E:\bt\980781\target\retail\i386\BingRewardsClient.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2d757ae27401a04e8ea5d047d37bf25b_JaffaCakes118.dll
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2d757ae27401a04e8ea5d047d37bf25b_JaffaCakes118.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
2d757ae27401a04e8ea5d047d37bf25b_JaffaCakes118
-
Size
1.1MB
-
MD5
2d757ae27401a04e8ea5d047d37bf25b
-
SHA1
1e5976a2ef462c1fbf7c63cb1d8fdcdedac71199
-
SHA256
7b6470616e0b0a4b6411edeae28a41be6bc0e5ce6d75967b957b4d4149bc2c37
-
SHA512
3269c58cdffaad28ca61b2e827a0e4402256577fdd5ea5fa28c8be4679776b3b089d60c643e6e7f306296fe6d7346bd2cab40f134d91e88de58938f8088bf874
-
SSDEEP
12288:111T+Mo9EasUaOSQwQofGPWL/qu9UzSYpRdoSD5yFkXtc0r0XYXY8108TzjV2HyC:1j+Mo9oUagofGLz5mSD5ysKYXYOF1dC
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2d757ae27401a04e8ea5d047d37bf25b_JaffaCakes118
Files
-
2d757ae27401a04e8ea5d047d37bf25b_JaffaCakes118.dll regsvr32 windows:6 windows x86 arch:x86
e09528a19206fa70c6a3ea14b798ea9d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
crypt32
CryptProtectData
CryptUnprotectData
CertVerifyCertificateChainPolicy
wintrust
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
wininet
HttpOpenRequestW
InternetGetConnectedState
InternetConnectW
InternetCloseHandle
HttpSendRequestW
InternetSetOptionW
InternetReadFile
HttpQueryInfoW
InternetOpenW
InternetQueryDataAvailable
ole32
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoSetProxyBlanket
kernel32
SetEnvironmentVariableA
CompareStringA
GetDriveTypeA
WriteConsoleW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExW
SetEvent
CreateEventW
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
CopyFileW
GetFileSize
Sleep
CreateFileW
CreateDirectoryW
FindClose
WideCharToMultiByte
FindNextFileW
FindFirstFileW
WriteFile
RemoveDirectoryW
DeleteFileW
ReadFile
GetProcessHeap
HeapAlloc
HeapFree
HeapSize
GetSystemInfo
GetVersionExW
ReleaseMutex
CreateMutexW
GetLocaleInfoW
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
GetComputerNameW
GetHandleInformation
GetSystemTime
GetLocalTime
CreateThread
ResetEvent
TerminateThread
TerminateProcess
GetExitCodeProcess
CreateProcessW
lstrlenA
GetTimeZoneInformation
GetPrivateProfileIntW
CompareStringW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
HeapDestroy
HeapReAlloc
GetCommandLineA
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
MoveFileW
GetSystemTimeAsFileTime
GetFileType
CreateFileA
SetFilePointer
DeleteFileA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringW
GetModuleHandleA
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
SetStdHandle
SetEndOfFile
LCMapStringA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
user32
CharNextW
GetCursorPos
GetSystemMetrics
advapi32
CryptDestroyHash
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegNotifyChangeKeyValue
LookupAccountNameW
ConvertSidToStringSidW
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
RegDeleteKeyW
CryptGetHashParam
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
shell32
SHGetFolderPathAndSubDirW
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
oleaut32
SysAllocString
VarUdateFromDate
