eeba116b01e946b383fce3c15403fa79_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eeba116b01e946b383fce3c15403fa79_JaffaCakes118
Size

193KB
MD5

eeba116b01e946b383fce3c15403fa79
SHA1

040ff812dcf6be72470792ad00495699478e1550
SHA256

2749a1a833035a5622284428b1ae9a1ff7040ae82b7cebb15cfdfcaff8d060a4
SHA512

563cd857593dcedf0d7b2bd206e05b2007ab307c15004955d46a108b92096e9e680ddfce115fcdead91b6e8f05195a954026b7fbba344bc73082cfcb7c133109
SSDEEP

6144:ziFmWC1ORKTwUu7kXDYbcwLzCn167R6r:ziTfuaoXDY/vC167

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eeba116b01e946b383fce3c15403fa79_JaffaCakes118

Files

eeba116b01e946b383fce3c15403fa79_JaffaCakes118
.dll windows:4 windows x86 arch:x86

45708a296e92bc695ec99b4584dcea2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\CXR18\BSF\intel_a\code\bin\CATOmsDocument.pdb

Imports

catobjectmodelerbase

??0CATExtensionAdapter@@QAE@XZ
?AddSubscription@CATExtensionAdapter@@UAEJPAVCATInterfaceEvents@@PBDP8CATBaseUnknown@@AEX1PAXPAVCATNotification@@2J@ZPAD2@Z
?RemoveSubscriptionsOn@CATExtensionAdapter@@UAEXPAVCATInterfaceEvents@@PBDPADPAX@Z
?RemoveInterfaceSubscriptions@CATExtensionAdapter@@UAEXPAVCATInterfaceEvents@@PAD@Z
?GetCallbackManager@CATExtensionAdapter@@UAEPAVCATCallbackManager@@XZ
?AddInverseLink@CATExtensionAdapter@@UAEXVCATBaseUnknown_var@@@Z
?RemoveInverseLink@CATExtensionAdapter@@UAEXVCATBaseUnknown_var@@@Z
?GetInverseLinks@CATExtensionAdapter@@UAE?AVCATListValCATBaseUnknown_var@@XZ
?GetName@CATExtensionAdapter@@UAEPADW4CATNameKind@@@Z
?GetName_B@CATExtensionAdapter@@UAE?AV_SEQUENCE_octet@@W4CATNameKind@@@Z
?GetSymbolicLink@CATExtensionAdapter@@UAEPAVCATISymbolicLink@@XZ
?GetIdentifier@CATExtensionAdapter@@UAEXAAV_SEQUENCE_octet@@AAE@Z
?GetDocument@CATExtensionAdapter@@UAEPAVCATDocument@@XZ
?GetLocatorType@CATExtensionAdapter@@UAE?AV_SEQUENCE_octet@@XZ
?GetAdditionalInfos@CATExtensionAdapter@@UAE?AV_SEQUENCE_octet@@XZ
?ListSupportedAreasIdentifier@CATExtensionAdapter@@UAEXPAVCATListValCATUnicodeString@@AAE@Z
?IsAFilledArea@CATExtensionAdapter@@UAEEABVCATUnicodeString@@@Z
?FillArea@CATExtensionAdapter@@UAEXABVCATUnicodeString@@V_SEQUENCE_octet@@E@Z
?GetStoredName@CATExtensionAdapter@@UAE?AV_SEQUENCE_octet@@ABVCATUnicodeString@@@Z
?ExternalBindPointedObjects@CATExtensionAdapter@@UAE?AVCATListValCATBaseUnknown_var@@QBDPAVCATIBindParameters@@@Z
??1CATExtensionAdapter@@UAE@XZ
??0CATExtensionAdapter@@IAE@ABV0@@Z
??4CATExtensionAdapter@@IAEAAV0@ABV0@@Z
??0_SEQUENCE_octet@@QAE@XZ
?Assignation@sequence@@MAEXPBXH@Z
??1_SEQUENCE_octet@@QAE@XZ
?MetaObject@CATExtensionAdapter@@SGPAVCATMetaClass@@XZ
??ACATListPtrCATIContainer@@QBEPAVCATIContainer@@H@Z
?Size@CATListPtrCATIContainer@@QBEHXZ
?CATSplitName@@YAEQADAAPAD111@Z
?CATAssembleName@@YAPADABQAD000@Z
?AsString@@YAPADHPBXH@Z
??A_SEQUENCE_octet@@QAEAAEJ@Z
?CATSplitName_B@@YAEABV_SEQUENCE_octet@@AAV_SHAREDSEQUENCE_octet@@111@Z
?length@_SEQUENCE_octet@@QBEJXZ
?ClassName@CATIContainer@@SGPBDXZ
?StorageName@CATDocument@@QBE?AVCATUnicodeString@@XZ

