86fa3dc648a38dbec998b7f9f63ee63e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

86fa3dc648a38dbec998b7f9f63ee63e_JaffaCakes118
Size

992KB
MD5

86fa3dc648a38dbec998b7f9f63ee63e
SHA1

3797156f2648840f4affa81db8d64af77010f73f
SHA256

0d8c6fd78fb8bcf01115bbbfde2d7068e9204a85323212dff73c4e78a84a806e
SHA512

ca2b3f52381c60f6e1ac6afc98f14a1c7998f4b5f10d413349ef0208810d2aae4eb3d508a0bf0d5bd1d3a70716e14501c737cb01f3f8ee45b032dc6c71e1d652
SSDEEP

12288:HAccQ5uT9Mok+qEymELxc3JeNkee7bnjImwYAOxjpY:HA49+qL1c3INkeeXjIFY6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86fa3dc648a38dbec998b7f9f63ee63e_JaffaCakes118

Files

86fa3dc648a38dbec998b7f9f63ee63e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d7d22bfd0f9978297c350a63a68d55f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\NPS_VSS_ROOT\NPS\bin\release\program files\NPSDMPPlayer.pdb

Imports

wsock32

accept
getpeername
bind
sendto
listen
ntohs
recvfrom
recv
inet_ntoa
ioctlsocket
select
htons
inet_addr
WSAGetLastError
socket
gethostbyname
setsockopt
WSAStartup
shutdown
WSACleanup
closesocket
connect
send

winmm

timeKillEvent
timeGetDevCaps
timeBeginPeriod
timeSetEvent

gdiplus

GdipGetPropertyItemSize
GdipImageGetFrameDimensionsList
GdipCreateBitmapFromFile
GdipDisposeImage
GdipSetInterpolationMode
GdipImageRotateFlip
GdipImageGetFrameDimensionsCount
GdipFree
GdipDrawImageRectI
GdipAlloc
GdipGetPropertyItem
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipImageGetFrameCount
GdipCreateHBITMAPFromBitmap
GdipImageSelectActiveFrame
GdipGetImageWidth
GdipCreateImageAttributes
GdipSetImageAttributesWrapMode
GdipDrawImageRectRectI
GdipGetImageHeight
GdipCreateFromHDC
GdipDisposeImageAttributes
GdipDrawImageI
GdipDeleteGraphics

npscommon5

?SetFullScreen@CTitleWnd@@QAEXH@Z
?SetActivate@CTitleWnd@@QAEXH@Z
?ShowRestoreButton@CTitleWnd@@QAEXH@Z
?LoadBitmapFromResource@CGdiPlusUtil@@QAEPAVBitmap@Gdiplus@@PAUHINSTANCE__@@PB_W1@Z
??1CGdiPlusUtil@@UAE@XZ
??0CGdiPlusUtil@@QAE@XZ
?GetThisMessageMap@CSkinWnd@@KGPBUAFX_MSGMAP@@XZ
??1CSkinWnd@@UAE@XZ
??0CSkinWnd@@QAE@XZ
?GetThisClass@CSkinWnd@@SGPAUCRuntimeClass@@XZ
?SetTailString@CTitleWnd@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetTitle@CTitleWnd@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?OnSize@CSkinWnd@@QAEXIHH@Z
?OnWindowPosChanging@CSkinWnd@@QAEXPAUtagWINDOWPOS@@@Z
?OnWindowPosChanged@CSkinWnd@@QAEXPAUtagWINDOWPOS@@@Z
?OnTimer@CSkinWnd@@QAEXI@Z
?OnDestroy@CSkinWnd@@QAEXXZ
?OnMinimize@CSkinWnd@@QAEXXZ
?OnNcLButtonDown@CSkinWnd@@QAEXIVCPoint@@@Z
?PostNcDestroy@CSkinWnd@@MAEXXZ
??0CCommonAbout@@QAE@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0HPAVCWnd@@@Z
?OnEnable@CSkinWnd@@IAEXH@Z
??1CCommonAbout@@UAE@XZ
?GetRuntimeClass@CSkinAppWnd@@UBEPAUCRuntimeClass@@XZ
??0CSkinAppWnd@@QAE@XZ
??1CSkinAppWnd@@UAE@XZ
?GetThisMessageMap@CSkinAppWnd@@KGPBUAFX_MSGMAP@@XZ
?OnCreate@CSkinAppWnd@@QAEHPAUtagCREATESTRUCTW@@@Z
?PreCreateWindow@CSkinAppWnd@@MAEHAAUtagCREATESTRUCTW@@@Z
?PreTranslateMessage@CSkinAppWnd@@UAEHPAUtagMSG@@@Z
?PreTranslateMessage@CSkinWnd@@MAEHPAUtagMSG@@@Z
?PreCreateWindow@CSkinWnd@@MAEHAAUtagCREATESTRUCTW@@@Z
?OnCaptureChanged@CSkinWnd@@QAEXPAVCWnd@@@Z
?OnCreate@CSkinWnd@@QAEHPAUtagCREATESTRUCTW@@@Z

npscomnctrl

?NPSSkinExceptClass@@YAXPB_W@Z
?InitNPSSkinManager@@YAXPB_W0@Z
?NPSSkinApplyWindow@@YAXPAUHWND__@@@Z
?TrackPopupMenu@CNPSTransMenu@@QAEXIHHPAVCWnd@@PBUtagRECT@@H@Z
??1CNPSTransMenu@@UAE@XZ
??0CNPSTransMenu@@QAE@XZ
?GetVideoInfo@@YAJPB_WPAUVIDEOINFO2@@@Z
?RenderFile@@YAJPB_WPAUIGraphBuilder@@PAUIBaseFilter@@22@Z
?FreeFunFilter@@YAJXZ
?InitFunFilter@@YAJXZ
?Initialize@CWndShadow@@SA_NPAUHINSTANCE__@@@Z

dump

?RegisterCrashHandler@@YAHPB_W0@Z

mfc80u

ord2397
ord2640
ord2379
ord2527
ord2381
ord3712
ord266
ord2399
ord3713
ord2169
ord3703
ord2856
ord2638
ord2163
ord3943
ord1513
ord4255
ord6273
ord3796
ord6275
ord3339
ord5829
ord4961
ord3678
ord6721
ord5911
ord1611
ord2648
ord1608
ord1353
ord4480
ord5171
ord3940
ord1955
ord1393
ord1647
ord760
ord1646
ord4238
ord1590
ord5148
ord5196
ord1899
ord2366
ord1894
ord572
ord5067
ord3590
ord1252
ord2271
ord2311
ord631
ord2275
ord287
ord386
ord5430
ord2310
ord998
ord2011
ord283
ord280
ord6301
ord3249
ord3103
ord293
ord1274
ord2365
ord5398
ord1178
ord5149
ord762
ord3168
ord1079
ord1386
ord2460
ord1472
ord4026
ord1118
ord1117
ord2121
ord1156
ord2155
ord6700
ord3990
ord6086
ord709
ord6061
ord4101
ord501
ord4119
ord3756
ord783
ord5637
ord6160
ord5636
ord629
ord1182
ord1176
ord3383
ord745
ord781
ord5643
ord384
ord282
ord5524
ord6277
ord578
ord666
ord2534
ord894
ord868
ord4063
ord310
ord429
ord746
ord6279
ord899
ord3233
ord747
ord1003
ord559
ord558
ord1058
ord896
ord776
ord1479
ord774
ord577
ord1270
ord3174
ord589
ord330
ord3198
ord5633
ord602
ord2255
ord3155
ord2521
ord5607
ord6056
ord6058
ord5604
ord6050
ord4155
ord6053
ord5884
ord6033
ord1086
ord5727
ord5723
ord5638
ord5519
ord5584
ord347
ord2889
ord5410
ord1925
ord5397
ord1959
ord5917
ord1271
ord5715
ord3204
ord901
ord904
ord5558
ord5399
ord313
ord2462
ord2122
ord1430
ord2279
ord6284
ord1431
ord5621
ord3925
ord383
ord2745
ord1189
ord777
ord265
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord5971
ord566
ord3327
ord304
ord1911
ord2925
ord5220
ord3942
ord5226
ord5209
ord1049
ord1121
ord4032
ord3677
ord757
ord4008
ord5222
ord2832
ord4562
ord4475
ord5562
ord4028
ord2239
ord3824
ord4467
ord4463
ord4461
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord2361
ord4094
ord2085
ord1946
ord3238
ord1220
ord1476
ord1002
ord4388
ord4347
ord444
ord2167
ord1299
ord6300
ord3102
ord502
ord3281
ord4100
ord6140
ord722
ord4074
ord5440
ord5053
ord663
ord3857
ord5465
ord5710
ord865
ord6001
ord2261
ord4060
ord530
ord426
ord3289
ord3343
ord3342
ord5981
ord5982
ord3344
ord5712
ord3995
ord4882
ord4117
ord6002
ord3157
ord1662
ord1661
ord1542
ord354
ord3435
ord1784
ord6232
ord1864
ord2651
ord3635
ord2409
ord6720
ord5908
ord1392
ord4256
ord5199
ord605
ord4206
ord4729
ord4884
ord4574
ord6282
ord5316
ord3842
ord1920
ord860
ord326
ord6293
ord5327
ord1172
ord2225
ord2362
ord2340
ord1571
ord6278
ord3296
ord3331
ord4226
ord587
ord1536
ord3158
ord4109
ord3417
ord2708
ord2386
ord4301
ord2402
ord2829
ord2407
ord2725
ord2390
ord2531
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord764
ord1198
ord557
ord5178

msvcr80

_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wcscpy_s
_wcsdup
_snprintf
perror
atoi
_strnicmp
strncpy
fclose
_wfopen
fread
fseek
sscanf
_mktime64
_wcsicmp
_wtoi
realloc
memcpy_s
memmove
wcsncpy_s
wcsnlen
_initterm_e
_waccess
_beginthreadex
_endthreadex
sprintf
malloc
free
_strdup
calloc
_CIlog
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
memset
memcpy
_localtime64_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
wcsftime
strncat
strtok
atol
printf
strncmp
_stricmp
strchr
_time64
fopen
fprintf
vfprintf
vsprintf
__iob_func
fflush
_endthread
isdigit
_tzset
_read
_write
_close
_wopen
_purecall
rand
_gmtime64
_vsnprintf
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memmove_s
strstr
toupper
__CxxFrameHandler3
_CIpow
_CxxThrowException

kernel32

HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GlobalReAlloc
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
CreateThread
MulDiv
GetCurrentProcess
GetCurrentThreadId
RaiseException
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetVersionExA
SetThreadPriority
GetFileAttributesExW
SystemTimeToFileTime
GetModuleFileNameW
CreateProcessW
CreateDirectoryW
DeleteCriticalSection
ResetEvent
InitializeCriticalSection
LeaveCriticalSection
SetEvent
EnterCriticalSection
GetThreadLocale
WaitForSingleObject
lstrcpyW
WideCharToMultiByte
CreateEventW
Sleep
TerminateThread
MultiByteToWideChar
GetExitCodeThread
CloseHandle
DeleteFileW
WaitForMultipleObjects
GetLastError
GetCurrentProcessId
lstrlenW
SetThreadLocale
GetProcAddress
LoadLibraryW
CreateMutexW
GetVersionExW
GetModuleHandleW
GetLocaleInfoW

user32

IsRectEmpty
IsWindowVisible
ScreenToClient
EnableMenuItem
GetMonitorInfoW
GetWindowRect
KillTimer
LoadMenuW
CopyRect
PtInRect
OffsetRect
GetCursorPos
DrawTextW
GetSubMenu
GetDesktopWindow
GetClientRect
InvalidateRect
GetParent
SendMessageW
LoadAcceleratorsW
EnableWindow
SetCapture
DrawTextExW
TabbedTextOutW
SetRect
IsZoomed
DrawEdge
GrayStringW
DrawFocusRect
GetNextDlgGroupItem
DrawIconEx
GetSysColor
SetWindowRgn
RedrawWindow
GetIconInfo
InflateRect
PostMessageW
SetParent
LoadCursorW
SetRectEmpty
MonitorFromRect
MonitorFromPoint
WindowFromPoint
GetClassNameW
RegisterWindowMessageW
ReleaseCapture
CheckMenuRadioItem
FillRect
SetLayeredWindowAttributes
EqualRect
UnionRect
LoadBitmapW
GetKeyState
ClientToScreen
GetFocus
SetCursor
IntersectRect
CallWindowProcW
LoadIconW
SetTimer
UnregisterClassA
FindWindowW
DefWindowProcW
DestroyIcon
IsWindow
TrackPopupMenu
GetWindowLongW
SetWindowLongW
SetForegroundWindow
GetMenuDefaultItem
ReleaseDC
GetDC
wsprintfW
GetCapture

