2672cfe247db7e39f932291437ec83bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2672cfe247db7e39f932291437ec83bb_JaffaCakes118
Size

680KB
MD5

2672cfe247db7e39f932291437ec83bb
SHA1

50f69518337bb3627ed06225b78898c98df1d1e0
SHA256

279ba53f5bc034b8e5de16cee6dbff9fcd8ebba460c73fe5c63279016dcde7db
SHA512

29f35c60f46f01898e545f6b858412136ae9320be30a063ecb395b07aa3027c5b1daa9b59b005a9622e5e3c13001c6a3d4d9e169046c0617fa659dbb93ffec7f
SSDEEP

12288:LrLEKa3aYMerWsgB9+XrT70t43IC3FvXO1jSJraqhD5yWMP4TcQPTAgU:rECYHgjSJrdhD5Bh7A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2672cfe247db7e39f932291437ec83bb_JaffaCakes118

Files

2672cfe247db7e39f932291437ec83bb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

492b271c7f802d2f2703c8b5260b8462

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\dlebansais\Documents\Projects 2005\Bluetooth SDK\AvqBtSDK\AvqBtSDK\Release\AvqBtSDK.pdb

Imports

shfolder

SHGetFolderPathW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

setupapi

CM_Locate_DevNodeW
CM_Reenumerate_DevNode
SetupDiRemoveDevice
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetDriverInfoDetailW
SetupDiSetSelectedDriverW
SetupDiSetDeviceRegistryPropertyW
SetupDiRegisterDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiCreateDevRegKeyW
SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiDeleteDeviceInfo
SetupDiGetDeviceInstanceIdW

ws2_32

WSACleanup
WSAStartup
htonl
htons
select
__WSAFDIsSet
recv
send
socket
WSAGetLastError
connect
closesocket
getsockopt

shlwapi

PathAppendW
SHDeleteKeyW
PathRemoveFileSpecW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

rasapi32

RasEnumConnectionsW

kernel32

LocalAlloc
GetProcessHeap
HeapFree
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
lstrlenA
RaiseException
LoadLibraryA
SetStdHandle
InterlockedExchange
WriteConsoleW
GetModuleFileNameW
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
CloseHandle
DeviceIoControl
CreateFileW
GetLastError
SetLastError
SetEvent
CreateEventW
GetCurrentProcessId
GetWindowsDirectoryW
GetVersionExW
MultiByteToWideChar
DeleteFileW
CreateFileA
CreateDirectoryW
ReleaseMutex
GetPrivateProfileStringW
WaitForSingleObject
GetPrivateProfileIntW
GetPrivateProfileSectionW
WritePrivateProfileStringW
CreateMutexW
InterlockedDecrement
InterlockedIncrement
GetTickCount
TerminateThread
lstrcpynW
lstrcpyW
lstrcmpW
GetSystemTime
WriteFile
ReadFile
GetFileSize
SetFilePointer
GetComputerNameW
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
WaitForMultipleObjects
ResumeThread
CreateThread
ResetEvent
GetCurrentThreadId
OpenThread
LocalFileTimeToFileTime
SystemTimeToFileTime
Sleep
SetCurrentDirectoryW
GetCurrentDirectoryW
GetCommandLineA
FileTimeToSystemTime
FindClose
FindFirstFileW
RemoveDirectoryW
GetSystemDirectoryW
IsBadWritePtr
InterlockedCompareExchange
CreateProcessW
IsBadStringPtrW
GetCommandLineW
GetCurrentProcess
GetFileAttributesW
GetFileTime
OpenProcess
GetLocaleInfoA
HeapSize
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
MoveFileExW
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
HeapAlloc
GetVersionExA
FindNextFileW

user32

SetTimer
wsprintfW
UnhookWindowsHookEx
PostMessageW
RegisterWindowMessageW
EnumWindows
GetWindowThreadProcessId
wsprintfA
FindWindowW
SendNotifyMessageW
GetMessageW
GetClientRect
DestroyWindow
PeekMessageW
TranslateMessage
DispatchMessageW
GetWindow
GetClassNameW
SendMessageA
RegisterClassW
CreateWindowExW
DefWindowProcW
IsDlgButtonChecked
MessageBoxW
DialogBoxIndirectParamW
EndDialog
GetDlgItemTextW
SetWindowLongW
SetDlgItemTextW
PostThreadMessageW
SendMessageW
CheckRadioButton
GetDlgItem
GetParent
SendDlgItemMessageW
SetForegroundWindow
SetWindowsHookExW
GetForegroundWindow
GetMenu
GetWindowModuleFileNameW
GetClassLongW
CallNextHookEx
GetSystemMetrics
SetWindowPos
GetWindowLongW
SetWindowTextW
GetWindowTextW

gdi32

GetStockObject

advapi32

RegSetValueW
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExW
RegEnumKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW
ControlService
QueryServiceStatusEx
OpenProcessToken

shell32

SHGetDesktopFolder
ord92
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateDirectoryExW

ole32

CoGetObject
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
SysFreeString
SysAllocString
VariantInit
VariantCopy
VariantChangeType

Exports

Exports

BluetoothDevice_BeginDefaultConnect
BluetoothDevice_BeginPairing
BluetoothDevice_BeginPushFile
BluetoothDevice_BindToService
BluetoothDevice_CancelDefaultConnect
BluetoothDevice_CancelPairing
BluetoothDevice_CancelPushFile
BluetoothDevice_ConfirmPairing
BluetoothDevice_EndDefaultConnect
BluetoothDevice_EndPairing
BluetoothDevice_EndPushFile
BluetoothDevice_EnumService
BluetoothDevice_GetAttribute
BluetoothDevice_GetAttributeOf
BluetoothDevice_GetDisplayName
BluetoothDevice_GetDisplayNameOf
BluetoothDevice_GetPairingKey
BluetoothDevice_InstallAllCommunicationServices
BluetoothDevice_OpenFTPConnection
BluetoothDevice_ReadSignalStrength
BluetoothDevice_RefreshServiceList
BluetoothDevice_Release
BluetoothDevice_SetFTPOption
BluetoothDevice_SetPairingKey
BluetoothDevice_SetPowerMode
BluetoothFTP_BeginEnumFolder
BluetoothFTP_BeginReceiveFile
BluetoothFTP_BeginSendFile
BluetoothFTP_CancelEnumFolder
BluetoothFTP_CancelReceiveFile
BluetoothFTP_CancelSendFile
BluetoothFTP_Close
BluetoothFTP_CreateFolder
BluetoothFTP_DeleteFileOrFolder
BluetoothFTP_EndEnumFolder
BluetoothFTP_EndReceiveFile
BluetoothFTP_EndSendFile
BluetoothFTP_GetSupportedFileDetails
BluetoothFTP_IsFolderRoot
BluetoothFTP_Release
BluetoothFTP_SetCurrentFolder
BluetoothFTP_SetParentAsCurrent
BluetoothFTP_SetRootAsCurrent
BluetoothFTP_Synchronize
BluetoothFileDetail_GetAccessedDate
BluetoothFileDetail_GetContentType
BluetoothFileDetail_GetCreationDate
BluetoothFileDetail_GetModificationDate
BluetoothFileDetail_GetName
BluetoothFileDetail_GetPermissions
BluetoothFileDetail_GetSize
BluetoothFileDetail_GetXmlReference
BluetoothFileDetail_IsFolder
BluetoothFileDetail_Release
BluetoothRadio_BeginEnumDevice
BluetoothRadio_BindToDevice
BluetoothRadio_BindToLastConnectedDevice
BluetoothRadio_BindToLastDevice
BluetoothRadio_CancelEnumDevice
BluetoothRadio_EndEnumDevice
BluetoothRadio_GetAttribute
BluetoothRadio_GetAttributeOf
BluetoothRadio_GetDisplayName
BluetoothRadio_GetDisplayNameOf
BluetoothRadio_Release
BluetoothService_BeginConnect
BluetoothService_BeginInstallCOMPort
BluetoothService_BeginInstallModem
BluetoothService_CancelConnect
BluetoothService_CancelInstallCOMPort
BluetoothService_CancelInstallModem
BluetoothService_Disconnect
BluetoothService_EndConnect
BluetoothService_EndInstallCOMPort
BluetoothService_EndInstallModem
BluetoothService_GetAttribute
BluetoothService_GetConnectionStats
BluetoothService_GetDisplayName
BluetoothService_Release
BluetoothStack_BindToPreferedRadio
BluetoothStack_BindToRadio
BluetoothStack_EnumRadio
BluetoothStack_GetAttribute
BluetoothStack_GetAttributeOf
BluetoothStack_GetDisplayName
BluetoothStack_GetDisplayNameOf
BluetoothStack_Release
BluetoothVersion_BuildVersion
BluetoothVersion_GetDisplayString
BluetoothVersion_IsVersionNewer
BluetoothVersion_MajorVersion
BluetoothVersion_MinorVersion
BluetoothVersion_Release
BluetoothVersion_RevisionVersion
Bluetooth_ActivateBackgroundCaching
Bluetooth_BindToPreferedStack
Bluetooth_BindToStack
Bluetooth_DisableActivityLog
Bluetooth_DisableAdministratorPrivileges
Bluetooth_DisableForwardCompatibility
Bluetooth_DisableOsCompatibility
Bluetooth_EnableErrors
Bluetooth_EnableFakeItems
Bluetooth_EnumStack
Bluetooth_GetAttributeOf
Bluetooth_GetDisplayNameOf
Bluetooth_GetSDKVersion
Bluetooth_Initialize
Bluetooth_IsAdministratorPrivilegesDisabled
Bluetooth_IsErrorsEnabled
Bluetooth_IsFakeItemsEnabled
Bluetooth_PrivilegeElevationTest
Bluetooth_Release
Bluetooth_SelectServices
Bluetooth_SetNativeStackPreferred
CreateBluetooth
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_hpeEntry@16

Sections

.text
Size: 368KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

492b271c7f802d2f2703c8b5260b8462

Headers

File Characteristics

PDB Paths

Imports

shfolder

version

setupapi

ws2_32

shlwapi

psapi

rasapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 364KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 12KB - Virtual size: 18KB

.SHARED Size: 8KB - Virtual size: 5KB

.rsrc Size: 96KB - Virtual size: 94KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 368KB - Virtual size: 364KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 12KB - Virtual size: 18KB

.SHARED
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 96KB - Virtual size: 94KB

.reloc
Size: 36KB - Virtual size: 35KB