VarDateFromStr
VariantClear
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString
shlwapi
PathCanonicalizeW
PathIsRelativeW
PathRemoveBlanksW
PathAddBackslashW
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
rpcrt4
UuidToStringW
RpcStringFreeW
Exports
Exports
??0IAccountSync@AccountSync@@QAE@ABV01@@Z
??0IAccountSync@AccountSync@@QAE@XZ
??0IAccountSyncRequest@AccountSync@@QAE@ABV01@@Z
??0IAccountSyncRequest@AccountSync@@QAE@XZ
??0IAccountSyncResponse@AccountSync@@QAE@ABV01@@Z
??0IAccountSyncResponse@AccountSync@@QAE@XZ
??0IActivityPromotion@Promotions@@QAE@ABV01@@Z
??0IActivityPromotion@Promotions@@QAE@XZ
??0IAwardsManager@AwardsManager@@QAE@ABV01@@Z
??0IAwardsManager@AwardsManager@@QAE@XZ
??0ICommunicationsManager@CommunicationsManager@@QAE@ABV01@@Z
??0ICommunicationsManager@CommunicationsManager@@QAE@XZ
??0ICompManager@CompManager@@QAE@ABV01@@Z
??0ICompManager@CompManager@@QAE@XZ
??0IConfigFile@ProgramConfiguration@@QAE@ABV01@@Z
??0IConfigFile@ProgramConfiguration@@QAE@XZ
??0IConfiguration@@QAE@ABV0@@Z
??0IConfiguration@@QAE@XZ
??0IDatastore@Datastore@@QAE@ABV01@@Z
??0IDatastore@Datastore@@QAE@XZ
??0IDeltas@@QAE@ABV0@@Z
??0IDeltas@@QAE@XZ
??0IDirectory@IOOperation@@QAE@ABV01@@Z
??0IDirectory@IOOperation@@QAE@XZ
??0IEnumerator@IOOperation@@QAE@ABV01@@Z
??0IEnumerator@IOOperation@@QAE@XZ
??0IEnvSettings@EnvSettings@@QAE@ABV01@@Z
??0IEnvSettings@EnvSettings@@QAE@XZ
??0IFile@IOOperation@@QAE@ABV01@@Z
??0IFile@IOOperation@@QAE@XZ
??0IFraudManager@FraudManager@@QAE@ABV01@@Z
??0IFraudManager@FraudManager@@QAE@XZ
??0IHttpReceiver@ReportManager@@QAE@ABV01@@Z
??0IHttpReceiver@ReportManager@@QAE@XZ
??0IHttpSender@ReportManager@@QAE@ABV01@@Z
??0IHttpSender@ReportManager@@QAE@XZ
??0ILog@@QAE@ABV0@@Z
??0ILog@@QAE@XZ
??0ILogging@Logging@@QAE@ABV01@@Z
??0ILogging@Logging@@QAE@XZ
??0ILogicTable@UrlParser@@QAE@ABV01@@Z
??0ILogicTable@UrlParser@@QAE@XZ
??0INotifications@Notifications@@QAE@ABV01@@Z
??0INotifications@Notifications@@QAE@XZ
??0IProgramConfiguration@ProgramConfiguration@@QAE@ABV01@@Z
??0IProgramConfiguration@ProgramConfiguration@@QAE@XZ
??0IPromotions@Promotions@@QAE@ABV01@@Z
??0IPromotions@Promotions@@QAE@XZ
??0IRecovery@@QAE@ABV0@@Z
??0IRecovery@@QAE@XZ
??0IRegStore@RegStore@@QAE@ABV01@@Z
??0IRegStore@RegStore@@QAE@XZ
??0IReport@ReportCreator@@QAE@ABV01@@Z
??0IReport@ReportCreator@@QAE@XZ
??0IReportCreator@ReportCreator@@QAE@ABV01@@Z
??0IReportCreator@ReportCreator@@QAE@XZ
??0IReportData@ReportManager@@QAE@ABV01@@Z
??0IReportData@ReportManager@@QAE@XZ
??0IReportSender@ReportManager@@QAE@ABV01@@Z
??0IReportSender@ReportManager@@QAE@XZ
??0IReports@@QAE@ABV0@@Z
??0IReports@@QAE@XZ
??0ISearchCounter@SearchCounter@@QAE@ABV01@@Z
??0ISearchCounter@SearchCounter@@QAE@XZ
??0ISearchPromotion@Promotions@@QAE@ABV01@@Z
??0ISearchPromotion@Promotions@@QAE@XZ
??0ISerialize@Utilities@@QAE@ABV01@@Z
??0ISerialize@Utilities@@QAE@XZ
??0IURLParser@UrlParser@@QAE@ABV01@@Z
??0IURLParser@UrlParser@@QAE@XZ
??0IUserData@@QAE@ABV0@@Z
??0IUserData@@QAE@XZ
??1IAccountSync@AccountSync@@UAE@XZ
??1IAccountSyncRequest@AccountSync@@UAE@XZ
??1IAccountSyncResponse@AccountSync@@UAE@XZ
??1IActivityPromotion@Promotions@@UAE@XZ
??1IAwardsManager@AwardsManager@@UAE@XZ
??1ICommunicationsManager@CommunicationsManager@@UAE@XZ
??1ICompManager@CompManager@@UAE@XZ
??1IConfigFile@ProgramConfiguration@@UAE@XZ
??1IConfiguration@@UAE@XZ
??1IDatastore@Datastore@@UAE@XZ
??1IDeltas@@UAE@XZ
??1IDirectory@IOOperation@@UAE@XZ
??1IEnvSettings@EnvSettings@@UAE@XZ
??1IFile@IOOperation@@UAE@XZ
??1IFraudManager@FraudManager@@UAE@XZ
??1IHttpReceiver@ReportManager@@UAE@XZ
??1IHttpSender@ReportManager@@UAE@XZ
??1ILog@@UAE@XZ
??1ILogging@Logging@@UAE@XZ
??1ILogicTable@UrlParser@@UAE@XZ
??1INotifications@Notifications@@UAE@XZ
??1IProgramConfiguration@ProgramConfiguration@@UAE@XZ
??1IPromotions@Promotions@@UAE@XZ
??1IRecovery@@UAE@XZ
??1IRegStore@RegStore@@UAE@XZ
??1IReport@ReportCreator@@UAE@XZ
??1IReportCreator@ReportCreator@@UAE@XZ
??1IReportData@ReportManager@@UAE@XZ
??1IReportSender@ReportManager@@UAE@XZ
??1IReports@@UAE@XZ
??1ISearchCounter@SearchCounter@@UAE@XZ
??1ISearchPromotion@Promotions@@UAE@XZ
??1ISerialize@Utilities@@UAE@XZ
??1IURLParser@UrlParser@@UAE@XZ
??1IUserData@@UAE@XZ
??4IAccountSync@AccountSync@@QAEAAV01@ABV01@@Z
??4IAccountSyncRequest@AccountSync@@QAEAAV01@ABV01@@Z
??4IAccountSyncResponse@AccountSync@@QAEAAV01@ABV01@@Z
??4IActivityPromotion@Promotions@@QAEAAV01@ABV01@@Z
??4IAwardsManager@AwardsManager@@QAEAAV01@ABV01@@Z
??4ICommunicationsManager@CommunicationsManager@@QAEAAV01@ABV01@@Z
??4ICompManager@CompManager@@QAEAAV01@ABV01@@Z
??4IConfigFile@ProgramConfiguration@@QAEAAV01@ABV01@@Z
??4IConfiguration@@QAEAAV0@ABV0@@Z
??4IDatastore@Datastore@@QAEAAV01@ABV01@@Z
??4IDeltas@@QAEAAV0@ABV0@@Z
??4IDirectory@IOOperation@@QAEAAV01@ABV01@@Z
??4IEnumerator@IOOperation@@QAEAAV01@ABV01@@Z
??4IEnvSettings@EnvSettings@@QAEAAV01@ABV01@@Z
??4IFile@IOOperation@@QAEAAV01@ABV01@@Z
??4IFraudManager@FraudManager@@QAEAAV01@ABV01@@Z
??4IHttpReceiver@ReportManager@@QAEAAV01@ABV01@@Z
??4IHttpSender@ReportManager@@QAEAAV01@ABV01@@Z
??4ILog@@QAEAAV0@ABV0@@Z
??4ILogging@Logging@@QAEAAV01@ABV01@@Z
??4ILogicTable@UrlParser@@QAEAAV01@ABV01@@Z
??4INotifications@Notifications@@QAEAAV01@ABV01@@Z
??4IProgramConfiguration@ProgramConfiguration@@QAEAAV01@ABV01@@Z
??4IPromotions@Promotions@@QAEAAV01@ABV01@@Z
??4IRecovery@@QAEAAV0@ABV0@@Z
??4IRegStore@RegStore@@QAEAAV01@ABV01@@Z
??4IReport@ReportCreator@@QAEAAV01@ABV01@@Z
??4IReportCreator@ReportCreator@@QAEAAV01@ABV01@@Z
??4IReportData@ReportManager@@QAEAAV01@ABV01@@Z
??4IReportSender@ReportManager@@QAEAAV01@ABV01@@Z
??4IReports@@QAEAAV0@ABV0@@Z
??4ISearchCounter@SearchCounter@@QAEAAV01@ABV01@@Z
??4ISearchPromotion@Promotions@@QAEAAV01@ABV01@@Z
??4ISerialize@Utilities@@QAEAAV01@ABV01@@Z
??4IURLParser@UrlParser@@QAEAAV01@ABV01@@Z
??4IUserData@@QAEAAV0@ABV0@@Z
??_7IAccountSync@AccountSync@@6B@
??_7IAccountSyncRequest@AccountSync@@6B@
??_7IAccountSyncResponse@AccountSync@@6B@
??_7IActivityPromotion@Promotions@@6B@
??_7IAwardsManager@AwardsManager@@6B@
??_7ICommunicationsManager@CommunicationsManager@@6B@
??_7ICompManager@CompManager@@6B@
??_7IConfigFile@ProgramConfiguration@@6B@
??_7IConfiguration@@6B@
??_7IDatastore@Datastore@@6B@
??_7IDeltas@@6B@
??_7IDirectory@IOOperation@@6B@
??_7IEnumerator@IOOperation@@6B@
