49f983c33ff9fbe81f278875e870ecce_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

49f983c33ff9fbe81f278875e870ecce_JaffaCakes118
Size

96KB
MD5

49f983c33ff9fbe81f278875e870ecce
SHA1

498c1fdaeb4fbb3edd149a106cb5ac681af876af
SHA256

659f1d243825edb762a13bcace4163a1023a12cf4902f1797982b9af18104d88
SHA512

43b088d61f0f8c7630afc91e8fedb0cd73a158496661a862e4b5a8847b6c3b7372cf85c21815d202c7c4d935585a7e1b7c9b2323f47736f8e366025a72ec5f95
SSDEEP

1536:jsxpjIf2TS4Ejx6k7qNe06/j34m35SJCK0FY2OYvBNBMFCvJgZP1awtKjzEt:jopjpSDjx6k2NK/z4ISJCK0FvOYrFEPP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49f983c33ff9fbe81f278875e870ecce_JaffaCakes118

Files

49f983c33ff9fbe81f278875e870ecce_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b48a63fb91543ce2e4e1b5df707b5609

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Builds\5\Ford Diagnostics\78 IDS VS Projs - PROD\Binaries\Win32\Release\Starburst.pdb

Imports

environment

??1CRegistryKey@@QAE@XZ
?FindWindowHandle@CRuntimeSettings@@SAPAUHWND__@@W4WindowType@1@_N@Z
?GetRuntimePath@CSystemInfo@@SAHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?FindRunningProcess@CRuntimeSettings@@SAHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAK@Z
?SetDateOfLastDownloadAttempt@CCalibrationInfo@@SAXXZ
?GetSystemDefaultLangMnemonic@CSystemInfo@@SAXAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
??0CProductInfo@@QAE@XZ
?GetProductName@CProductInfo@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?UserHasAdminPrivileges@CRuntimeSettings@@SAHXZ
??1CProductInfo@@QAE@XZ
??0CLogFile@@QAE@XZ
?GetLogFilesPath@CSystemInfo@@SAHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?Init@CLogFile@@QAEXQBD@Z
?Create@CLogFile@@QAEX_N@Z
?GetDatabasePath@CSystemInfo@@SAHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?LogMessage@CLogFile@@QAEXPBD_N1@Z
?Close@CLogFile@@QAEXXZ
??1CLogFile@@UAE@XZ
??0CRegistryKey@@QAE@XZ
?Open@CRegistryKey@@QAEHPAUHKEY__@@PBD_NK@Z
?SetStringValue@CRegistryKey@@QAEHPBDV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?RestoreConfigurationSettings@CPreferences@@SAH_N@Z
?Close@CRegistryKey@@QAEHXZ

connectivity

?GetNetworkPollTime@CConnectivityRegistry@@QAE_NAAI@Z
??0CUsaConnectivityConnection@@QAE@PAVCLogFile@@@Z
?SetDateOfLastDownloadExpiredAttempt@CConnectivityRegistry@@QAE_NI@Z
?IsConnected@CNetworkConnection@@QAE_NPAU_SYSTEMTIME@@@Z
?SetDateOfLastSuccessfulConnection@CNetworkConnection@@QAEXXZ
?PromptForConnection@CNetworkConnection@@QAE_NXZ
?DisplayConnectionPrompt@CNetworkConnection@@QAEXXZ
?GetConnectionDateOfLast@CConnectivityRegistry@@QAE_NAAI@Z
?GetNotConnectedTimeLimit@CConnectivityRegistry@@QAE_NAAI@Z
?GetLastKnownPeakBandwidth@CConnectivityRegistry@@QAE_NAAI@Z
?GetCurrentNetworkAdapterBandwidth@CNetworkPerformance@@QAE_NAAI@Z
?SetLastKnownPeakBandwidth@CConnectivityRegistry@@QAE_NI@Z
?GetStarburstDaysToUpdate@CConnectivityRegistry@@QAE_NAAI@Z
??0CNetworkConnection@@QAE@PAVCLogFile@@@Z
?HardTimeoutHasExpired@CNetworkConnection@@QAE_NXZ
?GetDateOfLastDownloadExpiredAttempt@CConnectivityRegistry@@QAE_NAAI@Z
?TimeoutExpired@CNetworkConnection@@QAE_NHH@Z
?UpdateIsRequired@CNetworkConnection@@QAE_NH@Z
??1CNetworkConnection@@UAE@XZ
??1CNetworkPerformance@@UAE@XZ
??0CNetworkPerformance@@QAE@PAVCLogFile@@@Z
??1CConnectivityRegistry@@UAE@XZ
?GetScheduledUpdateInitialDelay@CConnectivityRegistry@@QAE_NAAI@Z
??1CHTTPParameters@@UAE@XZ
??0CConnectivityRegistry@@QAE@XZ

isocodes

??0CLanguageCodes@@QAE@XZ
?GetWDSLanguageCode@CLanguageCodes@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
??1CLanguageCodes@@UAE@XZ

updateserviceagent

?UpdateAvailable@CUpdateAgent@@QAE_NXZ
?LaunchSoftwareUpdateManager@CSoftwareManager@@QAE_N_N@Z
??0CUpdateLock@@QAE@XZ
??1CUpdateLock@@UAE@XZ
??0CUpdateFileManager@@QAE@PAVCLogFile@@@Z
?ValidateUpdateSettings@CUpdateFileManager@@QAEHXZ
??0CUpdateAgent@@QAE@PAVCLogFile@@@Z
?UpdateFlexNetRegistration@CUpdateAgent@@QAEJAA_N@Z
??1CUpdateAgent@@UAE@XZ
??0CSoftwareManager@@QAE@PAVCLogFile@@@Z
?SetUpdateScheduleToManual@CSoftwareManager@@QAE_NXZ
?Lock@CUpdateLock@@QAEHK@Z
??1CSoftwareManager@@UAE@XZ
??1CUpdateFileManager@@UAE@XZ

fnpss

?IsLicenseCheckingEnabled@CFnpss@@QAEHXZ
??0CFnpss@@QAE@XZ
??1CFnpss@@UAE@XZ

mfc100

ord8392
ord7581
ord1448
ord4283
ord1316
ord7322
ord316
ord310
ord985
ord433
ord5252
ord12479
ord8332
ord2215
ord3985
ord11112
ord11017
ord7348
ord2762
ord7520
ord4429
ord14058
ord5445
ord11348
ord1524
ord12488
ord5257
ord12486
ord5256
ord10395
ord5273
ord7945
ord8441
ord10751
ord10746
ord4736
ord3400
ord4076
ord10459
ord9422
ord2119
ord5054
ord6690
ord6641
ord6634
ord6671
ord6293
ord342
ord918
ord3871
ord9281
ord13167
ord300
ord1313
ord1172
ord4498
ord2626
ord5207
ord13045
ord305
ord5242
ord1939
ord721
ord7596
ord851
ord1892
ord1854
ord415
ord976
ord6835
ord1288
ord888
ord6112
ord5098
ord11787
ord11153
ord11184
ord9449
ord7355
ord4078
ord11180
ord11172
ord5238
ord3409
ord13481
ord13484
ord13482
ord13485
ord13480
ord13483
ord7144
ord11413
ord13181
ord3390
ord14075
ord1732
ord7091
ord11806
ord3618
ord3676
ord8486
ord13299
ord7073
ord13301
ord11421
ord11420
ord2163
ord4724
ord13767
ord11726
ord7510
ord7584
ord12962
ord7141
ord14062
ord14045
ord13972
ord13973
ord8235
ord11025
ord3395
ord10883
ord13294
ord8070
ord11154
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord1496
ord1503
ord1509
ord1507
ord1514
ord4373
ord4410
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord3484
ord2945
ord2944
ord2846
ord11103
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8304
ord6117
ord895
ord1929
ord8271
ord8308
ord12344
ord11038
ord6344
ord901
ord1294
ord266
ord6836
ord1296
ord788
ord1210
ord11060
ord2025
ord1292
ord5534
ord12535
ord2881
ord2878
ord7349
ord2417
ord14059
ord14061
ord10922
ord14060
ord4430
ord2088

msvcr100

_initterm_e
_mbsrchr
fclose
fgetc
fopen_s
_time64
sprintf_s
rand
_CxxThrowException
memset
_setmbcp
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
__CxxFrameHandler3
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ

kernel32

GetExitCodeThread
WaitForSingleObject
TerminateThread
InterlockedDecrement
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
LoadLibraryA
FreeLibrary
LocalFree
GetLastError
lstrlenW
CreateProcessA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentDirectoryA
GetStartupInfoA
OpenProcess
CloseHandle
SetCurrentDirectoryA
GetModuleFileNameA
GetFileAttributesA
FindFirstFileA

user32

LoadCursorA
SetTimer
KillTimer
MessageBoxA
SendMessageA
UpdateWindow
GetWindowThreadProcessId
RegisterWindowMessageA
EnableWindow

comctl32

ord17

ole32

CoInitializeEx
CoCreateInstance
OleRun
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantChangeType
VariantClear
VariantInit
SetErrorInfo
CreateErrorInfo
GetErrorInfo

Exports

Exports

??0CConnectivity@@QAE@XZ
??0CConnectivityRegistry@@QAE@ABV0@@Z
??0CHTTPParameters@@QAE@ABV0@@Z
??0CNetworkPerformance@@QAE@ABV0@@Z
??0CSoftwareManager@@QAE@ABV0@@Z
??0CUpdateFileManager@@QAE@ABV0@@Z
??4CCalibrationInfo@@QAEAAV0@ABV0@@Z
??4CConnectivity@@QAEAAV0@ABV0@@Z
??4CConnectivityRegistry@@QAEAAV0@ABV0@@Z
??4CHTTPParameters@@QAEAAV0@ABV0@@Z
??4CNetworkPerformance@@QAEAAV0@ABV0@@Z
??4CPreferences@@QAEAAV0@ABV0@@Z
??4CProductInfo@@QAEAAV0@ABV0@@Z
??4CRuntimeSettings@@QAEAAV0@ABV0@@Z
??4CSoftwareManager@@QAEAAV0@ABV0@@Z
??4CSystemInfo@@QAEAAV0@ABV0@@Z
??4CUpdateFileManager@@QAEAAV0@ABV0@@Z
??_7CConnectivityRegistry@@6B@
??_7CHTTPParameters@@6B@
??_7CNetworkPerformance@@6B@
??_7CSoftwareManager@@6B@
??_7CUpdateFileManager@@6B@
??_FCNetworkPerformance@@QAEXXZ
?DATE_TAG_DELIMITER@CCalibrationDownload@@0DB
?DEFAULT_NETWORK_POLL_INTERVAL@CNetworkConnection@@2HB
?DEFAULT_PROMPT_INTERVAL@CNetworkConnection@@2HB
?DEFAULT_UPDATE_INTERVAL@CNetworkConnection@@2HB
?FileName@CHTTPParameters@@QAEPBDXZ
?FileType@CHTTPParameters@@QAEPBDXZ
?GetDateTagDelimiter@CCalibrationDownload@@SADXZ
?HTTPBoundaryString@CHTTPTransfer@@IAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?ResponseCode@CHTTPParameters@@QAEHXZ
?ResponseText@CHTTPParameters@@QAEPBDXZ
?SetRetryAttempts@CHTTPTransfer@@QAEXH@Z
?SetRetryAttempts@CXMLHTTPTransfer@@QAEXH@Z
?TechTipsFileTime@CHTTPParameters@@QAE?AVCTime@ATL@@XZ

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b48a63fb91543ce2e4e1b5df707b5609

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

environment

connectivity

isocodes

updateserviceagent

fnpss

mfc100

msvcr100

kernel32

user32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 6KB - Virtual size: 6KB