897b2ec0ac0f029cc3f10b1adb435026_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

897b2ec0ac0f029cc3f10b1adb435026_JaffaCakes118
Size

261KB
MD5

897b2ec0ac0f029cc3f10b1adb435026
SHA1

c2cce676c6b2decc9044ce579f6d90eb37eb7ffa
SHA256

05626ef449d10b4af179eaf057e3825108714efe06a3089c69515269fcd3119f
SHA512

89a246bce6562867259595db3e68ade8816c315abe2fd7d016339a1a4132f10b6ac25ef0fd0ef0752d2eadc9a663d4aa7c40de093765083d5130b9ec8a97980c
SSDEEP

6144:dymPDEFLAp1AptiRCGb4r1vUx2P71pfynWwNy4U72kh:deAp1ATWCprqK71WNyf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
897b2ec0ac0f029cc3f10b1adb435026_JaffaCakes118

Files

897b2ec0ac0f029cc3f10b1adb435026_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fe8bc5eb4058916a918101293497eda9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\CXR19\BSF\intel_a\code\bin\WFTOCACD.pdb

Imports

js0group

??1CATMsgCatalog@@QAE@XZ
?ConvertToChar@CATUnicodeString@@QBEPBDXZ
??1CATString@@QAE@XZ
??1CATUnicodeString@@QAE@XZ
??4CATUnicodeString@@QAEAAV0@ABV0@@Z
?BuildMessage@CATMsgCatalog@@SA?BVCATUnicodeString@@ABVCATString@@0PAV2@HABV2@@Z
??0CATUnicodeString@@QAE@QBD@Z
??4CATUnicodeString@@QAEAAV0@PBD@Z
??0CATUnicodeString@@QAE@XZ
??0CATString@@QAE@QBD@Z
??0CATMsgCatalog@@QAE@XZ
??1CATToken@@UAE@XZ
?GetNextToken@CATToken@@QAE?AVCATUnicodeString@@ABV2@@Z
??0CATToken@@QAE@ABVCATUnicodeString@@@Z
?Strip@CATUnicodeString@@QBE?AV1@W4CATStripMode@1@@Z
?Append@CATUnicodeString@@QAEAAV1@ABV1@@Z
CATFClose
CATFPuts
?CATFOpen@@YAJPAVCATUnicodeString@@PBDPAI@Z
?BuildFromNum@CATUnicodeString@@QAEHHPBD@Z
?TraPrint@CATTrace@@QAAHPBDZZ
??0CATUnicodeString@@QAE@ABV0@@Z
?ReplaceAll@CATUnicodeString@@QAEXABV1@0@Z
CATGetEnv
?GetExtension@CATComponent@@SAPBDW4ComponentType@@@Z
CATFWrite
?GetLengthInChar@CATUnicodeString@@QBEHXZ
?ReplaceSubString@CATUnicodeString@@QAEHABV1@0@Z
CATFGets
CATFEof
??1CATSysEnvManager@@QAE@XZ
?GetLabelForProductLine@CATSysEnvManager@@QAE?AVCATUnicodeString@@AAV2@@Z
??0CATSysEnvManager@@QAE@XZ
?GetCopyRigthForProductLine@CATSysEnvManager@@QAE?AVCATUnicodeString@@AAV2@@Z
?GetDocHomepageForProductLine@CATSysEnvManager@@QAE?AVCATUnicodeString@@AAV2@@Z
?ConvertToNum@CATUnicodeString@@QBEHPAIPBD@Z
?ConvertToNum@CATUnicodeString@@QBEHPAHPBD@Z
?IsActive@CATTrace@@QAEHXZ
??0CATTrace@@QAE@QBDQADW4CATTraMode@@0H@Z
??1CATTrace@@QAE@XZ
??1CATUnicodeChar@@QAE@XZ
?Strip@CATUnicodeString@@QBE?AV1@W4CATStripMode@1@ABVCATUnicodeChar@@@Z
??0CATUnicodeChar@@QAE@D@Z
CATFileAccess
?BuildFromNum@CATUnicodeString@@QAEHIPBD@Z
??0CATUnicodeString@@QAE@ABVCATUnicodeChar@@I@Z
??9CATUnicodeString@@QBEHABV0@@Z
?GetNextToken@CATToken@@QAE?AVCATUnicodeString@@XZ
CATFGetc
?Insert@CATUnicodeString@@QAEXHABV1@@Z
?SearchSubString@CATUnicodeString@@QBEHABV1@HW4CATSearchMode@1@@Z
??0CATString@@QAE@PAD@Z
?SubString@CATUnicodeString@@QBE?AV1@HH@Z
?Resize@CATUnicodeString@@QAEXH@Z
??BCATUnicodeString@@QBEPBDXZ

user32

MessageBoxA

msvcr80

__iob_func
sprintf
fopen
strncpy
??3@YAXPAX@Z
memcpy
qsort
memset
strncmp
strstr
free
fwrite
fread
_localtime64
_time64
strftime
atoi
strtok
isdigit
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
fprintf
fflush
fclose
fgets
rewind
atol
fputs
??_V@YAXPAX@Z
_stat64i32
strchr
_callnewh
malloc
_strdup
_access
strrchr
_read
_close
_open
_lsearch
_lfind
_stricmp

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

??0CATINSInstToc@@QAE@ABV0@@Z
??0CATINSInstToc@@QAE@XZ
??0CATINSMediaToc@@QAE@ABV0@@Z
??0CATINSMediaToc@@QAE@XZ
??0CATINSStockNameInst@@QAE@ABV0@@Z
??0CATINSStockNameInst@@QAE@H@Z
??0CATINSToc@@QAE@ABV0@@Z
??0CATINSToc@@QAE@XZ
??1CATINSInstToc@@UAE@XZ
??1CATINSMediaToc@@UAE@XZ
??1CATINSStockNameInst@@UAE@XZ
??1CATINSToc@@UAE@XZ
??4CATINSInstToc@@QAEAAV0@ABV0@@Z
??4CATINSMediaToc@@QAEAAV0@ABV0@@Z
??4CATINSStockName@@QAEAAV0@ABV0@@Z
??4CATINSStockNameInst@@QAEAAV0@ABV0@@Z
??4CATINSToc@@QAEAAV0@ABV0@@Z
??_7CATINSInstToc@@6B@
??_7CATINSMediaToc@@6B@
??_7CATINSStockNameInst@@6B@
??_7CATINSToc@@6B@
?CATAddCheckSum@@YAHPBD0@Z
?CATCalcCheckSum@@YAKPAD@Z
?CATInsFicGetInfo@@YAHAAVCATUnicodeString@@AAH1@Z
?CATInsFicMaxSizeLine@@YAHAAVCATUnicodeString@@@Z
?CheckAllFSPIfrequed@CATINSInstToc@@QAEXAAVCATUnicodeString@@AAH@Z
?CheckAllFWKPrerequed@CATINSInstToc@@QAEXAAVCATUnicodeString@@HAAH@Z
?CheckCheckSum@CATINSInstToc@@QAEHHPADHH0VCATUnicodeString@@W4CATINSType@@AAV2@HAAH@Z
?CheckIntegAllTOCElements@CATINSInstToc@@QAEXAAVCATUnicodeString@@PADHHAAH@Z
?CheckIntegrity@CATINSInstToc@@QAEHAAVCATUnicodeString@@PBDHH@Z
?CheckNLSOrFontsOrDeleted@CATINSInstToc@@QAEXPADHHHHHHHHVCATUnicodeString@@W4CATINSType@@AAV2@HAAH@Z
?CheckPrereqIfreq@CATINSInstToc@@QAEXAAVCATUnicodeString@@HAAH@Z
?DocGetRequiredSpace@@YAHPAH@Z
?GetControleTotalStr@CATINSInstToc@@QAEHVCATUnicodeString@@PAD0W4CATINSType@@AAV2@HAAH3@Z
?GetGALevel@CATINSToc@@QAEPADXZ
?GetHFXLevel@CATINSToc@@QAEHXZ
?GetHFXName@CATINSToc@@QAEPADXZ
?GetIfrequing@CATINSToc@@IBEXPBDW4CATINSType@@PAVCATINSStockIndex@@@Z
?GetIiemePrereqOf@CATINSMediaToc@@QAEHPADH0@Z
?GetIndex@CATINSToc@@IBEHPADW4CATINSType@@@Z
?GetIndexI@CATINSMediaToc@@ABEHH@Z
?GetLabel@CATINSStockName@@QAEPADH@Z
?GetLabel@CATINSStockNameInst@@QAEPADH@Z
?GetMaxSPKLevel@CATINSInstToc@@QBEHPADW4CATINSType@@@Z
?GetMaxSizeCaf@CATINSMediaToc@@QBEIIPAY0DA@D@Z
?GetName@CATINSStockName@@QAEPADH@Z
?GetName@CATINSStockNameInst@@QAEPADH@Z
?GetNbName@CATINSStockName@@QBEIXZ
?GetNbName@CATINSStockNameInst@@QBEIXZ
?GetNbNameAddress@CATINSStockName@@QAEPAIXZ
?GetNbNameAddress@CATINSStockNameInst@@QAEPAIXZ
?GetNbPrereqOf@CATINSMediaToc@@QAEHPAD@Z
?GetNbToc@CATINSToc@@QBEHXZ
?GetOS@CATINSToc@@QAEPADXZ
?GetOneSuperseding@CATINSToc@@IBEHPBDW4CATINSType@@@Z
?GetPackage@CATINSToc@@QBEXW4CATINSPkg@@W4CATINSType@@PAVCATINSStockName@@H@Z
?GetPackageIncludingExtra@CATINSToc@@QBEXPADPAVCATINSStockName@@@Z
?GetPackageInst@CATINSInstToc@@QBEXW4CATINSPkg@@W4CATINSType@@PAVCATINSStockNameInst@@H@Z
?GetPackageInstOPT@CATINSInstToc@@QBEXPAY0DA@DHPAVCATINSStockNameInst@@@Z
?GetPackageOPT@CATINSToc@@QBEXPAY0DA@DHPAVCATINSStockName@@H@Z
?GetPathnameStr@CATINSInstToc@@QAEHHHAAVCATUnicodeString@@PADW4CATINSType@@0HAAHV2@PAPAD4H@Z
?GetPrerequing@CATINSToc@@IBEXPBDW4CATINSType@@PAVCATINSStockIndex@@@Z
?GetSPKLevel@CATINSToc@@QBEHH@Z
?GetSPKMaxAndControlNameBase@CATINSInstToc@@QAEXPADW4CATINSType@@HAAH0@Z
?GetSize@CATINSMediaToc@@QAEIPAY0DA@DIW4CATINSType@@HPAIAAPAY0DA@DPAVCATINSInstToc@@PAPAD2PAPAPAD@Z
?GetSizeFilesToRemove@CATINSMediaToc@@QBEIHIPAY0DA@DAAI@Z
?GetSizeGA@CATINSMediaToc@@QAE_KPAY0DA@DIW4CATINSType@@PAIAAPAY0DA@DAAVCATUnicodeString@@PAVCATINSInstToc@@PAPAD@Z
?GetSizeHFX@CATINSMediaToc@@QAE_KPAY0DA@DW4CATINSType@@AAVCATUnicodeString@@@Z
?GetSizeSPK@CATINSMediaToc@@QAE_KPADW4CATINSType@@PAIAAPAY0DA@DAAVCATUnicodeString@@PAVCATINSInstToc@@PAPAD@Z
?GetSuperseding@CATINSToc@@IBEXPBDW4CATINSType@@PAVCATINSStockIndex@@@Z
?GetTabCFGPRDToInstall@CATINSMediaToc@@QAEXPAY0DA@DH0PAH@Z
?GetTabLabel@CATINSStockName@@QAEPAY0BAAA@PADXZ
?GetTabLabel@CATINSStockNameInst@@QAEPAPADXZ
?GetUnitToc@CATINSMediaToc@@QAEHAAVCATUnicodeString@@PAD@Z
?Init@CATINSToc@@IAEHPADAAVCATUnicodeString@@@Z
?InitInst@CATINSInstToc@@QAEHPADAAVCATUnicodeString@@@Z
?InitMedia@CATINSMediaToc@@QAEHPADAAVCATUnicodeString@@@Z
?IsInstalled@CATINSInstToc@@QAEHPBDW4CATINSType@@@Z
?IsInstalledLookDocLp@CATINSInstToc@@QAEHPADPAVCATINSMediaToc@@@Z
?IsVisible@CATINSToc@@IBEHPAD@Z
?MainChecks@CATINSInstToc@@QAEXAAVCATUnicodeString@@PADHHAAH@Z
?Remove@CATINSToc@@QAEHQADW4CATINSType@@AAVCATUnicodeString@@@Z
?Reset@CATINSStockName@@QAEPAY1BAAA@DA@DXZ
?Reset@CATINSStockNameInst@@QAEPAU_TabcharNameLength@@XZ
?SetGALevel@CATINSToc@@IAEHAAVCATUnicodeString@@@Z
?SetGALevel@CATINSToc@@IAEHXZ
?SetHFXLevel@CATINSToc@@IAEXXZ
?SetHFXName@CATINSToc@@IAEHXZ
?SetOS@CATINSToc@@IAEHAAVCATUnicodeString@@@Z
?SetOS@CATINSToc@@IAEHXZ
?SetSPKLevel@CATINSToc@@IAEXXZ
?SetTimestamp@CATINSToc@@QAEXXZ
?UpdatePresent@CATINSInstToc@@QAEHPBDAAVCATUnicodeString@@@Z
?sClearInfoMsg@CATINSToc@@SAXXZ
?sGetInfoMsg@CATINSToc@@SAAAVCATUnicodeString@@XZ
?sGetInfoMsg@CATINSToc@@SAXAAPAD@Z
?sResetInfoMsg@CATINSToc@@SAXXZ
?strMsg@CATINSToc@@1PADA
?throwError@CATINSInstToc@@AAEXW4CATINSType@@PAD1111AAVCATUnicodeString@@H@Z
CATGetGALevel
CATGetHFXLevel
CATGetSPKLevel
CATIsInstalled
CheckIntegMsg
DASSAULT_SYSTEMES_CAA2_INTERNAL_WFTOCACD
Delete_FWKinPRESENT
Delete_InstallCodeToc
Delete_InstallDocToc
Delete_InstallDocTocNew
Delete_InstalledPDO
Delete_InstalledPRD
Delete_MediaDocToc
Delete_MediaFWK
Delete_MediaPDO
Delete_TabAffFWK
Delete_TabAffPDO
Delete_TabAffRecFWK
Delete_TabAffRecPDO
Delete_TabSelectedFWK
Delete_TabSelectedFWKLabel
Delete_TabSelectedPDO
Delete_TabSelectedPDOLabel
GenerateMediaFWKList
GenerateMediaPDOList
GetAllFWKRequiredSpace
GetAllPDORequiredSpace
GetCopyrightFromProductLine
GetDocHomepageFromProductLine
GetLabelFromProductLine
GetNbCAFToInstall
GetNbFWKinPRESENT
GetNbFwkToLog
GetNbOfAffPDO
GetNbOfAffRecPDO
GetNbOfInstalledFWK
GetNbOfInstalledPDO
GetNbOfInstalledPRD
GetNbOfMediaFWK
GetNbOfMediaPDO
GetNbSelectedPDO
GetPDORequiredSpace
GetRecommendedFWKRequiredSpace
GetRecommendedPDORequiredSpace
GetSelectedFWKRequiredSpace
GetSelectedPDORequiredSpace
GetiemeAffFWKLabel
GetiemeAffPDOLabel
GetiemeAffRecFWKLabel
GetiemeAffRecPDOLabel
GetiemeCAFToInstallLabel
GetiemeFWKinPRESENT
GetiemeFwkToLogLabel
GetiemeInstalledFWKLabel
GetiemeInstalledPDOLabel
GetiemeInstalledPRDLabel
GetiemeMediaPDOLabel
GetiemeSelectedPDOLabel
SelectAllAffPDO
SelectAllAffRecPDO
SelectFWKByLabel
SelectPDOByLabel
SetCodePresentFile
SetDocPresentFile
SetDocTocFile
SetDocTocFileFWK
UnselectAllFWK
UnselectAllPDO
UpdatePresentFromToc
newInstDocToc

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe8bc5eb4058916a918101293497eda9

Headers

File Characteristics

PDB Paths

Imports

js0group

user32

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 173KB - Virtual size: 173KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 173KB - Virtual size: 173KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB