068b85d0a826381ba34f72cd12d16fde_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

068b85d0a826381ba34f72cd12d16fde_JaffaCakes118
Size

676KB
MD5

068b85d0a826381ba34f72cd12d16fde
SHA1

b8e89d8562000921a3276aa46ecf0f0012fe755b
SHA256

264629814cfb4f4ddb4f9197ff0c0d9f3e61cb0a05e3f596cf6973b120b1e103
SHA512

adcaf2a1c9d00848c28f743e1331839776e6696180cf3ffb5ef88c64c0f9373b19f2de3b773121f9e2f6a78aa0d234c0ff8b96983b8e14fc755327ab48456451
SSDEEP

6144:iw4XigY6jtCnvEwRxqC7F3eoQ/XR0oPvHQH+/CwQrzmWjULD3m//LCx:b4SgY6jzKpOoQPWMxQ3mCUH3g/ux

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
068b85d0a826381ba34f72cd12d16fde_JaffaCakes118

Files

068b85d0a826381ba34f72cd12d16fde_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0e156ebe8950f504654485dc87578346

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cm\build\public\softwareUpdate_v2.14.7\csi\projects\stic\dist\services\release\softwareUpdate\ver2_14_7_5\stic.pdb

Imports

msvcrt

qsort
_snwprintf
setlocale
memcpy
_except_handler3
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
ceil
_wcsdup
wcscpy
wcstok
_wtol
wcscmp
wcsncmp
_wcsupr
wcsstr
wcsrchr
swprintf
wcsncpy
_wtoi
wcscat
swscanf
wcschr
_waccess
_wsplitpath
memset
wcslen
malloc
free
memcmp
_wmakepath
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
strcmp
?name@type_info@@QBEPBDXZ

xprt5

?MakeUpper@TBstr@XPRT@@QAEAAV12@XZ
?SetTime64@TTime@XPRT@@QAEX_J@Z
?GetTime64@TTime@XPRT@@QBE_JXZ
?IsOpen@TFile@XPRT@@QBE_NXZ
kUnicodeEncoding
?Append@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
??0TBstr@XPRT@@QAE@PBGH@Z
??0TPtrArray@XPRT@@QAE@XZ
?Replace@TBstr@XPRT@@QAEHPBG0@Z
?Deserialize@TXmlSerializable@XPRT@@QAE_NAAVTXmlDeserializer@2@@Z
??1TXmlDeserializer@XPRT@@UAE@XZ
??0TXmlDeserializer@XPRT@@QAE@AAVTStream@1@@Z
?TrimLeft@TBstr@XPRT@@QAEAAV12@G@Z
XML_ParserCreate
XML_GetCurrentByteIndex
kLatin1Encoding
?Unlock@TCritSec@XPRT@@QAEXXZ
?Lock@TCritSec@XPRT@@QAEXXZ
?Term@TCritSec@XPRT@@QAEXXZ
?Init@TCritSec@XPRT@@QAEXXZ
_XprtStringEncodedByteLen@12
?Add@TPtrArray@XPRT@@QAEHPAX@Z
??0TBstr@XPRT@@QAE@PBDHPBG@Z
XML_SetElementHandler
XML_ParserReset
XML_ParserFree
XML_ErrorString
XML_Parse
XML_SetCharacterDataHandler
XML_SetXmlDeclHandler
XML_SetUserData
XML_GetErrorCode
?Delete@TBstr@XPRT@@QAEHHH@Z
_XprtAllocString@4
_XprtCompareString@8
_XprtFreeString@4
?Append@TPtrArray@XPRT@@QAEHABV12@@Z
?TrimRight@TBstr@XPRT@@QAEAAV12@XZ
?FindOneOf@TBstr@XPRT@@QBEHPBG@Z
?TrimRight@TBstr@XPRT@@QAEAAV12@G@Z
?IsValid@TTime@XPRT@@QBE_NXZ
?InsertAt@TPtrArray@XPRT@@QAEXHPAXH@Z
?SetPosition@TFile@XPRT@@UAE_N_JH@Z
?FormatV@TBstr@XPRT@@QAEXPBGPAD@Z
_XprtCreateThread@8
_XprtDestroyThread@8
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?ToInt@TBstr@XPRT@@QBEHH@Z
xprt_iswdigit
?GetAt@TBstr@XPRT@@QBEGH@Z
xprt_ucslcpy
_XprtStringLen@4
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
??0TMessageDigest@XPRT@@QAE@XZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
xprt_memcpy
_XprtInitialize@8
_XprtUninitialize@0
?Unlock@TSpinLock@XPRT@@QAEXXZ
XprtTrace
?Lock@TSpinLock@XPRT@@QAEXXZ
?GetTm@TTime@XPRT@@QBE_NPAUtm@@@Z
xprt_strlcpy
??1TPtrFromPtrMap@XPRT@@QAE@XZ
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
?MakeLower@TBstr@XPRT@@QAEAAV12@XZ
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?RemoveAt@TPtrArray@XPRT@@QAEXHH@Z
?GetLength@TBstr@XPRT@@QBEHXZ
?Right@TBstr@XPRT@@QBE?AV12@H@Z
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?ReverseFind@TBstr@XPRT@@QBEHG@Z
xprt_wcstoul
?Assign@TBstr@XPRT@@QAEAAV12@G@Z
?Compare@TBstr@XPRT@@QBEHPBG@Z
?GetDayOfWeek@TTime@XPRT@@QBEHXZ
?Set@TTime@XPRT@@QAEXHHHHHH@Z
?Set@TTime@XPRT@@QAEXN@Z
??0TBstr@XPRT@@QAE@GH@Z
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?TrimLeft@TBstr@XPRT@@QAEAAV12@XZ
?Find@TBstr@XPRT@@QBEHGH@Z
xprt_memset
?Init@TFileInfo@XPRT@@IAEXPBGI_JABVTTime@2@22@Z
?GetInfo@TFile@XPRT@@SA_NPBGAAVTFileInfo@2@@Z
?GetYear@TTime@XPRT@@QBEHXZ
?GetMonth@TTime@XPRT@@QBEHXZ
?GetDay@TTime@XPRT@@QBEHXZ
?GetHour@TTime@XPRT@@QBEHXZ
?GetMinute@TTime@XPRT@@QBEHXZ
?GetSecond@TTime@XPRT@@QBEHXZ
?GetTickCount@TTime@XPRT@@SA?AV12@XZ
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?CompareNormal@TBstr@XPRT@@QBEHPBG@Z
?Tokenize@TBstr@XPRT@@QBE?AV12@PBGAAH@Z
?AddTrailingSeparator@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
??0TFileFinder@XPRT@@QAE@XZ
??1TFileFinder@XPRT@@UAE@XZ
?Find@TFileFinder@XPRT@@QAE_NPBGI@Z
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
?Left@TBstr@XPRT@@QBE?AV12@H@Z
xprt_memmove
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
?Find@TBstr@XPRT@@QBEHPBGH@Z
_XprtMemAlloc@4
?kDirectorySeparator@TFile@XPRT@@2GB
_XprtMemFree@4
??0TBstr@XPRT@@QAE@PBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
??0TFile@XPRT@@QAE@XZ
??1TFile@XPRT@@UAE@XZ
?Open@TFile@XPRT@@QAE_NPBGI_N@Z
?Close@TFile@XPRT@@UAE_NXZ
?Read@TFile@XPRT@@UAEHPAXH@Z
?Write@TFile@XPRT@@UAEHPBXH@Z
?GetLength@TFile@XPRT@@UBE_JXZ
??0TBstr@XPRT@@QAE@PBDPBG@Z
??0TBstr@XPRT@@QAE@ABV01@@Z
??0TBstr@XPRT@@QAE@XZ
??1TBstr@XPRT@@QAE@XZ
?IsEmpty@TBstr@XPRT@@QBE_NXZ
?Empty@TBstr@XPRT@@QAEXXZ
?GetString@TBstr@XPRT@@QBEPBGXZ
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
?Remove@TBstr@XPRT@@QAEHG@Z
?Format@TBstr@XPRT@@QAAXPBGZZ
xprt_strcmp
_XprtHashString@4
_XprtGetMilliseconds@0
?SafeToConvert@TFile@XPRT@@SA_NPBG@Z
_XprtPostQuitMessage@8
xprt_strlen
?FindNext@TFileFinder@XPRT@@QAE_NI@Z
?GetFileSpec@TFileFinder@XPRT@@QBE?AVTBstr@2@XZ
??3TXprtAllocated@XPRT@@SAXPAX@Z
??0TLibrary@XPRT@@QAE@XZ
??1TLibrary@XPRT@@UAE@XZ
?Load@TLibrary@XPRT@@QAE_NPBG@Z
?Free@TLibrary@XPRT@@QAE_NXZ
kUtf8Encoding
?GetProcAddress@TLibrary@XPRT@@QBEP6GHXZPBD@Z
?GetEncodedByteLength@TBstr@XPRT@@QBEHPBG@Z
?Replace@TBstr@XPRT@@QAEHGG@Z
??0TZipArchive@XPRT@@QAE@AAVTStream@1@@Z
??1TZipArchive@XPRT@@UAE@XZ
?GetCount@TZipArchive@XPRT@@UAEHXZ
?GetHeadPosition@TZipArchive@XPRT@@UAEPAU__POSITION@2@XZ
?GetAt@TZipArchive@XPRT@@UAE_NPAU__POSITION@2@AAVTFileInfo@2@@Z
?GetNext@TZipArchive@XPRT@@UAE_NAAPAU__POSITION@2@AAVTFileInfo@2@@Z
?ExtractAt@TZipArchive@XPRT@@UAEPAVTStream@2@PAU__POSITION@2@@Z
?Flush@TFile@XPRT@@UAE_NXZ
?SetAttributes@TFile@XPRT@@SA_NPBGI@Z
?SetLastWriteTime@TFile@XPRT@@SA_NPBGABVTTime@2@@Z
?CreatePath@TFile@XPRT@@SA_NPBG@Z
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
_XprtAtomicDecrement@4
_XprtAtomicIncrement@4
??1TPtrArray@XPRT@@QAE@XZ
_XprtMemRealloc@8
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
kSystemEncoding
?TestAccess@TFile@XPRT@@SA_NPBGI@Z
?Rename@TFile@XPRT@@SA_NPBG0@Z
?Remove@TFile@XPRT@@SA_NPBG@Z
?AppendFileNameToSpec@TFile@XPRT@@SA?AVTBstr@2@PBG0@Z
?FileNameFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
kAsciiEncoding

kernel32

InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
CompareStringA
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleW
ResetEvent
InterlockedCompareExchange
GetCurrentThreadId
FreeLibrary
LocalFree
GetCurrentProcessId
Module32Next
CreateToolhelp32Snapshot
WaitForMultipleObjects
Process32Next
GlobalFree
RemoveDirectoryA
Module32First
SetThreadPriority
GlobalAlloc
OpenProcess
ExitProcess
GetTickCount
_lclose
GetSystemDefaultLCID
Process32First
GetCurrentProcess
OpenFile
GlobalMemoryStatus
ReleaseMutex
SetEvent
CloseHandle
SetLastError
GetLastError

advapi32

EqualSid
CryptCreateHash
CryptDestroyKey
CryptVerifySignatureA
CryptDestroyHash
CryptHashData
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
GetAclInformation
LookupPrivilegeValueW
GetAce
SetFileSecurityW
InitializeAcl
AllocateAndInitializeSid
AddAccessAllowedAce
FreeSid
GetLengthSid
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyW
CryptAcquireContextA
CryptReleaseContext
CryptImportKey

user32

TranslateMessage
MsgWaitForMultipleObjects
KillTimer
SetTimer
ExitWindowsEx

ole32

CoUninitialize
CreateBindCtx
CoTaskMemFree
StringFromCLSID
CoRegisterMessageFilter
CoInitialize
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayCopy
SafeArrayDestroy
SafeArrayUnlock
SafeArrayCreate
SafeArrayLock
SystemTimeToVariantTime
VariantInit
VariantChangeTypeEx
SysAllocString
VariantTimeToSystemTime
VariantCopy
VariantClear
SafeArrayRedim

Exports

Exports

EEGetModuleInterop

Sections

.text
Size: 396KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e156ebe8950f504654485dc87578346

Headers

File Characteristics

PDB Paths

Imports

msvcrt

xprt5

kernel32

advapi32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 396KB - Virtual size: 394KB

.rdata Size: 120KB - Virtual size: 118KB

.data Size: 16KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 40KB - Virtual size: 37KB

.text Size: 96KB - Virtual size: 96KB

.text
Size: 396KB - Virtual size: 394KB

.rdata
Size: 120KB - Virtual size: 118KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 40KB - Virtual size: 37KB

.text
Size: 96KB - Virtual size: 96KB