640d2c93d6c106eaaf650e9b1436d9d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

640d2c93d6c106eaaf650e9b1436d9d0_JaffaCakes118
Size

104KB
MD5

640d2c93d6c106eaaf650e9b1436d9d0
SHA1

d0f27a47cd360f52e9780f918db1ab41398a5775
SHA256

4d35d69fd4537b8cb98cfdd2216972ef06f24e14b4044a96edc2bf4ad05a375c
SHA512

e2d1388a449160459a463b6a9b5e3b30745ee7c45fe7ee285dfb29827524dd98e2946703e062430511ff159f8f4897ba6b7152ee12197dcdde3e5182352d9cd4
SSDEEP

3072:9rkzUwlSGAVCgmjnSwPO680jKQD2nrz6cWQUioFY:9rkrtO6fjDOz6cWzio

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
640d2c93d6c106eaaf650e9b1436d9d0_JaffaCakes118

Files

640d2c93d6c106eaaf650e9b1436d9d0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9358b4f8d807e023a3e57ecdb33c5f2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workarea\8.50\drivers\mm\avstream_t200\source\proppage\build\T200\xp\B_rel\atinppt2.pdb

Imports

ksproxy.ax

KsSynchronousDeviceControl

kernel32

CreateThread
WaitForSingleObject
ResetEvent
SetEvent
lstrcatA
ReleaseSemaphore
CreateSemaphoreW
GetCurrentThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
lstrcmpiA
SetErrorMode
VirtualAlloc
GetCurrentProcess
DuplicateHandle
VirtualFree
GetVersionExW
DisableThreadLibraryCalls
lstrlenW
MultiByteToWideChar
lstrlenA
GetLastError
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadLibraryW
CreateEventW
CloseHandle
GetProcAddress
GetModuleHandleW
lstrcpyW
lstrcpynW
lstrcmpW
lstrcmpiW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetTickCount
WaitForMultipleObjects
GetSystemInfo

user32

RegisterWindowMessageW
KillTimer
GetDesktopWindow
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
GetDlgItem
EnableWindow
IsDlgButtonChecked
CheckDlgButton
SetTimer
wsprintfW
GetWindowLongW
SetWindowLongW
CreateDialogParamW
MoveWindow
InvalidateRect
ShowWindow
DestroyWindow
DefWindowProcW
PeekMessageW
MsgWaitForMultipleObjects
wvsprintfW
PostThreadMessageW
GetWindowRect
GetQueueStatus
DispatchMessageW
LoadStringW
LoadStringA
wsprintfA

msvcrt

_itoa
atoi
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler

winmm

timeSetEvent
timeGetTime

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegSetValueW
RegCreateKeyW
RegCloseKey

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoFreeUnusedLibraries
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9358b4f8d807e023a3e57ecdb33c5f2f

Headers

File Characteristics

PDB Paths

Imports

ksproxy.ax

kernel32

user32

msvcrt

winmm

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB