b7170a01828a4f450abb91b176bdcd94_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7170a01828a4f450abb91b176bdcd94_JaffaCakes118
Size

52KB
MD5

b7170a01828a4f450abb91b176bdcd94
SHA1

fd04ba87713472ac20510b3b26477eeaf8219325
SHA256

92c86f0f498c2a6181df48ec4a3680d249b29d70fcc4f7ba4a20a1e23f686217
SHA512

faa809455f7164a651ceb9c29aa66eeb7f24dbe6d9fc2c3725bf64001f16552d331db486c80508c3cde1078f299c9c898fc587a9e5c5d0d5dec0a98b9234b90b
SSDEEP

1536:Bnd/Of6gTFeLoVEVHR1b6zc1ass7UZESp:5xUALbVHR1uzN7UZESp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7170a01828a4f450abb91b176bdcd94_JaffaCakes118

Files

b7170a01828a4f450abb91b176bdcd94_JaffaCakes118
.dll windows:4 windows x86 arch:x86

416ba4c552fef22009fab15dcd52dc2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

r:\nmc50_c\src\install\CustomActions\InitializeSetupProperties\Release\InitializeSetupProperties.pdb

Imports

dnsapi

DnsQuery_W
DnsRecordListFree

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GlobalMemoryStatus
DisableThreadLibraryCalls

actionengine

??1KeyExpansion@ActionEngine@@UAE@XZ
??0KeyExpansion@ActionEngine@@QAE@PBG0@Z
?replaceKey@KeyExpansion@ActionEngine@@MAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV34@II@Z

registryutils

??1Registry@Utils@@UAE@XZ
??0Registry@Utils@@QAE@PBGK@Z
?perm_key_read@Registry@Utils@@2KB
?getString@Registry@Utils@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBG@Z

textutils

??0CaseSensitiveKeyReplacement@Utils@@QAE@PBG0_N@Z
?replaceKey@CaseSensitiveKeyReplacement@Utils@@MAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV34@II@Z
??0Section@Utils@@QAE@ABV01@@Z
?merge@CaseInsensitiveDictionary@Utils@@QAEXABV12@@Z
?hasKey@Dictionary@Utils@@QBE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??1Section@Utils@@UAE@XZ
?code@KeyReplacement@Utils@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBG@Z
?code@KeyReplacement@Utils@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV34@@Z
?accept@StringCoder@Utils@@UAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?getValue_@CaseSensitiveDictionary@Utils@@MBEABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV34@@Z
??1CaseSensitiveKeyReplacement@Utils@@UAE@XZ
?hasKey_@CaseSensitiveDictionary@Utils@@MBE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?deleteKey_@CaseSensitiveDictionary@Utils@@MBEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?foreach@CaseSensitiveDictionary@Utils@@UBEXAAVPairProcessor@Dictionary@2@@Z
?getValue@Dictionary@Utils@@QBEABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV34@@Z
?setValue@Dictionary@Utils@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z
?stripLeadingChars@Utils@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV23@PBG@Z
?stripTrailingChars@Utils@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV23@PBG@Z
??0CstringVector@Utils@@QAE@PBQBG@Z
?split@CstringVector@Utils@@QAEXPBG0_N@Z
?getNumericValue@Dictionary@Utils@@QBEKPBG@Z
?getValue@Dictionary@Utils@@QBEABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBG@Z
??1KeyReplacement@Utils@@UAE@XZ
??1CaseSensitiveDictionary@Utils@@UAE@XZ
?setValue_@CaseSensitiveDictionary@Utils@@MAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z
??1CstringVector@Utils@@QAE@XZ

customactionutils

??0PropertyManager@CustomAction@@QAE@AAVMsiWrapper@1@@Z
??0MsiWrapper@CustomAction@@QAE@PBGKPAU_iobuf@@@Z
?error@MsiWrapper@CustomAction@@QBA_NPBGZZ
?info@MsiWrapper@CustomAction@@QBA_NPBGZZ
?isRollback@MsiHandle@CustomAction@@QBE_NXZ
??1MsiWrapper@CustomAction@@UAE@XZ
??1PropertyManager@CustomAction@@UAE@XZ
?getVersionString@MsiProductInfo@CustomAction@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?isSet@PropertyManager@CustomAction@@QAE_NPBG@Z
?getInstallLocation@MsiProductInfo@CustomAction@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?warning@MsiWrapper@CustomAction@@QBA_NPBGZZ
?getRegistryParam@MsiProductInfo@CustomAction@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBG@Z
?setPath@PropertyManager@CustomAction@@QAEXPBG0@Z
??0MsiProductInfo@CustomAction@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?isInstalled@MsiProductInfo@CustomAction@@QBE_NXZ
??1MsiProductInfo@CustomAction@@UAE@XZ
?set@PropertyManager@CustomAction@@QAEXPBGK@Z
?resolve@PropertyManager@CustomAction@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV34@@Z
?get@PropertyManager@CustomAction@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBG0@Z
?set@PropertyManager@CustomAction@@QAEXPBG0@Z

fileutils

?set@PathComponents@Utils@@QAEXPBG@Z
?dirname@Path@Utils@@QBEXAAV12@@Z
?toFile@Path@Utils@@QAEXXZ
?toLong@Path@Utils@@QAEXXZ
?hasSection@Ini@Utils@@QBE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??0Ini@Utils@@QAE@XZ
?getSection@Ini@Utils@@QBEABVSection@2@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??1Ini@Utils@@UAE@XZ
?catSubdir@Path@Utils@@QAEXPBG@Z
??0Path@Utils@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
??_7Path@Utils@@6B@
?set@Path@Utils@@QAEXPBGI_N@Z
?close@FileStream@Utils@@QAEXXZ
?FILE_SEP@Utils@@3PBGB
?readFile@Ini@Utils@@QAEXPBG@Z
?getPathLength@Path@Utils@@QBEIXZ
?open@TextFileWriter@Utils@@QAEX_N@Z
??0TextFileWriter@Utils@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@I_N@Z
??1TextFileWriter@Utils@@UAE@XZ
?flushToDisk@TextFileWriter@Utils@@QAEXXZ
?vformatLine@TextFileWriter@Utils@@QAEXPBGPAD@Z
?formatLine@TextFileWriter@Utils@@QAAXPBGZZ
??1PropertiesFileReader@Utils@@UAE@XZ
?readPropertyFile@PropertiesFileReader@Utils@@QAEXAAVDictionary@2@@Z
??0PropertiesFileReader@Utils@@QAE@PBGI@Z
?isDir@Path@Utils@@QBE_NXZ
?setExt@Path@Utils@@QAEXPBG@Z
?nextLine@TextFileReader@Utils@@IAEPBGXZ
?open@TextFileReader@Utils@@QAEXXZ
??0TextFileReader@Utils@@QAE@PBGI_N@Z
?exists@Path@Utils@@QBE_NXZ
?hasSection@Ini@Utils@@QBE_NPBG@Z
?getSection@Ini@Utils@@QBEABVSection@2@PBG@Z
??1TextFileReader@Utils@@UAE@XZ
??1Path@Utils@@UAE@XZ
?setFileName@Path@Utils@@QAEXPBG@Z

msvcp71

?_Nomemory@std@@YAXXZ
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
?str@?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??_D?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?clear@ios_base@std@@QAEXH_N@Z

msvcr71

_snwprintf
_onexit
__dllonexit
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_initterm
free
??1type_info@@UAE@XZ
_except_handler3
__security_error_handler
_callnewh
malloc
_time64
_localtime64
wcsftime
towupper
wcsncmp
wcslen
_wcsicmp
_wgetenv
wcscmp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??3@YAXPAX@Z
_purecall
wcstoul
memmove
ceil

Exports

Exports

MsiMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

416ba4c552fef22009fab15dcd52dc2a

Headers

File Characteristics

PDB Paths

Imports

dnsapi

kernel32

actionengine

registryutils

textutils

customactionutils

fileutils

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 208B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 208B

.reloc
Size: 4KB - Virtual size: 3KB