5125a07abd9c6df02146cb821fa2371b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5125a07abd9c6df02146cb821fa2371b_JaffaCakes118
Size

104KB
MD5

5125a07abd9c6df02146cb821fa2371b
SHA1

0d4ce3c30dc2c425c83d12cc08e3dffa4f1d4820
SHA256

c20258363800b75939cc474bf77a1e603e7c18277a5badc7ea0d9c2b186ecd69
SHA512

25f27fdf3e8339784842206b9889921a26bc420fc343d4fd20728d7d65b9233ecb83e3f156f1c8636407f7378d4c2ca1355c72abf5967729d849e811055589b4
SSDEEP

3072:ArkzUwlSGAVCgmjnSwPO680jKQD2nJz6cOQUiotf:ArkrtO6fjDMz6cOzio

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5125a07abd9c6df02146cb821fa2371b_JaffaCakes118

Files

5125a07abd9c6df02146cb821fa2371b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9358b4f8d807e023a3e57ecdb33c5f2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workarea\8.59\drivers\mm\avstream_t200\source\proppage\build\T200\w764wow\B_rel\atinpwt2.pdb

Imports

ksproxy.ax

KsSynchronousDeviceControl

kernel32

CreateThread
WaitForSingleObject
ResetEvent
SetEvent
lstrcatA
ReleaseSemaphore
CreateSemaphoreW
GetCurrentThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
lstrcmpiA
SetErrorMode
VirtualAlloc
GetCurrentProcess
DuplicateHandle
VirtualFree
GetVersionExW
DisableThreadLibraryCalls
lstrlenW
MultiByteToWideChar
lstrlenA
GetLastError
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadLibraryW
CreateEventW
CloseHandle
GetProcAddress
GetModuleHandleW
lstrcpyW
lstrcpynW
lstrcmpW
lstrcmpiW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetTickCount
WaitForMultipleObjects
GetSystemInfo

user32

RegisterWindowMessageW
KillTimer
GetDesktopWindow
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
GetDlgItem
EnableWindow
IsDlgButtonChecked
CheckDlgButton
SetTimer
wsprintfW
GetWindowLongW
SetWindowLongW
CreateDialogParamW
MoveWindow
InvalidateRect
ShowWindow
DestroyWindow
DefWindowProcW
PeekMessageW
MsgWaitForMultipleObjects
wvsprintfW
PostThreadMessageW
GetWindowRect
GetQueueStatus
DispatchMessageW
LoadStringW
LoadStringA
wsprintfA

msvcrt

_itoa
atoi
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler

winmm

timeSetEvent
timeGetTime

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegSetValueW
RegCreateKeyW
RegCloseKey

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoFreeUnusedLibraries
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9358b4f8d807e023a3e57ecdb33c5f2f

Headers

File Characteristics

PDB Paths

Imports

ksproxy.ax

kernel32

user32

msvcrt

winmm

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB