270400851451b9b00c22ad39e63d7504_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

270400851451b9b00c22ad39e63d7504_JaffaCakes118
Size

160KB
MD5

270400851451b9b00c22ad39e63d7504
SHA1

8962b2aa6a0c0bc50b59c431a781edea34c2a42a
SHA256

b2e9b765eb7daa90c9aa57b965ff697d95376d3bc4699a6b01408ea98f93b447
SHA512

21b85329ddb55a360575d5fbfe1a9de9f48b34d9051fc2fab03218846b500508f6eb4e6786019223f1de7754d54a30804c3bb74964bb5b8f7002beb31485c420
SSDEEP

3072:FKx9CGPY9hBqiEzdc2OV+Q9iZ3CW43wErWGJKH:1qNdc2OV+CiMRAE3s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
270400851451b9b00c22ad39e63d7504_JaffaCakes118

Files

270400851451b9b00c22ad39e63d7504_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f284bb233966f7edb4eb7af59bb4aa0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\release\RELEASE_1_6_43\hurricane-sw-development\activities\product\GatewayClient\Release\LSSProxy.pdb

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
InitializeAcl
SetEntriesInAclA
LookupAccountNameA
FreeSid
GetLengthSid
AllocateAndInitializeSid

shlwapi

PathAppendW
StrCpyW

psapi

GetModuleBaseNameW
EnumProcessModules

kernel32

GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
QueryDosDeviceW
CloseHandle
GetLastError
ConnectNamedPipe
CreateFileW
WaitNamedPipeW
WriteFile
ReadFile
CreateNamedPipeW
CreateSemaphoreW
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenProcess
CreateDirectoryW
FindClose
FindNextFileW
DeleteFileW
FileTimeToSystemTime
FindFirstFileW
GetSystemTimeAsFileTime
WaitForSingleObject
ReleaseSemaphore
GetCurrentProcessId
LocalAlloc
LocalFree
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetCurrentThreadId

shell32

SHGetFolderPathW

lslog

??0CStormLog@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1CStormLog@@QAE@XZ
?error@CStormLog@@QAAXPB_WZZ

msvcp80

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?facet_Register@facet@locale@std@@CAXPAV123@@Z
?_Incref@facet@locale@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Id_cnt@id@locale@std@@0HA
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1_Lockit@std@@QAE@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z

msvcr80

??3@YAXPAX@Z
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_purecall
swscanf
_snwprintf
memset
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
mbstowcs
memmove_s
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
free
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ

Exports

Exports

??0LoggerWrapper@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0SCSI_CDB_Builder@@QAE@XZ
??1LoggerWrapper@@UAE@XZ
??1SCSI_CDB_Builder@@UAE@XZ
?Close@LSDeviceWindows@@UAE?AW4PE_Return@@XZ
?DriveManagerFactoryFunctionTrace@LoggerWrapper@@QAEXPBD@Z
?DriveManagerFunctionTrace@LoggerWrapper@@QAEXPBD@Z
?GetCDROMDeviceNumber@DriveManagerWindows@LightScribeSCSILayer@@EAE?AW4PE_Return@@_WAAG@Z
?GetDescription@LSDevice@@UAE?AW4PE_Return@@AAUHURRICANE_DESCRIPTOR@structures@@@Z
?GetDevice@DriveManager@LightScribeSCSILayer@@UAE?AW4PE_Return@@GAAPAVLSDevice@@@Z
?GetDriveCount@DriveManager@LightScribeSCSILayer@@UAE?AW4PE_Return@@AAG@Z
?GetLSFeatureDescriptor@LSDevice@@QAE?AW4PE_Return@@AAULIGHTSCRIBE_FEATURE_DESCRIPTOR@structures@@@Z
?GetLastCommandStatus@LSDevice@@QAE?AUSENSE_DATA@hurricane_scsi@@XZ
?GetPath@LSDeviceWindows@@EAE?AW4PE_Return@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Init@LSDeviceWindows@@UAE?AW4PE_Return@@XZ
?Inquiry@LSDevice@@MAE?AW4PE_Return@@PAEI@Z
?IsOK@LSDeviceWindows@@UAE_NXZ
?IsOpen@LSDeviceWindows@@UAE_NXZ
?IsWriteable@LSDeviceWindows@@EAE?AW4PE_Return@@AA_N@Z
?LSDeviceFunctionTrace@LoggerWrapper@@QAEXPBD@Z
?LSNamedPipeFunctionTrace@LoggerWrapper@@QAEXPBD@Z
?Open@LSDeviceWindows@@UAE?AW4PE_Return@@I@Z
?OpenDevice@DriveManager@LightScribeSCSILayer@@UAE?AW4PE_Return@@GI@Z
?ReleaseDevice@DriveManager@LightScribeSCSILayer@@UAE?AW4PE_Return@@G@Z
?SaveDriveIDString@LSDevice@@MAE?AW4PE_Return@@XZ
?SaveDriveInfo@LSDeviceWindows@@EAE?AW4PE_Return@@XZ
?SaveDriveModePageInfo@LSDevice@@MAE?AW4PE_Return@@XZ
?SendInputCommand@LSDeviceWindows@@UAE?AW4PE_Return@@ABVhurricane_cdb@@PAEABIAAI@Z
?SendNoDataCommand@LSDeviceWindows@@UAE?AW4PE_Return@@ABVhurricane_cdb@@@Z
?SendOutputCommand@LSDeviceWindows@@UAE?AW4PE_Return@@ABVhurricane_cdb@@PBEABI@Z
?TranslateSenseInfo@SCSIHelper@@SA?AW4PE_Return@@PAEI@Z
?TsunamiFunctionTrace@LoggerWrapper@@QAEXPBD@Z
?build_GESN_CDB@SCSI_CDB_Builder@@QAE?AVhurricane_cdb@@E_NG@Z
?build_PreventAllow_CDB@SCSI_CDB_Builder@@QAE?AVhurricane_cdb@@W4TrayLockCmd@hurricane_scsi@@@Z
?build_RBC_CDB@SCSI_CDB_Builder@@QAE?AVhurricane_cdb@@_N@Z
?build_TUR_CDB@SCSI_CDB_Builder@@QAE?AVhurricane_cdb@@XZ
?build_get_configuration_CDB@SCSI_CDB_Builder@@QAE?AVhurricane_cdb@@FEF@Z
?build_inquiry_CDB@SCSI_CDB_Builder@@QAE?AVhurricane_cdb@@E@Z
?build_mode_select_CDB@SCSI_CDB_Builder@@QAE?AVhurricane_cdb@@I@Z
?build_mode_sense_CDB@SCSI_CDB_Builder@@QAE?AVhurricane_cdb@@FEE@Z
?build_print_CDB@SCSI_CDB_Builder@@QAE?AVhurricane_cdb@@KEE@Z
?build_request_sense_CDB@SCSI_CDB_Builder@@QAE?AVhurricane_cdb@@E@Z
?build_start_CDB@SCSI_CDB_Builder@@QAE?AVhurricane_cdb@@W4start_stop_cmd@structures@@@Z
?createDriveManager@DriveManagerFactory@LightScribeSCSILayer@@SA?AW4PE_Return@@PAPAVDriveManager@2@@Z
?debug@LoggerWrapper@@QAEXPA_W@Z
?debug@LoggerWrapper@@QAEXPA_WI@Z
?debug@LoggerWrapper@@QAEXPA_WII@Z
?debug@LoggerWrapper@@QAEXPBDII@Z
?debug@LoggerWrapper@@QAEXPB_W@Z
?debug@LoggerWrapper@@QAEXPB_WII@Z
?doInputSCSICommand@LSDevice@@IAE?AW4PE_Return@@ABVhurricane_cdb@@AAV?$vector@EV?$allocator@E@std@@@std@@@Z
?doNoDataSCSICommand@LSDevice@@IAE?AW4PE_Return@@ABVhurricane_cdb@@@Z
?doOutputSCSICommand@LSDevice@@IAE?AW4PE_Return@@ABVhurricane_cdb@@ABV?$vector@EV?$allocator@E@std@@@std@@@Z
?do_GESN@LSDevice@@QAE?AW4PE_Return@@AAV?$vector@EV?$allocator@E@std@@@std@@@Z
?do_PREVENT_ALLOW@LSDevice@@QAE?AW4PE_Return@@W4TrayLockCmd@hurricane_scsi@@@Z
?do_RBC@LSDevice@@QAE?AW4PE_Return@@AAV?$vector@EV?$allocator@E@std@@@std@@@Z
?do_STARTSTOP@LSDevice@@QAE?AW4PE_Return@@W4start_stop_cmd@structures@@@Z
?do_STARTSTOP@LSDevice@@QAE?AW4PE_Return@@XZ
?do_TUR@LSDevice@@QAE?AW4PE_Return@@XZ
?do_get_configuration@LSDevice@@QAE?AW4PE_Return@@AAV?$vector@EV?$allocator@E@std@@@std@@@Z
?do_mode_select@LSDevice@@QAE?AW4PE_Return@@ABV?$vector@EV?$allocator@E@std@@@std@@@Z
?do_mode_sense@LSDevice@@QAE?AW4PE_Return@@AAV?$vector@EV?$allocator@E@std@@@std@@EE@Z
?do_print_command@LSDevice@@QAE?AW4PE_Return@@ABV?$vector@EV?$allocator@E@std@@@std@@@Z
?do_request_sense@LSDevice@@QAE?AW4PE_Return@@XZ
?error@LoggerWrapper@@QAEXPA_W@Z
?error@LoggerWrapper@@QAEXPA_WI@Z
?error@LoggerWrapper@@QAEXPB_W@Z
?getRefCount@DriveManagerFactory@LightScribeSCSILayer@@SAIXZ
?info@LoggerWrapper@@QAEXPA_W@Z
?info@LoggerWrapper@@QAEXPA_WI@Z
?info@LoggerWrapper@@QAEXPB_W@Z
?releaseDriveManager@DriveManagerFactory@LightScribeSCSILayer@@SAXXZ
?send_mode_select@LSDevice@@QAE?AW4PE_Return@@AAV?$vector@EV?$allocator@E@std@@@std@@@Z

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f284bb233966f7edb4eb7af59bb4aa0b

Headers

File Characteristics

PDB Paths

Imports

advapi32

shlwapi

psapi

kernel32

shell32

lslog

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 60KB - Virtual size: 58KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 60KB - Virtual size: 58KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB