_Pointer@VHT_Plot_Config@@@@@Z

apperr

HD_Create_App_Error_Handler

pc3edit

PC3EditEx

plcalwiz

PlotterCalibrationWizard

adui16

?OnNotifyUpdateTip@CAdUiBaseDialog@@MAE?AW4ADUI_REPLY@@PAVCWnd@@@Z
?EnableMultiDocumentActivation@CAdUiBaseDialog@@UAEHH@Z
?DoDialogHelp@CAdUiDialog@@UAEHXZ
?ExchangeData@CAdUiBaseDialog@@UAEHH@Z
?OnNotifyGeneric@CAdUiBaseDialog@@MAE?AW4ADUI_REPLY@@IJ@Z
?EnableFloatingWindows@CAdUiBaseDialog@@UAEXH@Z
?OnNotifyControlChange@CAdUiBaseDialog@@MAE?AW4ADUI_REPLY@@IJ@Z
?DoAdUiMessage@CAdUiBaseDialog@@MAE?AW4ADUI_REPLY@@W4ADUI_NOTIFY@@IJ@Z
?OnOK@CAdUiDialog@@MAEXXZ
?Create@CAdUiBaseDialog@@UAEHPBDPAVCWnd@@@Z
?Create@CAdUiBaseDialog@@UAEHIPAVCWnd@@@Z
?OnInitDialogBegin@CAdUiDialog@@MAEXXZ
?AppRootKey@CAdUiBaseDialog@@UAEPBDXZ
?AppResourceInstance@CAdUiBaseDialog@@UAEPAUHINSTANCE__@@XZ
?AppMainWindow@CAdUiBaseDialog@@UAEPAVCWnd@@XZ
?OnInitDialogFinish@CAdUiDialog@@MAEXXZ
?OnNotifyControlValid@CAdUiBaseDialog@@MAE?AW4ADUI_REPLY@@IH@Z
?PostNcDestroy@CAdUiBaseDialog@@MAEXXZ
?PreTranslateMessage@CAdUiBaseDialog@@UAEHPAUtagMSG@@@Z
?PreCreateWindow@CAdUiBaseDialog@@MAEHAAUtagCREATESTRUCTA@@@Z
?GetRuntimeClass@CAdUiDialog@@UBEPAUCRuntimeClass@@XZ
?DoModal@CAdUiBaseDialog@@UAEHXZ
?OnHelpInfo@CAdUiBaseDialog@@IAEHPAUtagHELPINFO@@@Z
?SetContextHelpFileName@CAdUiBaseDialog@@QAEXPBD@Z
?SetContextHelpPrefix@CAdUiBaseDialog@@QAEXPBD@Z
?OnInitDialog@CAdUiBaseDialog@@MAEHXZ
?GetThisMessageMap@CAdUiDialog@@KGPBUAFX_MSGMAP@@XZ
?DoDataExchange@CAdUiDialog@@MAEXPAVCDataExchange@@@Z
??0CAdUiDialog@@QAE@IPAVCWnd@@PAUHINSTANCE__@@@Z
??1CAdUiDialog@@UAE@XZ
?IsMultiDocumentActivationEnabled@CAdUiBaseDialog@@UAEHXZ

mfc70

ord1783
ord5007
ord5005
ord2219
ord2229
ord2227
ord2225
ord2221
ord2244
ord2232
ord1645
ord1643
ord1633
ord1732
ord5649
ord1942
ord1493
ord1423
ord4019
ord3037
ord2695
ord5624
ord5629
ord2199
ord956
ord1416
ord362
ord3455
ord599
ord3832
ord3814
ord5992
ord3609
ord5990
ord4107
ord3357
ord662
ord982
ord705
ord472
ord3472
ord869
ord1081
ord1077
ord4053
ord4267
ord3751
ord2461
ord3513
ord3523
ord3522
ord2352
ord2463
ord2359
ord2675
ord2529
ord4088
ord2648
ord2546
ord2356
ord4972
ord1451
ord1507
ord1508
ord1814
ord4954
ord1234
ord4748
ord3152
ord5991
ord3610
ord5993
ord1376
ord2020
ord2026
ord2234
ord2216
ord2214
ord2237
ord2242
ord2223
ord2239
ord823
ord819
ord821
ord817
ord812
ord5714
ord1452
ord4061
ord4503
ord3208
ord4984
ord3966
ord5989
ord4854
ord1760
ord4933
ord4025
ord1273
ord3748
ord1469
ord1472
ord5669
ord1434
ord1886
ord4364
ord1199
ord698
ord256
ord3356
ord462
ord659
ord3471
ord957
ord5565
ord2012
ord2474
ord977
ord4648
ord4852
ord4851
ord1180
ord2024
ord518
ord701
ord2204
ord1162
ord3565
ord5815
ord1829
ord4361
ord2201
ord703
ord4043
ord1377
ord4063
ord4501
ord4983
ord1272
ord5666
ord1403
ord1522
ord1523
ord1870
ord4671
ord4517
ord3994
ord4958
ord3971
ord4625
ord4398
ord4578
ord4853
ord1945
ord1443
ord4021
ord4986
ord2799
ord4042
ord3124
ord682
ord1646
ord1725
ord1744
ord2479
ord5591
ord3890
ord2864
ord1871
ord2567
ord2558
ord2896
ord331
ord571
ord3008
ord2751
ord4500
ord4975
ord4515
ord3992
ord4691
ord4246
ord4406
ord4365
ord4245
ord4275
ord4753
ord1269
ord5980
ord1097
ord1345
ord3885
ord1941
ord1422
ord4018
ord3036
ord598
ord546
ord5758
ord1703
ord5950
ord5760
ord5757
ord5474
ord5470
ord332
ord572
ord503
ord686
ord3670
ord2124
ord2132
ord2568
ord2564
ord257
ord3211
ord1014
ord5838
ord389
ord617
ord5471
ord316
ord559
ord5473
ord300
ord1495
ord1433
ord3099
ord656
ord3445
ord3012
ord1784
ord3018
ord1152
ord3061
ord5432
ord3062
ord2990
ord4516
ord3993
ord3487
ord512
ord947
ord3140
ord4262
ord2651
ord5322
ord4985
ord5002
ord4349
ord3750
ord2096
ord4998
ord4996
ord2741
ord1770
ord3640
ord5152
ord5933
ord4883
ord899
ord3614
ord5339
ord1868
ord1913

msvcr70

_setmbcp
_except_handler3
_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
__CxxFrameHandler
_ltoa
atol
strtok
_mbsrchr
_mbsstr
_ismbcspace
_mbsinc
_ismbblead
_mkdir
atoi
strcspn
strpbrk
_mbsnbcpy
??0exception@@QAE@XZ
exit
_splitpath
memmove
_mbspbrk
_mbscmp
_mbschr
_mbscpy
remove
_mbsicmp
_vscprintf
vsprintf
malloc
free
_stricmp
strchr

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
GetTickCount
LoadLibraryA
CreateFileA
SetErrorMode
lstrlenA
lstrcpyA
SetFileAttributesA
CopyFileA
LocalFree
FormatMessageA
GetLastError
WaitForMultipleObjects
CreateProcessA
GetPrivateProfileSectionA
GetPrivateProfileStringA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProfileStringA
GetVersionExA
CloseHandle

user32

GetSystemMetrics
GetClientRect
LoadIconA
GetActiveWindow
SendMessageA
GetParent
EnumChildWindows
PostMessageA
EnableWindow

gdi32

CreateFontA

winspool.drv

ConnectToPrinterDlg
GetPrinterA
ClosePrinter
EnumPrintersA
AddPrinterConnectionA
OpenPrinterA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetDesktopFolder

comctl32

ImageList_ReplaceIcon

Exports

Exports

??1CPlCalWizApp@@UAE@XZ

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fdb0fdc0e0d0d0ff815a33d73f2d9eee

Headers

File Characteristics

PDB Paths

Imports

hcreg8

heidi8

plotcfg8

pm8

plcfmgr

apperr

pc3edit

plcalwiz

adui16

mfc70

msvcr70

kernel32

user32

gdi32

winspool.drv

shell32

comctl32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 35KB - Virtual size: 35KB

.zrdata Size: 72KB - Virtual size: 72KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 35KB - Virtual size: 35KB

.zrdata
Size: 72KB - Virtual size: 72KB