bcd11dbd3bca1e7e3dc6dc521f14ebd8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bcd11dbd3bca1e7e3dc6dc521f14ebd8_JaffaCakes118
Size

96KB
MD5

bcd11dbd3bca1e7e3dc6dc521f14ebd8
SHA1

6292ad1139b628800610aee582af6588f3d99f3b
SHA256

90d124530beae7610052df49b84a2516c19de6d36163b3d4bb1b4932198d436e
SHA512

9cca9121a6c020a127b525bbd84947f31f87b8053c7b78947aeec4f5c8c3cc79162325e5ba7f4372b13d3631ba072c8c42115f60c0674846977aa0c2bee2863d
SSDEEP

1536:53GB/RH2hymApRObupVgcT4kjyc4EOahMw7kafnudV+wTKHt1EzQHqqAOzMwVbQu:IBZHTmApRObupVgcT4IJB7kafudV+web

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcd11dbd3bca1e7e3dc6dc521f14ebd8_JaffaCakes118

Files

bcd11dbd3bca1e7e3dc6dc521f14ebd8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d7c97b71c8bf7d20e707f27500648f3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\_cn02231423\es-minsk-build\plugins\VistaCDBackup-Root\VistaCDBackup\Release\VistaCDBackup.pdb

Imports

spiffyext

??1CSpiffyDialog@@UAE@XZ
?GetRuntimeClass@CSpiffyDialog@@UBEPAUCRuntimeClass@@XZ
?GetThisClass@CSpiffyDialog@@SGPAUCRuntimeClass@@XZ
?OnToolHitTest@CSpiffyDialog@@UBEHVCPoint@@PAUtagTOOLINFOA@@@Z
?GetThisMessageMap@CSpiffyDialog@@KGPBUAFX_MSGMAP@@XZ
??0CSpiffyDialog@@QAE@IPAVCWnd@@@Z
?OnInitDialog@CSpiffyDialog@@MAEHXZ

mfc80

ord2020
ord1522
ord4890
ord2172
ord4735
ord2178
ord4212
ord2405
ord5182
ord1968
ord2387
ord1934
ord2385
ord1280
ord2403
ord2415
ord2392
ord2408
ord1191
ord1185
ord1187
ord4085
ord1098
ord371
ord1175
ord1122
ord5526
ord741
ord303
ord557
ord745
ord386
ord631
ord2280
ord2288
ord1794
ord2904
ord1793
ord5807
ord6236
ord908
ord5833
ord5438
ord2748
ord558
ord6279
ord1230
ord746
ord1931
ord3761
ord1483
ord4098
ord1643
ord2089
ord1581
ord1547
ord4234
ord2086
ord3292
ord1545
ord3171
ord2662
ord1486
ord4232
ord6286
ord1181
ord3164
ord5320
ord2164
ord6297
ord5331
ord3255
ord715
ord572
ord591
ord2899
ord1671
ord1903
ord1591
ord4261
ord4240
ord2991
ord4967
ord587
ord5214
ord1402
ord3317
ord5915
ord6725
ord1005
ord1063
ord764
ord6703
ord3997
ord299
ord5563
ord1489
ord297
ord1084
ord310
ord578
ord4081
ord300
ord5529
ord1482
ord784
ord2271
ord2325
ord911
ord304
ord265
ord2451
ord2322
ord2324
ord266
ord762
ord781
ord4035
ord1123
ord2413
ord347
ord2396
ord602
ord2095
ord2398
ord2400
ord2394
ord5637
ord2410
ord2390
ord934
ord930
ord932
ord928
ord1279
ord923
ord2657
ord5233
ord5613
ord3802
ord1670
ord6277
ord1551
ord3345
ord1908
ord1362
ord2176
ord3161
ord6724
ord5175
ord5912
ord1964
ord1401
ord1656
ord5203
ord1655
ord3210
ord1599
ord709
ord5200
ord501
ord4262
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord1620
ord2646
ord1617
ord2533
ord1308
ord3946
ord3718
ord4244
ord3719
ord5152
ord3709
ord5073
ord2644
ord6275
ord3949
ord5491
ord4185
ord4486
ord3403
ord4722
ord6067
ord4282
ord1600
ord2168
ord5960
ord5235

msvcr80

_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_decode_pointer
_onexit
_encode_pointer
__dllonexit
_unlock
__clean_type_info_names_internal
_CxxThrowException
__CxxFrameHandler3
ceil
memcpy_s
_localtime64_s
_time64
atoi
_itoa
__RTDynamicCast
_amsg_exit
memset
strlen
?what@exception@std@@UBEPBDXZ
_vsnprintf
??1exception@std@@UAE@XZ
_mbslen
sscanf
??0exception@std@@QAE@ABV01@@Z
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_invalid_parameter_noinfo
??8type_info@@QBE_NABV0@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
memmove_s
?raw_name@type_info@@QBEPBDXZ
_purecall
free
malloc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_mbsnbcat
_crt_debugger_hook
memcmp
strcmp
_lock

kernel32

GetACP
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
DisableThreadLibraryCalls
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoA
TlsGetValue
TlsSetValue
UnmapViewOfFile
TlsAlloc
GetSystemInfo
GetCurrentProcess
OutputDebugStringA
InterlockedExchange
GlobalFree
ReleaseMutex
WaitForSingleObject
GetLastError
CreateMutexA
GetCurrentProcessId
CloseHandle
WriteFile
GetProcessHeap
SetFilePointer
HeapAlloc
LocalFree
MapViewOfFile
CreateFileA
CreateFileMappingA
Sleep
GetVersionExA
OpenFileMappingA
FreeLibrary
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
lstrlenA
GlobalAlloc
GetThreadLocale

user32

DispatchMessageA
TranslateMessage
wsprintfA
SendMessageA
KillTimer
SetTimer
PostMessageA
GetWindowRect
EnableWindow
LoadBitmapA
wvsprintfA
MessageBoxA
GetMessageA
InvalidateRect

gdi32

BitBlt
CreateCompatibleDC
GetObjectA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
RegSetValueExA
InitializeSecurityDescriptor
RegCreateKeyExA

shell32

SHCreateDirectoryExW
SHGetFolderPathW

shlwapi

PathAppendW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx

oleaut32

SysStringLen
VariantInit
DispCallFunc
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
VariantClear
SysAllocString

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

locvistacdbackup

_MyLocDllHandle

Exports

Exports

??0AddressObject@@QAE@XZ
??1AddressObject@@UAE@XZ
??_7AddressObject@@6B@
?Construct@AddressObject@@QAE?AW4SUPPORTS_ERRORS@@V?$shared_ptr@VBinaryInterface@@@boost@@@Z
?GetAsciiType@AddressObject@@UAE?AVSystemString@@XZ
DLLCreateCDBackupDialog
DllGetVersion
GetFactoryV2
InitializeExtension
ShutdownExtension

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7c97b71c8bf7d20e707f27500648f3f

Headers

File Characteristics

PDB Paths

Imports

spiffyext

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

msvcp80

locvistacdbackup

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB