5bcdb350d03283cba3fc90f78aaf1140_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bcdb350d03283cba3fc90f78aaf1140_JaffaCakes118
Size

191KB
MD5

5bcdb350d03283cba3fc90f78aaf1140
SHA1

ccee6b917320c4bbb9a837751a618680f0865a91
SHA256

c2c316f4bf8ea1ffc72642b6453b7c31f1503796a57738f0d2846814eaa67aa7
SHA512

715ac93863db897ad496e1753143dba7fa76e8e89a2a4bf07d0d50d141b5029dbdef81ca24de3c15e038263365cb007d1fbc8485d6245a11a63bdf84cd8fd5d8
SSDEEP

3072:/EczDGA1poVPTAesl4wxvYl1Y3VpxagFTHANkUPc2RHGOh29usxcZzL:3zDBPwAXl4bMFpxaaTkkPOAMf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bcdb350d03283cba3fc90f78aaf1140_JaffaCakes118

Files

5bcdb350d03283cba3fc90f78aaf1140_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3d18c5fed172354085c3b464ec0623bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\CXR18\BSF\intel_a\code\bin\VVSNetBase.pdb

Imports

js0group

??4CATUnicodeString@@QAEAAV0@ABV0@@Z
??0CATBaseUnknown@@QAE@XZ
?QueryInterface@CATBaseUnknown@@UAGJABU_GUID@@PAPAX@Z
?AddRef@CATBaseUnknown@@UAGKXZ
?Release@CATBaseUnknown@@UAGKXZ
?GetTypeInfoCount@CATBaseUnknown@@UAGJPAI@Z
?GetTypeInfo@CATBaseUnknown@@UAGJIKPAPAUITypeInfo@@@Z
?GetIDsOfNames@CATBaseUnknown@@UAGJABU_GUID@@PAPAGIKPAJ@Z
?Invoke@CATBaseUnknown@@UAGJJABU_GUID@@KGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAI@Z
?QueryInterface@CATBaseUnknown@@UBEPAV1@PBD@Z
?GetMetaObject@CATBaseUnknown@@UBGPAVCATMetaClass@@XZ
?IsA@CATBaseUnknown@@UBEPBDXZ
?IsAKindOf@CATBaseUnknown@@UBEHPBD@Z
?GetImpl@CATBaseUnknown@@UBGPAV1@H@Z
?SetImpl@CATBaseUnknown@@UAGPAV1@PAV1@@Z
?IsNull@CATBaseUnknown@@UBEHXZ
?IsEqual@CATBaseUnknown@@UBEHPBV1@@Z
?ChangeComponentState@CATBaseUnknown@@UAEJW4ComponentState@1@0PBVCATSysChangeComponentStateContext@@@Z
??1CATBaseUnknown@@UAE@XZ
??0CATBaseUnknown@@QAE@ABV0@@Z
??4CATBaseUnknown@@QAEAAV0@ABV0@@Z
??3CATBaseUnknown@@SAXPAX@Z
?SetFWname@CATMetaClass@@QAEXPBD@Z
?AddDictionary@@YAPBUinfo_dic@@PBU_GUID@@0PBD11PAX12HHH1@Z
?CLSID_CATMetaClass@@3U_GUID@@B
??0CATMetaClass@@QAE@PBU_GUID@@PBDPAV0@2W4ENUMTypeOfClass@@@Z
?MetaObject@CATBaseUnknown@@SGPAVCATMetaClass@@XZ
??2CATMetaClass@@SAPAXI@Z
?GetClassId@CATMetaClass@@QBGABU_GUID@@XZ
?IsA@CATMetaClass@@QBEPBDXZ
?CastTo@CATBaseUnknown_var@@IAGXPAUIUnknown@@ABU_GUID@@@Z
??0CATFillDictionary@@QAE@ABU_GUID@@0PAX1@Z
?Append@CATRawCollPV@@QAEHPAX@Z
?Size@CATRawCollPV@@QBEHXZ
??ACATRawCollPV@@QAEAAPAXH@Z
??ACATRawCollPV@@QBEPAXH@Z
?Locate@CATRawCollPV@@QBEHPAXH@Z
?RemoveValue@CATRawCollPV@@QAEHPAX@Z
??8CATRawCollPV@@QBEHABV0@@Z
??9CATRawCollPV@@QBEHABV0@@Z
??0CATRawCollPV@@QAE@H@Z
??0CATRawCollPV@@QAE@ABV0@@Z
??1CATRawCollPV@@UAE@XZ
??4CATRawCollPV@@QAEAAV0@ABV0@@Z
??1CATUnicodeString@@QAE@XZ
??0CATUnicodeString@@QAE@QBD@Z
?ListOfSupportedClass@CATMetaClass@@SGPBUSupportedClass@@PBD@Z
?CATCreateClassInstance@@YGJPBDPAUIUnknown@@KABU_GUID@@PAPAX@Z
?CastToCharPtr@CATUnicodeString@@QBEPBDXZ
??1CATUnicodeChar@@QAE@XZ
??YCATUnicodeString@@QAEAAV0@ABV0@@Z
??0CATUnicodeString@@QAE@ABVCATUnicodeChar@@I@Z
??4CATUnicodeString@@QAEAAV0@PBD@Z
?ConvertToUC2Bytes@CATUnicodeChar@@QBE?BGXZ
??ACATUnicodeString@@QBE?AVCATUnicodeChar@@I@Z
??0CATUnicodeString@@QAE@XZ
?GetLengthInChar@CATUnicodeString@@QBEHXZ
??YCATUnicodeString@@QAEAAV0@ABVCATUnicodeChar@@@Z
??4CATUnicodeChar@@QAEAAV0@ABV0@@Z
?BuildFromUC2Bytes@CATUnicodeChar@@QAEXABG@Z
?ConvertToChar@CATUnicodeString@@QBEPBDXZ
?SubString@CATUnicodeString@@QBE?AV1@HH@Z
??4CATUnicodeChar@@QAEAAV0@D@Z
??0CATUnicodeChar@@QAE@XZ
??BCATUnicodeChar@@QBEDXZ
?Append@CATListValCATUnicodeString@@QAEXABVCATUnicodeString@@@Z
?SearchSubString@CATUnicodeString@@QBEHABV1@HW4CATSearchMode@1@@Z
??0CATUnicodeString@@QAE@ABV0@@Z
??0CATListValCATUnicodeString@@QAE@XZ
??HCATUnicodeString@@QBE?AV0@PBD@Z
??HCATUnicodeString@@QBE?AV0@ABV0@@Z
??4CATListValCATUnicodeString@@QAEAAV0@ABV0@@Z
??ACATListValCATUnicodeString@@QAEAAVCATUnicodeString@@H@Z
??1CATListValCATUnicodeString@@QAE@XZ
?Size@CATListValCATUnicodeString@@QBEHXZ
?Append@CATUnicodeString@@QAEAAV1@ABV1@@Z
??1CATToken@@UAE@XZ
?Remove@CATUnicodeString@@QAEXHH@Z
?GetNextToken@CATToken@@QAE?AVCATUnicodeString@@ABV2@@Z
??0CATToken@@QAE@ABVCATUnicodeString@@@Z
?GetNextToken@CATToken@@QAE?AVCATUnicodeString@@XZ
?Compare@CATUnicodeString@@QBEHABV1@@Z

vvsutils

?PutString@CATVVSUnicodeStringHashtable@@QAEXABVCATUnicodeString@@0@Z
?ContainsKey@CATVVSUnicodeStringHashtable@@QBEEABVCATUnicodeString@@@Z
?GetIUnknown@CATVVSUnicodeStringHashtable@@QBEXABVCATUnicodeString@@AAPAVCATBaseUnknown@@@Z
?PutIUnknown@CATVVSUnicodeStringHashtable@@QAEXABVCATUnicodeString@@PAVCATBaseUnknown@@@Z
??1CATVVSUnicodeStringHashtable@@QAE@XZ
??0CATVVSUnicodeStringHashtable@@QAE@ABVCATUnicodeString@@H@Z
??4CATVVSUnicodeStringHashtable@@QAEAAV0@ABV0@@Z
??0CATVVSUnicodeStringHashtable@@QAE@ABV0@@Z

vvsstreamconsumer

??0CATVVSUrlAndStreamManager@@QAE@XZ
?ReleaseURL@CATVVSUrlAndStreamManager@@QAEJABVCATVVSUrl@@PAVCATVVSTransaction@@@Z
??1CATVVSUrlAndStreamManager@@QAE@XZ

msvcr80

_purecall
??_V@YAXPAX@Z
??3@YAXPAX@Z
sprintf
sscanf
_callnewh
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
malloc
_encode_pointer

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
InterlockedExchange
Sleep

Exports

Exports

??0CATIVVSURLStreamHandler@@QAE@ABV0@@Z
??0CATIVVSURLStreamHandler@@QAE@XZ
??0CATListPtrCATVVSUrl@@QAE@ABV0@@Z
??0CATListPtrCATVVSUrl@@QAE@H@Z
??0CATVVSStreamHandlerSessionManager@@AAE@XZ
??0CATVVSStreamHandlerSessionManager@@QAE@ABV0@@Z
??0CATVVSURLConnection@@QAE@ABV0@@Z
??0CATVVSURLConnection@@QAE@XZ
??0CATVVSUrl@@QAE@ABV0@@Z
??0CATVVSUrl@@QAE@ABVCATUnicodeString@@000@Z
??0CATVVSUrl@@QAE@ABVCATUnicodeString@@00@Z
??0CATVVSUrl@@QAE@ABVCATUnicodeString@@@Z
??0CATVVSUrl@@QAE@XZ
??1CATIVVSURLStreamHandler@@UAE@XZ
??1CATListPtrCATVVSUrl@@UAE@XZ
??1CATVVSStreamHandlerSessionManager@@AAE@XZ
??1CATVVSURLConnection@@QAE@XZ
??1CATVVSUrl@@QAE@XZ
??4CATIVVSURLStreamHandler@@QAEAAV0@ABV0@@Z
??4CATListPtrCATVVSUrl@@QAEAAV0@ABV0@@Z
??4CATVVSStreamHandlerSessionManager@@QAEAAV0@ABV0@@Z
??4CATVVSURLConnection@@QAEAAV0@ABV0@@Z
??4CATVVSURLEncoderDecoder@@QAEAAV0@ABV0@@Z
??4CATVVSUrl@@QAEAAV0@ABV0@@Z
??8CATListPtrCATVVSUrl@@QBEHABV0@@Z
??8CATVVSUrl@@QBEEABV0@@Z
??9CATListPtrCATVVSUrl@@QBEHABV0@@Z
??9CATVVSUrl@@QBEEABV0@@Z
??ACATListPtrCATVVSUrl@@QAEAAPAVCATVVSUrl@@H@Z
??ACATListPtrCATVVSUrl@@QBEPAVCATVVSUrl@@H@Z
??_7CATIVVSURLStreamHandler@@6B@
??_7CATListPtrCATVVSUrl@@6B@
??_FCATListPtrCATVVSUrl@@QAEXXZ
?Append@CATListPtrCATVVSUrl@@QAEXPAVCATVVSUrl@@@Z
?ClassId@CATIVVSURLStreamHandler@@SGABU_GUID@@XZ
?ClassName@CATIVVSURLStreamHandler@@SGPBDXZ
?Close@CATVVSURLConnection@@QAEJXZ
?ConvertToString@CATVVSUrl@@QBEJAAVCATUnicodeString@@@Z
?GetILockBytes2@CATVVSURLConnection@@QAEJAAPAVCATILockBytes2@@@Z
?GetIdentifier@CATVVSUrl@@QBEABVCATUnicodeString@@XZ
?GetProperty@CATVVSURLConnection@@QAEJABVCATUnicodeString@@AAPAV2@@Z
?GetProtocol@CATVVSUrl@@QBEABVCATUnicodeString@@XZ
?GetSearchPart@CATVVSUrl@@QBEABVCATUnicodeString@@XZ
?GetSearchPartAsHashtable@CATVVSUrl@@QAEJAAVCATVVSUnicodeStringHashtable@@@Z
?GetSessionManager@CATVVSStreamHandlerSessionManager@@SAPAV1@ABVCATUnicodeString@@@Z
?GetSite@CATVVSUrl@@QBEABVCATUnicodeString@@XZ
?GetStreamHandlerByType@CATVVSStreamHandlerSessionManager@@QAEJABVCATUnicodeString@@AAPAVCATIVVSURLStreamHandler@@@Z
?GetUrl@CATVVSURLConnection@@QAEJAAVCATVVSUrl@@@Z
?IID_CATIVVSURLStreamHandler@@3U_GUID@@A
?Init@CATVVSStreamHandlerSessionManager@@QAEJXZ
?InitWith@CATVVSURLConnection@@QAEJABVCATVVSUrl@@PAVCATILockBytes2@@@Z
?IsSet@CATVVSUrl@@QBEEXZ
?Locate@CATListPtrCATVVSUrl@@QBEHPAVCATVVSUrl@@H@Z
?MetaObject@CATIVVSURLStreamHandler@@SGPAVCATMetaClass@@XZ
?ReleaseSessionManager@CATVVSStreamHandlerSessionManager@@SAJABVCATUnicodeString@@@Z
?RemoveValue@CATListPtrCATVVSUrl@@QAEHPAVCATVVSUrl@@@Z
?Size@CATListPtrCATVVSUrl@@QBEHXZ
?ToUnicodeString@CATVVSUrl@@QBE?AVCATUnicodeString@@XZ
?__CastTo@CATIVVSURLStreamHandler_var@@AAGXPAUIUnknown@@@Z
?_instance@CATVVSStreamHandlerSessionManager@@0PAV1@A
?decodeString@CATVVSURLEncoderDecoder@@SAJABVCATUnicodeString@@AAPAD@Z
?decodeString@CATVVSURLEncoderDecoder@@SAJABVCATUnicodeString@@AAV2@@Z
?encodePath@CATVVSURLEncoderDecoder@@SAXABVCATUnicodeString@@AAV2@@Z
?encodeString@CATVVSURLEncoderDecoder@@SAXABVCATUnicodeString@@AAV2@H@Z
?encodeURL@CATVVSURLEncoderDecoder@@SAJABVCATUnicodeString@@AAV2@@Z
?meta_object@CATIVVSURLStreamHandler@@0PAVCATMetaClass@@A
?tokenize@CATVVSURLEncoderDecoder@@CA?AVCATListValCATUnicodeString@@ABVCATUnicodeString@@0@Z
DASSAULT_SYSTEMES_CAA2_INTERNAL_VVSNetBase

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d18c5fed172354085c3b464ec0623bc

Headers

File Characteristics

PDB Paths

Imports

js0group

vvsutils

vvsstreamconsumer

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 168KB - Virtual size: 168KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB