28c92e4442e5da48c29fa4c513fa6022_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28c92e4442e5da48c29fa4c513fa6022_JaffaCakes118
Size

324KB
MD5

28c92e4442e5da48c29fa4c513fa6022
SHA1

1c1dede4fe8feb987c23ac8f4db74624059abce2
SHA256

c9dcae802fbf21283980c13e1bec6150fbb586cc19f0a3fa6379096bfcd63192
SHA512

f47c1b30e9c571eac9dad7f5195fdb0ea17a8b045d9defe54268986efd248204221eed075b6c6f5bfd3bbedd70fd048a7c205bae40f5b8495acc2710349e369b
SSDEEP

6144:izPaSU/GoB5y12ND/hB8Mn7/azbHxFDHRiUtaIjHLwX5:i/10D/8Mn7/Y1JHkUtauI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28c92e4442e5da48c29fa4c513fa6022_JaffaCakes118

Files

28c92e4442e5da48c29fa4c513fa6022_JaffaCakes118
.exe windows:4 windows x86 arch:x86

740482b219a2bc5a3e102d4bee893d68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

tosbteccapi

EccOpenAPI
EccEnumConnectInfo
EccGetConnectInfo
EccFreePECCCONNECTINFO
EccCloseAPI

tosbtapi

BtGetSecurityLevel
BtSetSecurityLevel
BtGetDevicePropertyParam
BtGetDiscoverabilityMode
BtSetDiscoverabilityMode
BtAddServiceRecord
BtGetLocalInfo
BtGetConnectionHandle
BtRoleDiscovery
BtSwitchRole
BtGetLocalInfo2
BtCloseAPI
BtMemFree
BtMemAlloc
BtDiscoverRemoteDevice2

tosavdtapi

?AVDT_AbortRsp@@YAHEEEEPAJ@Z
?AVDT_ReconfigureRsp@@YAHEEEEEPAJ@Z
?AVDT_SuspendRsp@@YAHEEPAEKEPAJ@Z
?AVDT_StartRsp@@YAHEEPAUSTARTINFO_LIST@@EPAJ@Z
?AVDT_CloseRsp@@YAHEEEEPAJ@Z
?AVDT_OpenRsp@@YAHEEEGEPAJ@Z
?AVDT_SetConfigurationRsp@@YAHEEEEEPAJ@Z
?AVDT_GetCapabilitiesRsp@@YAHPAEEE0KEPAJ@Z
?AVDT_DiscoverRsp@@YAHPAEEE0KEPAJ@Z
?AVDT_ConnectRsp@@YAHPAEGPAUBTCONFIG@@1PAJG@Z
?AVDT_AbortReq@@YAHPAEEPAJ@Z
?AVDT_ReconfigureReq@@YAHPAEE0KPAJ@Z
?AVDT_SuspendReq@@YAHPAE0KPAJ@Z
?AVDT_CloseReq@@YAHPAEEPAJ@Z
?AVDT_StartReq@@YAHPAEPAUSTARTINFO_LIST@@PAJ@Z
?AVDT_OpenReq@@YAHPAEEGPAJ@Z
?AVDT_SetConfigurationReq@@YAHPAE00EE0KPAJ@Z
?AVDT_GetCapabilitiesReq@@YAHPAE0EPAJ@Z
?AVDT_DiscoverReq@@YAHPAE0PAJ@Z
?AVDT_DisconnectReq@@YAHPAEGPAJ@Z
?AVDT_ConnectReq@@YAHPAEPAUBTCONFIG@@KPAJG@Z
?AVDT_Listen@@YAHXZ
?AVDT_SndRfUnplug@@YAXG@Z
?AVDT_CancelListen@@YAHXZ
?AVDT_GetConnectionState@@YAPAUCONNECT_STATE_LIST@@PAE@Z
?AVDT_ReleaseStateList@@YAXPAUCONNECT_STATE_LIST@@@Z
?AVDT_Finalize@@YAHGPAJ@Z
?AVDT_Initialize@@YAHGPAUSEIDINFO_LIST@@PAUHWND__@@PAJ@Z
?AVDT_SigEventRegistration@@YAHGGP6GXIJ@ZJPAJ@Z
?AVDT_GetSEPState@@YA?AW4AVDTP_STATE@@E@Z

kernel32

GetCurrentThread
lstrcmpA
GlobalAlloc
LocalFree
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
MulDiv
GlobalFlags
SetLastError
SizeofResource
GetProcessVersion
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
SetErrorMode
GetCurrentProcess
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
TerminateProcess
GetACP
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GetProfileStringA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
lstrlenA
OutputDebugStringA
WriteFile
SetFilePointer
DeleteFileA
FindResourceA
LoadResource
InterlockedDecrement
GetVersionExA
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetCurrentThreadId
OpenMutexA
CreateMutexA
ReleaseMutex
lstrcpyA
GetLocalTime
CreateFileA
GetDateFormatA
GetTimeFormatA
CreateDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
FindFirstFileA
FindClose
lstrcatA
CloseHandle
GetFileSize
GetLastError

user32

ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
wvsprintfA
ReleaseDC
GetDC
SetCursor
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
LoadStringA
DestroyMenu
GetClassNameA
PtInRect
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetSysColorBrush
InflateRect
InvalidateRect
SetMenuItemBitmaps
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
GetClientRect
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetWindow
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
EndDialog
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
PostMessageA
SendMessageA
IsWindow
UnregisterClassA
HideCaret
ShowCaret
DestroyWindow
GetParent
GetWindowLongA
IsWindowEnabled
UnhookWindowsHookEx
GetDlgItem
GetMenu
CheckMenuItem
GetLastActivePopup
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
UpdateWindow
KillTimer
SetTimer
PostQuitMessage
LoadIconA
RegisterWindowMessageA
ShowWindow
GetSystemMenu
EnableMenuItem
GetDlgItemTextA
wsprintfA
EnableWindow
IsWindowUnicode
CharNextA
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
GetNextDlgTabItem

gdi32

SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
RestoreDC
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SaveDC
DeleteDC
GetStockObject
GetDeviceCaps
SelectObject
DeleteObject
PatBlt
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17
ImageList_Destroy

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 52KB - Virtual size: 497KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

740482b219a2bc5a3e102d4bee893d68

Headers

File Characteristics

Imports

tosbteccapi

tosbtapi

tosavdtapi

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 52KB - Virtual size: 497KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 52KB - Virtual size: 497KB

.rsrc
Size: 80KB - Virtual size: 80KB