3bb20d1e14b7227ffec645893fab3bd1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bb20d1e14b7227ffec645893fab3bd1_JaffaCakes118
Size

85KB
MD5

3bb20d1e14b7227ffec645893fab3bd1
SHA1

c48be7e432fa43234c16e31b246aa02965170480
SHA256

f0b36d812c1cb03becedd8ea6d20ca69cf92004efa3f6aa1ea174363828ba16f
SHA512

9ff09d7d6c0c7c2c2c68255e5c069f08e7295c76f04777320ef22b6c8885a7891723c3465c3aa4bea58fe8b93d87d7025a73753dfab7b6f90aa834ec1f858049
SSDEEP

1536:fPtOx5e6zabyQkFlX4lDPJWJiq4SGTKxCBxsoKWKwiIkbOws8Apy1b:fU54kFlX74S6x8IMOwsJSb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bb20d1e14b7227ffec645893fab3bd1_JaffaCakes118

Files

3bb20d1e14b7227ffec645893fab3bd1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

23f039743aa3ab03c1f90b7cbaf90fd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\obj\i386_O2\exe\sym2dx.pdb

Imports

epd70

?Initialize@CWorkviewOffice@@QAEHPAUHINSTANCE__@@@Z
??0CWorkviewOffice@@QAE@XZ
??1CWorkviewOffice@@UAE@XZ

dxsymbol70

??0CDxSymbol@@QAE@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PAUblock@@@Z
??1CDxSymbol@@UAE@XZ
?GetName@CDxAttr@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?SetFlowType@CDxSymbol@@QAEXPBD@Z
?GetValue@CDxAttr@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?OpenSymbol@CDxSymbol@@QAEHPBD00HHHH@Z

dxdbdll

?showDSInfoDialogModal@CDSConnectionFactory@@SAPAVCDSInfo@@PAVCWnd@@@Z
?closeAllConnections@CDSConnectionFactory@@SAXXZ
??0CDSInfoListManaged@@QAE@XZ
?loadDSInfoList@CDSConnectionFactory@@SA_NAAVCDSInfoListManaged@@@Z
?begin@?$vector@PAVCDSInfo@@V?$allocator@PAVCDSInfo@@@std@@@std@@QAE?AV?$_Vector_iterator@PAVCDSInfo@@V?$allocator@PAVCDSInfo@@@std@@@2@XZ
?end@?$vector@PAVCDSInfo@@V?$allocator@PAVCDSInfo@@@std@@@std@@QAE?AV?$_Vector_iterator@PAVCDSInfo@@V?$allocator@PAVCDSInfo@@@std@@@2@XZ
?getConnection@CDSConnectionFactory@@SAPAVIDSConnection@@ABVCDSInfo@@PAV?$vector@IV?$allocator@I@std@@@std@@@Z
?loadDSInfo@CDSConnectionFactory@@SAPAVCDSInfo@@AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
??1CDSInfoListManaged@@QAE@XZ

dxdutils70

?SetCurrentFlowType@NAttributeNames@NDxDUtils@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetSymbols@CSymbolFinder@@QBEABV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?SearchSymbols@CSymbolFinder@@QAEXPBD_N@Z
??0CSymbolFinder@@QAE@XZ
??1CSymbolFinder@@QAE@XZ

projectutilities70

?GetLib@CSymbolLibs@NProjectTools@@UBEPBVISymbolLibrary@DxD@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0CProjectFileUtilitiesLight@NProjectTools@@QAE@PBD_N@Z
?openProjectFile@CProjectFileUtilitiesLight@NProjectTools@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Clear@CSymbolLibs@NProjectTools@@QAEXXZ
??0CSymbolLibs@NProjectTools@@QAE@XZ
?GetLibList@CSymbolLibs@NProjectTools@@UBEABV?$list@PAVISymbolLibrary@DxD@@V?$allocator@PAVISymbolLibrary@DxD@@@std@@@std@@XZ
?GetLibPath@CSymbolLibs@NProjectTools@@UBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z
?GetLibType@CSymbolLibs@NProjectTools@@UBEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CSymbolLibs@NProjectTools@@UAE@XZ
??1CProjectFileUtilitiesLight@NProjectTools@@UAE@XZ
?Load@CSymbolLibs@NProjectTools@@QAE_NPAVIProjectFileData@DxD@@@Z

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

mfc90

ord942
ord941
ord2539
ord899
ord5924
ord945
ord5761
ord6802
ord1009
ord5870
ord4481
ord4311
ord262
ord300
ord2485
ord499
ord736
ord3895
ord753
ord611
ord4668
ord4895
ord2888
ord3135
ord5633
ord1728
ord1791
ord1792
ord2139
ord5608
ord1446
ord3218
ord6356
ord5389
ord3671
ord6782
ord4160
ord6784
ord1644
ord2368
ord2375
ord2625
ord2607
ord2605
ord2623
ord2635
ord2612
ord2628
ord2633
ord2616
ord2618
ord2620
ord2614
ord2630
ord2610
ord969
ord965
ord967
ord963
ord958
ord5666
ord5668
ord6446
ord1729
ord4688
ord5137
ord3732
ord5644
ord4589
ord6780
ord5497
ord2074
ord5585
ord4650
ord1496
ord4331
ord1752
ord1755
ord6388
ord3344
ord1678
ord1809
ord1810
ord2208
ord4993
ord5309
ord5153
ord4618
ord5615
ord4594
ord5262
ord5032
ord5216
ord2978
ord5494
ord5495
ord664
ord6740
ord3390
ord2209
ord405
ord2592
ord595
ord3480
ord3277
ord5139
ord5647
ord4638
ord1497
ord6391
ord3346
ord1668
ord2274
ord539
ord2057
ord1938
ord4013
ord5286
ord5496
ord615
ord3487
ord4640
ord1670
ord2277
ord3213
ord1604
ord2103
ord1935
ord1746
ord796
ord1183
ord750
ord6194
ord6615
ord3643
ord4646
ord1720
ord2283
ord3617
ord1710
ord1779
ord6186
ord6559
ord1041
ord3738
ord2720
ord2672
ord4477
ord3414
ord2038
ord1110
ord4116
ord2899
ord2360
ord692
ord3553
ord4643
ord1698
ord2279
ord4497
ord1605
ord2105
ord6771
ord1492
ord3940
ord3422
ord6432
ord4281
ord589
ord3659
ord3110
ord6001
ord5646
ord5663
ord4981
ord4333
ord2447
ord5659
ord5657
ord3209
ord2087
ord4199
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord4733
ord6781
ord4159
ord6783
ord4409
ord4434
ord793
ord4029
ord5814
ord6757
ord5552
ord1098
ord1182
ord1186
ord341
ord617
ord5557
ord1607
ord3896
ord756
ord4678
ord1643
ord4686
ord5645
ord1711
ord2224
ord4996
ord1409
ord6584
ord4392
ord5963
ord2069
ord1016
ord4660
ord547
ord549
ord4014
ord1042
ord3107
ord4714
ord2961
ord2769
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4667
ord338
ord316
ord2337
ord614
ord601
ord3762
ord3946
ord6377
ord3953
ord800
ord305
ord3178
ord910
ord1611
ord817
ord1303
ord820
ord1037
ord3077
ord5875
ord1603
ord1252
ord1204
ord259
ord1709
ord6140
ord3485
ord1188
ord581
ord782
ord310
ord266
ord6791
ord2566
ord1137
ord5750
ord1247
ord777
ord3579
ord464
ord712
ord798
ord4890
ord3980
ord4496
ord2766
ord5493
ord1276

msvcr90

_crt_debugger_hook
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_except_handler4_common
_invoke_watson
__p__fmode
_controlfp_s
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
isalpha
memset
_invalid_parameter_noinfo
__CxxFrameHandler3
_setmbcp

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
SetCurrentDirectoryA
GetCurrentDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

EnableWindow
PostMessageA
GetParent
SendMessageA

oleaut32

SysFreeString

veclt70

?GetRuntimeClass@VECCollection@@UBEPAUCRuntimeClass@@XZ
?Lookup@VECCollection@@MAEPAVCCmdTarget@@ABUtagVARIANT@@@Z
?LookupInt@VECCollection@@MAEPAVCCmdTarget@@H@Z
?OnFinalRelease@VECCollection@@UAEXXZ
?GetThisMessageMap@VECCollection@@KGPBUAFX_MSGMAP@@XZ
?Item@VECCollection@@QAEPAUIDispatch@@ABUtagVARIANT@@@Z
?Remove@VECCollection@@QAEXABUtagVARIANT@@@Z
?GetCount@VECCollection@@QAEHXZ
?GetThisDispatchMap@VECCollection@@KGPBUAFX_DISPMAP@@XZ
?_NewEnum@VECCollection@@QAEPAUIUnknown@@XZ
?GetThisInterfaceMap@VECCollection@@KGPBUAFX_INTERFACEMAP@@XZ
??0VECStringCollection@@QAE@AAVCStringList@@@Z
?OnFinalRelease@VECStringCollection@@UAEXXZ
?GetMessageMap@VECStringCollection@@MBEPBUAFX_MSGMAP@@XZ
?GetDispatchMap@VECStringCollection@@MBEPBUAFX_DISPMAP@@XZ
?GetInterfaceMap@VECStringCollection@@MBEPBUAFX_INTERFACEMAP@@XZ
??1VECStringCollection@@MAE@XZ
??1VECCheckListBox@@UAE@XZ
??0VECCheckListBox@@QAE@XZ
?VECHtmlHelp@@YA_NPAUHWND__@@PBDPAUHINSTANCE__@@I@Z
??1VECCollection@@MAE@XZ
??0VECCollection@@IAE@AAVCObList@@@Z

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23f039743aa3ab03c1f90b7cbaf90fd1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

epd70

dxsymbol70

dxdbdll

dxdutils70

projectutilities70

msvcp90

mfc90

msvcr90

kernel32

user32

oleaut32

veclt70

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 12KB