488a271b81ec7ee2303f936c4cbe6cb3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

488a271b81ec7ee2303f936c4cbe6cb3_JaffaCakes118
Size

200KB
MD5

488a271b81ec7ee2303f936c4cbe6cb3
SHA1

bef9cacf508d1ffffae35ea4cf9c3471229d7280
SHA256

1e0b47e88895e21bc11fb0bb70fd86c7c8ee0844d1e181af6784b11466f8bc8d
SHA512

206774c063f7f8958dedd7e65717e2836d26df8567fcd626219dd1979b89bd9f6c2063546e73d44e87fc87345bf9a8ae33452effa0c0039dec861c2ee1018ada
SSDEEP

3072:FiwXbRw3b3jF8zIIw3vlt1qzYH86cNC6qOIVBxOWwHjlW:F21TcAVOwxOW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
488a271b81ec7ee2303f936c4cbe6cb3_JaffaCakes118

Files

488a271b81ec7ee2303f936c4cbe6cb3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e269ad7a0d28327019fb9bc90432555e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\WiseGuard\SSOWatchClient\newengine\Release\ssoengine.pdb

Imports

ssocomcl

?Lock@CSSOApplication_Eng@@QAEHXZ
?DeleteInstance@CSSOApplication_Eng@@QAEXPAVCAppInstance@@@Z
?Unlock@CSSOApplication_Eng@@QAEHXZ
??1CAppInstance_OLE@@UAE@XZ
??0CAppInstance_OLE@@QAE@PAX@Z
?GetSSOSecuritySystemInterfaceID@@YA?BHXZ
?LoadPlugins@CSSOPluginMgr@@QAEHPAVCSSOSystemInterface@@@Z
?CleanupApplicationList@CSSOConfiguration_Eng@@QAEXXZ
??0CSSOPluginMgr_Eng@@QAE@XZ
??0CSSOSystemInterfaceLoader@@QAE@XZ
??1CSSOPluginMgr_Eng@@UAE@XZ
??1CSSOSystemInterfaceLoader@@UAE@XZ
?GetLaunchString@CSSOApplication@@QAEHPAVCSSOSystemInterface@@AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@11PAUHWND__@@@Z
?IsAppInstanceRunning@CAppInstance_OLE@@UBE_NXZ
?Compare@CAppInstance_OLE@@UAE_NPAVCAppInstance@@H@Z
?GetRuntimeClass@CAppInstance_OLE@@UBEPAUCRuntimeClass@@XZ
?GetApplication@CSSOConfiguration@@QAEPAVCSSOApplication@@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?VerifyChallenge@CSSOApplication_Eng@@QBEHPBD@Z
??0CSSOEngineContext@@QAE@XZ
?GetCredID@CSSOApplication_Eng@@QAEPAVCCredID@@PAVCSSOEngineContext@@PAPAVCAppInstance@@W4IsLogon@2@PAVCSSOWindow_Eng@@AAKPAVCSSOLogonIdentifier@@H1H@Z
??1CSSOEngineContext@@UAE@XZ
??0CSSOApplicationList@@QAE@XZ
?GetWinHeadPosition@CSSOApplication@@QBEPAU__POSITION@@XZ
?GetWinNext@CSSOApplication@@QBEPAVCSSOWindow@@AAPAU__POSITION@@@Z
?GetType@CSSOWindow@@QBEPBDXZ
?AddTail@CSSOApplicationList@@QAEXPAVCSSOApplication@@@Z
??1CSSOApplicationList@@UAE@XZ
?Enable@CSSOApplication@@QAEXH@Z
?GetGUID@CSSOParameterValue@@QAEPBDXZ
?GetDescription@CSSOParameterValue@@QAEPBDXZ
?GetNextParam@CSSOApplication@@QAEPAVCSSOParameterValue@@AAPAU__POSITION@@@Z
?GetFirstParameterPosition@CSSOApplication@@QAEPAU__POSITION@@XZ
?GetParameterGUID@CSSOConfiguration@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD0@Z
?IsEnabled@CAppInstance@@QAE_NXZ
?FindAppInstance@CSSOApplication_Eng@@QAEPAVCAppInstance@@PAV2@@Z
?IsEnabled@CSSOApplication@@QAEHXZ
?EnableInstance@CAppInstance@@QAEX_N@Z

