2f62534dafdd7c81d38f3f35b0679d26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f62534dafdd7c81d38f3f35b0679d26_JaffaCakes118
Size

252KB
MD5

2f62534dafdd7c81d38f3f35b0679d26
SHA1

ffda414f1be31c4ee688ab0b6db43dc4e65df042
SHA256

1b2712c1d15b41ccf4485906be1c025b8a3ba11091a7d61c4443af9e519a895e
SHA512

f42efa08dae36485e7e734f8603fe654b68a7a1889a5c989cb2927791e3a2e6175455782876188cd63822937add175d7acdbf3a670481e9529fcc10de1b51305
SSDEEP

3072:htJIJgeF+C17Kzot3d7LH+5szD8fgj+U9a1lmYvszVC0vkWnwXiJ9MKO/637S0Vp:hU17YovLHTv8f751nszVC0TwXGMKzL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f62534dafdd7c81d38f3f35b0679d26_JaffaCakes118

Files

2f62534dafdd7c81d38f3f35b0679d26_JaffaCakes118
.dll windows:4 windows x86 arch:x86

94f71f0c1849fc04792938df54bb7b9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

p:\nx40\group\wnti32\pdb\libtrancatv5___1131190029.pdb

Imports

libassy

?ASSY_add_part_to_assembly@@YAHIIPBD0HQAY03NHPAI@Z

libcmod

?EREF_ask_erefs_of_edge@@YAXHPAPAPAUEDGE_REFERENCE_s@@PAH@Z
?EREF_ask_ug_eid_of_eref@@YAXPAUEDGE_REFERENCE_s@@PAI@Z

libdisp

?ES_layer_move_entity@@YAXIH@Z
?DSS_REGEN_regen_object@@YAXI@Z

libdman

?UNDO_UG_delete_mark@@YAHHPBD@Z
?UNDO_PS_cre_partition@@YAXPAH@Z
?UNDO_UG_undo_to_mark@@YAHHPBD@Z
?KI_apptra@@YAHHH@Z
?KI_delent@@YAHH@Z
?UNDO_UG_set_mark@@YAHW4UNDO_UG_user_visibility_t@@PBDPAH@Z

libocc

?OCC_is_occurrence@@YA_NI@Z

libpart

?ES_cycle_entities_by_type@@YAXIHPAI@Z
?PART_export_part@@YAHPBDHPAIPAUPART_export_options_s@@@Z
?ES_write_color@@YAHIH@Z
?ES_change_color_font_width@@YAXIPAUDSS_ATTR_attr_change_s@@@Z
?ES_ask_entity_color@@YAHI@Z
?UPDATE_do_update@@YAXXZ
?PART_save@@YAHIPAUPART_save_failure_s@@@Z
?PART_ask_filename_of_part@@YAPADI@Z
?JA_PART_new_display@@YAHPBDW4JA_PART_units@@PAI@Z
?BASE_open_part@@YAHPBDPAIPAUUF_PART_load_status_s@@@Z
?PART_ask_part_of_filename@@YAIPBD@Z
?PART_is_part_loaded@@YA_NPBD@Z
?RM_ask_entity_type_and_subtype@@YAXIPAH0@Z

libpartmodl

?MODL_ask_distance_tol@@YANXZ

libpartutils

?es7008@@YAXHPAIPAH@Z
?pxtccu@@YAXPAHPAN0PAI0@Z
?UICO_ask_closest_color@@YAHHPANH@Z
?vkierr@@3UVKIERRTYP@@A
?at020@@YAXPAI@Z
?pxlook@@YAXPBHPAI@Z
?UICO_ask_color@@YAXHHPAPADQAN@Z
?PX_transform_of_occurrence@@YAXI_NPAH@Z
?es7010_occ@@YAXPBIPAH@Z

libsyss

RDEBUG_ask_flag
?ERROR_lprintf@@YAHPBDZZ
?DEBUG_indentation@@3HA
?MACH__checking_level@@3HA
?reThrow@Exception@Error@UGS@@QBEXXZ
?SM_free@@YAXPAX@Z
?SM_calloc_persistent@@YAPAXII@Z
?ERROR_assertion_failed@@YAXPBDH0ZZ
?LDR_find_symbol@@YAP6AXXZPAULDR_image_s@@PBD@Z
?LDR_load_image@@YAPAULDR_image_s@@PBDH@Z
?CFI_is_file@@YA_NPBD@Z
?ERROR_raise@@YAXPBDHH0ZZ
?CFI_merge_filespec@@YAHPBD0HPAPAD@Z
?ENV_translate_variable@@YAPBDPBD@Z
?SM_sprintf@@YAPADPBDZZ
?SM_string_copy@@YAPADPBD@Z
?SM_length@@YAHPBX@Z
?OM_set_user_object_name@@YAHPAXPBD@Z
?TAG_ask_pointer_of_tag@@YAPAXI@Z
?OM_ask_user_object_name@@YAPADPAX@Z
?SM_sprintf_persistent@@YAPADPBDZZ
?SM_string_append@@YAPADPADPBD@Z
?SM_string_copy_persistent@@YAPADPBD@Z
?CFI_ask_file_exist@@YAHPBD@Z
?SM_validate_all@@YAHXZ
?SM_ask_statistics@@YAXPAUSM_statistics_s@@@Z
?SM_calloc@@YAPAXII@Z
?CFI_create_unique_filename@@YAHPAPAD@Z
?DEBUG_routine@@YA?AW4DEBUG_state_t@@PBD0@Z

libuglm

LICENSE_leave_module
LICENSE_enter_module

libugmath

?EQ_ask_length_squared_tolerance@@YANXZ
?MTX3_is_equal@@YA_NPBUMTX3_s@@0N@Z
?pxsfac@@3UPXSFACTYP@@A

libgeom

?ES_create_point@@YAXQANPAI@Z
?ES_create_line_in_part@@YAXIQANPAI@Z

libpscatiav5

PST_CB_catv5_register
PST_PART_catv5_write
PST_PART_catv5_read

msvcr71

?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_except_handler3
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
free
fopen
fprintf
fclose
strrchr
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
printf

msvcp71

?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?is@?$ctype@G@std@@QBE_NFG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ

kernel32

RaiseException
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalFree
LocalAlloc

Exports

Exports

TRANCATV5__debug_check_memory
TRANCATV5_export
TRANCATV5_flatten_assembly
TRANCATV5_get_version
TRANCATV5_import
TRANCATV5_initialize
TRANCATV5_shutdown

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94f71f0c1849fc04792938df54bb7b9d

Headers

File Characteristics

PDB Paths

Imports

libassy

libcmod

libdisp

libdman

libocc

libpart

libpartmodl

libpartutils

libsyss

libuglm

libugmath

libgeom

libpscatiav5

msvcr71

msvcp71

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 176KB - Virtual size: 172KB

.rsrc Size: 4KB - Virtual size: 800B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 176KB - Virtual size: 172KB

.rsrc
Size: 4KB - Virtual size: 800B

.reloc
Size: 8KB - Virtual size: 5KB