2146edfbf4aad32139d278d32a425d0d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2146edfbf4aad32139d278d32a425d0d_JaffaCakes118
Size

1.4MB
MD5

2146edfbf4aad32139d278d32a425d0d
SHA1

37ba761649fad85ef495dfe96f5447a0b4eb3afc
SHA256

55271780f789bc67a4076e7afd4ec324950ac0811ad20723c166b8539c22826c
SHA512

ab531a3107c74dcf7d1b5fb6c5346913bb2871ef4689d056bf2d3a2734573496639549a5eace15bb418ad3f536990d53330e947f68a1a78e534ee2148672d11d
SSDEEP

24576:wA800NwgiWT5xGLhBgiQIfokGkZGdnDN31CpTO51fQ9nzlwmP1c:IGYV0BtoJNffEnzlrPC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2146edfbf4aad32139d278d32a425d0d_JaffaCakes118

Files

2146edfbf4aad32139d278d32a425d0d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

59492be8f2ab252e403755e92927b16c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\PC Connectivity Solution\PCCS 3.10\Source Files\PC Connectivity API\DataAccessSolution\DataAccessAPI\Win32\Release\DAAPI.pdb

Imports

connapi

ord201
ord301
ord213
ord303
ord326
ord320
ord323
ord328
ord306
ord304
ord305
ord327
ord101
ord313
ord316
ord312
ord308
ord310
ord311
ord309
ord181
ord307
ord321
ord302
ord100
ord325
ord315
ord318
?StartListening@CCONAFSNotify@@QAEKPAX@Z
?StopListening@CCONAFSNotify@@QAEKPAX@Z
ord322
ord329
ord314
?StartListening@CCONADeviceNotify@@QAEKXZ
?StopListening@CCONADeviceNotify@@QAEKXZ
ord11
ord12
ord10
ord212
ord180
ord200
ord204
ord300
ord205
ord324

kernel32

GetProcessHeap
CloseHandle
LeaveCriticalSection
IsBadCodePtr
Sleep
InitializeCriticalSection
DeleteCriticalSection
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToLocalFileTime
GetSystemTime
LocalFileTimeToFileTime
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
HeapAlloc
SetEvent
GetTickCount
GetCurrentThreadId
CreateThread
TerminateThread
CreateEventW
ExitThread
WideCharToMultiByte
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetFileTime
GetFileSize
GetTempPathW
GetTempFileNameW
DeleteFileW
GetLastError
MoveFileW
HeapCreate
FindFirstFileW
FindClose
HeapDestroy
SetFileAttributesW
CreateFileW
SetEndOfFile
GetComputerNameW
DebugBreak
GetFileAttributesExW
CopyFileW
WaitForMultipleObjects
HeapReAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
CreateEventA
OpenEventA
ResetEvent
WaitForSingleObject
GetModuleFileNameW
HeapSize
HeapValidate
GetCurrentProcessId
HeapFree
EnterCriticalSection
OpenEventW
lstrlenW
CreateFileA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryA
GetFullPathNameW
GetModuleFileNameA
GetStdHandle
VirtualAlloc
GetConsoleMode
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
lstrlenA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetDriveTypeW
CreateDirectoryW
GetFileAttributesW
FindNextFileW
RemoveDirectoryW
GetSystemTimeAsFileTime
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
VirtualFree

user32

CharLowerBuffW
CharUpperBuffW

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree
CoInitializeEx
OleRun
CoWaitForMultipleHandles
CoCreateInstance

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
VarBstrCat
VariantClear
VariantCopy
VariantInit
SysAllocString
VarBstrCmp
SysAllocStringLen
SysStringLen
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
SysFreeString