ssicommon

?GetErrorMessage@CSSOSystemInterface@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?SSO_GetParam@CSSOSystemInterface@@QAEHPAVCCredID@@ABVCSSOParameter@@PBDAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@W4SSOCancelMode@@2PAUHWND__@@PAVCStringList@@@Z
?GetSSIOfCred@CSSOAppSecurityLink@@QAEPAVCSSOSystemInterface@@PAVCCredID@@@Z
??1CSSOParameter@@UAE@XZ
?SetGUID@CSSOParameter@@QAEXPBD@Z
?SetExternalCallDllName@CSSOSystemInterface@@QAEXPBD@Z
?g_pOemExt@@3PAVCOemExtension@@A
?GetExternalCallDllName@CSSOSystemInterface@@QAEPBDXZ
?GetRegisteredCredNumber@CSSOAppSecurityLink@@QAEH_N@Z
?SSO_SaveNewPassword@CSSOSystemInterface@@QAEHPAVCCredID@@PBD1HPAUHWND__@@@Z
?SSO_GetInfoForCredID@CSSOSystemInterface@@QAEHPAVCCredID@@AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAVCAutoString@@PBVCSSOPfcp@@HH@Z
??0CSSOParameter@@QAE@XZ
?SendAuditEvent@CSSOSystemInterface@@QAAJW4Event@CAudit@@ZZ

basewnd

?GetSSOEngineState@CMainFrame@@QAEJXZ
?GetMessageString@CMainFrame@@EBEXIAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
??1CMainFrame@@UAE@XZ
?ExchangeProperties@CMainFrame@@UAEXPAVCSerialExchangeContext@@@Z
?GetClassID@CMainFrame@@UBEIXZ
?OnCreateClient@CMainFrame@@MAEHPAUtagCREATESTRUCTA@@PAUCCreateContext@@@Z
?ReleaseReadOnlyAccess@CSSOConfigAccessSynchro@@QAEHXZ
?PreCreateWindow@CMainFrame@@UAEHAAUtagCREATESTRUCTA@@@Z
?GetMessageMap@CMainFrame@@MBEPBUAFX_MSGMAP@@XZ
?GetRuntimeClass@CMainFrame@@UBEPAUCRuntimeClass@@XZ
??0CDlgSSOWatchConfiguration@@QAE@PAVCWnd@@@Z
??1CDlgSSOWatchConfiguration@@UAE@XZ
??0CMainFrame@@QAE@XZ
?LoadConfig@CMainFrame@@QAE_NV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?Init@CMainFrame@@QAEXXZ
?OnPopupShowWindow@CMainFrame@@QAEXXZ
?OnDeviceChange@CMainFrame@@QAEHIK@Z
??1CSSOWatchCommandLineInfo@@UAE@XZ
??0CSSOConfigAccessSynchro@@QAE@XZ
??0CSSOWatchCommandLineInfo@@QAE@XZ
??1CSSOConfigAccessSynchro@@UAE@XZ
?GetReadOnlyAccess@CSSOConfigAccessSynchro@@QAEHPAX@Z

ssotools

?SerializeObject@CSerial@@QAEJAAVCDataStorage@@IPAX@Z
?GetMemoryBuffer@CDataStorage_Memory@@QBEPAEXZ
?GetMemoryBufferSize@CDataStorage_Memory@@QBEKXZ
??0CBlob@@QAE@KPAE@Z
?GetString@CBlob@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?Detach@CBlob@@QAE?AUtagBLOB@@_N@Z
??1CBlob@@UAE@XZ
??1CDataStorage_Memory@@UAE@XZ
?Log@CLog@@QAAXPBDHKH0ZZ
?GetTraceLevel@CLog@@QAEHXZ
?g_pLog@@3PAVCLog@@A
??1CAutoString@@QAE@XZ
??0CAutoString@@QAE@XZ
RegReadIntValue
?LoadLanguageLibrary@@YAPAUHINSTANCE__@@PBDK@Z
?RegReadValue@@YAJPAUHKEY__@@PBD1AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?EnableSplashScreen@CSplashWnd@@SAXH@Z
?ExchangeProperties@CSerial@@UAEXPAVCSerialExchangeContext@@@Z
?GetClassID@CSerial@@UBEIXZ
??0CSerial@@QAE@XZ
??1CSerial@@UAE@XZ
??0CDataStorage_Memory@@QAE@HPAEKH@Z

fmkcore

?CheckFeatureLicense@@YA?BHGAAH@Z
?CheckFeatureLicense@@YA?BHG@Z

mfc80

ord756
ord4444
ord4443
ord4790
ord4204
ord4781
ord4980
ord4172
ord5174
ord4244
ord764
ord1185
ord1187
ord1191
ord1482
ord1084
ord266
ord578
ord304
ord876
ord784
ord3934
ord310
ord2469
ord2902
ord762
ord781
ord300
ord1917
ord265
ord2324
ord297
ord3683
ord4467
ord4469
ord757
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord1144
ord1128
ord911
ord1069
ord1115
ord2248
ord1122
ord4035
ord2020
ord5119
ord5975
ord4031
ord1054
ord4265
ord4486
ord2862
ord5200
ord1599
ord1655
ord1656
ord1964
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4277
ord4722
ord3403
ord1306
ord2173
ord5205
ord4185
ord6275
ord5073
ord1908
ord5148
ord1207
ord1402
ord3945
ord1617
ord1620
ord5915
ord6725
ord1557
ord4019
ord2424
ord2425
ord5356
ord943
ord4904
ord2939
ord4135
ord5012
ord5009
ord2615
ord1913
ord2246
ord3450
ord3645
ord368
ord4264
ord4482
ord6043
ord5934
ord2768
ord3040
ord4222
ord1922
ord4739
ord4852
ord4257
ord5495
ord2742
ord5412
ord1379
ord5592
ord5156
ord2051
ord2016
ord6238
ord2621
ord2614
ord4566
ord616
ord4705
ord3591
ord3682
ord565
ord4273
ord1361
ord3344
ord4282
ord5214
ord5151
ord3946
ord3974
ord4861
ord4864
ord4379
ord4384
ord4381
ord4399
ord4401
ord4386
ord4777
ord4591
ord4181

msvcr80

_ismbblead
_controlfp_s
_invoke_watson
_setmbcp
memmove_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
_mbsicmp
malloc
free
strcpy_s
_resetstkoflw
__CxxFrameHandler3
_mbsnbcpy_s
memcpy_s
wcsncpy_s
strcat_s
strftime
_localtime64_s
memset
_time64
_purecall
_recalloc
_splitpath_s
wcscpy_s
calloc
wcslen
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__p__commode
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv

kernel32

CreateMutexA
SetCurrentDirectoryA
GetThreadLocale
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
GetCommandLineA
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetCurrentThreadId
GetProcAddress
InterlockedExchange
GetVersion
CompareStringA
CompareStringW
lstrcmpiW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetVersionExA
lstrcmpiA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetLocaleInfoA
FreeLibrary

user32

UnregisterClassA
LoadStringA
CharNextA
MessageBoxA
EnableWindow
CharLowerA
CharLowerW
CharUpperA
CharUpperW

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

StringFromGUID2
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
ProgIDFromCLSID
CoTaskMemFree
CoInitialize

oleaut32

LoadRegTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysFreeString
LoadTypeLi
SysStringByteLen
SysStringLen
CreateErrorInfo
SetErrorInfo
SysAllocStringLen

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e269ad7a0d28327019fb9bc90432555e

Headers

File Characteristics

PDB Paths

Imports

ssocomcl

ssicommon

basewnd

ssotools

fmkcore

mfc80

msvcr80

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 4KB

.idata Size: 16KB - Virtual size: 13KB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 4KB

.idata
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 48KB - Virtual size: 47KB