e278708dda312b1dae3f47ad61369548_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e278708dda312b1dae3f47ad61369548_JaffaCakes118
Size

168KB
MD5

e278708dda312b1dae3f47ad61369548
SHA1

a7f9c820eefc3084503691a1ec026566c203ed34
SHA256

7a3388aa3a92ccb93ead83d9a65ccd451a372e546759950b25b9dc9b31642959
SHA512

103cd832633ec7f64d26a604fa47fcc303c934f1462ea179b7540d33e6526c55abfed3dfff2be66452a0f40f209e435879d8ae27fc8c71819066ed5c6509b4c6
SSDEEP

3072:S7gsYgygaJF0sIdHRJW5+R2y2tJdzz4cmasEH83cUH5TaZP6Z5OZ4gpmUGI:UgsYgygTdHRJIBtJWcmgc3Nf9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e278708dda312b1dae3f47ad61369548_JaffaCakes118

Files

e278708dda312b1dae3f47ad61369548_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b20e5bc0ccb68a3b936f6d017aded55f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\l60017216_view4\Wt_utps_code\E620_host\bin\win32rel\WLanUI.pdb

Imports

isapucontrol

?SetFont@CiSAPUGroupBox@@QAEXABUtagLOGFONTA@@@Z
??0CiSAPUButton@@QAE@XZ
??0CiSAPUEdit@@QAE@XZ
??0CiSAPUComboBox@@QAE@XZ
??0CiSAPUCheckButton@@QAE@XZ
??0CiSAPUGroupBox@@QAE@XZ
??1CiSAPUGroupBox@@UAE@XZ
??1CiSAPUCheckButton@@UAE@XZ
??1CiSAPUComboBox@@UAE@XZ
??1CiSAPUEdit@@UAE@XZ
??1CiSAPUButton@@UAE@XZ
?SetTransparent@CiSAPUGroupBox@@QAEXH@Z
?MessageBoxA@CiSAPUWindow@@QAEHPBD0I@Z
?EnableWindow@CiSAPUButton@@QAEHH@Z
?OnInitDialog@CiSAPUWindow@@MAEHXZ
?SetText@CiSAPUBitmapButton@@QAEXPBD@Z
?InsertItem@CiSAPUListCtrl@@QAEHHPBD@Z
?SetFont@CiSAPUBitmapButton@@QAEXAAUtagLOGFONTA@@@Z
?SetChangeTheme@CiSAPUWindow@@QAEHPBD00@Z
?GetItemText@CiSAPUListCtrl@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HH@Z
??1CiSAPUStatic@@UAE@XZ
??0CiSAPUWindow@@QAE@IPAVCWnd@@@Z
??0CiSAPUListCtrl@@QAE@XZ
??0CiSAPUBitmapButton@@QAE@XZ
??0CiSAPUStatic@@QAE@XZ
??1CiSAPUWindow@@UAE@XZ
??1CiSAPUListCtrl@@UAE@XZ
??1CiSAPUBitmapButton@@UAE@XZ
?SetBkTransparent@CiSAPUCheckButton@@QAEXXZ
?SetWindowTextA@CiSAPUGroupBox@@QAEXPBD@Z
?PreSubclassWindow@CiSAPUWindow@@MAEXXZ
?WindowProc@CiSAPUWindow@@MAEJIIJ@Z

fastresource

CreateCFASTResource

wrapi

?WRAPIGetSSId@@YAJPAE@Z
?WRAPIGetStatistic@@YAJPAUDOT_11_STATSEX@@@Z
?WRAPIGetSignalStrength@@YAJPAJ@Z
?WRAPIGetMediaConnStatus@@YAJPAW4_NDIS_MEDIA_STATE@@@Z
?WRAPIGetPhysicMedium@@YAJPAW4_NDIS_PHYSICAL_MEDIUM@@@Z
?WRAPIOpenNdisDevice@@YAJPA_W@Z
?WRAPIEnumerateDevices@@YAJPAPAUWRAPI_NDIS_DEVICE@@PAJ@Z
?WRAPIOpenMyNdisuio@@YAJXZ
?WRAPICloseMyNdisuio@@YAJXZ
?WRAPIDisassociate@@YAJXZ
?WRAPISetAuthMode@@YAJPAH@Z
?WRAPISetWepStatus@@YAJPAW4_NDIS_802_11_WEP_STATUS@@@Z
?WRAPISetNetworkMode@@YAJPAH@Z
?WRAPISetSSId@@YAJPAEAAK@Z
?WRAPIGetAPList@@YAJPAPAUAP_DATA@@PAJ@Z

mfc71

ord762
ord1084
ord3210
ord1934
ord2368
ord3204
ord1280
ord5182
ord4212
ord4735
ord4890
ord2020
ord1671
ord1670
ord1551
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord5152
ord1908
ord5073
ord4185
ord5203
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord764
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4262
ord578
ord304
ord310
ord1794
ord2164
ord781
ord5873
ord2322
ord3875
ord6067
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord2248
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord4481
ord4261
ord3333
ord566
ord757
ord3830
ord1185
ord1892
ord297
ord784
ord1486
ord2899
ord3989
ord2468
ord3761
ord6236
ord3997
ord5529
ord5403
ord2475
ord4353
ord2131
ord6090
ord1489
ord299
ord2933
ord1482
ord1005
ord5438
ord2657
ord746
ord266
ord558
ord3441
ord3641
ord581
ord1167
ord1092
ord1209
ord314
ord1177
ord1175
ord1201
ord1120
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord4967

msvcr71

malloc
free
_except_handler3
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
_CxxThrowException
wcslen
atoi
__dllonexit
printf
time
_purecall
memset
__security_error_handler
??1type_info@@UAE@XZ
__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit

kernel32

LoadLibraryA
GetVersionExA
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
ReleaseMutex
WaitForSingleObject
CreateMutexA
CloseHandle
CreateThread
TerminateThread
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
Sleep
GetModuleFileNameA

user32

SendMessageA
EnableWindow
PostMessageA

gdi32

CreateFontIndirectA
GetObjectA

advapi32

StartServiceA
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

Exports

Exports

??0CWLanUIDlg@@QAE@PAVCWnd@@@Z
??1CWLanUIDlg@@UAE@XZ
??_7CWLanUIDlg@@6B@
??_FCWLanUIDlg@@QAEXXZ
?CheckSysInfo@CWLanUIDlg@@QAEHXZ
?Create@CWLanUIDlg@@QAEXPAVCWnd@@@Z
?DeleteProfile@CWLanUIDlg@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?DeviceDetect@CWLanUIDlg@@QAEXXZ
?DoDataExchange@CWLanUIDlg@@MAEXPAVCDataExchange@@@Z
?GetCurModulePath@CWLanUIDlg@@QAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetMessageMap@CWLanUIDlg@@MBEPBUAFX_MSGMAP@@XZ
?GetMyKeyValue@CWLanUIDlg@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0AAV23@@Z
?GetRuntimeClass@CWLanUIDlg@@UBEPAUCRuntimeClass@@XZ
?GetSrvStatus@CWLanUIDlg@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PAK@Z
?GetThisClass@CWLanUIDlg@@SGPAUCRuntimeClass@@XZ
?GetThisMessageMap@CWLanUIDlg@@KGPBUAFX_MSGMAP@@XZ
?InitDlg@CWLanUIDlg@@QAEXXZ
?InitLang@CWLanUIDlg@@QAEXPB_W@Z
?InsertComboBox@CWLanUIDlg@@QAEXAAVCComboBox@@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?IsWinConfig@CWLanUIDlg@@QAEHXZ
?OnBnClickedBtnWlanCancel@CWLanUIDlg@@QAEXXZ
?OnBnClickedBtnWlanConnect@CWLanUIDlg@@QAEXXZ
?OnBnClickedBtnWlanDelete@CWLanUIDlg@@QAEXXZ
?OnBnClickedBtnWlanDisconnect@CWLanUIDlg@@QAEXXZ
?OnBnClickedBtnWlanModify@CWLanUIDlg@@QAEXXZ
?OnBnClickedBtnWlanNew@CWLanUIDlg@@QAEXXZ
?OnBnClickedBtnWlanSave@CWLanUIDlg@@QAEXXZ
?OnBnClickedBtnWlanScan@CWLanUIDlg@@QAEXXZ
?OnBnClickedCheckWinconfig@CWLanUIDlg@@QAEXXZ
?OnCbnSelchangeComboWlanMode@CWLanUIDlg@@QAEXXZ
?OnCbnSelchangeComboWlanProfilename@CWLanUIDlg@@QAEXXZ
?OnDestroy@CWLanUIDlg@@QAEXXZ
?OnInitDialog@CWLanUIDlg@@MAEHXZ
?OnRefreshStat@CWLanUIDlg@@QAEJIJ@Z
?OnUpdateAdapterStatus@CWLanUIDlg@@QAEJIJ@Z
?OnUpdateConnStatus@CWLanUIDlg@@QAEJIJ@Z
?ProfileCtrlsEdit@CWLanUIDlg@@QAEHXZ
?ProfileCtrlsNormal@CWLanUIDlg@@QAEHXZ
?ReadAllProfileName@CWLanUIDlg@@QAEHXZ
?ReadString@CWLanUIDlg@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDV23@@Z
?RefreshProfileList@CWLanUIDlg@@QAEHXZ
?ResetMyService@CWLanUIDlg@@QAEXXZ
?SetMyFont@CWLanUIDlg@@QAEXXZ
?SetMyKeyValue@CWLanUIDlg@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@00@Z
?SetSkin@CWLanUIDlg@@QAEJPB_W00@Z
?StartMyService@CWLanUIDlg@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?StopMyService@CWLanUIDlg@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?_messageEntries@CWLanUIDlg@@0QBUAFX_MSGMAP_ENTRY@@B
?classCWLanUIDlg@CWLanUIDlg@@2UCRuntimeClass@@B
?messageMap@CWLanUIDlg@@1UAFX_MSGMAP@@B

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b20e5bc0ccb68a3b936f6d017aded55f

Headers

File Characteristics

PDB Paths

Imports

isapucontrol

fastresource

wrapi

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

msvcp71

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 104KB - Virtual size: 101KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 104KB - Virtual size: 101KB

.reloc
Size: 8KB - Virtual size: 6KB