2617103eafd2a28cf306c27451bce781_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2617103eafd2a28cf306c27451bce781_JaffaCakes118
Size

296KB
MD5

2617103eafd2a28cf306c27451bce781
SHA1

3a4d18dbc28cde414f438a85aff3accbe24f6b9c
SHA256

152848a7a84d998e58f5593b1fdb64f3666894f0b2bcdf6a513b4055d0e0f492
SHA512

e39b02915ce30b4b20a5681953270b9ff107e8e9a4db3e6cade755764cf600e27a6bf9eb4bf98260e9c8fe4f23ba57d61e596b2f09b2850888cd490c52c5e9c3
SSDEEP

6144:5TX2h40URwOAKYj1rPYMiZKNaRGPRqaHLuc8A054EOO:5TZ0URIKwR9gt4EX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2617103eafd2a28cf306c27451bce781_JaffaCakes118

Files

2617103eafd2a28cf306c27451bce781_JaffaCakes118
.dll windows:4 windows x86 arch:x86

75bc953020800e568a4ec15fb4d01db2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\data\vs\Trunk\Release\OutputStatusDlg.pdb

Imports

xmlparserlib

?isEmpty@XMLNode@@QAEDXZ
?GetValue@XMLNode@@QAEPBDPBD@Z
?parseString@XMLNode@@SA?AV1@PBD0PAUXMLResults@@@Z
??1XMLNode@@QAE@XZ

logger

?Log@CLogger@@SAXKPBDZZ

mfc80

ord4261
ord501
ord4486
ord5214
ord709
ord3949
ord4185
ord2644
ord6275
ord3709
ord5073
ord3719
ord1908
ord3576
ord6065
ord3718
ord5152
ord2533
ord4240
ord2646
ord1402
ord2991
ord876
ord2540
ord3946
ord2862
ord1617
ord1123
ord2714
ord1620
ord4307
ord5915
ord3317
ord2835
ord6725
ord2731
ord1591
ord2537
ord2095
ord5200
ord304
ord1069
ord1794
ord4035
ord3641
ord6703
ord4580
ord299
ord1489
ord297
ord4749
ord1903
ord4115
ord784
ord4353
ord266
ord5807
ord3997
ord2321
ord1084
ord6067
ord2902
ord354
ord605
ord557
ord3182
ord4262
ord1643
ord6006
ord5203
ord1581
ord745
ord4244
ord1401
ord5912
ord6724
ord3292
ord1551
ord1670
ord1671
ord781
ord2020
ord4890
ord4735
ord5182
ord715
ord1115
ord1098
ord1280
ord1175
ord1187
ord1191
ord3244
ord1283
ord2371
ord3596
ord6286
ord1181
ord5320
ord6297
ord5331
ord1161
ord4908
ord265
ord2372
ord1091
ord3255
ord1917
ord1955
ord4100
ord2094
ord5403
ord2468
ord1486
ord1482
ord4109
ord907
ord911
ord2272
ord4081
ord3302
ord3109
ord6305
ord1934
ord3403
ord1063
ord4722
ord4282
ord6004
ord1600
ord762
ord5960
ord1929
ord3210
ord5235
ord5233
ord923
ord676
ord928
ord443
ord932
ord930
ord934
ord2390
ord2410
ord5637
ord310
ord2394
ord1185
ord2400
ord2398
ord1279
ord2396
ord2413
ord2408
ord602
ord2392
ord347
ord2415
ord2403
ord5713
ord2385
ord2387
ord2405
ord5634
ord2178
ord3161
ord2172
ord1968
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord578
ord741
ord5175
ord5676
ord1964
ord1656
ord572
ord3254
ord1655
ord2322
ord760
ord1599
ord764
ord3684
ord371

msvcr80

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
fgets
fopen
_makepath
_purecall
_stricmp
_makepath_s
_splitpath_s
strcpy_s
fclose
sprintf
_atoi64
_mktime64
atoi
__CxxFrameHandler3
_strnicmp
wcslen
wcscpy_s
_time64
memcpy_s
strncpy
ceil
memset
_splitpath
__clean_type_info_names_internal
free
strcmp
_localtime64_s
exit

kernel32

GetVersion
GetVersionExA
GetEnvironmentStrings
FreeLibrary
GetModuleFileNameA
GetCurrentProcess
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
GetTickCount
GetModuleFileNameW
InterlockedExchange
GetEnvironmentVariableA
GetACP
GetLocaleInfoA
GetThreadLocale

user32

RegisterWindowMessageA
SetMenuDefaultItem
SetActiveWindow
GetSubMenu
RedrawWindow
SetTimer
LoadMenuA
SetParent
SystemParametersInfoA
EnumChildWindows
FindWindowA
GetClassNameA
GetMenuItemID
PostMessageA
DestroyIcon
TrackPopupMenu
LoadImageA
SetForegroundWindow
DrawAnimatedRects
GetCursorPos
LoadIconA
SendMessageA
IsIconic
IsWindow
GetWindowRect
EnableWindow
LoadBitmapA
InvalidateRect
SetWindowRgn
GetWindowRgn
KillTimer

gdi32

BitBlt
CreateCompatibleDC
GetObjectA
CombineRgn
CreateRectRgn
GetPixel

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHAppBarMessage
Shell_NotifyIconA

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

psapi

GetModuleInformation
EnumProcessModules

crypt32

CryptQueryObject
CertFindCertificateInStore
CertFreeCertificateContext
CryptMsgGetParam

Exports

Exports

??0COutputStatus@@QAE@PAVCWnd@@@Z
??0CSystemTray@@QAE@PAVCWnd@@IPBDPAUHICON__@@IH11KI@Z
??0CSystemTray@@QAE@XZ
??1COutputStatus@@UAE@XZ
??1CSystemTray@@UAE@XZ
??_7COutputStatus@@6B@
??_7CSystemTray@@6B@
??_FCOutputStatus@@QAEXXZ
?AddIcon@CSystemTray@@QAEHXZ
?Animate@CSystemTray@@QAEHIH@Z
?Create@CSystemTray@@QAEHPAVCWnd@@IPBDPAUHICON__@@IH11KI@Z
?CustomizeMenu@CSystemTray@@MAEXPAVCMenu@@@Z
?DoDataExchange@COutputStatus@@MAEXPAVCDataExchange@@@Z
?Enabled@CSystemTray@@QAEHXZ
?GetAbortStatus@COutputStatus@@QAE_NXZ
?GetAvgSecsToCompleteion@COutputStatus@@QAENXZ
?GetCallbackMessage@CSystemTray@@QBEIXZ
?GetDoWndAnimation@CSystemTray@@KAHXZ
?GetIcon@CSystemTray@@QBEPAUHICON__@@XZ
?GetMenuDefaultItem@CSystemTray@@QAEXAAIAAH@Z
?GetMessageMap@COutputStatus@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CSystemTray@@MBEPBUAFX_MSGMAP@@XZ
?GetNotificationWnd@CSystemTray@@QBEPAVCWnd@@XZ
?GetRuntimeClass@CSystemTray@@UBEPAUCRuntimeClass@@XZ
?GetTargetWnd@CSystemTray@@QBEPAVCWnd@@XZ
?GetThisClass@CSystemTray@@SGPAUCRuntimeClass@@XZ
?GetThisMessageMap@COutputStatus@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CSystemTray@@KGPBUAFX_MSGMAP@@XZ
?GetTimerID@CSystemTray@@QBEIXZ
?GetTooltipText@CSystemTray@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetTrayWndRect@CSystemTray@@KAXPAUtagRECT@@@Z
?HideIcon@CSystemTray@@QAEHXZ
?Initialise@CSystemTray@@IAEXXZ
?InstallIconPending@CSystemTray@@IAEXXZ
?MaximiseFromTray@CSystemTray@@SAXPAVCWnd@@H@Z
?MinimiseToTray@CSystemTray@@SAXPAVCWnd@@H@Z
?MoveToRight@CSystemTray@@QAEHXZ
?OnBtnAbortOutput@COutputStatus@@IAEXXZ
?OnCancel@COutputStatus@@MAEXXZ
?OnDestroy@COutputStatus@@IAEXXZ
?OnInitDialog@COutputStatus@@MAEHXZ
?OnPaint@COutputStatus@@IAEXXZ
?OnSettingChange@CSystemTray@@IAEXIPBD@Z
?OnSysCommand@COutputStatus@@IAEXIJ@Z
?OnSysTrayNotifications@COutputStatus@@AAEJIJ@Z
?OnSystrayAbort@COutputStatus@@IAEXXZ
?OnTaskbarCreated@CSystemTray@@IAEJIJ@Z
?OnTimer@CSystemTray@@IAEXI@Z
?OnTrayNotification@CSystemTray@@UAEJIJ@Z
?RemoveIcon@CSystemTray@@QAEHXZ
?RemoveTaskbarIcon@CSystemTray@@KAHPAVCWnd@@@Z
?ResetAbortFlag@COutputStatus@@QAEXXZ
?SetCallbackMessage@CSystemTray@@QAEHI@Z
?SetFocus@CSystemTray@@QAEXXZ
?SetIcon@CSystemTray@@QAEHI@Z
?SetIcon@CSystemTray@@QAEHPAUHICON__@@@Z
?SetIcon@CSystemTray@@QAEHPBD@Z
?SetIconList@CSystemTray@@QAEHII@Z
?SetIconList@CSystemTray@@QAEHPAPAUHICON__@@I@Z
?SetMenuDefaultItem@CSystemTray@@QAEHIH@Z
?SetNotificationWnd@CSystemTray@@QAEHPAVCWnd@@@Z
?SetOutFilename@COutputStatus@@QAEXPBD@Z
?SetPos@COutputStatus@@QAEXN@Z
?SetProgramName@COutputStatus@@QAEXPBD@Z
?SetStandardIcon@CSystemTray@@QAEHI@Z
?SetStandardIcon@CSystemTray@@QAEHPBD@Z
?SetTargetWnd@CSystemTray@@QAEHPAVCWnd@@@Z
?SetTooltipText@CSystemTray@@QAEHI@Z
?SetTooltipText@CSystemTray@@QAEHPBD@Z
?ShowBalloon@CSystemTray@@QAEHPBD0KI@Z
?ShowIcon@CSystemTray@@QAEHXZ
?ShowSystemTray@COutputStatus@@QAEXPAUHICON__@@@Z
?StepAnimation@CSystemTray@@QAEHXZ
?StopAnimation@CSystemTray@@QAEHXZ
?SysTrayIconRemove@COutputStatus@@QAEXXZ
?UpdateCurrentSceneNumber@COutputStatus@@QAEXK@Z
?UpdateEncodingStatus@COutputStatus@@QAEXPBD@Z
?UpdateFilenameField@COutputStatus@@QAEXPBD@Z
?Visible@CSystemTray@@QAEHXZ
?WindowProc@CSystemTray@@MAEJIIJ@Z
?_GetBaseClass@CSystemTray@@KGPAUCRuntimeClass@@XZ
?classCSystemTray@CSystemTray@@2UCRuntimeClass@@B
?m_nMaxTooltipLength@CSystemTray@@1IA
?m_nTaskbarCreatedMsg@CSystemTray@@1IB
?m_nTimerID@CSystemTray@@1IB
?m_wndInvisible@CSystemTray@@1VCWnd@@A
FFF0
_InitOutputStatusDlgDialogDLL@0

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

5464560
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75bc953020800e568a4ec15fb4d01db2

Headers

File Characteristics

PDB Paths

Imports

xmlparserlib

logger

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

oleaut32

psapi

crypt32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 8KB

5464560 Size: 176KB - Virtual size: 175KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 8KB

5464560
Size: 176KB - Virtual size: 175KB

.reloc
Size: 8KB - Virtual size: 6KB