13749db97465f78d405ffebe533cca4c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13749db97465f78d405ffebe533cca4c_JaffaCakes118
Size

407KB
MD5

13749db97465f78d405ffebe533cca4c
SHA1

40688ca518b4bcaf9509bfc044194f05e0b19716
SHA256

79faa5f0ef8459cbfba6288a10c5fab155858d2e2c58447b4b5fac0d12d6501f
SHA512

6edeeb3e38388f9f66bf94dd2840215c891bb27eca24280ceef28ca78dff681a05fb95db8eb3975cf3a994424710dab3ed36a4c5dbc1a675739b8e83a63aa022
SSDEEP

6144:HiA9BDCdNCAwRVbM3QsM/5FEYyy+nx4cJp5udH3/cJ+ecxlA0sYWd:H/jQTuVeQsbyup5y3/cJ2s5d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13749db97465f78d405ffebe533cca4c_JaffaCakes118

Files

13749db97465f78d405ffebe533cca4c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

62ee467a402831097c186a39b1c48852

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cm\build\public\ocp_localStorage10-3-6_v7_1\csi\projects\foundation\services\cls\win\Release\Cod\clsSvc.pdb

Imports

kernel32

CompareStringA
InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetLastError
SetLastError
DeleteFileA
DeleteFileW
MultiByteToWideChar
GetVersionExA
GetFileAttributesA
GetFileAttributesW
CreateFileA
CreateFileW
GetTempPathA
FreeLibrary
WideCharToMultiByte
CloseHandle
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
TlsAlloc
GetTempPathW
Sleep
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
ExitProcess
GetCurrentThreadId
InterlockedCompareExchange
ResetEvent
SetEvent

advapi32

RegCloseKey

ole32

CoInitializeEx
CoUninitialize
StringFromCLSID
CoTaskMemFree
CreateBindCtx
CoCreateInstance
CoCreateGuid
CoRegisterMessageFilter

xprt5

??1TPtrFromPtrMap@XPRT@@QAE@XZ
_XprtHashString@4
_XprtCompareString@8
_XprtFreeString@4
_XprtAllocString@4
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?MakeLower@TBstr@XPRT@@QAEAAV12@XZ
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
??1TPtrArray@XPRT@@QAE@XZ
??0TPtrArray@XPRT@@QAE@XZ
_XprtMemFree@4
?Detach@TBstr@XPRT@@QAEPAGXZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
kSystemEncoding
_XprtGenerateRandom@8
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
kUtf8Encoding
?GetEncodedByteLength@TBstr@XPRT@@QBEHPBG@Z
_XprtCanonicalizeScreenName@8
?GetProcAddress@TLibrary@XPRT@@QBEP6GHXZPBD@Z
_XprtGetMicroseconds64@0
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?TestAccess@TFile@XPRT@@SA_NPBGI@Z
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
??0TBstr@XPRT@@QAE@PBG@Z
?CreatePath@TFile@XPRT@@SA_NPBG@Z
?AppendFileNameToSpec@TFile@XPRT@@SA?AVTBstr@2@PBG0@Z
?GetString@TBstr@XPRT@@QBEPBGXZ
?Format@TBstr@XPRT@@QAAXPBGZZ
?Open@TFile@XPRT@@QAE_NPBGI_N@Z
?IsOpen@TFile@XPRT@@QBE_NXZ
??1TFile@XPRT@@UAE@XZ
??0TFile@XPRT@@QAE@XZ
??0TBstr@XPRT@@QAE@XZ
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??1TBstr@XPRT@@QAE@XZ
??0TBstr@XPRT@@QAE@ABV01@@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?kDirectorySeparator@TFile@XPRT@@2GB
?Load@TLibrary@XPRT@@QAE_NPBG@Z
??1TLibrary@XPRT@@UAE@XZ
??0TLibrary@XPRT@@QAE@XZ
?TrimRight@TBstr@XPRT@@QAEAAV12@G@Z
?GetAt@TBstr@XPRT@@QBEGH@Z
?GetLength@TBstr@XPRT@@QBEHXZ
?Close@TFile@XPRT@@UAE_NXZ
?Write@TFile@XPRT@@UAEHPBXH@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
??0TBstr@XPRT@@QAE@GH@Z
?GetTempDirectory@TFile@XPRT@@SA?AVTBstr@2@XZ
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
_XprtMemAlloc@4
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Replace@TBstr@XPRT@@QAEHPBG0@Z
?Empty@TBstr@XPRT@@QAEXXZ
?Replace@TBstr@XPRT@@QAEHGG@Z
?Compare@TBstr@XPRT@@QBEHPBG@Z
?Set@TTime@XPRT@@QAEXN@Z
_XprtSeedRandom@8
?Remove@TFile@XPRT@@SA_NPBG@Z
?GetFileSpec@TFileFinder@XPRT@@QBE?AVTBstr@2@XZ
?FindNext@TFileFinder@XPRT@@QAE_NI@Z
?Find@TFileFinder@XPRT@@QAE_NPBGI@Z
??1TFileFinder@XPRT@@UAE@XZ
??0TFileFinder@XPRT@@QAE@XZ
?Append@TBstr@XPRT@@QAEAAV12@G@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
_XprtAtomicIncrement@4
xprt_strcmp
xprt_memmove
xprt_memset
_XprtAtomicDecrement@4
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?Find@TBstr@XPRT@@QBEHGH@Z
?Set@TTime@XPRT@@QAEXHHHHHH@Z
?GetTm@TTime@XPRT@@QBE_NPAUtm@@@Z
xprt_strlcpy
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
xprt_ucslcpy
_XprtMemRealloc@8
xprt_iswdigit
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
??0TMessageDigest@XPRT@@QAE@XZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
xprt_memcpy
xprt_strlen
_XprtInitialize@8
_XprtUninitialize@0
?RemoveAt@TPtrArray@XPRT@@QAEXHH@Z
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z

msvcr71

__security_error_handler
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
_except_handler3
setlocale
_snwprintf
qsort
localtime
tolower
toupper
atof
strcat
strncpy
realloc
malloc
_iob
__mb_cur_max
_isctype
_pctype
memcpy
strcpy
sprintf
atoi
strcmp
_ftol
memset
memcmp
strlen
free
wcsncpy
strncmp
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z

user32

SetTimer
KillTimer
TranslateMessage
MsgWaitForMultipleObjects

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayCopy
SafeArrayDestroy
SafeArrayUnlock
SafeArrayCreate
SafeArrayLock
SystemTimeToVariantTime
VariantInit
VariantChangeTypeEx
SysAllocString
VariantTimeToSystemTime
VariantCopy
VariantClear

Exports

Exports

EEGetModuleInterop

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62ee467a402831097c186a39b1c48852

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

xprt5

msvcr71

user32

oleaut32

Exports

Exports

Sections

.text Size: 242KB - Virtual size: 242KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 29KB - Virtual size: 32KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 242KB - Virtual size: 242KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 29KB - Virtual size: 32KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 18KB - Virtual size: 17KB