d:\LocalSvnForDailyBuild\pushup_usa\trunk\bin\release\Adapter.pdb
Behavioral task
behavioral1
Sample
04835d62cac7a87bd6497dbaf8f6ae45_JaffaCakes118.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
General
-
Target
04835d62cac7a87bd6497dbaf8f6ae45_JaffaCakes118
-
Size
1.8MB
-
MD5
04835d62cac7a87bd6497dbaf8f6ae45
-
SHA1
7ceffe779bae4068c514855be8da352e37578ce6
-
SHA256
b389c23d65d7f213e846b7c903018625aa1683aa1bcc5e7db613c4e974fb323e
-
SHA512
026740b6aa327cb7198600029414a9434980ce3f16b114cc5ab21bb9046811d4a6dab24cde946890098eab19c1ff86e18727b0cea4e8dab0cc788b83fd8aab0c
-
SSDEEP
24576:Y8I4iMcg2ouKVCTj0Ye7ha762OP8SDjRfPdBhqcqN:dqCpVC30YeM7BkNDjRQZN
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 04835d62cac7a87bd6497dbaf8f6ae45_JaffaCakes118
Files
-
04835d62cac7a87bd6497dbaf8f6ae45_JaffaCakes118.dll windows:4 windows x86 arch:x86
c06649991470248b5615443cb8970b5f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ws2_32
inet_addr
WSASend
send
gethostbyaddr
gethostbyname
sendto
socket
ioctlsocket
select
WSAGetLastError
__WSAFDIsSet
shutdown
WSACleanup
closesocket
recv
connect
WSAStartup
htons
psapi
GetProcessMemoryInfo
GetModuleInformation
dbghelp
SymFunctionTableAccess
SymInitialize
SymSetOptions
StackWalk
SymGetModuleInfo
SymGetLineFromAddr
SymGetSymFromAddr
SymLoadModule
MiniDumpWriteDump
kernel32
GetVersionExW
Thread32Next
SuspendThread
Thread32First
CreateToolhelp32Snapshot
Module32NextW
Module32FirstW
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
VirtualProtectEx
LoadLibraryExA
lstrcmpA
VirtualFree
VirtualAlloc
MapViewOfFileEx
OpenFileMappingA
lstrcpynA
CreateFileMappingW
SearchPathA
GetCurrentThread
VirtualQueryEx
GlobalAddAtomA
GlobalAlloc
GlobalLock
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
SetLastError
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FreeResource
MulDiv
GlobalUnlock
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
MoveFileA
DeleteFileA
OpenProcess
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
GetVolumeInformationA
GetFullPathNameA
WritePrivateProfileStringA
GlobalFlags
GetCPInfo
GetOEMCP
GetFileAttributesA
GetFileTime
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapReAlloc
HeapAlloc
VirtualQuery
ExitProcess
GetCommandLineA
GetProcessHeap
RaiseException
RtlUnwind
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
WriteConsoleW
GetFileType
GetStdHandle
HeapSize
SetStdHandle
HeapDestroy
HeapCreate
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
LoadLibraryW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
CreateFileW
WaitForSingleObject
TerminateProcess
GetModuleFileNameW
QueryPerformanceCounter
OutputDebugStringA
lstrcpyA
lstrcatA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
DeleteCriticalSection
ResumeThread
GetExitCodeThread
OpenThread
Sleep
GetLocalTime
FindNextFileA
FindFirstFileA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
GetModuleHandleA
VirtualProtect
InterlockedExchange
lstrcmpiA
MultiByteToWideChar
CompareStringW
CompareStringA
GetLastError
lstrlenA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CreateFileA
GetVersionExA
CreateDirectoryA
GetTickCount
GetCurrentProcess
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LocalFree
FormatMessageA
UnmapViewOfFile
MapViewOfFile
GetCurrentDirectoryA
CreateFileMappingA
GetCurrentProcessId
SetUnhandledExceptionFilter
CloseHandle
InterlockedCompareExchange
CreateMutexA
ReleaseMutex
CreateSemaphoreA
ReleaseSemaphore
FlushInstructionCache
GetThreadLocale
user32
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDesktopWindow
UnregisterClassA
GetSysColorBrush
ReleaseDC
GetDC
LoadCursorA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
BeginPaint
EndPaint
DestroyMenu
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetClientRect
GetMenu
GetSubMenu
GetMenuItemID
EndDialog
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetParent
GetLastActivePopup
IsWindowEnabled
PostMessageA
PostQuitMessage
SetCursor
SendMessageA
GetClassNameW
GetWindowTextW
SetWindowTextW
IsWindow
EnumChildWindows
MessageBoxA
CallNextHookEx
EnumWindows
GetWindowThreadProcessId
UnhookWindowsHookEx
SetWindowsHookExA
CharUpperA
GetKeyState
ShowWindow
SetWindowTextA
IsDialogMessageA
GetMenuItemCount
EnableWindow
IsWindowVisible
MessageBoxW
FindWindowA
SetForegroundWindow
GetWindowLongA
SetWindowLongA
KillTimer
SetTimer
GetSysColor
PostMessageW
gdi32
RestoreDC
SetMapMode
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
SaveDC
GetStockObject
RectVisible
PtVisible
GetDeviceCaps
GetObjectA
SetBkColor
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
TextOutA
comdlg32
GetFileTitleA
winspool.drv
ClosePrinter
DocumentPropertiesA
OpenPrinterA
advapi32
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
ReportEventA
RegisterEventSourceA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource
shell32
SHFileOperationA
shlwapi
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA
oleaut32
VariantInit
VariantChangeType
VariantClear
winmm
timeGetTime
wininet
HttpQueryInfoA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetQueryDataAvailable
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
Exports
Exports
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@VPromotionRule@@V?$allocator@VPromotionRule@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VEffectivOnline_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserLogin_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserRegist_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VGetUserInfoEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VGetUserInfoTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineTrasaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VPromotionRule@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigFile_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegNewCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VShareHitchAcount@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestLargeDataSend_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestOnlineSession_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUser_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScriptEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScript_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoad_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@VPromotionRule@@V?$allocator@VPromotionRule@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VEffectivOnline_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserLogin_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserRegist_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VGetUserInfoEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VGetUserInfoTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLogOffTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VPromotionRule@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigFile_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegNewCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadGameOnlineUser_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadScript_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoad_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 208KB - Virtual size: 204KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 44KB - Virtual size: 198KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: 96KB - Virtual size: 93KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 108KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 68KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