64d58405e9fb436c49c6b6767c5614fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64d58405e9fb436c49c6b6767c5614fc_JaffaCakes118
Size

277KB
MD5

64d58405e9fb436c49c6b6767c5614fc
SHA1

fdeadc1e955e656e309c759420eabdea948ee494
SHA256

3ea63fa002437b1631661daaf8795ecb7116acb55292f2aeee495ae9a759f5b3
SHA512

4e4904b6408397d2c332b75e31ec14a1edd3c1de2f078fbf28cb4a2add1f1786cdc0e1c21b5feb25b37c4f076984e9a5ceeb9f9aadbe95fcbfa420b961832755
SSDEEP

6144:/kIo+thD5Haj7HPv9qVDO92UkTQxFoGQLrzxoekt2:/HHDpsUUMqtQLrat2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64d58405e9fb436c49c6b6767c5614fc_JaffaCakes118

Files

64d58405e9fb436c49c6b6767c5614fc_JaffaCakes118
.dll windows:5 windows x86 arch:x86

76a1375a8cf1991c1959eaba28ec5171

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\itt\branch_tbb21\tbb\1.0\build\fxeowin09icc10_1_021_32_release\tbb.pdb

Imports

msvcp90

?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvcr90

_initterm
_initterm_e
_amsg_exit
_encoded_null
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
_malloc_crt
_vsnprintf
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
sprintf
strchr
strerror
abort
getenv
fputs
exit
__RTtypeid
strncpy
__iob_func
fprintf
wcslen
_beginthreadex
_errno
??_V@YAXPAX@Z
free
malloc
??0exception@std@@QAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
memcpy_s
memmove_s
?what@exception@std@@UBEPBDXZ
_purecall
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
_CxxThrowException
__CxxFrameHandler
_adjust_fdiv
memset
memcpy
printf
strlen
vsprintf

kernel32

LeaveCriticalSection
SetEvent
EnterCriticalSection
GetThreadLocale
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
InterlockedCompareExchange
InterlockedExchange
FormatMessageA
LocalFree
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
TryEnterCriticalSection
GetModuleHandleA
GetProcAddress
SetErrorMode
LoadLibraryA
GetSystemInfo
GetCurrentProcess
GetCurrentThread
DuplicateHandle
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
CreateEventA
InitializeCriticalSection
CloseHandle
DeleteCriticalSection
WaitForSingleObject
ResetEvent
SwitchToThread

Exports

Exports

??0concurrent_queue_base@internal@tbb@@IAE@I@Z
??0concurrent_queue_base_v3@internal@tbb@@IAE@I@Z
??0concurrent_queue_iterator_base@internal@tbb@@IAE@ABVconcurrent_queue_base@12@@Z
??0concurrent_queue_iterator_base_v3@internal@tbb@@IAE@ABVconcurrent_queue_base_v3@12@@Z
??0pipeline@tbb@@QAE@XZ
??1captured_exception@tbb@@UAE@XZ
??1concurrent_queue_base@internal@tbb@@MAE@XZ
??1concurrent_queue_base_v3@internal@tbb@@MAE@XZ
??1concurrent_queue_iterator_base@internal@tbb@@IAE@XZ
??1concurrent_queue_iterator_base_v3@internal@tbb@@IAE@XZ
??1concurrent_vector_base_v3@internal@tbb@@IAE@XZ
??1filter@tbb@@UAE@XZ
??1pipeline@tbb@@UAE@XZ
??1task_group_context@tbb@@QAE@XZ
??_7pipeline@tbb@@6B@
?NFS_Allocate@internal@tbb@@YAPAXIIPAX@Z
?NFS_Free@internal@tbb@@YAXPAX@Z
?NFS_GetLineSize@internal@tbb@@YAIXZ
?acquire@scoped_lock@queuing_mutex@tbb@@QAEXAAV23@@Z
?acquire@scoped_lock@queuing_rw_mutex@tbb@@QAEXAAV23@_N@Z
?add_filter@pipeline@tbb@@QAEXAAVfilter@2@@Z
?advance@concurrent_queue_iterator_base@internal@tbb@@IAEXXZ
?advance@concurrent_queue_iterator_base_v3@internal@tbb@@IAEXXZ
?allocate@allocate_additional_child_of_proxy@internal@tbb@@QBEAAVtask@3@I@Z
?allocate@allocate_child_proxy@internal@tbb@@QBEAAVtask@3@I@Z
?allocate@allocate_continuation_proxy@internal@tbb@@QBEAAVtask@3@I@Z
?allocate@allocate_root_proxy@internal@tbb@@SAAAVtask@3@I@Z
?allocate@allocate_root_with_context_proxy@internal@tbb@@QBEAAVtask@3@I@Z
?allocate_closure_v3@internal@tbb@@YAPAXI@Z
?allocate_via_handler_v3@internal@tbb@@YAPAXI@Z
?assertion_failure@tbb@@YAXPBDH00@Z
?assign@concurrent_queue_base_v3@internal@tbb@@IAEXABV123@@Z
?assign@concurrent_queue_iterator_base@internal@tbb@@IAEXABV123@@Z
?assign@concurrent_queue_iterator_base_v3@internal@tbb@@IAEXABV123@@Z
?cancel_group_execution@task_group_context@tbb@@QAE_NXZ
?clear@pipeline@tbb@@QAEXXZ
?deallocate_via_handler_v3@internal@tbb@@YAXPAX@Z
?default_num_threads@task_scheduler_init@tbb@@SAHXZ
?destroy@task@tbb@@QAEXAAV12@@Z
?detach@tbb_thread_v3@internal@tbb@@QAEXXZ
?downgrade_to_reader@scoped_lock@queuing_rw_mutex@tbb@@QAE_NXZ
?free@allocate_additional_child_of_proxy@internal@tbb@@QBEXAAVtask@3@@Z
?free@allocate_child_proxy@internal@tbb@@QBEXAAVtask@3@@Z
?free@allocate_continuation_proxy@internal@tbb@@QBEXAAVtask@3@@Z
?free@allocate_root_proxy@internal@tbb@@SAXAAVtask@3@@Z
?free@allocate_root_with_context_proxy@internal@tbb@@QBEXAAVtask@3@@Z
?free_closure_v3@internal@tbb@@YAXPAX@Z
?get_initial_auto_partitioner_divisor@internal@tbb@@YAIXZ
?handle_perror@internal@tbb@@YAXHPBD@Z
?hardware_concurrency@tbb_thread_v3@internal@tbb@@SAIXZ
?init@task_group_context@tbb@@IAEXXZ
?initialize@task_scheduler_init@tbb@@QAEXH@Z
?initialize@task_scheduler_init@tbb@@QAEXHI@Z
?inject_token@pipeline@tbb@@AAEXAAVtask@2@@Z
?internal_acquire@scoped_lock@mutex@tbb@@AAEXAAV23@@Z
?internal_acquire@scoped_lock@recursive_mutex@tbb@@AAEXAAV23@@Z
?internal_acquire@scoped_lock@spin_mutex@tbb@@AAEXAAV23@@Z
?internal_acquire_reader@spin_rw_mutex@tbb@@CAXPAV12@@Z
?internal_acquire_reader@spin_rw_mutex_v3@tbb@@AAEXXZ
?internal_acquire_writer@spin_rw_mutex@tbb@@CA_NPAV12@@Z
?internal_acquire_writer@spin_rw_mutex_v3@tbb@@AAE_NXZ
?internal_assign@concurrent_vector_base@internal@tbb@@IAEXABV123@IP6AXPAXI@ZP6AX1PBXI@Z4@Z
?internal_assign@concurrent_vector_base_v3@internal@tbb@@IAEXABV123@IP6AXPAXI@ZP6AX1PBXI@Z4@Z
?internal_capacity@concurrent_vector_base@internal@tbb@@IBEIXZ
?internal_capacity@concurrent_vector_base_v3@internal@tbb@@IBEIXZ
?internal_clear@concurrent_vector_base@internal@tbb@@IAEXP6AXPAXI@Z_N@Z
?internal_clear@concurrent_vector_base_v3@internal@tbb@@IAEIP6AXPAXI@Z@Z
?internal_compact@concurrent_vector_base_v3@internal@tbb@@IAEPAXIPAXP6AX0I@ZP6AX0PBXI@Z@Z
?internal_construct@mutex@tbb@@AAEXXZ
?internal_construct@queuing_mutex@tbb@@QAEXXZ
?internal_construct@queuing_rw_mutex@tbb@@QAEXXZ
?internal_construct@recursive_mutex@tbb@@AAEXXZ
?internal_construct@spin_mutex@tbb@@QAEXXZ
?internal_construct@spin_rw_mutex_v3@tbb@@AAEXXZ
?internal_copy@concurrent_vector_base@internal@tbb@@IAEXABV123@IP6AXPAXPBXI@Z@Z
?internal_copy@concurrent_vector_base_v3@internal@tbb@@IAEXABV123@IP6AXPAXPBXI@Z@Z
?internal_destroy@mutex@tbb@@AAEXXZ
?internal_destroy@recursive_mutex@tbb@@AAEXXZ
?internal_downgrade@spin_rw_mutex@tbb@@CAXPAV12@@Z
?internal_downgrade@spin_rw_mutex_v3@tbb@@AAEXXZ
?internal_finish_clear@concurrent_queue_base_v3@internal@tbb@@IAEXXZ
?internal_grow_by@concurrent_vector_base@internal@tbb@@IAEIIIP6AXPAXI@Z@Z
?internal_grow_by@concurrent_vector_base_v3@internal@tbb@@IAEIIIP6AXPAXPBXI@Z1@Z
?internal_grow_predicate@hash_map_segment_base@internal@tbb@@QBE_NXZ
?internal_grow_to_at_least@concurrent_vector_base@internal@tbb@@IAEXIIP6AXPAXI@Z@Z
?internal_grow_to_at_least@concurrent_vector_base_v3@internal@tbb@@IAEXIIP6AXPAXPBXI@Z1@Z
?internal_itt_releasing@spin_rw_mutex@tbb@@CAXPAV12@@Z
?internal_pop@concurrent_queue_base@internal@tbb@@IAEXPAX@Z
?internal_pop@concurrent_queue_base_v3@internal@tbb@@IAEXPAX@Z
?internal_pop_if_present@concurrent_queue_base@internal@tbb@@IAE_NPAX@Z
?internal_pop_if_present@concurrent_queue_base_v3@internal@tbb@@IAE_NPAX@Z
?internal_push@concurrent_queue_base@internal@tbb@@IAEXPBX@Z
?internal_push@concurrent_queue_base_v3@internal@tbb@@IAEXPBX@Z
?internal_push_back@concurrent_vector_base@internal@tbb@@IAEPAXIAAI@Z
?internal_push_back@concurrent_vector_base_v3@internal@tbb@@IAEPAXIAAI@Z
?internal_push_if_not_full@concurrent_queue_base@internal@tbb@@IAE_NPBX@Z
?internal_push_if_not_full@concurrent_queue_base_v3@internal@tbb@@IAE_NPBX@Z
?internal_release@scoped_lock@mutex@tbb@@AAEXXZ
?internal_release@scoped_lock@recursive_mutex@tbb@@AAEXXZ
?internal_release@scoped_lock@spin_mutex@tbb@@AAEXXZ
?internal_release_reader@spin_rw_mutex@tbb@@CAXPAV12@@Z
?internal_release_reader@spin_rw_mutex_v3@tbb@@AAEXXZ
?internal_release_writer@spin_rw_mutex@tbb@@CAXPAV12@@Z
?internal_release_writer@spin_rw_mutex_v3@tbb@@AAEXXZ
?internal_reserve@concurrent_vector_base@internal@tbb@@IAEXIII@Z
?internal_reserve@concurrent_vector_base_v3@internal@tbb@@IAEXIII@Z
?internal_set_capacity@concurrent_queue_base@internal@tbb@@IAEXHI@Z
?internal_set_capacity@concurrent_queue_base_v3@internal@tbb@@IAEXHI@Z
?internal_set_ref_count@task@tbb@@AAEXH@Z
?internal_size@concurrent_queue_base@internal@tbb@@IBEHXZ
?internal_size@concurrent_queue_base_v3@internal@tbb@@IBEHXZ
?internal_start@tbb_thread_v3@internal@tbb@@AAEXP6GIPAX@Z0@Z
?internal_swap@concurrent_vector_base_v3@internal@tbb@@IAEXAAV123@@Z
?internal_throw_exception@concurrent_queue_base_v3@internal@tbb@@IBEXXZ
?internal_throw_exception@concurrent_vector_base_v3@internal@tbb@@IBEXI@Z
?internal_try_acquire@scoped_lock@mutex@tbb@@AAE_NAAV23@@Z
?internal_try_acquire@scoped_lock@recursive_mutex@tbb@@AAE_NAAV23@@Z
?internal_try_acquire@scoped_lock@spin_mutex@tbb@@AAE_NAAV23@@Z
?internal_try_acquire_reader@spin_rw_mutex@tbb@@CA_NPAV12@@Z
?internal_try_acquire_reader@spin_rw_mutex_v3@tbb@@AAE_NXZ
?internal_try_acquire_writer@spin_rw_mutex@tbb@@CA_NPAV12@@Z
?internal_try_acquire_writer@spin_rw_mutex_v3@tbb@@AAE_NXZ
?internal_upgrade@spin_rw_mutex@tbb@@CA_NPAV12@@Z
?internal_upgrade@spin_rw_mutex_v3@tbb@@AAE_NXZ
?is_group_execution_cancelled@task_group_context@tbb@@QBE_NXZ
?is_malloc_used_v3@internal@tbb@@YA_NXZ
?is_owned_by_current_thread@task@tbb@@QBE_NXZ
?itt_load_pointer_v3@internal@tbb@@YAPAXPBX@Z
?itt_load_pointer_with_acquire_v3@internal@tbb@@YAPAXPBX@Z
?itt_set_sync_name_v3@internal@tbb@@YAXPAXPB_W@Z
?itt_store_pointer_with_release_v3@internal@tbb@@YAXPAX0@Z
?join@tbb_thread_v3@internal@tbb@@QAEXXZ
?move_v3@internal@tbb@@YAXAAVtbb_thread_v3@12@0@Z
?name@captured_exception@tbb@@UBEPBDXZ
?note_affinity@task@tbb@@UAEXG@Z
?observe@task_scheduler_observer_v3@internal@tbb@@QAEX_N@Z
?release@scoped_lock@queuing_mutex@tbb@@QAEXXZ
?release@scoped_lock@queuing_rw_mutex@tbb@@QAEXXZ
?reset@task_group_context@tbb@@QAEXXZ
?resize@affinity_partitioner_base_v3@internal@tbb@@AAEXI@Z
?run@pipeline@tbb@@QAEXI@Z
?run@pipeline@tbb@@QAEXIAAVtask_group_context@2@@Z
?runtime_warning@internal@tbb@@YAXPBDZZ
?self@task@tbb@@SAAAV12@XZ
?set_assertion_handler@tbb@@YAP6AXPBDH00@ZP6AX0H00@Z@Z
?spawn_and_wait_for_all@task@tbb@@QAEXAAVtask_list@2@@Z
?terminate@task_scheduler_init@tbb@@QAEXXZ
?thread_get_id_v3@internal@tbb@@YA?AVid@tbb_thread_v3@12@XZ
?thread_sleep_v3@internal@tbb@@YAXABVinterval_t@tick_count@2@@Z
?thread_yield_v3@internal@tbb@@YAXXZ
?try_acquire@scoped_lock@queuing_mutex@tbb@@QAE_NAAV23@@Z
?try_acquire@scoped_lock@queuing_rw_mutex@tbb@@QAE_NAAV23@_N@Z
?upgrade_to_writer@scoped_lock@queuing_rw_mutex@tbb@@QAE_NXZ
?what@captured_exception@tbb@@UBEPBDXZ
TBB_runtime_interface_version
__TBB_machine_cmpswp8
__TBB_machine_fetchadd8
__TBB_machine_fetchstore8
__TBB_machine_load8
__TBB_machine_store8
__TBB_machine_trylockbyte

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

76a1375a8cf1991c1959eaba28ec5171

Headers

File Characteristics

PDB Paths

Imports

msvcp90

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.text1 Size: 3KB - Virtual size: 2KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 8KB

.data1 Size: 21KB - Virtual size: 21KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 7KB - Virtual size: 7KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 108KB - Virtual size: 107KB

.text1
Size: 3KB - Virtual size: 2KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 8KB

.data1
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 108KB - Virtual size: 112KB