8996d9f65622b3a87df9b637c952d440_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8996d9f65622b3a87df9b637c952d440_JaffaCakes118
Size

756KB
MD5

8996d9f65622b3a87df9b637c952d440
SHA1

c0b750f7258429625d01e99abd981a8c9acbd038
SHA256

82f5d8ad6aa3017d9c9bf4596091a1b14a41bf027be02e47c4eaa1c28bfd7b43
SHA512

5ca2dfed087876fcbb6e3aac30b09fdc328cf7f9ffe7deec1ba09ed5466a0e2b75f721326943d9548b37ce26cba3b070dfdafb3b5182bf2ccba61ef813da4f2f
SSDEEP

12288:M+Aq9lC/z7ktZGfzVeI7bnjImwYAOxjpB:M+Aq9lC/z7SIbVeIXjIFYv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8996d9f65622b3a87df9b637c952d440_JaffaCakes118

Files

8996d9f65622b3a87df9b637c952d440_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff29281df753368f296d15ce8c93ad60

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\NPS_VSS_ROOT\NPS\bin\release\program files\NPSVideoPlayer.pdb

Imports

winmm

timeSetEvent
timeKillEvent
timeBeginPeriod
timeGetDevCaps

npscommon5

?ShowRestoreButton@CTitleWnd@@QAEXH@Z
?OnDestroy@CSkinWnd@@QAEXXZ
?OnMinimize@CSkinWnd@@QAEXXZ
??1CCommonAbout@@UAE@XZ
??0CCommonAbout@@QAE@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0HPAVCWnd@@@Z
?OnEnable@CSkinWnd@@IAEXH@Z
?OnNcLButtonDown@CSkinWnd@@QAEXIVCPoint@@@Z
?OnCreate@CSkinAppWnd@@QAEHPAUtagCREATESTRUCTW@@@Z
?OnWindowPosChanged@CSkinWnd@@QAEXPAUtagWINDOWPOS@@@Z
?PreTranslateMessage@CSkinAppWnd@@UAEHPAUtagMSG@@@Z
?GetThisMessageMap@CSkinAppWnd@@KGPBUAFX_MSGMAP@@XZ
??1CGdiPlusUtil@@UAE@XZ
?LoadBitmapFromResource@CGdiPlusUtil@@QAEPAVBitmap@Gdiplus@@PAUHINSTANCE__@@PB_W1@Z
??0CGdiPlusUtil@@QAE@XZ
?AddTool@CXInfoTip@@QAEHPAVCWnd@@PB_WPAUHICON__@@@Z
??0CXInfoTip@@QAE@XZ
?Create@CXInfoTip@@QAEHPAVCWnd@@@Z
?SetFullScreen@CTitleWnd@@QAEXH@Z
?OnWindowPosChanging@CSkinWnd@@QAEXPAUtagWINDOWPOS@@@Z
?PostNcDestroy@CSkinWnd@@MAEXXZ
?GetRuntimeClass@CSkinAppWnd@@UBEPAUCRuntimeClass@@XZ
??0CSkinAppWnd@@QAE@XZ
??1CSkinAppWnd@@UAE@XZ
?SetActivate@CTitleWnd@@QAEXH@Z
?SetPos@CBitmapSlider@@QAEXN@Z
?UpdateTipText@CXInfoTip@@QAEXPB_WPAVCWnd@@PAUHICON__@@@Z
?AdjustSize@@YAXAAVCSize@@V1@H@Z
?GetThisMessageMap@CBitmapSlider@@KGPBUAFX_MSGMAP@@XZ
?PreTranslateMessage@CBitmapSlider@@UAEHPAUtagMSG@@@Z
??0CBitmapSlider@@QAE@XZ
??1CBitmapSlider@@UAE@XZ
?GetThisClass@CBitmapSlider@@SGPAUCRuntimeClass@@XZ
?GetThisMessageMap@CSkinWnd@@KGPBUAFX_MSGMAP@@XZ
?OnCreate@CSkinWnd@@QAEHPAUtagCREATESTRUCTW@@@Z
??0CSkinWnd@@QAE@XZ
??1CSkinWnd@@UAE@XZ
?SetTailString@CTitleWnd@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?PreTranslateMessage@CSkinWnd@@MAEHPAUtagMSG@@@Z
?PreCreateWindow@CSkinWnd@@MAEHAAUtagCREATESTRUCTW@@@Z
?GetThisClass@CSkinWnd@@SGPAUCRuntimeClass@@XZ
?BeginDragDrop@CNPSDragTarget@@QAEXPAVCStringList@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAUHWND__@@@Z
??1CNPSDragTarget@@UAE@XZ
??0CNPSDragTarget@@QAE@XZ
?RelayEvent@CXInfoTip@@QAEXPAUtagMSG@@@Z
??1CXInfoTip@@UAE@XZ
?GetMessageMap@CXInfoTip@@MBEPBUAFX_MSGMAP@@XZ
?GetPos@CBitmapSlider@@QAENXZ
?OnTimer@CSkinWnd@@QAEXI@Z
?OnLButtonDblClk@CSkinWnd@@QAEXIVCPoint@@@Z
?OnSize@CSkinWnd@@QAEXIHH@Z
?OnCaptureChanged@CSkinWnd@@QAEXPAVCWnd@@@Z
?PreCreateWindow@CSkinAppWnd@@MAEHAAUtagCREATESTRUCTW@@@Z

npsfunction5

?NPSUpdatePaste@CShareFunc@@SA_NPAUHWND__@@H@Z

npscomnctrl

?Initialize@CWndShadow@@SA_NPAUHINSTANCE__@@@Z
?RenderFile@@YAJPB_WPAUIGraphBuilder@@PAUIBaseFilter@@22@Z
?AddSubtitleFilter@@YAJPAUIGraphBuilder@@PAUIBaseFilter@@@Z
?TerminateUnifyFilter@@YAJPAUIGraphBuilder@@@Z
?FreeFunFilter@@YAJXZ
?GetVideoInfo@@YAJPB_WPAUVIDEOINFO2@@@Z
?NPSMessageBox@@YAHPAUHWND__@@PB_W1I@Z
?NPSSkinExceptClass@@YAXPB_W@Z
?NPSSkinApplyWindow@@YAXPAUHWND__@@@Z
?InitNPSSkinManager@@YAXPB_W0@Z
??1CNPSTransMenu@@UAE@XZ
?TrackPopupMenu@CNPSTransMenu@@QAEXIHHPAVCWnd@@PBUtagRECT@@H@Z
??0CNPSTransMenu@@QAE@XZ
NPSLOG
?SetThreadLocaleEx@@YAHK@Z
?InitFunFilter@@YAJXZ

dump

?RegisterCrashHandler@@YAHPB_W0@Z

gdiplus

GdipDrawImageI
GdipCreateFromHDC
GdipSetImageAttributesWrapMode
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImageRectRectI

mfc80u

ord3417
ord1920
ord4109
ord587
ord1536
ord4226
ord3158
ord2361
ord4098
ord4206
ord2225
ord3032
ord457
ord1282
ord3910
ord2589
ord5392
ord3051
ord1864
ord1784
ord764
ord3590
ord3204
ord577
ord1118
ord870
ord2311
ord293
ord1925
ord3198
ord1271
ord3155
ord1270
ord5633
ord2895
ord1894
ord602
ord2255
ord6058
ord5884
ord2889
ord347
ord3174
ord5715
ord5917
ord5397
ord5410
ord5584
ord5519
ord5643
ord5638
ord5723
ord6033
ord6053
ord4155
ord6050
ord5604
ord6056
ord5607
ord2521
ord572
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord760
ord709
ord501
ord776
ord2121
ord3678
ord6002
ord1176
ord5712
ord5711
ord868
ord762
ord666
ord2011
ord745
ord557
ord1479
ord6111
ord282
ord6700
ord1472
ord429
ord3233
ord4063
ord3019
ord1079
ord2365
ord1274
ord1058
ord4119
ord2366
ord747
ord1178
ord559
ord3168
ord5636
ord5637
ord6061
ord6086
ord283
ord266
ord265
ord630
ord3082
ord2012
ord3050
ord385
ord3990
ord5524
ord6277
ord6279
ord6301
ord3983
ord280
ord4026
ord3103
ord3756
ord2155
ord899
ord5398
ord2460
ord1156
ord2310
ord3927
ord896
ord631
ord3383
ord774
ord4100
ord1117
ord2271
ord386
ord5829
ord5414
ord2277
ord746
ord1003
ord558
ord1182
ord894
ord1252
ord5149
ord2648
ord1086
ord589
ord1959
ord330
ord3331
ord5727
ord3435
ord354
ord4256
ord5199
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord4884
ord4729
ord1198
ord5178
ord605
ord4574
ord3635
ord3677
ord566
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord757
ord2239
ord4028
ord5971
ord1049
ord1121
ord3824
ord4562
ord6001
ord5710
ord865
ord530
ord3289
ord722
ord3857
ord3281
ord663
ord426
ord5373
ord502
ord3344
ord5053
ord5982
ord3343
ord3342
ord5981
ord4074
ord4060
ord5440
ord5465
ord5442
ord6300
ord4347
ord1002
ord3102
ord4882
ord3157
ord3995
ord4117
ord2461
ord6232

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
__CxxFrameHandler3
memset
wcscpy_s
memcpy
_wcsdup
free
wcsftime
_localtime64_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memmove_s
wcschr
_vswprintf
_CIpow
_CIlog
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_crt_debugger_hook

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
CreateThread
WaitForSingleObject
Sleep
GetCurrentProcessId
GetModuleFileNameW
CreateDirectoryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcpyW
IsDebuggerPresent

user32

LoadCursorW
GetKeyState
RegisterWindowMessageW
SetRect
GetParent
GetActiveWindow
UnionRect
LoadBitmapW
ClientToScreen
SetCapture
GetFocus
ReleaseCapture
SetCursor
EqualRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
WindowFromPoint
GetClassNameW
DrawEdge
SetWindowRgn
GetDC
GetWindowLongW
GetSysColor
GetNextDlgGroupItem
DrawFocusRect
SetRectEmpty
GetCursorPos
PostMessageW
SetFocus
MonitorFromRect
GetMonitorInfoW
LoadIconW
SetParent
GetCapture
IsWindowVisible
ScreenToClient
GetWindowRect
IsZoomed
CheckMenuRadioItem
LoadMenuW
ModifyMenuW
GetSubMenu
GetMenuItemCount
EnableMenuItem
AppendMenuW
DeleteMenu
SendMessageW
OffsetRect
PtInRect
IsRectEmpty
CopyRect
EnableWindow
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetLayeredWindowAttributes
KillTimer
SetTimer
InvalidateRect
GetClientRect
LoadAcceleratorsW

gdi32

SelectClipRgn
StretchBlt
CreateDIBSection
SelectObject
ExtCreateRegion
CombineRgn
DeleteObject
DeleteDC
CreateSolidBrush
GetTextExtentPoint32W
GetObjectW
Rectangle
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
CreateCompatibleBitmap
CreateFontIndirectW
CreateCompatibleDC

shell32

DragQueryFileW
SHGetSpecialFolderPathW

comctl32

ord17
_TrackMouseEvent

shlwapi

PathIsDirectoryW
PathFindExtensionW
PathRemoveFileSpecW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 484KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff29281df753368f296d15ce8c93ad60

Headers

File Characteristics

PDB Paths

Imports

winmm

npscommon5

npsfunction5

npscomnctrl

dump

gdiplus

mfc80u

msvcr80

kernel32

user32

gdi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp80

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 484KB - Virtual size: 480KB

.text Size: 116KB - Virtual size: 116KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 484KB - Virtual size: 480KB

.text
Size: 116KB - Virtual size: 116KB