gdi32

GetBkColor
CreateFontIndirectW
Escape
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetMapMode
DPtoLP
ExtTextOutW
GetObjectW
SelectClipRgn
CreateFontW
CreatePolygonRgn
CreateRoundRectRgn
FillRgn
GetViewportExtEx
GetWindowExtEx
RectVisible
GetTextExtentPoint32W
PtVisible
LPtoDP
TextOutW
SetStretchBltMode
DeleteDC
StretchDIBits
SelectObject
DeleteObject
StretchBlt
CreateSolidBrush
GetStockObject
CombineRgn
ExtCreateRegion
CreateDIBSection
CreateRectRgn
FrameRgn
Rectangle

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
DragQueryFileW
ShellExecuteW

comctl32

ord17
_TrackMouseEvent

shlwapi

PathIsDirectoryW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

libpin3_dll

dmr_init
dmr_register_callback
dmr_start
dmr_update_avts_tstate
dmr_terminate
dmr_update_rcs_value
dmr_stop

msvcp80

?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

iphlpapi

GetAdaptersInfo
NotifyAddrChange

Exports

Exports

checkLocalServerStatus
dapi_addin_play
dapi_browse
dapi_browse_down
dapi_browse_next
dapi_browse_up
dapi_check_device
dapi_clear_property
dapi_download
dapi_get_current_play_mode
dapi_get_current_transport_actions
dapi_get_default_dmr
dapi_get_device_detail
dapi_get_dmr_list
dapi_get_dms_list
dapi_get_download_progress
dapi_get_item_descriptor
dapi_get_item_info
dapi_get_mute
dapi_get_parent_on_history
dapi_get_play_positionInfo
dapi_get_play_state
dapi_get_prefer_interface
dapi_get_property
dapi_get_revision_info
dapi_get_selected_dmr
dapi_get_selected_dms
dapi_get_upload_progress
dapi_get_version_info
dapi_get_volume
dapi_http_get
dapi_init
dapi_just_play
dapi_ldms_get_file_path
dapi_ldms_get_info
dapi_ldms_get_ip_port
dapi_ldms_get_objectid_by_res
dapi_ldms_get_option
dapi_ldms_set_action
dapi_ldms_set_option
dapi_ldms_start
dapi_ldms_stop
dapi_log_init_file
dapi_log_message
dapi_log_set_level
dapi_log_set_source
dapi_log_set_user
dapi_network_rescan
dapi_pause
dapi_play
dapi_play_async
dapi_playable
dapi_preview
dapi_register_callback
dapi_register_play_positionInfo_async
dapi_release_default_dmr
dapi_release_dmr
dapi_release_item_descriptor
dapi_resume
dapi_search
dapi_seek
dapi_seek_abscount
dapi_select_dmr
dapi_select_dms
dapi_set_avtransport_uri
dapi_set_default_dmr
dapi_set_default_user_agent
dapi_set_mute
dapi_set_play_mode
dapi_set_property
dapi_set_search_option
dapi_set_volume
dapi_stop
dapi_stop_up_down_loading
dapi_switch_renderer
dapi_terminate
dapi_upload

Sections

.text
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 488KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d7d22bfd0f9978297c350a63a68d55f

Headers

File Characteristics

PDB Paths

Imports

wsock32

winmm

gdiplus

npscommon5

npscomnctrl

dump

mfc80u

msvcr80

kernel32

user32

gdi32

shell32

comctl32

shlwapi

ole32

libpin3_dll

msvcp80

iphlpapi

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 249KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 40KB - Virtual size: 378KB

.rsrc Size: 488KB - Virtual size: 485KB

.text Size: 116KB - Virtual size: 116KB

.text
Size: 252KB - Virtual size: 249KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 40KB - Virtual size: 378KB

.rsrc
Size: 488KB - Virtual size: 485KB

.text
Size: 116KB - Virtual size: 116KB