9574c2fff923d5f6410ef8a99cba0ef8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9574c2fff923d5f6410ef8a99cba0ef8_JaffaCakes118
Size

221KB
MD5

9574c2fff923d5f6410ef8a99cba0ef8
SHA1

f219469e2ba77b1e6cad882b2aacf07b686dacca
SHA256

2667c3f02c77d832fe493fd0b841c8f92484ee42836a5fbf9f5739343589123f
SHA512

737a4d250e6d3a1dee8a3bfd45d1281962618aaa7bb39216b724cae2f8fac22f1033476f1de2a4cce0a0391c90341a29c4819f560b72d9d0b9354e9880a764ee
SSDEEP

6144:aZCDEFg8+4kyCIrah2AwkTzwNIWycnOKW3xwM:6CDEFg/Vy7aekTzwNIWycqwM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9574c2fff923d5f6410ef8a99cba0ef8_JaffaCakes118

Files

9574c2fff923d5f6410ef8a99cba0ef8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

fd7c29ee0378fb3e531cde29903406f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\project\cmspro_vs2008_FP\bin\ConfigurationManagerLib.pdb

Imports

dbmanagerlib

?OpenDataSource@CDBManager@@QAEHXZ
?CloseDataSource@CDBManager@@QAEXXZ
?GetArchive@CDBManager@@QAEHPAVCArchiveSetupTable@@@Z
?UpdateArchiveBackup@CDBManager@@QAEHPAVCArchiveSetupTable@@H@Z
?InsertSystemLogParam@CDBManager@@QAEHHHHHHPA_WH00H@Z
?UpdateArchiveSnapshot@CDBManager@@QAEHPAVCArchiveSetupTable@@H@Z
?GetAllDeviceGroup@CDBManager@@QAEHPAVCPtrArray@@@Z
?DeleteArray@CDBManager@@QAEXPAVCPtrArray@@@Z
?InsertDeviceGroup@CDBManager@@QAEHPAVCDeviceGroupTable@@@Z
?UpdateDeviceGroup@CDBManager@@QAEHPAVCDeviceGroupTable@@@Z
?GetAllDevice@CDBManager@@QAEHPAVCPtrArray@@@Z
?DeleteDevice@CDBManager@@QAEHH@Z
?DeleteDeviceGroup@CDBManager@@QAEHH@Z
?GetDeviceGroup@CDBManager@@QAEHHPAVCDeviceGroupTable@@@Z
?GetProduct@CDBManager@@QAEHHPAVCProductTable@@@Z
?GetProductType@CDBManager@@QAEHHPAVCProductTypeTable@@@Z
?GetAllProductType@CDBManager@@QAEHPAVCPtrArray@@@Z
?GetTypeProduct@CDBManager@@QAEHHPAVCPtrArray@@@Z
?InsertDevice@CDBManager@@QAEHPAVCDeviceTable@@@Z
?GetAllProduct@CDBManager@@QAEHPAVCPtrArray@@@Z
?UpdateDevice@CDBManager@@QAEHPAVCDeviceTable@@@Z
?GetAllEmapGroup@CDBManager@@QAEHPAVCPtrArray@@@Z
?InsertEmapGroup@CDBManager@@QAEHPAVCEmapGroupTable@@@Z
?UpdateEmapGroup@CDBManager@@QAEHPAVCEmapGroupTable@@@Z
?GetAllEmap@CDBManager@@QAEHPAVCPtrArray@@@Z
?DeleteEmap@CDBManager@@QAEHH@Z
?DeleteEmapGroup@CDBManager@@QAEHH@Z
?GetEmap@CDBManager@@QAEHHPAVCEmapTable@@@Z
?GetEmapGroup@CDBManager@@QAEHHPAVCEmapGroupTable@@@Z
?InsertEmap@CDBManager@@QAEHPAVCEmapTable@@@Z
?UpdateEmap@CDBManager@@QAEHPAVCEmapTable@@@Z
?ReplaceScreenIDEmapDevice@CDBManager@@QAEHHH@Z
?GetEventColor@CDBManager@@QAEHHPAVCEventColorTable@@@Z
?UpdateEventColor@CDBManager@@QAEHPAVCEventColorTable@@@Z
?InsertEventColor@CDBManager@@QAEHPAVCEventColorTable@@@Z
?GetEventAction@CDBManager@@QAEHHPAVCEventActionTable@@@Z
?UpdateEventAction@CDBManager@@QAEHPAVCEventActionTable@@@Z
?InsertEventAction@CDBManager@@QAEHPAVCEventActionTable@@@Z
?GetIPCamDevice@CDBManager@@QAEHPAVCPtrArray@@@Z
?GetLiveScreenConfig@CDBManager@@QAEHHPAVCLiveScreenConfigTable@@@Z
??1CDBManager@@QAE@XZ
?InsertLiveScreenConfig@CDBManager@@QAEHPAVCLiveScreenConfigTable@@@Z
?GetAllLiveScreenGroup@CDBManager@@QAEHPAVCPtrArray@@@Z
?GetAllStatusScreenGroup@CDBManager@@QAEHPAVCPtrArray@@@Z
?GetAllHealthScreenGroup@CDBManager@@QAEHPAVCPtrArray@@@Z
?InsertLiveScreenGroup@CDBManager@@QAEHPAVCLiveScreenGroupTable@@@Z
?InsertStatusScreenGroup@CDBManager@@QAEHPAVCStatusScreenGroupTable@@@Z
?InsertHealthScreenGroup@CDBManager@@QAEHPAVCHealthScreenGroupTable@@@Z
?UpdateLiveScreenGroup@CDBManager@@QAEHPAVCLiveScreenGroupTable@@@Z
?UpdateStatusScreenGroup@CDBManager@@QAEHPAVCStatusScreenGroupTable@@@Z
?UpdateHealthScreenGroup@CDBManager@@QAEHPAVCHealthScreenGroupTable@@@Z
?GetAllLiveScreen@CDBManager@@QAEHPAVCPtrArray@@@Z
?DeleteLiveScreen@CDBManager@@QAEHH@Z
?DeleteSection@CDBManager@@QAEHHH@Z
?DeleteLiveScreenGroup@CDBManager@@QAEHH@Z
?GetAllStatusScreen@CDBManager@@QAEHPAVCPtrArray@@@Z
?DeleteStatusScreen@CDBManager@@QAEHH@Z
?DeleteStatusScreenGroup@CDBManager@@QAEHH@Z
?GetAllHealthScreen@CDBManager@@QAEHPAVCPtrArray@@@Z
?DeleteHealthScreen@CDBManager@@QAEHH@Z
?DeleteHealthScreenGroup@CDBManager@@QAEHH@Z
?GetLiveScreen@CDBManager@@QAEHHPAVCLiveScreenTable@@@Z
?GetLiveScreenGroup@CDBManager@@QAEHHPAVCLiveScreenGroupTable@@@Z
?GetHealthScreen@CDBManager@@QAEHHPAVCHealthScreenTable@@@Z
?GetHealthScreenGroup@CDBManager@@QAEHHPAVCHealthScreenGroupTable@@@Z
?GetStatusScreen@CDBManager@@QAEHHPAVCStatusScreenTable@@@Z
?GetStatusScreenGroup@CDBManager@@QAEHHPAVCStatusScreenGroupTable@@@Z
?InsertStatusScreen@CDBManager@@QAEHPAVCStatusScreenTable@@@Z
?UpdateStatusScreen@CDBManager@@QAEHPAVCStatusScreenTable@@@Z
?ReplaceScreenIDStatusDevice@CDBManager@@QAEHHH@Z
?InsertHealthScreen@CDBManager@@QAEHPAVCHealthScreenTable@@@Z
?UpdateHealthScreen@CDBManager@@QAEHPAVCHealthScreenTable@@@Z
?InsertLiveScreen@CDBManager@@QAEHPAVCLiveScreenTable@@@Z
?ReplaceScreenIDSection@CDBManager@@QAEHHH@Z
?UpdateLiveScreen@CDBManager@@QAEHPAVCLiveScreenTable@@@Z
?GetSystemConfigVideo@CDBManager@@QAEHPAVCSystemConfigTable@@@Z
?UpdateSystemConfigVideo@CDBManager@@QAEHPAVCSystemConfigTable@@@Z
?GetAllUser@CDBManager@@QAEHPAVCPtrArray@@@Z
?DeleteUser@CDBManager@@QAEHH@Z
?InsertUser@CDBManager@@QAEHPAVCUserTable@@@Z
?UpdateUser@CDBManager@@QAEHPAVCUserTable@@@Z
?UpdateLiveScreenConfig@CDBManager@@QAEHPAVCLiveScreenConfigTable@@@Z
??0CDBManager@@QAE@XZ

mfc90u

ord1665
ord4652
ord3489
ord611
ord2103
ord1601
ord4510
ord2277
ord1667
ord4654
ord3496
ord615
ord1938
ord4000
ord6579
ord5008
ord909
ord905
ord2904
ord5167
ord286
ord2537
ord4131
ord4682
ord5653
ord1492
ord6408
ord3353
ord1675
ord1809
ord1810
ord2208
ord5324
ord4631
ord5632
ord2360
ord1137
ord3226
ord799
ord391
ord1239
ord3185
ord6930
ord7203
ord6311
ord553
ord757
ord813
ord6630
ord1248
ord4266
ord6355
ord4262
ord8392
ord1183
ord1607
ord3220
ord285
ord1599
ord4516
ord296
ord3165
ord9385
ord335
ord612
ord6510
ord6166
ord9547
ord12263
ord4658
ord13161
ord10484
ord9748
ord2694
ord6848
ord6879
ord7171
ord2106
ord3543
ord3488
ord7146
ord12721
ord6604
ord5851
ord935
ord3183
ord1383
ord2372
ord2069
ord10468
ord12270
ord2597
ord2326
ord3486
ord367
ord636
ord405
ord664
ord2209
ord3399
ord2274
ord404
ord663
ord2592
ord4324
ord524
ord744
ord4405
ord9351
ord6845
ord7143
ord9510
ord12762
ord2038
ord6760
ord1783
ord1716
ord3651
ord775
ord1779
ord1708
ord3627
ord750
ord6513
ord3456
ord7041
ord7258
ord1782
ord1715
ord3648
ord772
ord6476
ord6347
ord447
ord699
ord814
ord3729
ord390
ord652
ord6511
ord6167
ord6013
ord6691
ord6697
ord2479
ord2478
ord5867
ord899
ord6376
ord5404
ord3682
ord6804
ord4174
ord6802
ord1641
ord2368
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord2074
ord5602
ord4660
ord1493
ord654
ord3528
ord4664
ord778
ord595
ord3654
ord4681
ord4910
ord4348
ord2891
ord4071
ord4081
ord4080
ord4345
ord1751
ord1754
ord6411
ord3286
ord2764
ord2893
ord3355
ord1719
ord2774
ord3140
ord801
ord280
ord2966
ord4728
ord3112
ord2983
ord2771
ord5650
ord1727
ord1791
ord1792
ord2139
ord5625
ord1442
ord2283
ord639
ord374
ord3794
ord811
ord600
ord1152

msvcr90

__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
exit
_swprintf
_wtoi
memset
__CxxFrameHandler3

kernel32

GetSystemDefaultLangID
Sleep
InterlockedCompareExchange
GetModuleFileNameW
GetDiskFreeSpaceExW
InterlockedExchange
GetPrivateProfileStringW
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcessId
GetDriveTypeW
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

KillTimer
SetTimer
SendMessageW
PostMessageW
InvalidateRect
GetParent
EnableWindow
wsprintfW
GetClientRect
GetDC

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comctl32

ord17

shlwapi

PathRemoveFileSpecW

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipFree
GdipAlloc
GdipCloneImage
GdipDrawImageRectI
GdipDisposeImage

msvcp90

??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?fail@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBEPAXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPB_WHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z

Exports

Exports

??0CConfigurationMgr@@QAE@XZ
??0CDBManager@@QAE@ABV0@@Z
??1CConfigurationMgr@@QAE@XZ
??4CConfigurationMgr@@QAEAAV0@ABV0@@Z
??4CDBManager@@QAEAAV0@ABV0@@Z
?ArchiveBackupPopup@CConfigurationMgr@@QAEHXZ
?ArchiveSnapshotPopup@CConfigurationMgr@@QAEHXZ
?DeviceRegisterPopup@CConfigurationMgr@@QAEHXZ
?EmapRegisterPopup@CConfigurationMgr@@QAEHHH@Z
?EventActionPopup@CConfigurationMgr@@QAEHH@Z
?EventColorPopup@CConfigurationMgr@@QAEHH@Z
?HealthRegistePopup@CConfigurationMgr@@QAEHHH@Z
?IPCameraRecordSetupPopup@CConfigurationMgr@@QAEHXZ
?LiveScreenRegisterPopup@CConfigurationMgr@@QAEHHH@Z
?LiveScreenSetupPopup@CConfigurationMgr@@QAEHXZ
?SetInfo@CConfigurationMgr@@QAEXW4eCMS_AUTHORITY@@PA_W@Z
?SetLocalRecordConditionMsg@CConfigurationMgr@@QAEXXZ
?SetParentWndForMsg@CConfigurationMgr@@QAEXPAVCWnd@@@Z
?SetRecordStopState@CConfigurationMgr@@QAEXH@Z
?SetResult@CConfigurationMgr@@QAEXH@Z
?SetScreenList@CConfigurationMgr@@QAEXPAVCDWordArray@@@Z
?StatusRegistePopup@CConfigurationMgr@@QAEHHH@Z
?SystemConfigVideoPopup@CConfigurationMgr@@QAEHXZ
?UserRegisterPopup@CConfigurationMgr@@QAEHPA_WH@Z

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd7c29ee0378fb3e531cde29903406f7

Headers

File Characteristics

PDB Paths

Imports

dbmanagerlib

mfc90u

msvcr90

kernel32

user32

shell32

comctl32

shlwapi

gdiplus

msvcp90

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 15KB - Virtual size: 14KB