fac859b17ccf72a8751da6073b7eb75d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fac859b17ccf72a8751da6073b7eb75d_JaffaCakes118
Size

534KB
MD5

fac859b17ccf72a8751da6073b7eb75d
SHA1

7f29da488fb06eb8a8b810293774a85f22f5ed67
SHA256

8b3fecd2bc01f9984c0ba4f66a999e5c578ea17744d871198c96a0cad9d259fa
SHA512

227653d1975d5b0f47f0723749c307d9c52efe8e92319b3c5e3dd2526e695468441357efabc4f32209ed86c630d3730ddcd41799b477214eea836ef941b4af2c
SSDEEP

6144:pXHlK5Ar7JZzzGMnfjvII/JUB4SqAbZvPzdTBq2ZhLOKOFeomzb0NBajYHHd:57DGMnfjtUB4sVvbdTsSjEajYd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fac859b17ccf72a8751da6073b7eb75d_JaffaCakes118

Files

fac859b17ccf72a8751da6073b7eb75d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

da21ea608c625301ba2137abad7db181

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Projects\source\winsrc_wkssrv\avcontrol-oem\controlcenter\Release\ControlCenter.pdb

Imports

mfc90u

ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord4774
ord5078
ord3743
ord5664
ord4603
ord6800
ord5512
ord2069
ord2074
ord5602
ord4664
ord801
ord1493
ord4345
ord4910
ord1751
ord2612
ord2630
ord2375
ord3140
ord2368
ord1641
ord1486
ord6802
ord4174
ord6804
ord3682
ord5404
ord6604
ord6065
ord6577
ord4543
ord6376
ord3226
ord6579
ord2904
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord4530
ord4527
ord3674
ord1248
ord2130
ord3577
ord1108
ord1599
ord938
ord2360
ord2595
ord3252
ord4010
ord4658
ord693
ord2280
ord4262
ord3145
ord6353
ord3563
ord797
ord595
ord5573
ord3589
ord1754
ord6411
ord3355
ord1100
ord3488
ord2596
ord1357
ord3543
ord2593
ord1354
ord2106
ord1064
ord1137
ord3515
ord1675
ord1809
ord1810
ord5324
ord2635
ord4682
ord1492
ord6408
ord3353
ord5632
ord5182
ord1709
ord3374
ord2653
ord2224
ord5662
ord1405
ord6666
ord2282
ord4512
ord581
ord1043
ord6636
ord3908
ord4700
ord1640
ord4692
ord6187
ord551
ord617
ord5572
ord341
ord5887
ord1044
ord4519
ord6311
ord4131
ord814
ord2954
ord400
ord3531
ord2497
ord293
ord4405
ord6013
ord5979
ord5939
ord5938
ord290
ord1250
ord4000
ord5653
ord639
ord374
ord4741
ord2551
ord4451
ord2469
ord4663
ord1786
ord1722
ord3661
ord4494
ord6350
ord2038
ord3360
ord405
ord664
ord2209
ord3399
ord2694
ord5851
ord2470
ord2263
ord6096
ord2286
ord785
ord4036
ord3278
ord3486
ord2654
ord5011
ord756
ord4740
ord4027
ord539
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord5167
ord3741
ord6347
ord3061
ord3856
ord553
ord3630
ord757
ord4351
ord5893
ord6513
ord4518
ord6095
ord2326
ord3622
ord6094
ord1144
ord3537
ord636
ord6574
ord367
ord3513
ord6174
ord6418
ord5850
ord5863
ord6040
ord5974
ord6101
ord6183
ord6547
ord6372
ord6569
ord4579
ord6566
ord6060
ord6572
ord6063
ord2758
ord1353
ord6091
ord2097
ord2100
ord2705
ord1585
ord3149
ord3231
ord933
ord4410
ord4541
ord6164
ord277
ord2143
ord1178
ord525
ord6169
ord1325
ord4250
ord5778
ord6822
ord6811
ord1243
ord5767
ord3621
ord4044
ord6098
ord638
ord370
ord3514
ord2967
ord1752
ord1444
ord4617
ord5102
ord4784
ord4328
ord3066
ord6601
ord4163
ord6782
ord2344
ord4788
ord4926
ord5966
ord6673
ord3368
ord2927
ord2981
ord6683
ord2475
ord1484
ord1026
ord5841
ord4074
ord4066
ord3085
ord4287
ord2170
ord2885
ord5007
ord3999
ord4544
ord3742
ord6088
ord3637
ord1222
ord1533
ord333
ord3165
ord3749
ord2271
ord3155
ord4266
ord6355
ord5387
ord2820
ord3826
ord4656
ord1682
ord1770
ord3547
ord3286
ord2278
ord677
ord613
ord337
ord6685
ord6813
ord663
ord5535
ord404
ord692
ord3562
ord4657
ord1695
ord2279
ord4511
ord1602
ord2105
ord6791
ord1488
ord3642
ord1714
ord767
ord6493
ord3685
ord809
ord4399
ord753
ord4026
ord5008
ord4631
ord6157
ord1018
ord1938
ord2901
ord6760
ord2057
ord3628
ord4608
ord5277
ord5168
ord4632
ord5301
ord5047
ord5231
ord5508
ord5511
ord5509
ord5510
ord5152
ord5661
ord4739
ord3654
ord1719
ord2283
ord4660
ord280
ord1607
ord285
ord524
ord744
ord265
ord1383
ord2372
ord909
ord2695
ord3185
ord4324
ord296
ord286
ord600
ord811
ord813
ord935
ord1603
ord2478
ord2479
ord4490
ord799
ord2597
ord2208
ord5663
ord5680
ord4347
ord5674
ord3217
ord2087
ord1098
ord2592
ord1088
ord585
ord1723
ord788
ord436
ord1688
ord686
ord1063
ord2610
ord266
ord2084
ord1183
ord783
ord3670
ord589
ord4213
ord5830
ord6741
ord5548
ord1048
ord5567
ord4179
ord6035
ord2206
ord2251
ord4747
ord6803
ord4173
ord6801
ord4967
ord2447
ord6018
ord4996
ord5676
ord4423
ord794
ord4043
ord4448
ord4681
ord4905
ord4348
ord2891
ord4071
ord4081
ord4080
ord2764
ord2893
ord2774
ord3115
ord2966
ord4728
ord3112
ord2983
ord2771
ord2537
ord3220
ord1272

msvcr90

_wmakepath
_wcslwr_s
wcsncat_s
_wsplitpath_s
iswalnum
iswspace
vswprintf_s
_wfopen_s
swscanf_s
srand
rand
swprintf_s
wcscat
fopen
memmove_s
wcscmp
__RTDynamicCast
wcslen
wcscpy
_CxxThrowException
realloc
__CxxFrameHandler3
memcpy
wcsncat
memset
wcsncmp
fread
fwrite
ftell
fseek
ferror
memcpy_s
free
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcsncpy
wcsrchr
_wsplitpath
_waccess
_wcsupr
_wcsdup
exit
?what@exception@std@@UBEPBDXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
fclose
strncpy
_wfopen
_wchdir
wcsstr
_wgetcwd
wcscpy_s
wcstok
wcscat_s
wcsncpy_s
printf
malloc
swscanf
_wcsnicmp
_wcsicmp
wcschr
calloc
_snwprintf
mbstowcs
_time64
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_wtoi

kernel32

GetVersionExW
CompareFileTime
lstrcmpW
GetVersion
GetCPInfo
LockResource
LoadResource
FindResourceW
FreeResource
lstrcmpiW
lstrlenW
MulDiv
ReadFile
CreateFileW
WriteFile
GlobalFree
GlobalReAlloc
GlobalSize
MoveFileW
GetExitCodeProcess
LoadLibraryExW
DeviceIoControl
GetFullPathNameW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
GetPrivateProfileIntW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
LoadLibraryA
ExpandEnvironmentStringsA
SetFileAttributesW
CopyFileW
PulseEvent
WaitForSingleObject
SetLastError
GetModuleHandleW
lstrcpynW
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
LoadLibraryW
SetErrorMode
FreeLibrary
DeleteFileW
FindNextFileW
FindClose
FindFirstFileW
FormatMessageW
CreateProcessW
OutputDebugStringW
LocalFree
GetWindowsDirectoryW
RemoveDirectoryW
LocalAlloc
GetLastError
GetTempPathW
WritePrivateProfileStringW
GetFileAttributesW
GetSystemDirectoryW
GetPrivateProfileStringW
GetCurrentThread
CreateDirectoryW
GetCurrentProcess
GetDateFormatW
lstrcpyW
lstrlenA
GetDriveTypeW
GlobalUnlock
GlobalAlloc
GlobalLock
SystemTimeToFileTime
WaitForMultipleObjects
CreateEventW
ResetEvent
InterlockedDecrement
InterlockedIncrement
CloseHandle
OpenEventW
GetModuleFileNameW
Sleep
SetEvent
GetSystemTimeAsFileTime

user32

wsprintfW
LoadStringW
SetScrollPos
KillTimer
ScreenToClient
GetCursorPos
PtInRect
IsWindow
IsRectEmpty
GetFocus
FrameRect
LoadCursorW
GetForegroundWindow
UpdateWindow
DeleteMenu
RemoveMenu
GetSysColorBrush
CreateMenu
GetMenuItemID
GetMenuState
ModifyMenuW
InsertMenuW
GetMenuItemCount
LoadBitmapW
DrawIconEx
GrayStringW
DrawTextExW
TabbedTextOutW
GetDesktopWindow
DrawEdge
FillRect
SetRect
GetMenuItemInfoW
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowW
CheckMenuItem
DestroyIcon
EnableWindow
SendMessageW
GetSystemMetrics
CreatePopupMenu
ReleaseDC
SystemParametersInfoW
AppendMenuW
BringWindowToTop
GetDC
GetClientRect
DrawIcon
GetParent
SetForegroundWindow
PostMessageW
IsIconic
RegisterWindowMessageW
PostQuitMessage
IsMenu
GetWindowRect
SetTimer
GetSystemMenu
RedrawWindow
GetMessagePos
SetClipboardData
OpenClipboard
EmptyClipboard
LoadMenuW
GetSubMenu
CloseClipboard
InvalidateRect
MessageBoxW
TranslateAcceleratorW
GetSysColor
LoadImageW
CopyRect
UnionRect
InflateRect
SetRectEmpty
DrawStateW
DrawTextW
GetWindow

gdi32

Rectangle
CreateFontIndirectW
GetBkMode
CreatePen
DeleteObject
GetDeviceCaps
CreateSolidBrush
GetPixel
GetObjectW
ExtTextOutW
GetTextExtentPoint32W
RectVisible
CreatePatternBrush
TextOutW
Escape
BitBlt
CreateCompatibleBitmap
DeleteDC
SelectObject
CreateDIBSection
SetPixel
PatBlt
CreateHatchBrush
RealizePalette
CreateRectRgn
GetCurrentObject
GetBkColor
CreateRectRgnIndirect
Polygon
GetDIBColorTable
CreatePalette
CreateHalftonePalette
GetStockObject
GetDIBits
SelectPalette
Ellipse
PtVisible
CreateCompatibleDC

advapi32

ControlService
OpenServiceW
StartServiceW
QueryServiceStatus
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclW
QueryServiceConfigW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
FileEncryptionStatusW
DecryptFileW
GetUserNameW
GetLengthSid
IsValidSecurityDescriptor
FreeSid
RevertToSelf
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
ImpersonateSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AccessCheck
SetSecurityDescriptorGroup
OpenThreadToken
OpenProcessToken

shell32

SHGetDesktopFolder
DragQueryFileW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
DragFinish
SHAppBarMessage

oleaut32

SysFreeString

cclib

??1CCLCLicense@@QAE@XZ
?readKeyFileData@CCLCLicense@@QAEH_N@Z
?getStatus@CCLCLicense@@QAEHXZ
?LoadImageW@CCLCResString@@SAPAXPB_WIIHHI@Z
?LoadIconW@CCLCResString@@SAPAUHICON__@@PB_WI@Z
??0CCLCResString@@QAE@PAUHINSTANCE__@@PB_WH@Z
?LoadStringW@CCLCResString@@QAEPA_WPB_W@Z
?LoadFileName@CCLCResString@@QAEPA_WPB_W@Z
?LoadResourceDll@CCLCResString@@QAE_NPB_WH@Z
??1CCLCButton@@UAE@XZ
?performSelfTest@CCLib@@SA_NPB_W0H@Z
??1CCLCResString@@QAE@XZ
?LoadStringW@CCLCResString@@QAA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@IZZ
??0CCLCLicense@@QAE@PA_W@Z
?GetMessageMap@CCLCHeaderBmp@@MBEPBUAFX_MSGMAP@@XZ
??0CCLCHeaderBmp@@QAE@IIIPAVCWnd@@@Z
??1CCLCHeaderBmp@@UAE@XZ
?Create@CCLCHeaderBmp@@UAEHPAVCWnd@@@Z
?OverloadRightBitmapWithBmpFromFile@CCLCHeaderBmp@@QAEHPB_W@Z
?OverloadLeftBitmapWithBmpFromFile@CCLCHeaderBmp@@QAEHPB_W@Z
?MessageBoxW@CCLib@@SAHPB_WI@Z
?LoadColor@CCLCResString@@QAEKPB_W@Z
?GetMessageMap@CCLCLinkExt@@MBEPBUAFX_MSGMAP@@XZ
??0CCLCLinkExt@@QAE@IPAVCWnd@@@Z
?ReplaceVariable@CCLib@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@Z
?CalcRect@CCLCLinkExt@@QAEXXZ
?SetHyperLink@CCLCLinkExt@@QAEXPB_W@Z
?LoadStringW@CCLCResString@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@@Z
?getFlags@CCLCLicense@@QAEHXZ
?getLicMsg@CCLCLicense@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@@Z
?getSerial@CCLCLicense@@QAEPA_WXZ
?getVendor@CCLCLicense@@QAEPA_WXZ
?getDate@CCLCLicense@@QAEPA_WXZ
?LoadMasterRegKey@CCLCResString@@QAEPA_WXZ
??0CCLCButton@@QAE@XZ
?ShowHelp@CCLib@@SA_NK@Z
?VerifyPasswordHash@CCLib@@SA_NPB_W0@Z
?isFeatureEnabled@CCLCFControl@@QAE_NK@Z
??1CCLCFControl@@QAE@XZ
??0CCLCFControl@@QAE@XZ
?getFileInfo@CCLib@@SA_NPB_WPAUCCLIB_FILEINFO@@@Z
?GetMessageMap@CCLCSubHeader@@MBEPBUAFX_MSGMAP@@XZ
??0CCLCSubHeader@@QAE@IIIPAVCWnd@@@Z
??1CCLCSubHeader@@UAE@XZ
?Create@CCLCSubHeader@@UAEHPAVCWnd@@AAVCRect@@@Z
?SetColors@CCLCSubHeader@@QAEXK@Z
?SetText@CCLCSubHeader@@QAEHPB_W0@Z
?getMRCHandle@CCLCResString@@QAEPAUMRCLIB@@XZ
?Log@CCLib@@SAXPB_W0ZZ
?isLicenseValid@CCLCLicense@@QAE_NXZ
?makeEngineTest@CCLCEngine@@SA_N_N@Z
?getMaxVirusName@CCLCEngine@@SA?BHXZ
?getVirusList@CCLCEngine@@SA_NPAVCStringList@@@Z
??1CCLCLinkExt@@UAE@XZ
?MessageBoxW@CCLib@@SAHPAUHWND__@@PB_W1I@Z

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

cctpc

?addGroup@CTaskPanelSheet@@QAEPAVCTaskPanelCtrlItem@@PB_WPAUHICON__@@1PAVCPropertyPage@@@Z
?addItem@CTaskPanelSheet@@QAEPAVCTaskPanelCtrlItem@@PAV2@PB_WPAVCPropertyPage@@PAUHICON__@@3@Z
?GetRuntimeClass@CTaskPanelSheet@@UBEPAUCRuntimeClass@@XZ
??0CTaskPanelSheet@@QAE@XZ
??1CTaskPanelSheet@@UAE@XZ
?GetMessageMap@CTaskPanelSheet@@MBEPBUAFX_MSGMAP@@XZ
?OnInitDialog@CTaskPanelSheet@@MAEHXZ
?GetActivePage@CTaskPanelSheet@@QAEPAVCPropertyPage@@XZ
?SetActivePage@CTaskPanelSheet@@QAEHH@Z

comctl32

ImageList_GetIconSize

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.5rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da21ea608c625301ba2137abad7db181

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

oleaut32

cclib

msvcp90

cctpc

comctl32

Sections

.text Size: 307KB - Virtual size: 307KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 44KB - Virtual size: 44KB

.5rdata Size: 76KB - Virtual size: 76KB

.text
Size: 307KB - Virtual size: 307KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 44KB - Virtual size: 44KB

.5rdata
Size: 76KB - Virtual size: 76KB