3d81f8be5147ab9e4f26fae58037235a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d81f8be5147ab9e4f26fae58037235a_JaffaCakes118
Size

220KB
MD5

3d81f8be5147ab9e4f26fae58037235a
SHA1

5b2b7e467c3f26d6501165dd4c016a86076db7b1
SHA256

efd3e60952a3f12a46368d15d98a7f53db46a38c4381b9b12f092d2e3adb7c90
SHA512

2a3fbf3e30bdffb807305a097c94a8a6b457f05850ce690b744ce299af91bf946143685b82db40848b89f133176d7af8a87025f14037c85c2d1accee79ad24f4
SSDEEP

3072:23Tc/y/ETdruA54IR2Ak6xP/JTwG0IiFTVIxAHxqoHwZFTC71GUyjKKpqM:2Dc//ruiXRPd10IilgdoUs1AjF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d81f8be5147ab9e4f26fae58037235a_JaffaCakes118

Files

3d81f8be5147ab9e4f26fae58037235a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

111184025f3d59af463af43e3c8b0a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\waldo\v1200\apps\components\PolygonTool\Core\objprodX\PolygonToolCore.pdb

Imports

crli18n

?SetFromUnicode@CGlbChar@@QAGHQBGI@Z

crlutl

_MEMMANUnlock@4
_MEMMANLock@4
?IsAppClass@WUTLAppInfo@@SAHW4AppClass@1@@Z

cdrutl

_CgiPolygon@12
_CgiGetViewportExt@8
_CgiDetachHDC@4
_CgiSetViewportExt@16
_CgiSetViewportOrg@16
_CgiSetMapMode@8
_CgiAttachHDC@4
_CgiPolyPolygon@16
_CgiSetWindowOrg@16
_CgiSetWindowExt@16

crlmath

_UTLTransformMatrix@8
_UTLGetIdentityMatrix@4
_UTLGetFineAngleBetween@24
_UTLRotateMatrixAround@16
_UTLTransformPoint@12

cdrcore

?SYMPSetPropData@@YAHPAUSYMPOLY_PROP_DATA@@PAUPGONINFO@@H@Z
?GetAux@WNodeHandle@@QBEPAV1@XZ
?SYMPGetPropData@@YAHPAUSYMPOLY_PROP_DATA@@PAVWNodeHandle@@@Z
?SYMPGetMaxUserComplexity@@YAHPAUSYMPOLY_PROP_DATA@@@Z
?TRMNodeSelected@@YAHPAVWNodeHandle@@W4ELocking@@@Z
?GetDisplayObject@WNodeHandle@@QAEPAUHMEM__@@XZ
?OBJECT_Dtor@@YAXPAVCDrawlibDoc@@PAUHMEM__@@@Z
?SYMBCreateBasicPolygon@@YAHPAUOBJECT@@PAUtagPOINT@@PAUNODETYPE@@PAUPGONINFO@@@Z
?SYMPGetTotalPointsInPolygon@@YAHHHH@Z
?SYMPGetNumberOfPointsInCurve@@YAHXZ
?SYMPCreateCurveObject@@YAPAUHMEM__@@PAVCDrawlibDoc@@HHHN@Z
?SYMPValidCreationData@@YAHHHH@Z
?SYMPSetPropData@@YAHPAUSYMPOLY_PROP_DATA@@PAH11@Z
?DRAWGetAppInterface@@YAPAUIDrawAppComponent@@XZ
?OBJDeleteObject@@YAHPAVCDrawlibDoc@@PAVWNodeHandle@@@Z
?USDSetStaticID@@YAHPAVCDrawlibDoc@@PAVWNodeHandle@@I@Z
?CreateDisplay@@YAPAUHMEM__@@PAVCDrawlibDoc@@PAVWNodeHandle@@@Z
?SYMPEditSympoly@@YAHPAVCDrawlibDoc@@UEDITSYMPOLYTRANS@@PAVWNodeHandle@@@Z
?OBJBackupObject@@YAPAVWNodeHandle@@PAVCDrawlibDoc@@PAV1@@Z
?SYMPEqualTrans@@YAHPAUEDITSYMPOLYTRANS@@0@Z
?GetLogicalObject@WNodeHandle@@QAEPAUHMEM__@@XZ
?SYMPGetTransData@@YAHPAUEDITSYMPOLYTRANS@@PAUPGONINFO@@@Z
?GetObjectProp@@YAPAXPAUOBJECT@@I@Z
?GetDisplayPointers@@YAHPAUDISPOBJ@@PAPAUtagPOINT@@PAPAUNODETYPE@@@Z
?InitObjectBlock@@YAHPAVCDrawlibDoc@@PAVWNodeHandle@@JJW4tag_OBJECT_TYPE@@PAUtagPOINT@@@Z
?SetObjectProp@@YAHPAVWNodeHandle@@JPAXI@Z
?OBAUnlockObject@@YAHPAVWNodeHandle@@@Z
?OBALockObject@@YAPAUOBJECT@@PAVWNodeHandle@@@Z
?SetPreviewBBoxState@WNodeHandle@@QAEXW4EPreviewBBoxState@@@Z
?SetIsNodeEditable@WNodeHandle@@QAEXH@Z
?SetLogicalObject@WNodeHandle@@QAEXPAUHMEM__@@@Z
?CreateChild@WNormalObject@@SAPAVWNodeHandle@@PAVCDrawlibDoc@@PAV2@K@Z
?CM_LYR_DISPLAY_CHILD@WTreeNode@@2KB
?IsLayerSelectable@WNodeHandle@@QAEHPAVCDrawlibDoc@@@Z
?DSTDistortObject@@YAXPAVCDrawlibDoc@@PAVWNodeHandle@@PAUMATRIX@@HHW4DISTORT_TYPE@@PAUDISTORT_DATA@@H@Z
?SYMPGGetInternalMatrix@@YAHPAUPGONINFO@@PAUMATRIX@@H@Z
?SYMPGetPropData@@YAHPAUSYMPOLY_PROP_DATA@@PAUPGONINFO@@H@Z

cdrtra

?TRACreateTransaction@@YAPAUIDrawTransaction@@PAVCDrawTransDoc@@H@Z
?TRALogTransaction@@YAHPAVCDrawTransDoc@@PAUIDrawTransaction@@IPAPAVWNodeHandle@@I@Z

cdrcrv

?CRV_SimplePolypolyConstructFromCurveUseMax@@YGPAUCRV_SIMPLEPOLYPOLY@@PAUtagPOINT@@PAUNODETYPE@@HH@Z
?CRV_SimplePolypolyGetPoligonSizes@@YGPAHPAUCRV_SIMPLEPOLYPOLY@@@Z
?CRV_SimplePolypolyGetPoints@@YGPAUtagPOINT@@PAUCRV_SIMPLEPOLYPOLY@@@Z
?CRV_SimplePolypolyDestruct@@YGXPAUCRV_SIMPLEPOLYPOLY@@@Z
?CRV_SimplePolypolyGetNumberOfPoligons@@YGHPAUCRV_SIMPLEPOLYPOLY@@@Z
?CRV_SimplePolypolyGetBoundingBox@@YGHPAUCRV_SIMPLEPOLYPOLY@@PAUtagRECT@@@Z

basetoolcore

?GetCommonProp@@YGXPAVWNodeHandle@@PAVWPropCommon@@@Z
?UpdateCommonPropFlags@@YGHPAVWPropCommon@@PAVWNodeHandle@@ABV1@@Z
?DrawUnrecordedEllipse@@YGXPAUIDrawViewComponent@@PAUtagCGIDC@@JJJJPAUtagPOINT@@H@Z

mfc71u

ord4276
ord1591
ord5956
ord920
ord925
ord1033
ord927
ord931
ord2404
ord2388
ord2407
ord2402
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord4716
ord4480
ord4255
ord572
ord741
ord709
ord5636
ord5643
ord501
ord3983
ord266
ord265
ord1582
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord314
ord1200
ord1079
ord1087
ord1162
ord581
ord315
ord765
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4234
ord1393
ord3940
ord1608
ord1611
ord5911
ord2086
ord762
ord764
ord3678
ord3570
ord3943
ord1197
ord929

msvcr71

??1type_info@@UAE@XZ
__CxxFrameHandler
malloc
free
_hypot
_except_handler3
__security_error_handler
memset
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit

kernel32

GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
DeleteCriticalSection
InitializeCriticalSection

user32

GetClientRect
IsWindow
EnableWindow
InvalidateRect
InflateRect

gdi32

PatBlt
GetStockObject
SetBkMode
SelectObject
SetROP2

Exports

Exports

??0WSymPropPreview@@QAE@XZ
??1WSymPropPreview@@UAE@XZ
??_7WSymPropPreview@@6B@
?ChangeSample@WSymPropPreview@@IAEXPAUSYMPOLY_PROP_DATA@@PAVWSampleSympoly@@@Z
?CreateObject@WSymPropPreview@@SGPAVCObject@@XZ
?GetMessageMap@WSymPropPreview@@MBEPBUAFX_MSGMAP@@XZ
?GetRuntimeClass@WSymPropPreview@@UBEPAUCRuntimeClass@@XZ
?GetThisClass@WSymPropPreview@@SGPAUCRuntimeClass@@XZ
?GetThisMessageMap@WSymPropPreview@@KGPBUAFX_MSGMAP@@XZ
?OPMGetPolygonProperty@@YGXPAVWNodeHandle@@PAVWPropSymPoly@@@Z
?OPMGetSelPropSymPoly@@YGXPAUIDrawDocComponent@@PAVWPropSymPoly@@@Z
?OPMIsValidSelectionForPropSymPoly@@YGHPAUIDrawDocComponent@@@Z
?OPMSetSelPropSymPoly@@YGXPAUIDrawDocComponent@@ABVWPropSymPoly@@H@Z
?OPMUpdateMaxSharpnessOnNumPointsChange@@YGXPAUIDrawDocComponent@@PAVWPropSymPoly@@H@Z
?OPMUpdateSymPolyObjPropertyFlags@@YGXPAUIDrawDocComponent@@PAUIDrawSelectionInfo@@PAVWPropSymPoly@@PAVWNodeHandle@@@Z
?OPMUpdateSymPolyPropertyFlags@@YGHPAVWPropSymPoly@@PAVWNodeHandle@@ABV1@@Z
?OnPaint@WSymPropPreview@@IAEXXZ
?SYMPClearGlobalsForPreview@@YGHPAPAUNODETYPE@@PAPAUtagPOINT@@@Z
?SYMPDrawSymCenterPointPolygon@@YGXPAUIDrawViewComponent@@PAUtagCGIDC@@JJJJH@Z
?SYMPDrawSymPolygon@@YGXPAUIDrawViewComponent@@PAUtagCGIDC@@JJJJHI@Z
?SYMPFitRectIntoViewport@@YGHPAUtagCGIDC@@UtagRECT@@@Z
?SYMPGetTransData@@YGHPAUEDITSYMPOLYTRANS@@PAUHMEM__@@@Z
?SYMPGetTransData@@YGHPAUIDrawDocComponent@@PAUEDITSYMPOLYTRANS@@PAVWNodeHandle@@@Z
?SYMPRestoreGlobalsAfterPreview@@YGHPAUNODETYPE@@PAUtagPOINT@@@Z
?SYMPSetPropData@@YGHPAUIDrawDocComponent@@PAUSYMPOLY_PROP_DATA@@PAVWNodeHandle@@@Z
?SYMPSetPropData@@YGHPAUSYMPOLY_PROP_DATA@@PAUEDITSYMPOLYTRANS@@@Z
?TPMGetPropSymPoly@@YGXPAVWPropSymPoly@@@Z
?TPMSetPropSymPoly@@YGXABVWPropSymPoly@@@Z
?UpdateSample@WSymPropPreview@@QAEXPAUSYMPOLY_PROP_DATA@@H@Z
?UpdateSample@WSymPropPreview@@QAEXPAUSYMPOLY_PROP_DATA@@PAUIDrawDocComponent@@PAVWNodeHandle@@@Z
?_messageEntries@WSymPropPreview@@0QBUAFX_MSGMAP_ENTRY@@B
?classWSymPropPreview@WSymPropPreview@@2UCRuntimeClass@@B
?messageMap@WSymPropPreview@@1UAFX_MSGMAP@@B
SYMCreateDisplayObject
SYMFreeDisplayObject
SYMPGRecordSymPolygon
_SYMPGRecordSymPolygonBBox@28
_SYMPGRecordSymPolygonCenter@28

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

111184025f3d59af463af43e3c8b0a39

Headers

File Characteristics

PDB Paths

Imports

crli18n

crlutl

cdrutl

crlmath

cdrcore

cdrtra

cdrcrv

basetoolcore

mfc71u

msvcr71

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 180KB - Virtual size: 184KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 180KB - Virtual size: 184KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB