c:\DailyBuild\sources\Nero7_OCTANE_RELEASE\Nero\bin\Release MultiByte\NeroErr.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
343fac9525950244bc18f9b2b50e82e2_JaffaCakes118.dll
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
343fac9525950244bc18f9b2b50e82e2_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
343fac9525950244bc18f9b2b50e82e2_JaffaCakes118
-
Size
216KB
-
MD5
343fac9525950244bc18f9b2b50e82e2
-
SHA1
e7b1c135b0dce5eecb3d8120b10ad8738cc0dc52
-
SHA256
fb4c70ccfe0278c150353c85c1c79b799697d42f0cdebe8dea17918151111166
-
SHA512
87f4f5bf62ee5b4ab9d77839a7a71dd8dd44e1174e15bae81c0a084720e899acc239bec6435d7cf6a2ea7acd14b4f0077d0706aed0fdc37256c4faf8cd00244e
-
SSDEEP
6144:LHz+0td2dlT80jzxCVCf7L88UUXVaco/p:LT+0tkdq0jzxCkoSnoh
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 343fac9525950244bc18f9b2b50e82e2_JaffaCakes118
Files
-
343fac9525950244bc18f9b2b50e82e2_JaffaCakes118.dll windows:4 windows x86 arch:x86
e5689de6b81c54474ef139e7d4481473
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
mfc71
ord581
ord1167
ord1092
ord1084
ord1209
ord314
ord1177
ord1175
ord1201
ord1120
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord1024
ord304
ord1091
ord545
ord784
ord1056
ord578
ord733
ord548
ord559
ord747
ord3174
ord6205
ord762
ord265
ord266
ord764
ord1187
ord1191
msvcr71
exp
_purecall
__CxxFrameHandler
memcmp
tolower
toupper
strstr
strncpy
strchr
isalpha
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
wcscpy
_except_handler3
_resetstkoflw
free
malloc
_stricmp
memmove
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
exit
strcat
strrchr
_strlwr
fclose
fopen
mktime
localtime
time
sprintf
_strdup
_itoa
strcpy
fprintf
_snprintf
__security_error_handler
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
log
strcmp
memcpy
_CxxThrowException
strtol
memset
strlen
realloc
kernel32
GetProcAddress
VirtualAlloc
CompareStringW
CompareStringA
GetCurrentDirectoryA
lstrlenA
lstrcmpiW
lstrlenW
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetStringTypeExA
GetLocaleInfoA
GetACP
InterlockedExchange
GetPrivateProfileStringA
GetCurrentThreadId
SetPriorityClass
GetCurrentProcess
GetPriorityClass
GetTickCount
QueryDosDeviceA
FreeLibrary
LoadLibraryA
DeviceIoControl
Sleep
GetStringTypeExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CloseHandle
GetThreadLocale
CreateThread
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
RaiseException
LocalAlloc
LocalFree
GetExitCodeThread
SetThreadPriority
CreateFileA
ResumeThread
ReleaseSemaphore
CreateSemaphoreA
GetLocalTime
DeleteCriticalSection
user32
UnregisterClassA
TranslateMessage
DispatchMessageA
CharUpperW
CharUpperA
CharLowerW
CharLowerA
PeekMessageA
advapi32
RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegEnumValueA
RegSetValueExA
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
msvcp71
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?is@?$ctype@G@std@@QBE_NFG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
oleaut32
SysFreeString
Exports
Exports
??0BinChar@@QAE@ABV0@@Z
??0BinChar@@QAE@DH@Z
??0BinChar@@QAE@HH@Z
??0BinChar@@QAE@PBD@Z
??0BinChar@@QAE@PBXH@Z
??0BinChar@@QAE@PBXHH@Z
??0BinChar@@QAE@XZ
??0CErrorClone@@QAE@ABV0@@Z
??0CErrorClone@@QAE@ABVINeroError@@@Z
??0CErrorClone@@QAE@XZ
??0CNeroError@@IAE@PBDHH@Z
??0CNeroError@@QAE@ABV0@@Z
??0CNeroErrorList@@AAE@ABV0@@Z
??0CNeroErrorList@@QAE@XZ
??0FReg@@QAE@ABV0@@Z
??0FReg@@QAE@PAUHKEY__@@VBinChar@@_N@Z
??0INeroError@@QAE@ABV0@@Z
??0INeroError@@QAE@XZ
??0WorkerThread@@QAE@PAX@Z
??1BinChar@@QAE@XZ
??1CErrorClone@@UAE@XZ
??1CNeroError@@UAE@XZ
??1CNeroErrorList@@UAE@XZ
??1FReg@@QAE@XZ
??1INeroError@@UAE@XZ
??1WorkerThread@@UAE@XZ
??4BinChar@@QAEAAV0@ABV0@@Z
??4CErrorClone@@QAEAAV0@ABV0@@Z
??4CErrorClone@@QAEAAV0@ABVINeroError@@@Z
??4CNeroError@@QAEAAV0@ABV0@@Z
??4CNeroErrorList@@QAEAAV0@ABV0@@Z
??4FReg@@QAEAAV0@ABV0@@Z
??4INeroError@@QAEAAV0@ABV0@@Z
??8BinChar@@QBE_NABV0@@Z
??8BinChar@@QBE_NPBD@Z
??9BinChar@@QBE_NABV0@@Z
??9BinChar@@QBE_NPBD@Z
??BBinChar@@QBEPBDXZ
??BFReg@@QAEPAUHKEY__@@XZ
??HBinChar@@QBE?AV0@ABV0@@Z
??HBinChar@@QBE?AV0@PBD@Z
??RBinChar@@QBE?AV0@HH@Z
??YBinChar@@QAEABV0@ABV0@@Z
??_7CErrorClone@@6B@
??_7CNeroError@@6B@
??_7CNeroErrorList@@6B@
??_7INeroError@@6B@
??_FWorkerThread@@QAEXXZ
?AddError@CNeroErrorList@@QAEXABVINeroError@@@Z
?AddError_NoLock@CNeroErrorList@@AAEXABVINeroError@@H@Z
?AddPath@BinChar@@QBE?AV1@ABV1@@Z
?BinToHex@BinChar@@QBE?AV1@XZ
?ClearErrors@CNeroErrorList@@QAEXXZ
?CopyData@CErrorClone@@AAEXABVINeroError@@@Z
?CopyDescr@CErrorClone@@AAEXAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@ABVINeroError@@H_N@Z
?CopyErrorsTo@CNeroErrorList@@QBEXAAV1@PAVErrorListPos@@1@Z
?CreateDeviceHandleContainer@@YAXXZ
?CreateNeroBufferPipe@@YAPAVCAbstractBufferPipe@@KHK@Z
?CreateNeroSemaphore@@YAPAVCAbstractSemaphore@@J@Z
?CreateNeroSemaphore@@YAPAVCAbstractSemaphore@@JJ@Z
?CreateNeroSignals@@YAPAVCAbstractSignals@@XZ
?CreateNeroThread@@YAPAVCAbstractThread@@XZ
?DestroyDeviceHandleContainer@@YAXXZ
?DestroyErrorList@@YAXK@Z
?Directory@BinChar@@QBE?AV1@H@Z
?ERRAdd@@YAABVINeroError@@ABV1@@Z
?ERRClearErrors@@YAXXZ
?ERRGetAllErrors@@YAPAVCNeroErrorList@@XZ
?ERRMyList@@YAAAVCNeroErrorList@@XZ
?EnableMessageTranslation@CErrorClone@@UAEXH@Z
?EnableMessageTranslation@CNeroError@@UAEXH@Z
?Fatal@CErrorClone@@UBEHXZ
?Fatal@CNeroError@@UBEHXZ
?FileName@BinChar@@QBE?AV1@XZ
?FindKeys@FReg@@QAE_NPBDAAVBinChar@@AAH@Z
?FindSubKey@FReg@@QAEPAUHKEY__@@PBDH@Z
?FindValues@FReg@@QAE_NPBDAAVBinChar@@AAHPAK@Z
?FullFileName@BinChar@@QBE?AV1@AAH@Z
?GetDWORD@FReg@@QAEKPBDK@Z
?GetDescriptionLine@CErrorClone@@UBEHHHPADH@Z
?GetDescriptionLine@CErrorClone@@UBEHHHPADH_N@Z
?GetDescriptionLine@CNeroError@@UBEHHHPADH@Z
?GetDescriptionLine@CNeroError@@UBEHHHPADH_N@Z
?GetDescriptionLine@CNeroError@@UBEHHPADH@Z
?GetEnglishMsgFileName@@YAPBDXZ
?GetError@CErrorClone@@UBEHXZ
?GetError@CNeroError@@UBEHXZ
?GetError@CNeroErrorList@@QBEHAAVCErrorClone@@ABVErrorListPos@@@Z
?GetErrorCount@CNeroErrorList@@QAEIXZ
?GetErrorFile@CErrorClone@@UBEPBDXZ
?GetErrorFile@CNeroError@@UBEPBDXZ
?GetErrorIcon@CErrorClone@@UBE?AW4NeroErrorID@@XZ
?GetErrorIcon@CNeroError@@UBE?AW4NeroErrorID@@XZ
?GetFirst@CNeroErrorList@@QBE?AVErrorListPos@@XZ
?GetFirst_NoLock@CNeroErrorList@@ABE?AVErrorListPos@@XZ
?GetInt@FReg@@QAEHPBDK@Z
?GetLast@CNeroError@@SA?AVErrorListPos@@XZ
?GetLast@CNeroErrorList@@QBE?AVErrorListPos@@XZ
?GetLast_NoLock@CNeroErrorList@@ABE?AVErrorListPos@@XZ
?GetLine@CErrorClone@@UBEHXZ
?GetLine@CNeroError@@UBEHXZ
?GetMsgFileName@@YAPBDXZ
?GetNeroErrorList@@YAAAVCNeroErrorList@@K@Z
?GetNeroPortab@@YAAAVCNeroPortab@@XZ
?GetNext@CNeroErrorList@@QBE?AVErrorListPos@@ABV2@@Z
?GetOrdinalNumber@CErrorClone@@UBE?AVCOrdinalNumber@@XZ
?GetOrdinalNumber@CNeroError@@UBE?AVCOrdinalNumber@@XZ
?GetPrevious@CNeroErrorList@@QBE?AVErrorListPos@@ABV2@@Z
?GetProcessPriority@@YA?AW4ePriorityClass@@XZ
?GetSpecialFolder@@YAHHPAD@Z
?GetString@FReg@@QAE?AVBinChar@@PBDV2@@Z
?GetText@CNeroError@@SAHPBD0PADHH@Z
?GetThreadName@CErrorClone@@UBEPBDXZ
?GetThreadName@CNeroError@@UBEPBDXZ
?GetTime@CErrorClone@@UBEJXZ
?GetTime@CNeroError@@UBEJXZ
?GetTypeName@CErrorClone@@UBEPBDXZ
?GetWindowsVersion@@YAXAAK0@Z
?GetWord@BinChar@@QBE?AV1@HD@Z
?HexToBin@BinChar@@QBE?AV1@XZ
?IsEnglishMsgFileOK@@YAHXZ
?IsInt@BinChar@@QBE_NXZ
?IsMessageTranslationEnabled@CErrorClone@@UBEHXZ
?IsMessageTranslationEnabled@CNeroError@@UBEHXZ
?IsMsgFileOK@@YAHXZ
?IsValid@FReg@@QAE_NXZ
?IsWinME@@YAHXZ
?IsWindows2kOrHigher@@YAHXZ
?IsWindowsNTOrHigher@@YAHXZ
?IsWindowsXPOrHigher@@YAHXZ
?LPad@BinChar@@QBE?AV1@H@Z
?LTrim@BinChar@@QBE?AV1@XZ
?Left@BinChar@@QBE?AV1@H@Z
?Lower@BinChar@@QBE?AV1@XZ
?MaskenFit@BinChar@@QBE_NPBD@Z
?MoveErrorsTo@CNeroErrorList@@QAEXAAV1@@Z
?MyNeroThread@@YAAAVCAbstractThread@@XZ
?RPad@BinChar@@QBE?AV1@H@Z
?RTrim@BinChar@@QBE?AV1@XZ
?ReducePath@BinChar@@QBE?AV1@XZ
?RegisterWorkerThread@@YAXPAVWorkerThread@@@Z
?Right@BinChar@@QBE?AV1@H@Z
?Rollback@CNeroErrorList@@QAEXABVErrorListPos@@@Z
?Rollback@ErrorListPos@@QBEXXZ
?SPTICloseDeviceHandle@@YAHPAX@Z
?SPTIClosePendingHandles@@YAXPAVCCdrDriver@@@Z
?SPTIClosePendingHandles@@YAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SPTIEnableGlowing@@YAXPAX@Z
?SPTIExecuteCommand@@YAHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAVCCdrDriver@@PAVCBuffer@@PAEHKHPAH@Z
?SPTIGetDeviceHandle@@YAPAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAVCCdrDriver@@PAHH@Z
?SPTIInquirySync@@YAHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAUSCSIInquiryData@@HH@Z
?SPTIQueueCmdPassThrough@@YAHPAXPAVCBuffer@@PAEHKHPAH@Z
?SetDWORD@FReg@@QAE_NVBinChar@@K@Z
?SetEnglishMsgFileName@@YAXPBD@Z
?SetExtension@BinChar@@QBE?AV1@PBD@Z
?SetFatal@CErrorClone@@UAEHH@Z
?SetFatal@CNeroError@@UAEHH@Z
?SetMsgFileName@@YAXPBD@Z
?SetNeroPortab@@YAXPAVCNeroPortab@@@Z
?SetProcessPriority@@YAHW4ePriorityClass@@@Z
?SetString@FReg@@QAE_NABVBinChar@@0@Z
?StartThread@WorkerThread@@UAEHK@Z
?StringToDouble@NonLocal@@YAHPBDPANH@Z
?ToInt@BinChar@@QBEHXZ
?Translate@BinChar@@QAEHABV1@0@Z
?Trim@BinChar@@QBE?AV1@XZ
?UnRegisterWorkerThread@@YAXPAVWorkerThread@@@Z
?Upper@BinChar@@QBE?AV1@XZ
?UseSPTI@@YA_NXZ
?WaitForThreadEnd@WorkerThread@@QAEKKPAUHWND__@@@Z
?iStr@BinChar@@QBEHABV1@H@Z
?len@BinChar@@QBEHXZ
Sections
.text Size: 68KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 100KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