shlwapi

PathAppendW

Exports

Exports

??0CDENotify@@QAE@ABV0@@Z
??0CDENotify@@QAE@XZ
??0CIEFilter@@QAE@ABV0@@Z
??0CIEFilter@@QAE@XZ
??0CIENotify@@QAE@ABV0@@Z
??0CIENotify@@QAE@XZ
??0CPIMNotify@@QAE@ABV0@@Z
??0CPIMNotify@@QAE@XZ
??4CDENotify@@QAEAAV0@ABV0@@Z
??4CIEFilter@@QAEAAV0@ABV0@@Z
??4CIENotify@@QAEAAV0@ABV0@@Z
??4CPIMNotify@@QAEAAV0@ABV0@@Z
??_7CDENotify@@6B@
??_7CIEFilter@@6B@
??_7CIENotify@@6B@
??_7CPIMNotify@@6B@
?DENotify@CDENotify@@UAEKKKKKPAG@Z
?Filter@CIEFilter@@UAEKPAXPBGPBUCONAPI_FILE_INFO@@PBUIE_OPTIONS@@@Z
?OperationState@CIENotify@@UAEKKKPBG@Z
?PIMNotify@CPIMNotify@@UAEXKKQAE@Z
?StartListeningDE@CDENotify@@QAEKPAX@Z
?StartListeningIE@CIENotify@@QAEKPAX@Z
?StartListeningIEFilter@CIEFilter@@QAEKPAX@Z
?StartListeningPIM@CPIMNotify@@QAEKPAX@Z
?StopListeningDE@CDENotify@@QAEKPAX@Z
?StopListeningIE@CIENotify@@QAEKPAX@Z
?StopListeningIEFilter@CIEFilter@@QAEKPAX@Z
?StopListeningPIM@CPIMNotify@@QAEKPAX@Z
CAAPI_Initialize
CAAPI_Terminate
CABeginOperation
CAChangeLogReadBegin
CAChangeLogReadEnd
CAChangeLogReadNext
CACommitOperations
CACreateFolder
CADeleteField
CADeleteFolder
CADeleteItem
CAEndOperation
CAFindBegin
CAFindEnd
CAFindNext
CAFreeChangeLogItem
CAFreeContentCapability
CAFreeFolderDetailsStructure
CAFreeFolderInfoStructure
CAFreeIdListStructure
CAFreeItemData
CAGetAPIVersion
CAGetContentCapability
CAGetFolderDetails
CAGetFolderInfo
CAGetFolderInfo2
CAGetFolderPath
CAGetIDList
CAGetIDList2
CAReadItem
CARegisterNotifyCallback
CARegisterNotifyIF
CARegisterOperationCallback
CARegisterOperationNotifyIF
CARenameFolder
CAWriteField
CAWriteItem
DACloseCA
DACloseDE
DACloseFolderSync
DACloseIE
DAClosePIM
DADeleteItem
DAFreeItemData
DAGetAPIVersion
DAGetFolderSyncAPIVersion
DAGetTargetPaths
DAGetUIDList
DAInitialize
DAOpenCA
DAOpenDE
DAOpenFolderSync
DAOpenIE
DAOpenPIM
DAReadItem
DARegisterPIMNotifyCallback
DASetTargetPath
DAUnInitialize
DAWriteItem
DEAPI_Initialize
DEAPI_Terminate
DEAllocMemFileStorageStructure
DEAllocMemLocationPairStructure
DEBackup
DEBackupUFByExt
DEBackupUFSpec
DECancel
DECheckFileIntegrity
DEFreeDEUFMapStructure
DEFreeDeviceInfoStructure
DEFreeFileInfoStructure
DEFreeFileStorageStructure
DEFreeItemDataStructure
DEFreeItemInfoStructure
DEFreeLocationPairStructure
DEFreeOperationResultStructure
DEGetAPIVersion
DEGetDeviceFolderStructure
DEGetDeviceInfo
DEGetFileDevIMEI
DEGetFileInfo
DEGetFileUFContent
DEGetOperationResult
DEItemFindBegin
DEItemFindEnd
DEItemFindGetInfo
DEItemFindGetItem
DERegisterNotifyCallback
DERegisterNotifyIF
DERestore
DERestoreUFByExt
DERestoreUFSpec
DllRegisterServer
DllUnregisterServer
FSyncAPI_GetAPIVersion
FSyncAPI_Initialize
FSyncAPI_Terminate
FolderSyncCancelOperation
FolderSyncItemClose
FolderSyncItemCreate
FolderSyncItemFreeBuffer
FolderSyncItemGetAbsolutePath
FolderSyncItemGetItemType
FolderSyncItemGetRootFolderPath
FolderSyncItemRegisterFilePreDeleteCallback
FolderSyncItemRegisterFilePreDeleteIF
FolderSyncItemRegisterFolderPreDeleteCallback
FolderSyncItemRegisterFolderPreDeleteIF
FolderSyncRegisterConflictResolver
FolderSyncRegisterConflictResolverIF
FolderSyncRegisterFileFilter
FolderSyncRegisterFileFilterIF
FolderSyncRegisterFolderFilter
FolderSyncRegisterFolderFilterIF
FolderSyncRegisterNotificationCallback
FolderSyncRegisterNotificationIF
FolderSyncSynchronize
IEAPI_GetAPIVersion
IEAPI_Initialize
IEAPI_Terminate
IECancelOperation
IEFetchFile
IEFindFileBegin
IEFindFileEnd
IEFindFileNext
IEFindFileRestart
IEFreeIEFileInfoStructure
IERegisterNotificationCallback
IERegisterNotificationIF
IESetFindFileFilter

Sections

.text
Size: 981KB - Virtual size: 980KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59492be8f2ab252e403755e92927b16c

Headers

File Characteristics

PDB Paths

Imports

connapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 981KB - Virtual size: 980KB

.rdata Size: 285KB - Virtual size: 285KB

.data Size: 82KB - Virtual size: 89KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 85KB - Virtual size: 84KB

.text
Size: 981KB - Virtual size: 980KB

.rdata
Size: 285KB - Virtual size: 285KB

.data
Size: 82KB - Virtual size: 89KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 85KB - Virtual size: 84KB