catomsbase

?__CastTo@CATImplementationSDM_var@@AAGXPAUIUnknown@@@Z
?CATWriteBinaryFile@@YAXPAVSdaiSetClassOfSdaiModelH@@ABVCATUnicodeString@@@Z
?last_written_name@SessionModelInfo@@QAEXABVCATUnicodeString@@@Z
?last_written_type@SessionModelInfo@@QAEXW4SaveType@1@@Z
??0SessionModelInfo@@QAE@PAVCATSDM_Model@@@Z
?SDMBindInterface@@YAPAVCATBaseUnknown@@PAVSdaiModel@@QBD@Z

js0group

?GetLengthInChar@CATUnicodeString@@QBEHXZ
??7CATBaseUnknown_var@@QBGHXZ
?IsAKindOf@CATMetaClass@@QBEHPBD@Z
?IsA@CATMetaClass@@QBEPBDXZ
?GetClassId@CATMetaClass@@QBGABU_GUID@@XZ
??0CATUnicodeString@@QAE@QBD@Z
??1CATUnicodeString@@QAE@XZ
??1CATBaseUnknown_var@@QAE@XZ
?fct_RetrieveMetaObject@@YAPAVCATMetaClass@@PBDW4ENUMTypeOfClass@@PAV1@00J@Z
??2CATBaseUnknown@@SAPAXI@Z
??CCATBaseUnknown_var@@QBGPAVCATBaseUnknown@@XZ
??0CATBaseUnknown_var@@QAE@XZ
??3CATBaseUnknown@@SAXPAX@Z
?ChangeComponentState@CATBaseUnknown@@UAEJW4ComponentState@1@0PBVCATSysChangeComponentStateContext@@@Z
?IsEqual@CATBaseUnknown@@UBEHPBV1@@Z
?IsNull@CATBaseUnknown@@UBEHXZ
?SetImpl@CATBaseUnknown@@UAGPAV1@PAV1@@Z
?GetImpl@CATBaseUnknown@@UBGPAV1@H@Z
?QueryInterface@CATBaseUnknown@@UBEPAV1@PBD@Z
?GetIDsOfNames@CATBaseUnknown@@UAGJABU_GUID@@PAPAGIKPAJ@Z
?GetTypeInfo@CATBaseUnknown@@UAGJIKPAPAUITypeInfo@@@Z
?GetTypeInfoCount@CATBaseUnknown@@UAGJPAI@Z
?Release@CATBaseUnknown@@UAGKXZ
?AddRef@CATBaseUnknown@@UAGKXZ
?QueryInterface@CATBaseUnknown@@UAGJABU_GUID@@PAPAX@Z
?Invoke@CATBaseUnknown@@UAGJJABU_GUID@@KGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAI@Z

catsdmbinaryform

??0CATSDMBinary@@QAE@PBD@Z
?Read@CATSDMBinary@@QAEPAVSdaiSetClassOfSdaiModelH@@XZ
??1CATSDMBinary@@QAE@XZ

catsrtsessionmgmt

?ResetChange@SdaiModel@@QAEHXZ
?Add@SdaiUnorderedCollectionClassOfSdaiModelH@@QAEABVSdaiBoolean@@ABQAVSdaiModel@@@Z
??0SdaiSetClassOfSdaiModelH@@QAE@IIW4COWSupport@SdaiRoot@@@Z
?GetAggrElementsType@SdaiAggrClassOfSdaiModelH@@UBE?AW4SdaiPrimitiveType@@XZ
?GetAggrElementsTypeName@SdaiAggrClassOfSdaiModelH@@UBEABVSdaiString@@XZ
??1SdaiSetClassOfSdaiModelH@@MAE@XZ
?IsChanged@SdaiModel@@QBEHXZ
??1SdaiIterator_Of_SdaiModelH@@UAE@XZ
?OMptr@CATSdaiModel@@QAEXPAX@Z
??0SdaiIterator_Of_SdaiModelH@@QAE@PBVSdaiAggrClassOfSdaiModelH@@W4SdaiAccessMode@@@Z
?GetCurrentMember@SdaiIterator_Of_SdaiModelH@@QBEPAVSdaiModel@@XZ
?Model@SdaiModel@@QBEPAVCATSdaiModel@@XZ
?OMptr@CATSdaiModel@@QAEPAXXZ

catsrtsimpletypes

?DeleteAggr@SdaiAggrInstance@@SAXPAV1@W4ContextSensitivity@SdaiRoot@@@Z
?GetInstanceTypeName@SdaiAggrInstance@@UBEABVSdaiString@@XZ
?IsKindOf@SdaiAggrInstance@@UBEABVSdaiBoolean@@ABVSdaiString@@@Z
?className@SdaiRoot@@UAEQBDXZ
?Empty@SdaiAggrInstance@@UAEHW4ContextSensitivity@SdaiRoot@@@Z
?AddMember@SdaiAggrInstance@@UAEABVSdaiBoolean@@ABVSdaiPrimitiveH@@W4ContextSensitivity@SdaiRoot@@@Z
?GetMember@SdaiAggrInstance@@MBEABVSdaiPrimitiveH@@ABVSdaiIterInstance@@W4ContextSensitivity@SdaiRoot@@@Z
?OutPutAggr@SdaiAggrInstance@@UAEAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV23@@Z
?THEsdaiTRUE@CATSdaiStaticGlobalData@@SAABVSdaiBoolean@@XZ
??BSdaiBoolean@@QBEHXZ
?Next@SdaiIterInstance@@QAEABVSdaiBoolean@@XZ
?Beginning@SdaiIterInstance@@QAEXXZ

msvcr80

__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
??3@YAXPAX@Z
free
??_V@YAXPAX@Z
_callnewh
_lock
malloc

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

Exports

Exports

??0CATSDM_Document@@QAE@ABV0@@Z
??0CATSDM_Document@@QAE@XZ
??1CATSDM_Document@@UAE@XZ
??4CATSDM_Document@@QAEAAV0@ABV0@@Z
??_7CATSDM_Document@@6B@
?CATSDMDocumentAddContainer@@YAXPAVCATDocument@@PAVCATIContainer@@@Z
?CATSDMDocumentDirty@@YAEPAVCATDocument@@@Z
?CATSDMDocumentLoad@@YAXPAVCATDocument@@PADE@Z
?CATSDMDocumentLoad@@YAXPAVCATDocument@@V_SEQUENCE_octet@@E@Z
?CATSDMDocumentSave@@YAXPAVCATDocument@@@Z
?CATSDMDocumentSaveAs@@YAXPAVCATDocument@@PADE@Z
?CATSDMDocumentSaveAs@@YAXPAVCATDocument@@V_SEQUENCE_octet@@E@Z
?ClassId@CATSDM_Document@@SGABU_GUID@@XZ
?ClassName@CATSDM_Document@@SGPBDXZ
?CreateItself@CATSDM_Document@@SAPAVCATBaseUnknown@@XZ
?Dirty@CATSDM_Document@@UAEEXZ
?GetMetaObject@CATSDM_Document@@UBGPAVCATMetaClass@@XZ
?IsA@CATSDM_Document@@UBEPBDXZ
?IsAKindOf@CATSDM_Document@@UBEHPBD@Z
?Load@CATSDM_Document@@UAEXPADE@Z
?Load_B@CATSDM_Document@@UAEXV_SEQUENCE_octet@@E@Z
?MetaObject@CATSDM_Document@@SGPAVCATMetaClass@@XZ
?Save@CATSDM_Document@@UAEXXZ
?SaveAs@CATSDM_Document@@UAEXPADE@Z
?SaveAs_B@CATSDM_Document@@UAEXV_SEQUENCE_octet@@E@Z
?meta_object@CATSDM_Document@@0PAVCATMetaClass@@A
DASSAULT_SYSTEMES_CAA2_INTERNAL_CATOmsDocument

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45708a296e92bc695ec99b4584dcea2c

Headers

File Characteristics

PDB Paths

Imports

catobjectmodelerbase

catomsbase

js0group

catsdmbinaryform

catsrtsessionmgmt

catsrtsimpletypes

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 172KB - Virtual size: 172KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB