f595323d0bf167971a7d1e1953a56160_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f595323d0bf167971a7d1e1953a56160_JaffaCakes118
Size

100KB
MD5

f595323d0bf167971a7d1e1953a56160
SHA1

787f40d55fef54d1113ad36a8ea27ee4ee14b27b
SHA256

28f0c385b57ce204f78f19cb2ac762cb2b99bb12c49227eede6c16326ff1a65d
SHA512

6b59ad09ea11ee205a1fd8306590104ef4d8887094b2d67fb67afaecaa5ed2e691417f1b1597c66fa966a4a880f9820f3f23e92a0b0759b2cfc07769437ca420
SSDEEP

3072:1FXiAllVh9uxNFCPjoBmvkNiLd2fJY3yhRUbu1oJaXV7KQCnqkRuYtgv7W8/Olkd:3bhmFCPjoBmvkNiLd2fJY3yhRUbu1oJM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f595323d0bf167971a7d1e1953a56160_JaffaCakes118

Files

f595323d0bf167971a7d1e1953a56160_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4a19407cb061b235be28ae49f4bb5db0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

commveh32

?setstatus@Buf@@QAEXW4T_CM_SectionError@@DPAD@Z
?get@Buf@@QAEIPADII@Z
?clear@Buf@@QAEID@Z
?set@Buf@@QAEIJI@Z
??1Stock@@QAE@XZ
??0Stock@@QAE@XZ
?com@Buf@@QAEIQADPAV1@@Z
?getsizebuf@Buf@@QAEJXZ
?get@Buf@@QAEIPAEI@Z
?set@Buf@@QAEIPADII@Z
?set@Buf@@QAEIEI@Z
??1Buf@@QAE@XZ
??0Buf@@QAE@XZ
?OpenDefaultMessagerie@Buf@@QAEIXZ
?destroyServiceUnit@Buf@@QAEIXZ
?createServiceUnit@Buf@@QAEIPBDPAD_N@Z
?destroyService@Buf@@QAEIXZ
?createService@Buf@@QAEIPBD@Z
?ExecuteFnc@Buf@@QAEIPBDAAVStock@@@Z
?getstatuscom@Buf@@QAEIXZ
?getstatus@Buf@@QAEIXZ
?set@Buf@@QAEIPADH@Z
?identifyEcuVersion@Buf@@QAEIJ@Z
?getRequestsAndParametersIdent@Buf@@QAEIXZ
?GetDescList@Buf@@QAEIPBD@Z
?get@Buf@@QAEIPAV1@IIH@Z
?concat@Buf@@QAEIPAV1@@Z
?move@Buf@@QAEIPAV1@II@Z
?set@Buf@@QAEIFI@Z
?DejaDedans@Buf@@QAEHPADIIIE@Z
?SetContexteTEP@Stock@@QAEIPAD0@Z
?getServiceUnitALLParamsValue@Buf@@QAEIW4T_PARAM_TYPE@@G@Z
?getServiceUnitParamValue@Buf@@QAEIW4T_PARAM_TYPE@@PBD_N@Z
?getServiceUnitParamStates@Buf@@QAEIPBD0W4T_PARAM_TYPE@@PADAAF_N4@Z
?getServiceUnitALLParamsInfo@Buf@@QAEIPBD0AAKW4T_PARAM_TYPE@@PAUT_PARAM_INFO@@_N@Z
?getServiceUnitNbParams@Buf@@QAEIPBD0W4T_PARAM_TYPE@@AAJ_N@Z
?GetECUFaultFrame@Buf@@QAEIXZ
?GetECUFaultType@Buf@@QAEIXZ
?move@Buf@@QAEIPAV1@@Z
?AFputstatus@Buf@@QAEXDPAD@Z
?Temporisation@@YAXK@Z
?GetListFamLID@TableLID@@QBEHPAE@Z
?GetECUName@TableLID@@QBEXPAD@Z
?RemplirTableLID@TableLID@@QAE?AW4STATUS_LID@@XZ
?GetECUFrame@TableLID@@QAEXPAVBuf@@@Z
?mGetTableLID@C_CTX_FunContext@@QBEPAVTableLID@@XZ
?SetTableLIDPleine@TableLID@@QAEXH@Z
?GetTableLIDPleine@TableLID@@QBEHXZ
?AffichTableLID@TableLID@@QBEXXZ

dll_pgp

?output@GestDebug@@QBAXHPBDZZ
?Instance@GestDebug@@SAPAV1@XZ
?ExecuteComInitFin@@YA_NPADW4T_SERVICEUNIT_TYPE@@AAVStock@@@Z
?GetChaineBuf@@YAHAAVBuf@@HAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetMnemo@GestComBuf@@SA_NAAVBuf@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1H@Z
?getRawMnemo@GestComBuf@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?execute@GestComBuf@@QAE_NPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1GestComBuf@@UAE@XZ
??0GestComBuf@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?BufToString@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVBuf@@@Z
?Split@GestComBuf@@SAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@3@D@Z
?GetMnemoRT@GestComBuf@@SAHAAVBuf@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?execute@GestComBuf@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4eTypeCalculCRC@@PAV23@@Z
?SetPrivateInfo@GestAppContext@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetParamValue@GestAppContext@@QAEFABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0_N@Z
?FormatExitBuffer@GestAppContext@@QAEAAVBuf@@AAVStock@@@Z
??1GestAppContext@@UAE@XZ
??0GestAppContext@@QAE@PAVStock@@@Z
?StrBruteToValConv@@YAJPAD0H@Z
?AddProcessingKey@XmlFile@@QAE_NPBD@Z
?AddFrameKey@XmlFile@@QAE_NPBD@Z
?AddProperty@XmlFile@@QAE_NPBD00000@Z
?AddDtcInter@XmlFile@@QAE_NPBD@Z
?AddDtc@XmlFile@@QAE_NPBD@Z
?Create@XmlFile@@QAEPADXZ
??1XmlFile@@UAE@XZ
??0XmlFile@@QAE@XZ
?getPosTabParam@Cmd_Mess@@QAEJV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?get_TabParam@Cmd_Mess@@QAEPAPAVPar_Mess@@XZ
??1Cmd_Mess@@UAE@XZ
??0Cmd_Mess@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4T_PARAM_TYPE@@W4TypeFonction@@PAVStock@@@Z
?get_lLength@ParValMS@@QAE?BJXZ
?get_iDataTypeId@ParValMS@@QAE?BHXZ
?ExecuteTrame@@YA_NPADW4T_SERVICEUNIT_TYPE@@PAVCmd_Mess@@HAAVStock@@W4eTypeCalculCRC@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getTypedService@CCCP@@SA?AV?$vector@US_FrameIdentifier@@V?$allocator@US_FrameIdentifier@@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?getECUFrame@CCCP@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1CCCP@@UAE@XZ
??0CCCP@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PAVStock@@W4T_PARAM_TYPE@@0@Z
?Free@PopUpProgress@@SAXXZ
?Instance@PopUpProgress@@SAPAV1@XZ
?changeServicesAndServicesUnitsNames@TlcdDLPR@@QAEXAAVBuf@@@Z
?TelecodageRun@TlcdDLPR@@QAEXAAVStock@@W4eTypeAlgoConfPoss@@@Z
??1TlcdDLPR@@UAE@XZ
??0TlcdDLPR@@QAE@AAVBuf@@PAVStock@@@Z
?GetParamValue@GestAppContext@@QAEFABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z
?manage@C_DataWriteManager@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z
??1C_DataWriteManager@@UAE@XZ
??0C_DataWriteManager@@QAE@PAVStock@@@Z
?launchATRequest@C_ActuatorTest@@QAE_NXZ
?overloadParameters@C_ActuatorTest@@QAE_NXZ
?convertAbsolutetoRelativeNumberParameter@C_ActuatorTest@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?activateServiceAndServiceUnit@C_ActuatorTest@@QAE_NXZ
?parseXMLBuf@C_ActuatorTest@@QAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1C_ActuatorTest@@UAE@XZ
??0C_ActuatorTest@@QAE@PAVStock@@@Z
?getType@JobException@@QAE?AW4ExceptionType@@XZ
?processECUAnswer@C_ActuatorTest@@QAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?toString@GestComBuf@@SAXPBEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?toBinary@GestComBuf@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAPAEAAH@Z
?RecupValParam@@YA_NAAVStock@@W4T_PARAM_TYPE@@PAVCmd_Mess@@@Z
?Manage_Dictionary_Concatenation@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@JV12@@Z
?Manage_Dictionary_Concatenation@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@Z
?Manage_Dictionary@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@JV12@@Z
?AfficheDlg_Mess@Dlg_Mess@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00_N11J1@Z
??1Dlg_Mess@@UAE@XZ
??0Dlg_Mess@@QAE@_N@Z
?SetMnemonicValue@@YAHPBDPADAAVStock@@@Z
?GetMnemonicValue@@YAHPBDPADAAVStock@@@Z

msvcp80

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

free
malloc
atol
_ltoa
strtol
strncpy
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_wassert
strncat
atoi
strncmp
??_V@YAXPAX@Z
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
??2@YAPAXI@Z
sscanf
sprintf
__CxxFrameHandler3
memset
memcpy
_CxxThrowException

kernel32

Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange

Exports

Exports

APPGEN61
APPGEN_RAW152
DATAWRITE143
EFFDEF22
FINDIAG52
FINDMEMZONE77
GET_SEED132
INITDIAG51
INITIALISATION2126
LECTDEF67
LECTDEFECU23
LECTUREZI53
SEND_KEY133
SPEC_TLCDDLPR_MULTILID1281
SPEC_TRAME_MESS2127
TA_GEN144
TLCD_DLPR128
TRAMEGENNAME1355

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a19407cb061b235be28ae49f4bb5db0

Headers

File Characteristics

Imports

commveh32

dll_pgp

msvcp80

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB