645d4faea5f3c3211c71f5498732b0ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

645d4faea5f3c3211c71f5498732b0ae_JaffaCakes118
Size

167KB
MD5

645d4faea5f3c3211c71f5498732b0ae
SHA1

bf55b9f79b3b44b415a3debbbca9bb31179ace1a
SHA256

b6401c1ecd898680a58e1642b1d531f2b7f9166afb5960fb537cec8a66c15636
SHA512

93f146a9edf584ba88085279a4617546bcd52e9597de80ae2208b50f572d8d41e4e100caae34bc5f985d6b32ad4d90c9420287a696f1b9b13c757f203afd9ed3
SSDEEP

3072:3hGlL5nSYDl/U3Y8fcb4Pbdpn0z93Rus/qzI0o4KWzi7udE4Vh4pGGQjP763LCWk:3hGtSYDIpnIR3qzrAcrdE4V2pGGxCW6X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
645d4faea5f3c3211c71f5498732b0ae_JaffaCakes118

Files

645d4faea5f3c3211c71f5498732b0ae_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7c3c7afbc7f7f17e94c1ee55dab822e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\_cn02231423\es-minsk-build\plugins\bin\Pcd.pdb

Imports

atlas

?URIaddReference@AtlasUser@@QAE?AW4SUPPORTS_ERRORS@@AAVSystemString@@ABV3@@Z
?URIappendCategoryQueryElement@AtlasUser@@QAE?AW4SUPPORTS_ERRORS@@AAVSystemString@@ABV3@1@Z
?URIappendAssetQueryElement@AtlasUser@@QAE?AW4SUPPORTS_ERRORS@@AAVSystemString@@ABV3@1@Z
?CreateCategoryURI@AtlasUser@@QAEAAVSystemString@@ABV2@@Z
?URIappendPathSegment@AtlasUser@@QAE?AW4SUPPORTS_ERRORS@@AAVSystemString@@ABV3@@Z
?LoadByURI@AtlasUser@@QAE?AW4SUPPORTS_ERRORS@@ABVSystemString@@AAV?$shared_ptr@VpjObject@@@boost@@@Z

shlwapi

PathStripToRootA
PathAppendA
PathAppendW
PathCanonicalizeA
PathFindFileNameA
PathStripPathA
PathIsRootA

vistadb.esx

??1CStockQuery@@QAE@XZ
??0CStockQuery@@QAE@XZ
?GetRequest@CGetLabelsFromImagesQuery@@UAE?AV?$shared_ptr@VAtlasRequest@@@boost@@XZ
?ResetLastAcqBin@AtlasManager@@QAEJXZ
?Instance@AtlasManager@@SAPAV1@XZ
?GetAtlasUser@AtlasManager@@QAE?AV?$shared_ptr@VAtlasUser@@@boost@@XZ
?GetRequest@CLabelsByImageQuery@@UAE?AV?$shared_ptr@VAtlasRequest@@@boost@@XZ
?GetRequest@CAllAddressesQuery@@UAE?AV?$shared_ptr@VAtlasRequest@@@boost@@XZ
?GetRequest@CAllTrackingQuery@@UAE?AV?$shared_ptr@VAtlasRequest@@@boost@@XZ
?GetRequest@CGetLabelQuery@@UAE?AV?$shared_ptr@VAtlasRequest@@@boost@@XZ
?GetRequest@CProtectedQuery@@UAE?AV?$shared_ptr@VAtlasRequest@@@boost@@XZ
?GetRequest@CGetChildLabelsQuery@@UAE?AV?$shared_ptr@VAtlasRequest@@@boost@@XZ
?GetRequest@CGetTopLabelsQuery@@UAE?AV?$shared_ptr@VAtlasRequest@@@boost@@XZ

kpcdinterface

?GetCDMediaType@CKPCDStore@@SA?AW4CDMediaType@1@VCKDirSpec@@@Z
?Close@CKPCDStore@@UAE?AW4PCDStatus@@XZ
?GetPCDUniqueID@CKPCDStore@@SA?AVCKString@@VCKDirSpec@@@Z
?ConvertUniquePCDIdToOrderDateTime@CKPCDStore@@SA_NAAVCKString@@00W4PCDDateTimeFormat@1@@Z
?Open@CKPCDStore@@UAE?AW4PCDStatus@@VCKDirSpec@@@Z
?GetPCDFileSet@CKPCDStore@@UAE?AW4PCDStatus@@PAPAVCKPtrArray@@J@Z
??1CKPCDStore@@UAE@XZ
??0CKPCDStore@@QAE@XZ
?GetIntroSlideShowRunPref@CKPCDStore@@SA_NXZ
?SetIntroSlideShowRunPref@CKPCDStore@@SAX_N@Z

