e:\_cs09190215\es-paris-build\PlatformC\KCore\winproj\Dynamic\Release\kcor40.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
31e2ff87f44f4276bfae6891d5a717ba_JaffaCakes118.dll
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
31e2ff87f44f4276bfae6891d5a717ba_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
31e2ff87f44f4276bfae6891d5a717ba_JaffaCakes118
-
Size
76KB
-
MD5
31e2ff87f44f4276bfae6891d5a717ba
-
SHA1
b7f383473ca28119c2b702704cf7215ddf634788
-
SHA256
d0923d10eb442d9ae467f8f85fe18d188bb10a78249c328a4c213acc3333758b
-
SHA512
813664dadb7584f1a4d3dcb4dd6729210b681f4be01a47d11696d8bb8da115303ae413a44a8fb0ab9de022c61a79c50fea4839f4455c0e71aeee5443cd358ad8
-
SSDEEP
768:j5SqZStolOCpx1Xa0j8Zuj9/XDSm22C0+e0MBoOgea5/icdlr02r:dPlRqwbS52C/ebaOgeolt
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 31e2ff87f44f4276bfae6891d5a717ba_JaffaCakes118
Files
-
31e2ff87f44f4276bfae6891d5a717ba_JaffaCakes118.dll windows:4 windows x86 arch:x86
5764daa9288b4b1de2e66a8289ffdd37
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
mfc80
ord5320
ord5484
ord5089
ord2750
ord2753
ord2746
ord3094
ord384
ord3199
ord784
ord2703
ord3201
ord2471
ord629
ord5493
ord1439
ord2308
ord2702
ord914
ord6210
ord6286
ord4055
ord6288
ord5323
ord2903
ord5877
ord5625
ord2120
ord5420
ord911
ord300
ord722
ord530
ord2468
ord1489
ord2322
ord6703
ord299
ord4081
ord1280
ord1211
ord305
ord301
ord1159
ord3295
ord3997
ord631
ord2751
ord3931
ord2280
ord2288
ord764
ord907
ord1486
ord2271
ord6005
ord5714
ord2272
ord5529
ord5563
ord386
ord313
ord4035
ord1198
ord3255
ord2131
ord2475
ord2306
ord2259
ord5403
ord304
ord1181
ord1482
ord1175
ord1084
ord371
ord1098
ord578
ord781
ord310
ord297
ord317
ord584
ord1185
ord266
ord1187
ord1191
ord762
ord380
msvcr80
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_CxxThrowException
__CxxFrameHandler3
strstr
_stat64i32
_rmdir
_mbsinc
_mbschr
_mbsrchr
strftime
ceil
_localtime64_s
_localtime64
_mbscmp
free
malloc
setlocale
kernel32
InterlockedExchange
DisableThreadLibraryCalls
GetDriveTypeA
GetSystemDirectoryA
CreateDirectoryA
GetTempPathA
GetLogicalDriveStringsA
DeleteFileA
CopyFileA
SetErrorMode
GetLastError
GetLocaleInfoA
GetOEMCP
GetThreadLocale
GetVersionExA
LoadLibraryA
FreeLibrary
HeapFree
GetProcessHeap
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetFileAttributesA
GetACP
user32
LoadStringA
LoadBitmapA
advapi32
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameA
ole32
CoCreateInstance
OleInitialize
OleUninitialize
oleaut32
SysAllocString
VariantClear
VariantTimeToSystemTime
VarUdateFromDate
SysFreeString
SystemTimeToVariantTime
Exports
Exports
??0CKArchive@@QAE@ABV0@@Z
??0CKArchive@@QAE@PAVCKFile@@IH@Z
??0CKDateTime@@QAE@JJJJJJ@Z
??0CKDateTime@@QAE@XZ
??0CKDateTime@@QAE@_J@Z
??0CKDirSpec@@QAE@AAV0@@Z
??0CKDirSpec@@QAE@AAVCKString@@@Z
??0CKDirSpec@@QAE@XZ
??0CKDirSpecList@@QAE@XZ
??0CKFile@@QAE@XZ
??0CKFileSpec@@QAE@AAV0@@Z
??0CKFileSpec@@QAE@AAVCKString@@@Z
??0CKFileSpec@@QAE@PAD@Z
??0CKFileSpec@@QAE@XZ
??0CKFileSpecList@@QAE@XZ
??0CKPtrArray@@QAE@XZ
??0CKString@@QAE@ABV0@@Z
??0CKString@@QAE@ABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
??0CKString@@QAE@PBD@Z
??0CKString@@QAE@XZ
??0CKStringList@@QAE@XZ
??0CKSysContext@@QAE@ABV0@@Z
??0CKSysContext@@QAE@XZ
??1CKArchive@@QAE@XZ
??1CKDateTime@@UAE@XZ
??1CKDirSpec@@UAE@XZ
??1CKDirSpecList@@UAE@XZ
??1CKFile@@UAE@XZ
??1CKFileSpec@@UAE@XZ
??1CKFileSpecList@@UAE@XZ
??1CKPtrArray@@UAE@XZ
??1CKString@@UAE@XZ
??1CKStringList@@UAE@XZ
??1CKSysContext@@UAE@XZ
??4CKArchive@@QAEAAV0@ABV0@@Z
??4CKDateTime@@QAEAAV0@AAV0@@Z
??4CKDateTime@@QAEAAV0@AA_J@Z
??4CKDirSpec@@QAEABV0@AAV0@@Z
??4CKFileSpec@@QAEABV0@AAV0@@Z
??4CKString@@QAEAAV0@ABV0@@Z
??4CKSysContext@@QAEAAV0@ABV0@@Z
??8CKDateTime@@QBE_NAAV0@@Z
??8CKDirSpec@@QAE_NAAV0@@Z
??8CKFileSpec@@QAE_NAAV0@@Z
??9CKDateTime@@QBE_NAAV0@@Z
??MCKDateTime@@QBE_NAAV0@@Z
??NCKDateTime@@QBE_NAAV0@@Z
??OCKDateTime@@QBE_NAAV0@@Z
??PCKDateTime@@QBE_NAAV0@@Z
??_7CKDateTime@@6B@
??_7CKDirSpec@@6B@
??_7CKDirSpecList@@6B@
??_7CKFile@@6B@
??_7CKFileSpec@@6B@
??_7CKFileSpecList@@6B@
??_7CKPtrArray@@6B@
??_7CKString@@6B@
??_7CKStringList@@6B@
??_7CKSysContext@@6B@
?Close@CKFile@@UAEXXZ
?CopyFileA@CKFileSpec@@QAEJAAV1@_N@Z
?CreateDir@CKDirSpec@@QAEJXZ
?Delete@CKFile@@SAJVCKFileSpec@@@Z
?DeleteDir@CKDirSpec@@QAEJ_N@Z
?DeleteFileA@CKFileSpec@@QAEJXZ
?DirExists@CKDirSpec@@QAE_NXZ
?FileExists@CKFileSpec@@QAE_NXZ
?Format@CKDateTime@@QAEXAAVCKString@@W4DateTimeFormat@1@@Z
?FreeStorage@CKDirSpecList@@UAEXXZ
?FreeStorage@CKFileSpecList@@UAEXXZ
?FreeStorage@CKStringList@@UAEXXZ
?GetAsSystemTime@CKDateTime@@QAE_NAAU_SYSTEMTIME@@@Z
?GetAtDirSpec@CKDirSpecList@@UAEPAVCKDirSpec@@J@Z
?GetAtFileSpec@CKFileSpecList@@UAEPAVCKFileSpec@@J@Z
?GetAtString@CKStringList@@UAEPAVCKString@@J@Z
?GetBuffer@CKString@@QAEPADXZ
?GetCDROMList@CKDirSpec@@SAJAAVCKDirSpecList@@@Z
?GetCatDirSuffix@CKSysContext@@SAAAVCKString@@XZ
?GetCatPath42@CKSysContext@@SAAAVCKString@@XZ
?GetCatPath4@CKSysContext@@SAAAVCKString@@XZ
?GetCatPath@CKSysContext@@SAAAVCKString@@XZ
?GetColorMode@CKSysContext@@SAJXZ
?GetCreationTime@CKFileSpec@@QAEJAAVCKDateTime@@@Z
?GetCurrLocaleAbbrevLangName@CKSysContext@@SAPADXZ
?GetDay@CKDateTime@@QAEJXZ
?GetDir@CKDirSpec@@QAE?AVCKString@@XZ
?GetDirDevice@CKDirSpec@@QAE?AVCKString@@_N@Z
?GetDirList@CKDirSpec@@AAEJAAVCKDirSpecList@@_N@Z
?GetDirName@CKDirSpec@@QAE?AVCKString@@XZ
?GetDirSpecList@CKDirSpec@@QAEJAAVCKDirSpecList@@_N11@Z
?GetExt@CKFileSpec@@QAE?AVCKString@@XZ
?GetFileDevice@CKFileSpec@@QAE?AVCKString@@_N@Z
?GetFileList@CKDirSpec@@AAEJAAVCKFileSpecList@@VCKString@@_N@Z
?GetFileSpecList@CKDirSpec@@QAEJAAVCKFileSpecList@@VCKString@@_N22@Z
?GetFilename@CKFileSpec@@QAE?AVCKString@@XZ
?GetFilenameSansExt@CKFileSpec@@QAE?AVCKString@@XZ
?GetFullPath@CKFileSpec@@QAE?AVCKString@@XZ
?GetFullPathSansDevice@CKFileSpec@@QAE?AVCKString@@XZ
?GetHour@CKDateTime@@QAEJXZ
?GetIsDefault@CKSysContext@@SA_NXZ
?GetIsInitialized@CKSysContext@@SA_NXZ
?GetKodakModifiedImagePath@CKSysContext@@SAAAVCKString@@XZ
?GetKodakPath@CKSysContext@@SAAAVCKString@@XZ
?GetLengthBytes@CKString@@QAEHXZ
?GetLocaleAbbrevLangName@CKSysContext@@SAPADXZ
?GetMediaPathRootName@CKSysContext@@SAAAVCKString@@XZ
?GetMinute@CKDateTime@@QAEJXZ
?GetModifiedTime@CKFileSpec@@QAEJAAVCKDateTime@@@Z
?GetMonth@CKDateTime@@QAEJXZ
?GetOCSPath@CKSysContext@@SAAAVCKString@@XZ
?GetPCDROMList@CKDirSpec@@SAJAAVCKDirSpecList@@@Z
?GetParentDir@CKDirSpec@@QAEJAAV1@@Z
?GetPath@CKFileSpec@@QAE?AVCKString@@XZ
?GetPosition@CKFile@@UAEJPAK@Z
?GetPrintAtKodakClientID@CKSysContext@@SAPADXZ
?GetProdName@CKSysContext@@SAPADXZ
?GetProdPath@CKSysContext@@SAAAVCKString@@AAV2@@Z
?GetProdVersion@CKSysContext@@SAPADXZ
?GetRegionCode@CKSysContext@@SA?AW4CoreStatus@@AAF@Z
?GetScreenDim@CKSysContext@@SAJXZ
?GetSecond@CKDateTime@@QAEJXZ
?GetSeparator@CKDirSpec@@SA?AVCKString@@XZ
?GetSignature@CKFileSpec@@MAE?AVCKString@@XZ
?GetSize@CKFileSpec@@QAEJAAK@Z
?GetStringBytes@@YAIPAD@Z
?GetSystemDir@CKDirSpec@@SAJAAV1@@Z
?GetSystemTempDir@CKDirSpec@@SAJVCKString@@AAV1@@Z
?GetTypeCharSet@CKSysContext@@SA?AW4TYPECHARSET@1@XZ
?GetTypeCodePage@CKSysContext@@SAIXZ
?GetTypeCompile@CKSysContext@@SA?AW4TYPECOMPILE@1@XZ
?GetTypeProd@CKSysContext@@SA?AW4TYPEPROD@1@XZ
?GetTypeSys@CKSysContext@@SA?AW4TYPESYS@1@XZ
?GetTypeText@CKSysContext@@SA?AW4TYPETEXT@1@XZ
?GetUserNameA@CKSysContext@@SAPADXZ
?GetVersion@CKFileSpec@@MAEGXZ
?GetXPUserName@CKSysContext@@SAPADXZ
?GetYear@CKDateTime@@QAEJXZ
?InitKCoreDll@@YAXXZ
?Initialize@CKSysContext@@SA?AW4CoreStatus@@XZ
?IsDefault@CKSysContext@@SA_NXZ
?IsEmpty@@YA_NPBD@Z
?IsInitialized@CKSysContext@@SA_NXZ
?IsSpecified@CKDirSpec@@QAE_NXZ
?IsSpecified@CKFileSpec@@QAE_NXZ
?IsValid@CKDateTime@@QAE_NXZ
?IsXPSys@CKSysContext@@SA_NXZ
?KSeparator@CKDirSpec@@0VCKString@@B
?KSignature@CKFileSpec@@1VCKString@@B
?KVersion@CKFileSpec@@1GB
?LocateDirSpec@CKDirSpecList@@UAEJAAVCKDirSpec@@_N@Z
?LocateFileSpec@CKFileSpecList@@UAEJAAVCKFileSpec@@_N@Z
?LocateString@CKStringList@@UAEJAAVCKString@@@Z
?Open@CKFile@@UAEJVCKFileSpec@@W4OpenMode@1@@Z
?ReadData@CKFile@@UAEJPAXKPAK@Z
?Rename@CKFile@@SAJVCKFileSpec@@0@Z
?RenameFile@CKFileSpec@@QAEJAAV1@_N@Z
?Seek@CKFile@@UAEJJW4SeekFrom@1@@Z
?SeekToBegin@CKFile@@UAEJXZ
?SeekToEnd@CKFile@@UAEJXZ
?Serialize@CKDateTime@@UAEJPAVCKArchive@@@Z
?Serialize@CKDirSpecList@@UAEJPAVCKArchive@@@Z
?Serialize@CKFileSpec@@QAEJPAVCKArchive@@@Z
?Serialize@CKFileSpecList@@UAEJPAVCKArchive@@@Z
?Serialize@CKStringList@@UAEJPAVCKArchive@@@Z
?Set@CKDateTime@@QAE_NJJJJJJ@Z
?SetCatDirSuffix@CKSysContext@@SAXABVCKString@@@Z
?SetCatDirSuffixToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetCatPath42@CKSysContext@@SAXABVCKString@@@Z
?SetCatPath42ToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetCatPath4@CKSysContext@@SAXABVCKString@@@Z
?SetCatPath4ToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetCatPath@CKSysContext@@SAXABVCKString@@@Z
?SetCatPathToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetColorMode@CKSysContext@@SAXJ@Z
?SetColorModeToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetCurrLocaleAbbrevLangName@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetDir@CKDirSpec@@QAEXVCKString@@@Z
?SetFullPath@CKFileSpec@@QAEXVCKString@@@Z
?SetIsDefault@CKSysContext@@SAX_N@Z
?SetIsInitialized@CKSysContext@@SAX_N@Z
?SetKodakModifiedImagePath@CKSysContext@@SAXABVCKString@@@Z
?SetKodakPath@CKSysContext@@SAXABVCKString@@@Z
?SetKodakPathAndKodakModifiedToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetLocaleAbbrevLangName@CKSysContext@@SAXPAD@Z
?SetLocaleAbbrevLangNameToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetMediaPathRootName@CKSysContext@@SAXABVCKString@@@Z
?SetMediaPathRootNameToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetOCSPath@CKSysContext@@SAXABVCKString@@@Z
?SetOCSPathToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetPrintAtKodakClientID@CKSysContext@@SAXPAD@Z
?SetPrintAtKodakClientIDToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetProdName@CKSysContext@@SAXPAD@Z
?SetProdNameToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetProdVersion@CKSysContext@@SAXPAD@Z
?SetProdVersionToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetScreenDim@CKSysContext@@SAXJ@Z
?SetScreenDimToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetTypeCharSet@CKSysContext@@SAXW4TYPECHARSET@1@@Z
?SetTypeCharSetToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetTypeCodePage@CKSysContext@@SAXI@Z
?SetTypeCodePageToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetTypeCompile@CKSysContext@@SAXW4TYPECOMPILE@1@@Z
?SetTypeCompileToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetTypeProd@CKSysContext@@SAXW4TYPEPROD@1@@Z
?SetTypeSys@CKSysContext@@SAXW4TYPESYS@1@@Z
?SetTypeSysToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetTypeText@CKSysContext@@SAXW4TYPETEXT@1@@Z
?SetTypeTextToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?SetUserName@CKSysContext@@SAXPAD@Z
?SetUserNameToDefault@CKSysContext@@SA?AW4CoreStatus@@XZ
?TraceLastError@@YAXPAD@Z
?TraceWin32Err@@YAXPADK@Z
?WriteData@CKFile@@UAEJPAXK@Z
?m_bIsDefault@CKSysContext@@1_NA
?m_bIsInitialized@CKSysContext@@1_NA
?m_eTypeCharSet@CKSysContext@@1W4TYPECHARSET@1@A
?m_eTypeCompile@CKSysContext@@1W4TYPECOMPILE@1@A
?m_eTypeProd@CKSysContext@@1W4TYPEPROD@1@A
?m_eTypeSys@CKSysContext@@1W4TYPESYS@1@A
?m_eTypeText@CKSysContext@@1W4TYPETEXT@1@A
?m_nColorMode@CKSysContext@@1JA
?m_nScreenDim@CKSysContext@@1JA
?m_nTypeCodePage@CKSysContext@@1IA
?m_strCatDirSuffix@CKSysContext@@1VCKString@@A
?m_strCatPath42@CKSysContext@@1VCKString@@A
?m_strCatPath4@CKSysContext@@1VCKString@@A
?m_strCatPath@CKSysContext@@1VCKString@@A
?m_strKodakModifiedImagePath@CKSysContext@@1VCKString@@A
?m_strKodakPath@CKSysContext@@1VCKString@@A
?m_strMediaPathRootName@CKSysContext@@1VCKString@@A
?m_strOCSPath@CKSysContext@@1VCKString@@A
?m_szCurrLocaleAbbrevLangName@CKSysContext@@1PADA
?m_szLocaleAbbrevLangName@CKSysContext@@1PADA
?m_szPrintAtKodakClientID@CKSysContext@@1PADA
?m_szProdName@CKSysContext@@1PADA
?m_szProdVersion@CKSysContext@@1PADA
?m_szUserName@CKSysContext@@1PADA
?pcdLoadBitmap@@YAHPAUHINSTANCE__@@0HPAVCBitmap@@@Z
?pcdLoadBitmap@@YAHPAUHINSTANCE__@@HPAVCBitmap@@@Z
?pcdLoadResourceDll@@YAPAUHINSTANCE__@@AAVCKFileSpec@@@Z
?pcdLoadResourceDll@@YAPAUHINSTANCE__@@PAD@Z
?pcdLoadString@@YAHPAUHINSTANCE__@@0HPADH@Z
?pcdLoadString@@YAHPAUHINSTANCE__@@HPADH@Z
?pcdUnloadResourceDll@@YAXPAUHINSTANCE__@@@Z
IsIE4OrLater
RunIE
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