073a3475b9e17c9c823dead1c92cdca9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

073a3475b9e17c9c823dead1c92cdca9_JaffaCakes118
Size

88KB
MD5

073a3475b9e17c9c823dead1c92cdca9
SHA1

76e341382dcefe33b3cabf661cbe0c2ab8bd4f1b
SHA256

61f501856007d51488b486d87f58218d77e0586bce57058ed8d0ee7aa07083f1
SHA512

3a7abee9e2ec9e2a0fb966d29668d1461670c656c8b3953bb1ba6fe5c6391b48fd5e58cf17821d4cd6d417a128f2783e0273555d42b0db4ea497b5cd6b746b92
SSDEEP

1536:nEKwL2atRoE01jurzz0Dfx6vJQXtYED0kRof/c6xQWQTJhNqA5KIxcxfKx:nEKk2q0Dx6vxSNqQ0fKx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
073a3475b9e17c9c823dead1c92cdca9_JaffaCakes118

Files

073a3475b9e17c9c823dead1c92cdca9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

db379edb3dcb59eb519b24d15b95a8b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
DeleteFileA
WaitForSingleObject
GetTempPathA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
GetLastError
FindNextFileA
FindFirstFileA
GetLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
LocalFree
WideCharToMultiByte
DisableThreadLibraryCalls
CreateFileA
CreateThread
Sleep

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Xran@std@@YAXXZ

msvcrt

strlen
__CxxFrameHandler
_ftime
??2@YAPAXI@Z
_purecall
strcmp
memset
memcpy
mktime
difftime
atoi
free
malloc
atol
memmove
_initterm
_adjust_fdiv
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_itoa
wcslen
??1type_info@@UAE@XZ
_CxxThrowException

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoCreateGuid

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

opswatavcommon

?parseScanRequest@CXmlFunctions@OPSWAT@@SA?AW4typeOUResult@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAUScanRequest@2@@Z
?OU_Types_ConevertOUResultToNewReturnCode@OPSWAT@@YA?AW4ReturnCode@CAntiVirus@OPSTOP@@W4typeOUResult@1@@Z
?OU_Misc_AddSResultExToSResultEx@OPSWAT@@YA?AW4typeOUResult@1@ABUtypeSResultEx@1@AAU31@@Z
?parseScanResponse@CXmlFunctions@OPSWAT@@SA?AW4typeOUResult@2@ABUtypeSResultEx@2@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_Srv_FindServiceImagePath@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?OU_Trust_IsFileSignatureValid@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAJ@Z
?OU_OS_IsWindows_64Bit@OPSWAT@@YA?AW4typeOUResult@1@AA_N@Z
?OU_Trust_IsFileSignatureValidFor64bit@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAJ@Z
?OU_Time_FILETIMEToCTime@OPSWAT@@YA?AW4typeOUResult@1@AAU_FILETIME@@AAVCTime@OPSTOP@@@Z
?OU_Str_EnsurePathEnding@OPSWAT@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_IO_IsFileAccessGranted@OPSWAT@@YA?AW4typeOUResult@1@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AA_N@Z
?OU_Misc_AddThreatToThreatList@OPSWAT@@YAXAAV?$list@U_typeDetectedThreats@OPSWAT@@V?$allocator@U_typeDetectedThreats@OPSWAT@@@std@@@std@@ABU_typeThreat@1@H@Z
?OU_IO_IsFilePresent@OPSWAT@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?OU_Sto_GetTempFile@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_Types_ConvertSResultToSResultEx@OPSWAT@@YA?AW4typeOUResult@1@ABU_typeSResult@1@AAUtypeSResultEx@1@@Z
?OU_Srv_GetServicesMD5List@OPSWAT@@YA?AW4typeOUResult@1@AAV?$list@UService@CAntiVirus@OPSTOP@@V?$allocator@UService@CAntiVirus@OPSTOP@@@std@@@std@@@Z
?FixService@@YAHPBD@Z
?GetServiceStatus@@YAHPBDPAK@Z
??0CAntiVirusAndOIAV@OPSWAT@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAW4typeOUResult@1@@Z
??1CAntiVirusAndOIAV@OPSWAT@@UAE@XZ
?OU_Vld_GetMyStatus@OPSWAT@@YA?AW4typeOUResult@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0HHHAAH@Z
?GetRealtimeProtectionStatus@CAntiVirusAndOIAV@OPSWAT@@UAE?AW4ReturnCode@CAntiVirus@OPSTOP@@W4RtpProtectionType@45@AA_N@Z
?SetRealtimeProtectionStatus@CAntiVirusAndOIAV@OPSWAT@@UAE?AW4ReturnCode@CAntiVirus@OPSTOP@@W4RtpProtectionType@45@_N@Z
?GetInstallDir@CAntiVirusAndOIAV@OPSWAT@@MAE?AW4ReturnCode@CAntiVirus@OPSTOP@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetDatFileDir@CAntiVirusAndOIAV@OPSWAT@@MAE?AW4ReturnCode@CAntiVirus@OPSTOP@@AAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?BatchScan@CAdapterForOIAV@OPSWAT@@MAE?AW4typeOUResult@2@AAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AAU_typeSResult@2@@Z
?FolderScan@CAdapterForOIAV@OPSWAT@@MAE?AW4typeOUResult@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAU_typeSResult@2@@Z
?convertThreatLogEntryExToXML@CXmlFunctions@OPSWAT@@SA?AW4typeOUResult@2@ABU_typeThreatLogEntryEx@2@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_Reg_GetProductKeysFromSubStr@OPSWAT@@YA?AW4typeOUResult@1@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@4@@Z
?OU_Reg_IsProductInstalled@OPSWAT@@YA?AW4typeOUResult@1@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AA_N@Z
?OU_Reg_GetProductDisplayVersion@OPSWAT@@YA?AW4typeOUResult@1@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?FileScan@CAdapterForOIAV@OPSWAT@@MAE?AW4typeOUResult@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAU_typeSResult@2@@Z
?OU_Sto_GetTempDir@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0CFileVersionInfo@@QAE@XZ
?Open@CFileVersionInfo@@QAEHPBD_N@Z
?QueryStringValue@CFileVersionInfo@@QBEHHPADH@Z
?OU_Str_RemoveSubstring@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z
??1CFileVersionInfo@@UAE@XZ
?OU_IO_ReadFromTextFile@OPSWAT@@YA?AW4typeOUResult@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@_N@Z
?OU_She_CreateProcess@OPSWAT@@YAHPBDPADPAU_SECURITY_ATTRIBUTES@@2HKPAX0PAU_STARTUPINFOA@@PAU_PROCESS_INFORMATION@@@Z
?OU_She_ShellExecuteCommand@OPSWAT@@YA?AW4typeOUResult@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@AAK_N303K@Z
?OU_Pro_GetProcessIdByEXE@OPSWAT@@YA?AW4typeOUResult@1@PBDAAK@Z
?OU_Reg_GetProductInstallLocation@OPSWAT@@YA?AW4typeOUResult@1@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
??0CRegKey@@QAE@XZ
?Open@CRegKey@@QAEJPAUHKEY__@@PBDK@Z
?OU_Reg_GetValueAsString@OPSWAT@@YA?AW4typeOUResult@1@PAUHKEY__@@PBDAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CRegKey@@QAE@XZ
?InitializeEngine@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@XZ
?InstantResetEngine@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@XZ
?QueryEngineState@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@PAW4typeEngineStates@2@@Z
?InitializeScanOperation@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@W4typeProcessesScanModes@2@W4typeCallbackReasons@2@PBU_typeCallbacksTable@2@KPAJ@Z
?QueryOperationState@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@JPAW4typeOperationStates@2@@Z
?SetOperationState@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@JW4typeOperationStates@2@@Z
?Scan@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@KAAU_typeSResult@2@@Z
?Scan@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@ABU_typeSSTream@2@KAAU_typeSResult@2@@Z
?Scan@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@ABU_typeSSTream@2@AAU_typeSResult@2@@Z
?MemoryScan@CAdapterForOIAV@OPSWAT@@MAE?AW4typeOUResult@2@AAU_typeSResult@2@@Z
?XmlDateToCtime@CXmlFunctions@OPSWAT@@SA?AW4typeOUResult@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVCTime@OPSTOP@@_N@Z
?LoadProcessVariables@OPSWAT@@YAHXZ
?FreeProcessVariables@OPSWAT@@YAHXZ
?IsWindows9x@OPSWAT@@YAHXZ
?OU_Str_StringSeparator@OPSWAT@@YA?AW4typeOUResult@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@4@@Z
?OU_Ins_GetPlugInDir@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FullSystemScan@CAdapterForOIAV@OPSWAT@@UAE?AW4typeOUResult@2@AAU_typeSResult@2@@Z
?OU_Ins_GetAVSDKVersion@OPSWAT@@YA?AW4typeOUResult@1@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OU_Reg_RefreshCache@OPSWAT@@YAXXZ

user32

GetDesktopWindow
MessageBoxA

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db379edb3dcb59eb519b24d15b95a8b4

Headers

File Characteristics

Imports

kernel32

msvcp60

msvcrt

ole32

oleaut32

opswatavcommon

user32

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 920B

.reloc Size: - Virtual size: 10KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: - Virtual size: 10KB