3d75145fcc22d0e87d35f7e46fe6f583_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3d75145fcc22d0e87d35f7e46fe6f583_JaffaCakes118
Size

388KB
MD5

3d75145fcc22d0e87d35f7e46fe6f583
SHA1

0ce9d8e17347d8f4b0ad2502e92dc8fa46046902
SHA256

cb959d790d39160fed5ac726544e7d804aa0d6d17bdaf288a2b78369f96316aa
SHA512

eeb7156237f18f687f9d580afb75b31e762a144fade8bf3e20fd3593485e425e7ee5163e05b6b02a44b80547a9d04ee1bd56dea0ae70bf555ec23ec8d5f58f6f
SSDEEP

12288:P1C8xE7GWy3M2z8kqVuprI+cnZN6XZa8oZCEKQfj:P1C8yE3M2z8kXqZkXZfoJKQfj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d75145fcc22d0e87d35f7e46fe6f583_JaffaCakes118

Files

3d75145fcc22d0e87d35f7e46fe6f583_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9ef3d9ef5edc73baa99a03a7c8be1856

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DailyBuild\sources\Nero7\Nero\bin\Release\GenUDF2.pdb

Imports

newtrf

?Convert2kToMode2Form1With2336@@YAHQBEQAEPBE@Z
?GenEDC@@YAHPAEKPAV?$LittleEndian@K@@@Z

neroerr

?CreateNeroThread@@YAPAVCAbstractThread@@XZ
?CreateNeroSemaphore@@YAPAVCAbstractSemaphore@@J@Z
?MyNeroThread@@YAAAVCAbstractThread@@XZ
?GetNeroErrorList@@YAAAVCNeroErrorList@@K@Z
?ClearErrors@CNeroErrorList@@QAEXXZ
??0CErrorClone@@QAE@ABV0@@Z
?GetDescriptionLine@CNeroError@@UBEHHHPADH@Z
?Fatal@CNeroError@@UBEHXZ
?GetErrorIcon@CNeroError@@UBE?AW4NeroErrorID@@XZ
?GetDescriptionLine@CNeroError@@UBEHHPADH@Z
?GetThreadName@CNeroError@@UBEPBDXZ
??0CNeroError@@IAE@PBDHH@Z
??1CNeroError@@UAE@XZ
?GetDescriptionLine@CNeroError@@UBEHHHPADH_N@Z
?SetFatal@CNeroError@@UAEHH@Z
?GetTime@CNeroError@@UBEJXZ
?GetError@CNeroError@@UBEHXZ
?GetErrorFile@CNeroError@@UBEPBDXZ
?GetLine@CNeroError@@UBEHXZ
?EnableMessageTranslation@CNeroError@@UAEXH@Z
?IsMessageTranslationEnabled@CNeroError@@UBEHXZ
??0CNeroErrorList@@QAE@XZ
?ERRMyList@@YAAAVCNeroErrorList@@XZ
?CopyErrorsTo@CNeroErrorList@@QBEXAAV1@PAVErrorListPos@@1@Z
?GetFirst@CNeroErrorList@@QBE?AVErrorListPos@@XZ
??0CErrorClone@@QAE@XZ
?GetError@CNeroErrorList@@QBEHAAVCErrorClone@@ABVErrorListPos@@@Z
?GetNext@CNeroErrorList@@QBE?AVErrorListPos@@ABV2@@Z
??1CErrorClone@@UAE@XZ
??1CNeroErrorList@@UAE@XZ
?ERRAdd@@YAABVINeroError@@ABV1@@Z

msvcp71

?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Nomemory@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?id@?$ctype@G@std@@2V0locale@2@A
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z

msvcr71

toupper
isalnum
strftime
mktime
localtime
gmtime
time
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
_strdup
_purecall
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
memset
memcpy
??_V@YAXPAX@Z
memmove
strncpy
strcpy
free
calloc
_snprintf
__RTDynamicCast
strlen
strchr
strncmp
malloc
sprintf
memcmp
realloc

kernel32

SystemTimeToFileTime
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
WideCharToMultiByte
LocalFileTimeToFileTime
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
MultiByteToWideChar
GetLastError

Exports

Exports

??0CNeroError@@QAE@ABV0@@Z
??0CNeroErrorList@@AAE@ABV0@@Z
??0INeroError@@QAE@ABV0@@Z
??0INeroError@@QAE@XZ
??1INeroError@@UAE@XZ
??4CNeroErrorList@@QAEAAV0@ABV0@@Z
??4INeroError@@QAEAAV0@ABV0@@Z
??_7CNeroError@@6B@
??_7CNeroErrorList@@6B@
??_7INeroError@@6B@
?GetOrdinalNumber@CNeroError@@UBE?AVCOrdinalNumber@@XZ
OpenGenerator

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ef3d9ef5edc73baa99a03a7c8be1856

Headers

File Characteristics

PDB Paths

Imports

newtrf

neroerr

msvcp71

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 205KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 20KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 960B

.reloc Size: 20KB - Virtual size: 18KB

.text Size: 64KB - Virtual size: 64KB

.text
Size: 208KB - Virtual size: 205KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 20KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 960B

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 64KB - Virtual size: 64KB