d:\LocalSvnForDailyBuild\pushup_daiwending\trunk\bin\release\Adapter.pdb
Behavioral task
behavioral1
Sample
2f7c9ca0dd064b92c5787cd98b49800e_JaffaCakes118.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
2f7c9ca0dd064b92c5787cd98b49800e_JaffaCakes118.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
2f7c9ca0dd064b92c5787cd98b49800e_JaffaCakes118
-
Size
2.1MB
-
MD5
2f7c9ca0dd064b92c5787cd98b49800e
-
SHA1
06f2f77bddbc88585ad2ea1dc4c7b988d81147e5
-
SHA256
c281a82d04bdc68030ea0130a2eb5b7bfd6fd900d1aae0c50887a74fe475ba67
-
SHA512
b7d3d29ddaed9838d16fb91c11a4301a541beb77f599d99412dd3dae130bd2c5eeb28cc9af36e0b9a9ae2b17bc1e1f7382bf6a89e8000add95874b68b47c25d4
-
SSDEEP
49152:Ll3Fa+0ddYA/AUmT9lPW4lQ2tJ6mrhkE:FFaG9IhoJdrh
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2f7c9ca0dd064b92c5787cd98b49800e_JaffaCakes118
Files
-
2f7c9ca0dd064b92c5787cd98b49800e_JaffaCakes118.dll windows:4 windows x86 arch:x86
b653086e34bf2b0a3ee6867a05159da9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
dbghelp
SymLoadModule
SymFunctionTableAccess
MiniDumpWriteDump
SymInitialize
SymGetModuleInfo
SymGetSymFromAddr
SymGetLineFromAddr
StackWalk
psapi
GetProcessMemoryInfo
GetModuleInformation
ws2_32
inet_addr
socket
WSASend
htons
WSAStartup
select
WSAGetLastError
closesocket
ioctlsocket
__WSAFDIsSet
send
gethostbyaddr
gethostbyname
sendto
WSACleanup
shutdown
connect
recv
kernel32
CreateToolhelp32Snapshot
GetModuleFileNameW
DeleteCriticalSection
GetFileSize
CreateFileMappingW
GetVersionExW
Thread32Next
SuspendThread
OpenThread
Thread32First
ResumeThread
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
VirtualProtectEx
lstrcmpA
VirtualFree
VirtualAlloc
MapViewOfFileEx
lstrcpynA
SearchPathA
GetExitCodeThread
Sleep
OutputDebugStringA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
lstrcatA
lstrcpyA
SetLastError
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
GlobalAddAtomA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FreeResource
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
GlobalReAlloc
GlobalHandle
Module32FirstW
SetErrorMode
GetThreadLocale
WritePrivateProfileStringA
GlobalFlags
MoveFileA
DeleteFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
GetFileAttributesA
GetFileTime
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
ExitProcess
ExitThread
CreateThread
HeapReAlloc
HeapAlloc
VirtualQuery
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
HeapSize
SetStdHandle
HeapDestroy
HeapCreate
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LoadLibraryW
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
CreateFileW
Module32NextW
LoadLibraryExA
VirtualQueryEx
GetCurrentThread
GetThreadContext
WaitForSingleObject
SetEvent
OpenFileMappingA
CreateMutexA
CreateEventA
CreateEventW
GetPrivateProfileStringA
GetPrivateProfileIntA
GetStringTypeExA
InterlockedExchange
lstrcmpiA
GetVersion
CompareStringW
GetLastError
lstrlenA
CompareStringA
DeviceIoControl
CreateFileA
GetVersionExA
TerminateProcess
OpenProcess
CreateDirectoryA
GetCurrentProcess
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LocalFree
FormatMessageA
GetCurrentDirectoryA
SetUnhandledExceptionFilter
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
FreeLibrary
LockResource
SizeofResource
LoadResource
FindResourceA
MultiByteToWideChar
IsBadReadPtr
IsBadStringPtrA
WinExec
VirtualProtect
GetModuleHandleA
LoadLibraryA
GetProcAddress
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLocalTime
GetCurrentProcessId
GetTickCount
WideCharToMultiByte
FindNextFileA
FindFirstFileA
InterlockedCompareExchange
ReleaseMutex
FlushInstructionCache
CreateSemaphoreA
LocalReAlloc
ReleaseSemaphore
user32
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDesktopWindow
UnregisterClassA
GetSysColorBrush
ReleaseDC
GetDC
LoadCursorA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
BeginPaint
EndPaint
DestroyMenu
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EndDialog
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
GetLastActivePopup
IsWindowEnabled
SetCursor
UnhookWindowsHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
GetClassNameW
GetWindowTextW
SetWindowTextW
IsWindow
EnumChildWindows
CallNextHookEx
CharUpperA
EnableWindow
IsWindowVisible
MessageBoxW
FindWindowA
SetForegroundWindow
ShowWindow
SetWindowTextA
IsDialogMessageA
GetWindowLongA
EnumWindows
SetWindowsHookExA
SetWindowLongA
GetWindowThreadProcessId
MessageBoxA
KillTimer
SetTimer
GetKeyState
RegisterWindowMessageA
LoadStringA
gdi32
SetMapMode
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
RestoreDC
SaveDC
OffsetViewportOrgEx
GetObjectA
SetBkColor
SetTextColor
SetViewportOrgEx
SelectObject
GetClipBox
CreateBitmap
Escape
GetDeviceCaps
DeleteObject
ExtTextOutA
comdlg32
GetFileTitleA
winspool.drv
DocumentPropertiesA
ClosePrinter
OpenPrinterA
advapi32
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
ReportEventA
RegisterEventSourceA
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
shell32
SHFileOperationA
shlwapi
PathFindExtensionA
PathStripToRootA
PathFindFileNameA
PathIsUNCA
oleaut32
VariantClear
VariantChangeType
VariantInit
winmm
timeGetTime
wininet
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
HttpOpenRequestA
InternetConnectA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
Exports
Exports
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@VPromotionRule@@V?$allocator@VPromotionRule@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VEffectivOnline_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserLogin_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserRegist_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VGetUserInfoEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VGetUserInfoTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineTrasaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VPromotionRule@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigFile_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegNewCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VShareHitchAcount@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestLargeDataSend_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestOnlineSession_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUser_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScriptEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScript_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoad_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@VPromotionRule@@V?$allocator@VPromotionRule@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VEffectivOnline_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserLogin_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserRegist_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VGetUserInfoEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VGetUserInfoTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLogOffTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VPromotionRule@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigFile_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegNewCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VShareHitchAcount@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadGameOnlineUser_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadScript_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoad_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 248KB - Virtual size: 245KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 48KB - Virtual size: 207KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: 108KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 124KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 76KB - Virtual size: 74KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