??_7IEnvSettings@EnvSettings@@6B@
??_7IFile@IOOperation@@6B@
??_7IFraudManager@FraudManager@@6B@
??_7IHttpReceiver@ReportManager@@6B@
??_7IHttpSender@ReportManager@@6B@
??_7ILog@@6B@
??_7ILogging@Logging@@6B@
??_7ILogicTable@UrlParser@@6B@
??_7INotifications@Notifications@@6B@
??_7IProgramConfiguration@ProgramConfiguration@@6B@
??_7IPromotions@Promotions@@6B@
??_7IRecovery@@6B@
??_7IRegStore@RegStore@@6B@
??_7IReport@ReportCreator@@6B@
??_7IReportCreator@ReportCreator@@6B@
??_7IReportData@ReportManager@@6B@
??_7IReportSender@ReportManager@@6B@
??_7IReports@@6B@
??_7ISearchCounter@SearchCounter@@6B@
??_7ISearchPromotion@Promotions@@6B@
??_7ISerialize@Utilities@@6B@
??_7IURLParser@UrlParser@@6B@
??_7IUserData@@6B@
?GetClientTimeZone@CAccountSync@AccountSync@@SG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetClientUserTime@CAccountSync@AccountSync@@SGXAAU_SYSTEMTIME@@@Z
?GetClientUserTime@CAccountSync@AccountSync@@SGXAAVCOleDateTime@ATL@@@Z
?GetLongClientUserTime@CAccountSync@AccountSync@@SG?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
_CreateAccountSyncInstance@0
_CreateActionDetectorInstance@0
_CreateActionRewardsManagerInstance@0
_CreateAdTableInstance@0
_CreateAwardsManagerInstance@0
_CreateCommunicationsManagerInstance@0
_CreateCompManagerInstance@0
_CreateConfigFileInstance@0
_CreateConfigurationInstance@0
_CreateDatastoreInstance@0
_CreateDeltasInstance@0
_CreateDirEnumeratorInstance@0
_CreateDirectoryInstance@0
_CreateEnvSettingsInstance@0
_CreateFileInstance@0
_CreateFraudManagerInstance@0
_CreateHttpReceiverInstance@0
_CreateHttpSenderInstance@0
_CreateLogInstance@0
_CreateLoggingInstance@0
_CreateLogicTableInstance@0
_CreateProgramConfigurationInstance@0
_CreatePromotionsInstance@0
_CreateRecoveryInstance@0
_CreateRegStoreInstance@0
_CreateReportCreatorInstance@0
_CreateReportDataInstance@0
_CreateReportInstance@0
_CreateReportSenderInstance@0
_CreateReportsInstance@0
_CreateSearchCounterInstance@0
_CreateURLParserInstance@0
_CreateUserDataInstance@0
_DeleteAccountSyncInstance@4
_DeleteActionDetectorInstance@4
_DeleteActionRewardsManagerInstance@4
_DeleteAdTableInstance@4
_DeleteAwardsManagerInstance@4
_DeleteCommunicationsManagerInstance@4
_DeleteCompManagerInstance@4
_DeleteConfigFileInstance@4
_DeleteConfigurationInstance@4
_DeleteDatastoreInstance@4
_DeleteDeltasInstance@4
_DeleteDirEnumeratorInstance@4
_DeleteDirectoryInstance@4
_DeleteEnvSettingsInstance@4
_DeleteFileInstance@4
_DeleteFraudManagerInstance@4
_DeleteHttpReceiverInstance@4
_DeleteHttpSenderInstance@4
_DeleteLogInstance@4
_DeleteLoggingInstance@4
_DeleteLogicTableInstance@4
_DeleteProgramConfigurationInstance@4
_DeletePromotionsInstance@4
_DeleteRecoveryInstance@4
_DeleteRegStoreInstance@4
_DeleteReportCreatorInstance@4
_DeleteReportDataInstance@4
_DeleteReportInstance@4
_DeleteReportSenderInstance@4
_DeleteReportsInstance@4
_DeleteSearchCounterInstance@4
_DeleteURLParserInstance@4
_DeleteUserDataInstance@4
Sections
.text Size: 952KB - Virtual size: 951KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 14KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 108KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