kcor40

?GetDir@CKDirSpec@@QAE?AVCKString@@XZ
??0CKString@@QAE@XZ
??4CKString@@QAEAAV0@ABV0@@Z
?SetFullPath@CKFileSpec@@QAEXVCKString@@@Z
?GetAtDirSpec@CKDirSpecList@@UAEPAVCKDirSpec@@J@Z
??1CKFileSpec@@UAE@XZ
?FileExists@CKFileSpec@@QAE_NXZ
?GetFullPathSansDevice@CKFileSpec@@QAE?AVCKString@@XZ
?GetFullPath@CKFileSpec@@QAE?AVCKString@@XZ
?GetFilename@CKFileSpec@@QAE?AVCKString@@XZ
?GetPCDROMList@CKDirSpec@@SAJAAVCKDirSpecList@@@Z
?SetDir@CKDirSpec@@QAEXVCKString@@@Z
??0CKDirSpec@@QAE@XZ
??1CKDirSpecList@@UAE@XZ
??0CKDirSpecList@@QAE@XZ
??0CKFileSpec@@QAE@XZ
??1CKDirSpec@@UAE@XZ
??0CKDirSpec@@QAE@AAV0@@Z
??0CKString@@QAE@ABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
??0CKString@@QAE@PBD@Z
??1CKString@@UAE@XZ

vprintonlinehelper40

??0VPrintOnlineUtils@@QAE@XZ
??1PrintOnlineSetupData@@QAE@XZ
?SetIRetailer@VPrintOnlineUtils@@QAE_NABV_bstr_t@@@Z
?SetSLFalse@VPrintOnlineUtils@@QAE_NXZ
??1VPrintOnlineUtils@@QAE@XZ
?InitPrintOnlineUtils@VPrintOnlineUtils@@QAEXW4VOLServiceType@@@Z
??0PrintOnlineSetupData@@QAE@XZ
?GetSetupData@VPrintOnlineUtils@@QAE_NAAVPrintOnlineSetupData@@@Z

mfc80

ord764
ord762
ord781
ord3997
ord6168
ord6703
ord4081
ord299
ord5529
ord297
ord1489
ord2468
ord1084
ord6118
ord310
ord5403
ord911
ord578
ord907
ord2131
ord1482
ord784
ord2325
ord304
ord265
ord2322
ord2324
ord266
ord1098
ord371
ord1175
ord1185
ord1486
ord314
ord6754
ord2469
ord298

msvcr80

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
_makepath
_splitpath
strtok
memmove
strcmp
fopen
_mbsinc
_mbsrchr
_mbsupr
fclose
__RTDynamicCast
memmove_s
strlen
_mbstok
_vsnprintf
_mbslen
_invalid_parameter_noinfo
sscanf
strcat
strcpy
??1exception@std@@UAE@XZ
_CxxThrowException
strncpy
??0exception@std@@QAE@ABV01@@Z
_mbsnbcpy
_mbsnbcat
??0exception@std@@QAE@ABQBD@Z
fgets
memset
free
?what@exception@std@@UBEPBDXZ
_purecall
_mbscmp
?raw_name@type_info@@QBEPBDXZ
??0exception@std@@QAE@XZ
??8type_info@@QBE_NABV0@@Z
malloc

kernel32

GetACP
GetThreadLocale
GetLocaleInfoA
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetDiskFreeSpaceExA
GetDriveTypeA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenFile
WideCharToMultiByte
MultiByteToWideChar
TlsGetValue
TlsSetValue
DisableThreadLibraryCalls
TlsAlloc
UnmapViewOfFile
GetSystemInfo
RemoveDirectoryA
CreateMutexA
VirtualAlloc
CreateDirectoryA
GetCurrentProcessId
CloseHandle
VirtualFree
VirtualQuery
GetTempPathA
WriteFile
GetSystemTime
GetProcessHeap
SetFilePointer
InterlockedCompareExchange
MapViewOfFile
HeapAlloc
CreateFileMappingA
LocalFree
CreateFileA
Sleep
OpenFileMappingA
GetVersionExA
FreeLibrary
GetProcAddress
SetEvent
LoadLibraryA
QueryPerformanceCounter
GetModuleFileNameA
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
lstrlenA
GlobalAlloc
GetCurrentProcess
FormatMessageA
GetFileAttributesA
OutputDebugStringA
FindClose
GlobalFree
InterlockedExchange
FindFirstFileA
ReleaseMutex
WaitForSingleObject
GetLastError
DeleteFileA

user32

DefWindowProcA
wsprintfA
GetClassInfoExA
TranslateMessage
DispatchMessageA
GetDesktopWindow
RegisterClassExA
SendMessageA
CreateWindowExA
GetMessageA
RegisterWindowMessageA
wvsprintfA

advapi32

RegQueryValueExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

SHCreateDirectoryExW
SHGetFileInfoA
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListA
SHGetFolderPathW
SHFileOperationA

ole32

CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysStringLen

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

locpcd

_MyLocDllHandle

Exports

Exports

??0AddressObject@@QAE@XZ
??0CAllAddressesQuery@@QAE@ABV0@@Z
??0CAllAddressesQuery@@QAE@XZ
??0CAllTrackingQuery@@QAE@ABV0@@Z
??0CAllTrackingQuery@@QAE@XZ
??0CGetChildLabelsQuery@@QAE@ABV0@@Z
??0CGetLabelQuery@@QAE@ABV0@@Z
??0CGetLabelQuery@@QAE@XZ
??0CGetLabelsFromImagesQuery@@QAE@ABV0@@Z
??0CGetLabelsFromImagesQuery@@QAE@XZ
??0CGetTopLabelsQuery@@QAE@ABV0@@Z
??0CGetTopLabelsQuery@@QAE@XZ
??0CLabelsByImageQuery@@QAE@ABV0@@Z
??0CProtectedQuery@@QAE@ABV0@@Z
??0CProtectedQuery@@QAE@XZ
??0CStockQuery@@QAE@ABV0@@Z
??1AddressObject@@UAE@XZ
??1AtlasManager@@QAE@XZ
??1CAllAddressesQuery@@QAE@XZ
??1CAllTrackingQuery@@QAE@XZ
??1CGetChildLabelsQuery@@QAE@XZ
??1CGetLabelQuery@@QAE@XZ
??1CGetLabelsFromImagesQuery@@QAE@XZ
??1CGetTopLabelsQuery@@QAE@XZ
??1CLabelsByImageQuery@@QAE@XZ
??1CProtectedQuery@@QAE@XZ
??4CAllAddressesQuery@@QAEAAV0@ABV0@@Z
??4CAllTrackingQuery@@QAEAAV0@ABV0@@Z
??4CGetChildLabelsQuery@@QAEAAV0@ABV0@@Z
??4CGetLabelQuery@@QAEAAV0@ABV0@@Z
??4CGetLabelsFromImagesQuery@@QAEAAV0@ABV0@@Z
??4CGetTopLabelsQuery@@QAEAAV0@ABV0@@Z
??4CLabelsByImageQuery@@QAEAAV0@ABV0@@Z
??4CProtectedQuery@@QAEAAV0@ABV0@@Z
??4CStockQuery@@QAEAAV0@ABV0@@Z
??4ExifTagEntry@@QAEAAU0@ABU0@@Z
??_7AddressObject@@6B@
??_7CAllAddressesQuery@@6B@
??_7CAllTrackingQuery@@6B@
??_7CGetChildLabelsQuery@@6B@
??_7CGetLabelQuery@@6B@
??_7CGetLabelsFromImagesQuery@@6B@
??_7CGetTopLabelsQuery@@6B@
??_7CLabelsByImageQuery@@6B@
??_7CProtectedQuery@@6B@
??_7CStockQuery@@6B@
?Construct@AddressObject@@QAE?AW4SUPPORTS_ERRORS@@V?$shared_ptr@VBinaryInterface@@@boost@@@Z
?GetAsciiType@AddressObject@@UAE?AVSystemString@@XZ
ChainResources
GetFactoryV2

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c3c7afbc7f7f17e94c1ee55dab822e6

Headers

File Characteristics

PDB Paths

Imports

atlas

shlwapi

vistadb.esx

kpcdinterface

kcor40

vprintonlinehelper40

mfc80

msvcr80

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

locpcd

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 104KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB