15947bd35cc7a95b7cdb1398de445e40_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

15947bd35cc7a95b7cdb1398de445e40_JaffaCakes118
Size

476KB
MD5

15947bd35cc7a95b7cdb1398de445e40
SHA1

dc29f33c2fe4f62cac31cc98eb37f17c3ec80eed
SHA256

0c463080b998bf270c8616752d2e698e9773b8f9c4c4c9c0aa4c739a0600e324
SHA512

1d6560dcda9d6c07a33e42f938b9eccafa29b2c35ff8863e02de03b2473bed962be0dac70d0c7b306a007ab636f06864921c19afcd07c9958bbba75db01e916c
SSDEEP

6144:p1Zozpmpx1JqjqgFnuQaXH04EPxYKHm2TFhaLX6TQ/e9pbqeIbMkR7jiSJ:DZoApgjjwH04wYKhTaLXT/6eHMk9OSJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15947bd35cc7a95b7cdb1398de445e40_JaffaCakes118

Files

15947bd35cc7a95b7cdb1398de445e40_JaffaCakes118
.dll windows:4 windows x86 arch:x86

caa2b2044358b03545ae3d270124f6cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\WorkPrg_New\Pdf3\Release\pdfxclib.pdb

Imports

xccdx30

?QuoteString@DBuffer@@QAEJPBDJHH@Z
?PDF_GenerateRC4Key@@YAXPBEKKKPAEPAK@Z
?WritefLnV@DBuffer@@QAEJPBDPAD@Z
?WritefV@DBuffer@@QAEJPBDPAD@Z
?WriteHex@DBuffer@@QAEJPBEK@Z
??0DBuffer@@QAE@PAVDSIO@@H@Z
?Init@AAD@@QAEXXZ
??0AAD@@QAE@XZ
?Update@AAD@@QAEXPBEK@Z
?Get@AAD@@QAEPBEXZ
??0AAC@@QAE@XZ
?Init@AAC@@QAEXPBEK@Z
?Process@AAC@@QAEXPBEPAEK@Z
??1AAC@@QAE@XZ
??1AAD@@QAE@XZ
??_FDMemBuffer@@QAEXXZ
?ascii85_encode@@YAJPAVDSIO@@0J_J@Z
?rle_encode@@YAJPAVDSIO@@0J_J@Z
?DeflateBuff@@YAJPAVDSIO@@0JJ_J@Z
?DCT_Encode@@YAJPAVDSIO@@0KKEE@Z
?J2K_Encode@@YAJPAVDSIO@@0KKEE@Z
?Compress_CCITT@@YAJPAVDSIO@@0KKJHHH@Z
?LZWEncode@@YAJPAVDSIO@@0@Z
?JBIG2Encode@@YAJPAVDSIO@@0KKK@Z
??1DMemBuffer@@UAE@XZ
?Free@DBuffer@@QAEJXZ
?Write@DBuffer@@QAEJPBEK@Z
?GetTotalSize@DBuffer@@QAEKXZ
?GetPos@DBuffer@@QAEKXZ
?Write@DBuffer@@QAEJDK@Z
?WriteHexWord@DBuffer@@QAEJG@Z
??0DMemBuffer@@QAE@K@Z
?CopyTo@DBuffer@@QAEJPAV1@@Z
??_7DMemBuffer@@6B@
?SetPos@DBuffer@@QAEJK@Z
??1DBuffer@@UAE@XZ
?PDF_GenerateEncryptParams@@YAXPBDK0KPAE1KPBEKK1KH@Z
?WriteAsUnicode@DBuffer@@QAEJPBD@Z
?WriteHexDWord@DBuffer@@QAEJK@Z
?WriteHexR@DBuffer@@QAEJPBEK@Z
?WR_newline@DBuffer@@QAEJXZ
?EnsureSize@DBuffer@@QAEJK@Z
?Write@DBuffer@@QAEJPBDJ@Z
?Writef@DBuffer@@QAAJPBDZZ
?WritefLn@DBuffer@@QAAJPBDZZ
?WriteLn@DBuffer@@QAEJPBDJ@Z
?Collapse@DBuffer@@QAEJXZ

comctl32

PropertySheetA
CreatePropertySheetPageA

kernel32

CreateFileW
GetSystemTime
GetCurrentThreadId
GetModuleHandleW
GetFileAttributesW
GetVersion
FlushInstructionCache
GetCurrentProcess
LoadLibraryW
SetLastError
RtlUnwind
LocalAlloc
LocalFree
GetLocalTime
InterlockedExchange
RaiseException
lstrlenW
lstrlenA
OutputDebugStringA
MulDiv
GetModuleFileNameA
GetModuleFileNameW
GetLastError
lstrcmpiA
FreeLibrary
GetPrivateProfileSectionA
GetWindowsDirectoryA
GetProcAddress
LoadLibraryA
GetVersionExA
lstrcmpiW
GetTickCount
lstrcmpA
GetModuleHandleA
CloseHandle
WriteFile
CreateFileA
InitializeCriticalSection
CreateEventA
DeleteCriticalSection
WaitForSingleObject
GetExitCodeThread
SetEvent
LeaveCriticalSection
ResetEvent
CreateThread
EnterCriticalSection
DeleteFileA
WideCharToMultiByte
DeleteFileW
SetFilePointer
GetFileSize
ReadFile
GetTimeZoneInformation

user32

IntersectRect
wsprintfA
wvsprintfA
wsprintfW
SendDlgItemMessageA
SendDlgItemMessageW
SetDlgItemTextA
SetDlgItemTextW
GetDlgItemTextA
GetDlgItemTextW
GetWindowTextLengthW
GetDlgItem
ReleaseDC
GetDC
CopyRect
IsRectEmpty
CharLowerW
GetSysColor
OffsetRect
GetClientRect
GetWindowRect
IsWindowVisible
GetParent
IsWindow
CreateDialogParamA
SetWindowPos
SetForegroundWindow
GetDesktopWindow
GetClassNameA
EnableWindow
GetActiveWindow
PostThreadMessageA
GetMessageA
PeekMessageA
IsCharAlphaNumericA
EndDialog
SendMessageA
SetWindowLongA
GetWindowLongA
DialogBoxParamA
DefWindowProcA
ScreenToClient
ClientToScreen
ShowWindow
CallWindowProcA
DestroyWindow
SetWindowLongW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
CreateWindowExA
LoadCursorA
LoadCursorW

gdi32

CreateEnhMetaFileA
DeleteEnhMetaFile
CloseEnhMetaFile
DeleteObject
GetTextMetricsA
SelectObject
CreateFontIndirectA
CreateFontIndirectW
GetFontData
GetObjectA
GetStockObject
GetObjectW
LPtoDP
EnumFontFamiliesExW
EnumFontFamiliesExA
GetMetaFileBitsEx
GetDeviceCaps
SetWinMetaFileBits
SetBkMode
GetEnhMetaFileBits
SetEnhMetaFileBits
GetEnhMetaFileHeader
CreateCompatibleDC
EnumEnhMetaFile
DeleteDC
DPtoLP
GetBkMode
GetBkColor
GetTextAlign
PlayEnhMetaFileRecord

comdlg32

GetSaveFileNameW
GetSaveFileNameA

dscrt30

?UnRegisterFacilityErrorInfo@@YAJK@Z
?Start@DCallback@@QAEXKK@Z
?Finish@DCallback@@QAEXXZ
??0DCallback@@QAE@XZ
??0DStringW@@QAE@PBGJ@Z
?Format@DStringW@@QAAHPBGZZ
?Create@DMappedFile@@QAE_JPBDKK@Z
?RegisterFacilityErrorInfo@@YAJKPBUDS_ECodeDescription@@KPBD@Z
??1DCallback@@QAE@XZ
?Tick@DCallback@@QAEHK@Z
??YDString@@QAEAAV0@ABV0@@Z
?Append@DString@@QAEJAAV1@@Z
??0DString@@QAE@PBDJ@Z
??0DSizedMemoryBlock@@QAE@XZ
?Create@DSizedMemoryBlock@@QAE_JKJ@Z
?GetWriteBuffer@DSizedMemoryBlock@@UAEPAXJ_JKPA_J@Z
??0DMappedFile@@QAE@XZ
??1DMappedFile@@UAE@XZ
?Close@DMappedFile@@UAE_JXZ
?Unicode2UTF8@@YAJPBGJPAEK@Z
?FillChar@DString@@QAEJDJ@Z
?Create@DMappedFile@@QAE_JPBGKK@Z
?FormatError@@YAJJW4ErrLookupType@@PADJ@Z
?MKOptimizeSmallBlockUsage@@YAXH@Z
?mki_CopyMemory@@3P6AXPAXPBXK@ZA
?mki_MoveMemory@@3P6AXPAXPBXK@ZA
?mki_ZeroMemory@@3P6AXPAXK@ZA
?MKallocI@@YAPAXKK@Z
?MKfree@@YAXPAX@Z
?MKreallocI@@YAPAXPAXKK@Z
??4DString@@QAEAAV0@PBD@Z
?Trim@DStringW@@QAEJW4dsTrimType@@@Z
??4DStringW@@QAEAAV0@PBG@Z
??4DString@@QAEAAV0@ABV0@@Z
??0DString@@QAE@PBGJ@Z
?Append@DStringW@@QAEJPBGJ@Z
?Append@DString@@QAEJPBDJ@Z
?os_featuresFlags@@3JA
??YDString@@QAEAAV0@PBD@Z
?os_ver@@3U_OSVERSIONINFOA@@A
?ds_strcpyn@@YAPAGPAGPBGH@Z
??0DStringW@@QAE@PBDJ@Z
??4DStringW@@QAEAAV0@ABV0@@Z
?SetLength@DStringW@@QAEJJH@Z
?ExpandTo@DStringW@@QAEJJH@Z
?mki_CompareMemory@@3P6AJPBX0K@ZA
?Format@DString@@QAAHPBDZZ
??1DSizedMemoryBlock@@UAE@XZ
?ds_sqrt@@YANN@Z
?Append@DStringW@@QAEJGK@Z
?Free@DString@@QAEXXZ
?Free@DStringW@@QAEXXZ
?ds_strcpy@@YAPAGPAGPBG@Z
?ds_strcpy@@YAPADPADPBD@Z
?Append@DStringW@@QAEJPBDJ@Z
?ds_strcpyn@@YAPADPADPBDH@Z
?ds_rand@@YAJXZ
?ds_srand@@YAXJ@Z
?Append@DString@@QAEJDK@Z
?Append@DStringW@@QAEJAAV1@@Z
??1DStringW@@QAE@XZ
??0DStringW@@QAE@XZ
?mki_FillMemory@@3P6AXPAXKE@ZA
?ds_floor@@YAJN@Z
?ds_pow@@YANNN@Z
?a2int@@YAJPBDJPAJ@Z
??0DStringW@@QAE@ABV0@@Z
?RandomRead@DSizedMemoryBlock@@UAE_JPAXKJ_J@Z

ixclib30

IMG_PageIsGrayscale
IMG_PageOptimizePalette
IMG_PageGetPalette
IMG_GetPageFormat
IMG_LockPageBlock
IMG_UnlockPageBlock
IMG_ClonePage
IMG_CreatePageFromMemory
IMG_ImageDecodePage
IMG_CreatePageFromHBITMAP
IMG_CreateNewPage
IMG_PageGetPixel
IMG_PageTile
IMG_CropPage
IMG_ScalePage
IMG_PageCountColors
IMG_PageToGrayscale
IMG_PageReduceColors
IMG_PageConvertToFormat
IMG_GetPageSize
IMG_GetPageDPI
IMG_CreateEmptyImage
IMG_ImageLoadW
IMG_ImageGetPagesCount
IMG_DisposeImage
IMG_FreePage
IMG_ImageRemovePage

shlwapi

StrCmpNA
StrChrA
StrCmpW
StrCmpIW
StrCmpNIW
StrStrW
StrCmpNIA
StrStrA
StrRChrA
StrRChrW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

??0?$DVector@PAUtagUrlVariant@@@@QAE@KJ@Z
??0DmyRegExp@@QAE@XZ
??0UrlVector@@QAE@XZ
??0tagUrlVariant@@QAE@PBG0JJ@Z
??1?$DVector@PAUtagUrlVariant@@@@QAE@XZ
??1DmyRegExp@@QAE@XZ
??1UrlVector@@QAE@XZ
??1tagUrlVariant@@QAE@XZ
??4?$DVector@PAUtagUrlVariant@@@@QAEAAV0@ABV0@@Z
??4DmyRegExp@@QAEAAV0@ABV0@@Z
??4UrlVector@@QAEAAV0@ABV0@@Z
??4tagUrlVariant@@QAEAAU0@ABU0@@Z
??A?$DVector@PAUtagUrlVariant@@@@QAEAAPAUtagUrlVariant@@K@Z
??A?$DVector@PAUtagUrlVariant@@@@QBEABQAUtagUrlVariant@@K@Z
??_F?$DVector@PAUtagUrlVariant@@@@QAEXXZ
?AddVariant@DmyRegExp@@QAEHPBG0JJ@Z
?DeleteAt@?$DVector@PAUtagUrlVariant@@@@QAEXK@Z
?DeleteBlock@?$DVector@PAUtagUrlVariant@@@@QAEXKK@Z
?GetFileUrlFromString@@YAPAUtagUrlResult@@PBGK@Z
?GetUrlFromString@DmyRegExp@@QAEPAUtagUrlResult@@PBGK@Z
?Grow@?$DVector@PAUtagUrlVariant@@@@QAEXK@Z
?GrowToAdd@?$DVector@PAUtagUrlVariant@@@@QAEXK@Z
?InsertAt@?$DVector@PAUtagUrlVariant@@@@QAEXKABQAUtagUrlVariant@@@Z
?InsertAt@?$DVector@PAUtagUrlVariant@@@@QAEXKKABQAUtagUrlVariant@@@Z
?IsValid@tagUrlVariant@@QAEHXZ
?MatchExpr@DmyRegExp@@QAEHPBG0JJPAJH@Z
?_Distance@?$DVector@PAUtagUrlVariant@@@@ABEXPBQAUtagUrlVariant@@0AAK@Z
?at@?$DVector@PAUtagUrlVariant@@@@QAEAAPAUtagUrlVariant@@K@Z
?at@?$DVector@PAUtagUrlVariant@@@@QBEABQAUtagUrlVariant@@K@Z
?begin@?$DVector@PAUtagUrlVariant@@@@QAEPAPAUtagUrlVariant@@XZ
?begin@?$DVector@PAUtagUrlVariant@@@@QBEPBQAUtagUrlVariant@@XZ
?capacity@?$DVector@PAUtagUrlVariant@@@@QAEKXZ
?clear@?$DVector@PAUtagUrlVariant@@@@QAEXXZ
?empty@?$DVector@PAUtagUrlVariant@@@@QBEHXZ
?end@?$DVector@PAUtagUrlVariant@@@@QAEPAPAUtagUrlVariant@@XZ
?end@?$DVector@PAUtagUrlVariant@@@@QBEPBQAUtagUrlVariant@@XZ
?erase@?$DVector@PAUtagUrlVariant@@@@QAEPAPAUtagUrlVariant@@PAPAU2@0@Z
?erase@?$DVector@PAUtagUrlVariant@@@@QAEPAPAUtagUrlVariant@@PAPAU2@@Z
?insert@?$DVector@PAUtagUrlVariant@@@@QAEPAPAUtagUrlVariant@@PAPAU2@ABQAU2@@Z
?insert@?$DVector@PAUtagUrlVariant@@@@QAEXPAPAUtagUrlVariant@@KABQAU2@@Z
?insert@?$DVector@PAUtagUrlVariant@@@@QAEXPAPAUtagUrlVariant@@PBQAU2@1@Z
?pop_back@?$DVector@PAUtagUrlVariant@@@@QAEXXZ
?push_back@?$DVector@PAUtagUrlVariant@@@@QAEXABQAUtagUrlVariant@@@Z
?resize@?$DVector@PAUtagUrlVariant@@@@QAEXKABQAUtagUrlVariant@@@Z
?size@?$DVector@PAUtagUrlVariant@@@@QBEJXZ
PXC_AddEnhMetafile
PXC_AddFontA
PXC_AddFontEx
PXC_AddFontFromFileA
PXC_AddFontFromFileW
PXC_AddFontW
PXC_AddGotoAction
PXC_AddHatchPattern
PXC_AddHatchPatternEx
PXC_AddImageA
PXC_AddImageExA
PXC_AddImageExW
PXC_AddImageFromHBITMAP
PXC_AddImageFromImageXChangePage
PXC_AddImageFromMemory
PXC_AddImagePattern
PXC_AddImageW
PXC_AddLaunchActionA
PXC_AddLaunchActionW
PXC_AddLink
PXC_AddOutlineEntryA
PXC_AddOutlineEntryW
PXC_AddPage
PXC_AddStdMetafile
PXC_AddTextAnnotationA
PXC_AddTextAnnotationW
PXC_AddWatermark
PXC_Alloc
PXC_ApplyPattern
PXC_Arc
PXC_ArcN
PXC_CS_Concat
PXC_CS_Get
PXC_CS_Rotate
PXC_CS_Scale
PXC_CS_Skew
PXC_CS_Translate
PXC_Chord
PXC_ChordEx
PXC_Circle
PXC_ClearNoEmbeddList
PXC_ClipPath
PXC_CloseImage
PXC_ClosePath
PXC_CropImage
PXC_CurveTo
PXC_DrawTextExW
PXC_Ellipse
PXC_EllipseArc
PXC_EllipseArcEx
PXC_EnableLinkAnalyzer
PXC_EnableSecurity
PXC_EndPage
PXC_EndPath
PXC_Err_FormatErrorCode
PXC_Err_FormatFacility
PXC_Err_FormatSeverity
PXC_FillPath
PXC_Free
PXC_GenerateNUP
PXC_GetCompression
PXC_GetContentDC
PXC_GetCurrentFont
PXC_GetFontInfo
PXC_GetImageDPI
PXC_GetImageDimension
PXC_GetLineInfo
PXC_GetPage
PXC_GetPageBox
PXC_GetPageIndex
PXC_GetPageRotation
PXC_GetPageSize
PXC_GetPagesCount
PXC_GetStateLevel
PXC_GetStringWidthA
PXC_GetStringWidthW
PXC_GetTextOptions
PXC_GradientFill
PXC_InsertPage
PXC_LineTo
PXC_MakeImageGrayscale
PXC_MarkImageAsMask
PXC_MoveTo
PXC_NewDocument
PXC_NewTextLine
PXC_NoDash
PXC_Pie
PXC_PieEx
PXC_PlaceImage
PXC_PolyCurve
PXC_Polygon
PXC_Rect
PXC_ReduceImageColors
PXC_ReleaseContentDC
PXC_ReleaseDocument
PXC_RemovePage
PXC_RestoreState
PXC_RoundRect
PXC_SaveState
PXC_ScaleImage
PXC_SetAnnotsInfo
PXC_SetBlendMode
PXC_SetCallback
PXC_SetCharSpacing
PXC_SetCompression
PXC_SetCurrentFont
PXC_SetDash
PXC_SetDocumentInfoA
PXC_SetDocumentInfoExA
PXC_SetDocumentInfoExW
PXC_SetDocumentInfoW
PXC_SetDrawingColor
PXC_SetDrawingGray
PXC_SetEmbeddingOptions
PXC_SetFillColor
PXC_SetFillGray
PXC_SetFlat
PXC_SetFontEmbeddA
PXC_SetFontEmbeddW
PXC_SetImageMask
PXC_SetImageTransColor
PXC_SetLineCap
PXC_SetLineJoin
PXC_SetLineWidth
PXC_SetMiterLimit
PXC_SetPageBox
PXC_SetPageDuration
PXC_SetPageLayout
PXC_SetPageMode
PXC_SetPageRotation
PXC_SetPageTransition
PXC_SetPermissions
PXC_SetPermissions128
PXC_SetPermissions40
PXC_SetPolyDash
PXC_SetSpecVersion
PXC_SetStrokeAdjust
PXC_SetStrokeColor
PXC_SetStrokeGray
PXC_SetTextLeading
PXC_SetTextOptions
PXC_SetTextRMode
PXC_SetTextRise
PXC_SetTextScaling
PXC_SetTransparency
PXC_SetViewerPreferences
PXC_SetWordSpacing
PXC_ShowTextDrv
PXC_StrokePath
PXC_TCS_Get
PXC_TCS_Transform
PXC_TextOutA
PXC_TextOutW
PXC_WriteDocumentA
PXC_WriteDocumentExA
PXC_WriteDocumentExW
PXC_WriteDocumentW
_PXC_GetImageColors@8

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caa2b2044358b03545ae3d270124f6cb

Headers

File Characteristics

PDB Paths

Imports

xccdx30

comctl32

kernel32

user32

gdi32

comdlg32

dscrt30

ixclib30

shlwapi

version

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 315KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 72KB - Virtual size: 70KB

.rsrc Size: 16KB - Virtual size: 13KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 316KB - Virtual size: 315KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 72KB - Virtual size: 70KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 20KB - Virtual size: 17KB