8c5f741506537e8c88fd19a2a7882165_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8c5f741506537e8c88fd19a2a7882165_JaffaCakes118
Size

80KB
MD5

8c5f741506537e8c88fd19a2a7882165
SHA1

cc86c479ac70cd7d7e07dee3b815269af57d7f30
SHA256

19aa8c2de64493f0b757df112d92377c483d73f9d2411c5c54b5228f0efc0018
SHA512

bdadb6fe540bb2624c3109f55a15d22ad6f233afe14094f1fcebf96eb691aa675806c0eb9be99407a76344a656b048b0c8e5234dca1467339a9ad699f75695ab
SSDEEP

1536:xoqoc9cnhhucaE0CHelZinbXp73q5pZmcxwl:xhOhJbZOn/wl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c5f741506537e8c88fd19a2a7882165_JaffaCakes118

Files

8c5f741506537e8c88fd19a2a7882165_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fdaec89f2b9394fa9f081b975c52b370

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SystemTimeToFileTime
GetSystemTime
CloseHandle
DisableThreadLibraryCalls
GetLastError
FindFirstFileA
FindNextFileA
FindClose
CreateFileA
DeleteFileA
CreateThread
Sleep
GetLocalTime
GetTimeZoneInformation

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

msvcrt

_itoa
?terminate@@YAXXZ
_except_handler3
_adjust_fdiv
_initterm
memmove
_ftime
malloc
free
difftime
mktime
isdigit
atoi
memset
atol
gmtime
strlen
__CxxFrameHandler
_purecall
??2@YAPAXI@Z

ole32

CoUninitialize
CoInitializeEx

opswatavcommon

??0CFileVersionInfo@@QAE@XZ
?Open@CFileVersionInfo@@QAEHPBD_N@Z
?QueryStringValue@CFileVersionInfo@@QBEHHPADH@Z
??1CFileVersionInfo@@UAE@XZ
?OU_IO_ReadFromTextFile@OPSWAT@@YA?AW4typeOUResult@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@_N@Z
?OU_Vld_GetMyStatus@OPSWAT@@YA?AW4typeOUResult@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0HHHAAH@Z
?GetRealtimeProtectionStatus@CAntiVirusAndOIAV@OPSWAT@@UAE?AW4ReturnCode@CAntiVirus@OPSTOP@@W4RtpProtectionType@45@AA_N@Z
?SetRealtimeProtectionStatus@CAntiVirusAndOIAV@OPSWAT@@UAE?AW4ReturnCode@CAntiVirus@OPSTOP@@W4RtpProtectionType@45@_N@Z
?GetInstallDir@CAntiVirusAndOIAV@OPSWAT@@MAE?AW4ReturnCode@CAntiVirus@OPSTOP@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetDatFileDir@CAntiVirusAndOIAV@OPSWAT@@MAE?AW4ReturnCode@CAntiVirus@OPSTOP@@AAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?BatchScan@CAdapterForOIAV@OPSWAT@@MAE?AW4typeOUResult@2@AAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AAU_typeSResult@2@@Z
?FolderScan@CAdapterForOIAV@OPSWAT@@MAE?AW4typeOUResult@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAU_typeSResult@2@@Z
?FullSystemScan@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@AAU_typeSResult@2@@Z
?OU_Str_EnsurePathEnding@OPSWAT@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_She_CreateProcess@OPSWAT@@YAHPBDPADPAU_SECURITY_ATTRIBUTES@@2HKPAX0PAU_STARTUPINFOA@@PAU_PROCESS_INFORMATION@@@Z
?Open@CRegKey@@QAEJPAUHKEY__@@PBDK@Z
??0CRegKey@@QAE@XZ
?OU_Reg_GetValAsStrFromUsers@OPSWAT@@YA?AW4typeOUResult@1@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDAAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@4@@Z
??1CRegKey@@QAE@XZ
??1CAntiVirusAndOIAV@OPSWAT@@UAE@XZ
??0CAntiVirusAndOIAV@OPSWAT@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAW4typeOUResult@1@@Z
?GetServiceStatus@@YAHPBDPAK@Z
?FixService@@YAHPBD@Z
?OU_Srv_GetServicesMD5List@OPSWAT@@YA?AW4typeOUResult@1@AAV?$list@UService@CAntiVirus@OPSTOP@@V?$allocator@UService@CAntiVirus@OPSTOP@@@std@@@std@@@Z
?OU_Types_ConvertSResultToSResultEx@OPSWAT@@YA?AW4typeOUResult@1@ABU_typeSResult@1@AAUtypeSResultEx@1@@Z
?OU_Sto_GetTempFile@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_IO_IsFilePresent@OPSWAT@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?OU_Misc_AddThreatToThreatList@OPSWAT@@YAXAAV?$list@U_typeDetectedThreats@OPSWAT@@V?$allocator@U_typeDetectedThreats@OPSWAT@@@std@@@std@@ABU_typeThreat@1@H@Z
?OU_IO_IsFileAccessGranted@OPSWAT@@YA?AW4typeOUResult@1@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AA_N@Z
?OU_Time_FILETIMEToCTime@OPSWAT@@YA?AW4typeOUResult@1@AAU_FILETIME@@AAVCTime@OPSTOP@@@Z
?OU_Reg_RefreshCache@OPSWAT@@YAXXZ
?OU_Ins_GetAVSDKVersion@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_Ins_GetPlugInDir@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_Str_StringSeparator@OPSWAT@@YA?AW4typeOUResult@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@4@@Z
?IsWindows9x@OPSWAT@@YAHXZ
?FreeProcessVariables@OPSWAT@@YAHXZ
?LoadProcessVariables@OPSWAT@@YAHXZ
?XmlDateToCtime@CXmlFunctions@OPSWAT@@SA?AW4typeOUResult@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVCTime@OPSTOP@@_N@Z
?convertThreatLogEntryExToXML@CXmlFunctions@OPSWAT@@SA?AW4typeOUResult@2@ABU_typeThreatLogEntryEx@2@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?parseScanRequest@CXmlFunctions@OPSWAT@@SA?AW4typeOUResult@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAUScanRequest@2@@Z
?OU_Types_ConevertOUResultToNewReturnCode@OPSWAT@@YA?AW4ReturnCode@CAntiVirus@OPSTOP@@W4typeOUResult@1@@Z
?OU_Misc_AddSResultExToSResultEx@OPSWAT@@YA?AW4typeOUResult@1@ABUtypeSResultEx@1@AAU31@@Z
?parseScanResponse@CXmlFunctions@OPSWAT@@SA?AW4typeOUResult@2@ABUtypeSResultEx@2@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_Srv_FindServiceImagePath@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?OU_Trust_IsFileSignatureValid@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAJ@Z
?OU_Reg_GetProductKey@OPSWAT@@YA?AW4typeOUResult@1@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?InitializeEngine@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@XZ
?InstantResetEngine@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@XZ
?QueryEngineState@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@PAW4typeEngineStates@2@@Z
?InitializeScanOperation@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@W4typeProcessesScanModes@2@W4typeCallbackReasons@2@PBU_typeCallbacksTable@2@KPAJ@Z
?QueryOperationState@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@JPAW4typeOperationStates@2@@Z
?SetOperationState@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@JW4typeOperationStates@2@@Z
?Scan@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@KAAU_typeSResult@2@@Z
?Scan@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@ABU_typeSSTream@2@KAAU_typeSResult@2@@Z
?Scan@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@ABU_typeSSTream@2@AAU_typeSResult@2@@Z
?FileScan@CAdapterForOIAV@OPSWAT@@MAE?AW4typeOUResult@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAU_typeSResult@2@@Z
?MemoryScan@CAdapterForOIAV@OPSWAT@@MAE?AW4typeOUResult@2@AAU_typeSResult@2@@Z
?OU_Sto_GetTempDir@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_OS_IsWindows_64Bit@OPSWAT@@YA?AW4typeOUResult@1@AA_N@Z
?OU_Reg_GetValueAsString@OPSWAT@@YA?AW4typeOUResult@1@PAUHKEY__@@PBDAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_Trust_IsFileSignatureValidFor64bit@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAJ@Z

user32

MessageBoxA
GetDesktopWindow

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdaec89f2b9394fa9f081b975c52b370

Headers

File Characteristics

Imports

kernel32

advapi32

msvcp60

msvcrt

ole32

opswatavcommon

user32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 792B

.reloc Size: - Virtual size: 9KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 792B

.reloc
Size: - Virtual size: 9KB