d3cef29cd738793040963d2f11216557_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d3cef29cd738793040963d2f11216557_JaffaCakes118
Size

420KB
MD5

d3cef29cd738793040963d2f11216557
SHA1

00c39796a15f6bcb4e9381877916b499ee7f0de4
SHA256

413548eb25c8e88ea0d9b7d42e863c5e67e3a0bfdb15cab2862f4cf6c6b3c495
SHA512

abaaa337ee86f2b88f0911db1638a6b0325d9a3f21beceef9b1c6bf9d33a4b69a1f8ed226c519f3a0b62acaec91de33bff91b97808f4583d428db55cf878d277
SSDEEP

6144:2SJpO7npU7y+eSYzb8naekT+CidNhKNf32/7SKrrTB4gZKZgPZucA:bPOF6e+aew1oNhKhm7ZKZg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3cef29cd738793040963d2f11216557_JaffaCakes118

Files

d3cef29cd738793040963d2f11216557_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf5a74a1bc3ecff139c8b64b58875945

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\ntacs\usa_cnz\usasrc_caa\src\Release\ACS_USA_SyslogAnalyser.pdb

Imports

libacs_pha_r5a_dmdn6

??0ACS_PHA_Tables@@QAE@PBD@Z
??0ACS_PHA_ParameterInternal@@QAE@PBDI@Z
??_DACS_PHA_Tables@@QAEXXZ
??0ACS_PHA_NamedTable@@QAE@PBD0@Z
??0ACS_PHA_ParameterInternal@@QAE@I@Z
?get@ACS_PHA_ParameterInternal@@QAEKAAVACS_PHA_NamedTable@@@Z
??_DACS_PHA_NamedTable@@QAEXXZ
?data@ACS_PHA_ParameterInternal@@QBEPBDXZ
?get@ACS_PHA_ParameterInternal@@QAEKAAVACS_PHA_Tables@@@Z
??_DACS_PHA_ParameterInternal@@QAEXXZ

libacs_aeh_r1a_dmdn6

ord14
ord13
ord16
ord20
ord18
ord17
ord24
ord1
ord7
ord4
ord22
ord12
ord2
ord5
ord19
ord23

libacs_tra_r5a_dmdn6

ACS_TRA_flag
ACS_TRA_event

commondll

ord4

libacs_prcapi_r1a_dmdn6

?AP_InitProcess@@YAXQBDW4ACS_PRC_PROCTYPE@@@Z

libacs_exh_r1a_dmdn6

?AP_SetCleanupAndCrashRoutine@@YAXQBDP6AXXZ@Z

kernel32

GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
HeapFree
GetProcessHeap
Sleep
LocalFree
FormatMessageA
GetLastError
GetComputerNameA
SetPriorityClass
GetPriorityClass
GetCurrentProcess
HeapAlloc
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InitializeCriticalSection
RaiseException
DeleteCriticalSection
CreateWaitableTimerA
LeaveCriticalSection
TryEnterCriticalSection
CloseHandle
TerminateThread
WaitForSingleObject
EnterCriticalSection
SetWaitableTimer
MoveFileExA
FindClose
FindFirstFileA
CreateDirectoryA
GetTickCount
GetComputerNameW
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
ExitProcess
CreateEventA
WaitForMultipleObjects
SetEvent
GetModuleFileNameA
ResetEvent

user32

SetTimer
GetMessageA
UnregisterClassA

advapi32

GetNumberOfEventLogRecords
OpenEventLogA
GetOldestEventLogRecord
ClearEventLogA
ReadEventLogA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetServiceStatus
NotifyChangeEventLog
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegSetValueExA
RegisterServiceCtrlHandlerA
CloseEventLog

msvcp71

??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??7ios_base@std@@QBE_NXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?eof@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBEPAXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?_Nomemory@std@@YAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QBEHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?eof@?$char_traits@G@std@@SAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?to_int_type@?$char_traits@G@std@@SAGABG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z

msvcr71

fgetc
fwrite
_endthread
_beginthread
isspace
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
realloc
??3@YAXPAX@Z
sprintf
__CxxFrameHandler
strncpy
strlen
asctime
localtime
_stricmp
??_V@YAXPAX@Z
strncat
strcat
strcpy
mktime
strcmp
memset
strchr
_snprintf
atol
memcpy
_mbsnbcpy
printf
time
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
memmove
_except_handler3
free
malloc
strncmp
_strnicmp
_strlwr
strtol
isdigit
_endthreadex
_beginthreadex
ctime
toupper
isalnum
getenv
_access
_errno
system
sscanf
_getpid
wcscmp
_mbschr
_mbscmp
rewind
ftell
fseek
fopen
fclose
fputc
fputs
fread

clusapi

CloseClusterGroup
GetClusterGroupState
OpenClusterGroup
OpenCluster
CloseCluster

Sections

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf5a74a1bc3ecff139c8b64b58875945

Headers

File Characteristics

PDB Paths

Imports

libacs_pha_r5a_dmdn6

libacs_aeh_r1a_dmdn6

libacs_tra_r5a_dmdn6

commondll

libacs_prcapi_r1a_dmdn6

libacs_exh_r1a_dmdn6

kernel32

user32

advapi32

msvcp71

msvcr71

clusapi

Sections

.text Size: 304KB - Virtual size: 301KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 304KB - Virtual size: 301KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 24KB - Virtual size: 20KB