c:\bwa\QuickTimeWin-1680.42\srcroot\BuildResults\NoSym\Obj\QTML\QTMLClientDLL\QTMLClient.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a89dc74676dc2b11ad1366c46d5b9a07_JaffaCakes118.dll
Resource
win7-20240708-en
windows7-x64
8 signatures
150 seconds
General
-
Target
a89dc74676dc2b11ad1366c46d5b9a07_JaffaCakes118
-
Size
452KB
-
MD5
a89dc74676dc2b11ad1366c46d5b9a07
-
SHA1
5f6f5b91be10279a1134e38d04da32313a94428e
-
SHA256
ee02d4fc5b7796468014a4f16a2783663d398caf45950fd9e2230cce9e66a8c1
-
SHA512
811c5bd66a002dac097815b6407e3d2241419fc2e9699e8290b1809f64e238f25f9c867c13518d8bd0cc3cece4d5446fa31c96fc58e1388ab142105da880e7ac
-
SSDEEP
6144:MItQvvAvOSW1555sF1rUkTQxFoGQLrzxoekt:MJvA1W1KUMqtQLrat
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a89dc74676dc2b11ad1366c46d5b9a07_JaffaCakes118
Files
-
a89dc74676dc2b11ad1366c46d5b9a07_JaffaCakes118.dll windows:4 windows x86 arch:x86
b23ea4790710f53752b1f3cd9b042658
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
GetVersionExA
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapFree
GetCommandLineA
FlushFileBuffers
GlobalFree
GlobalAlloc
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
LoadLibraryExA
GetSystemDirectoryA
GetFileAttributesA
SetEnvironmentVariableW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentThreadId
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
user32
wsprintfA
advapi32
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
Exports
Exports
AbortPrePrerollMovie
ActivatePalette
AddCallBackToTimeBase
AddClonedTrackToMovie
AddComp
AddEmptyTrackToMovie
AddFilePreview
AddImageDescriptionExtension
AddMediaDataRef
AddMediaSample
AddMediaSample2
AddMediaSampleFromEncodedFrame
AddMediaSampleReference
AddMediaSampleReferences
AddMediaSampleReferences64
AddMovieExecuteWiredActionsProc
AddMovieResource
AddMovieSelection
AddMovieToStorage
AddPt
AddResource
AddSampleTableEntriesToMedia
AddSampleTableToMedia
AddSearch
AddSoundDescriptionExtension
AddTime
AddTrackReference
AddUserData
AddUserDataText
AdjustMediaDisplayEndTimeToDecodeDuration
Alert
AlignScreenRect
AlignWindow
AllowPurgePixels
AngleFromSlope
AppendDITL
AppendResMenu
ApplicationZone
AttachMovieToCurrentThread
AttachTimeBaseToCurrentThread
AudioChannelLayoutContainsDuplicateDescriptions
AudioChannelLayoutExpandIfPossible
AudioChannelLayoutsAreEquivalent
AudioGetBass
AudioGetInfo
AudioGetMute
AudioGetOutputDevice
AudioGetTreble
AudioGetVolume
AudioMuteOnEvent
AudioSetBass
AudioSetMute
AudioSetToDefaults
AudioSetTreble
AudioSetVolume
BackColor
BackPat
BackPixPat
BeginFullScreen
BeginMediaEdits
BeginUpdate
BitAnd
BitClr
BitMapToRegion
BitNot
BitOr
BitSet
BitShift
BitTst
BitXor
BlockMove
BlockMoveData
BogusDispatcher
BringToFront
Button
CDSequenceBusy
CDSequenceChangedSourceData
CDSequenceDisposeDataSource
CDSequenceDisposeMemory
CDSequenceEnd
CDSequenceEquivalentImageDescription
CDSequenceEquivalentImageDescriptionS
CDSequenceFlush
CDSequenceGetDataSource
CDSequenceInvalidate
CDSequenceNewDataSource
CDSequenceNewMemory
CDSequenceSetSourceData
CDSequenceSetSourceDataQueue
CDSequenceSetTimeBase
CFAllocatorAllocate
CFAllocatorCreate
CFAllocatorDeallocate
CFAllocatorGetContext
CFAllocatorGetDefault
CFAllocatorGetPreferredSizeForSize
CFAllocatorGetTypeID
CFAllocatorReallocate
CFAllocatorSetDefault
CFArrayAppendArray
CFArrayAppendValue
CFArrayApplyFunction
CFArrayBSearchValues
CFArrayContainsValue
CFArrayCreate
CFArrayCreateCopy
CFArrayCreateMutable
CFArrayCreateMutableCopy
CFArrayExchangeValuesAtIndices
CFArrayGetCount
CFArrayGetCountOfValue
CFArrayGetFirstIndexOfValue
CFArrayGetLastIndexOfValue
CFArrayGetTypeID
CFArrayGetValueAtIndex
CFArrayGetValues
CFArrayInsertValueAtIndex
CFArrayRemoveAllValues
CFArrayRemoveValueAtIndex
CFArrayReplaceValues
CFArraySetValueAtIndex
CFArraySortValues
CFBooleanGetTypeID
CFBooleanGetValue
CFCopyDescription
CFCopyTypeIDDescription
CFDataAppendBytes
CFDataCreate
CFDataCreateCopy
CFDataCreateMutable
CFDataCreateMutableCopy
CFDataCreateWithBytesNoCopy
CFDataDeleteBytes
CFDataGetBytePtr
CFDataGetBytes
CFDataGetLength
CFDataGetMutableBytePtr
CFDataGetTypeID
CFDataIncreaseLength
CFDataReplaceBytes
CFDataSetLength
CFDictionaryAddValue
CFDictionaryApplyFunction
CFDictionaryContainsKey
CFDictionaryContainsValue
CFDictionaryCreate
CFDictionaryCreateCopy
CFDictionaryCreateMutable
CFDictionaryCreateMutableCopy
CFDictionaryGetCount
CFDictionaryGetCountOfKey
CFDictionaryGetCountOfValue
CFDictionaryGetKeysAndValues
CFDictionaryGetTypeID
CFDictionaryGetValue
CFDictionaryGetValueIfPresent
CFDictionaryRemoveAllValues
CFDictionaryRemoveValue
CFDictionaryReplaceValue
CFDictionarySetValue
CFEqual
CFGetAllocator
CFGetRetainCount
CFGetTypeID
CFHash
CFNullGetTypeID
CFNumberCompare
CFNumberCreate
CFNumberGetByteSize
CFNumberGetType
CFNumberGetTypeID
CFNumberGetValue
CFNumberIsFloatType
CFRelease
CFRetain
CFShow
CFShowStr
CFStringAppend
CFStringAppendCString
CFStringAppendCharacters
CFStringAppendFormatAndArguments
CFStringAppendPascalString
CFStringCapitalize
CFStringCompare
CFStringCompareWithOptions
CFStringConvertEncodingToIANACharSetName
CFStringConvertEncodingToNSStringEncoding
CFStringConvertEncodingToWindowsCodepage
CFStringConvertIANACharSetNameToEncoding
CFStringConvertNSStringEncodingToEncoding
CFStringConvertWindowsCodepageToEncoding
CFStringCreateArrayBySeparatingStrings
CFStringCreateArrayWithFindResults
CFStringCreateByCombiningStrings
CFStringCreateCopy
CFStringCreateExternalRepresentation
CFStringCreateFromExternalRepresentation
CFStringCreateMutable
CFStringCreateMutableCopy
CFStringCreateMutableWithExternalCharactersNoCopy
CFStringCreateWithBytes
CFStringCreateWithCString
CFStringCreateWithCStringNoCopy
CFStringCreateWithCharacters
CFStringCreateWithCharactersNoCopy
CFStringCreateWithFormatAndArguments
CFStringCreateWithPascalString
CFStringCreateWithPascalStringNoCopy
CFStringCreateWithSubstring
CFStringDelete
CFStringFind
CFStringFindAndReplace
CFStringFindCharacterFromSet
CFStringFindWithOptions
CFStringGetBytes
CFStringGetCString
CFStringGetCStringPtr
CFStringGetCharacterAtIndex
CFStringGetCharacters
CFStringGetCharactersPtr
CFStringGetDoubleValue
CFStringGetFastestEncoding
CFStringGetIntValue
CFStringGetLength
CFStringGetLineBounds
CFStringGetListOfAvailableEncodings
CFStringGetMaximumSizeForEncoding
CFStringGetMostCompatibleMacStringEncoding
CFStringGetNameOfEncoding
CFStringGetPascalString
CFStringGetPascalStringPtr
CFStringGetRangeOfComposedCharactersAtIndex
CFStringGetSmallestEncoding
CFStringGetSystemEncoding
CFStringGetTypeID
CFStringHasPrefix
CFStringHasSuffix
CFStringInsert
CFStringIsEncodingAvailable
CFStringLowercase
CFStringNormalize
CFStringPad
CFStringReplace
CFStringReplaceAll
CFStringSetExternalCharactersNoCopy
CFStringTrim
CFStringTrimWhitespace
CFStringUppercase
CFURLCanBeDecomposed
CFURLCopyAbsoluteURL
CFURLCopyFileSystemPath
CFURLCopyFragment
CFURLCopyHostName
CFURLCopyLastPathComponent
CFURLCopyNetLocation
CFURLCopyParameterString
CFURLCopyPassword
CFURLCopyPath
CFURLCopyPathExtension
CFURLCopyQueryString
CFURLCopyResourceSpecifier
CFURLCopyScheme
CFURLCopyStrictPath
CFURLCopyUserName
CFURLCreateCopyAppendingPathComponent
CFURLCreateCopyAppendingPathExtension
CFURLCreateCopyDeletingLastPathComponent
CFURLCreateCopyDeletingPathExtension
CFURLCreateData
CFURLCreateDataAndPropertiesFromResource
CFURLCreateFromFSRef
CFURLCreateFromFileSystemRepresentation
CFURLCreateFromFileSystemRepresentationRelativeToBase
CFURLCreatePropertyFromResource
CFURLCreateStringByAddingPercentEscapes
CFURLCreateStringByReplacingPercentEscapes
CFURLCreateStringByReplacingPercentEscapesUsingEncoding
CFURLCreateWithBytes
CFURLCreateWithFileSystemPath
CFURLCreateWithFileSystemPathRelativeToBase
CFURLCreateWithString
CFURLDestroyResource
CFURLGetBaseURL
CFURLGetByteRangeForComponent
CFURLGetBytes
CFURLGetFSRef
CFURLGetFileSystemRepresentation
CFURLGetPortNumber
CFURLGetString
CFURLGetTypeID
CFURLHasDirectoryPath
CFURLWriteDataAndPropertiesToResource
CSMemDisposeHandle
CSMemDisposePtr
CSMemEmptyHandle
CSMemGetHandleSize
CSMemGetPtrSize
CSMemHGetState
CSMemHLock
CSMemHNoPurge
CSMemHPurge
CSMemHSetState
CSMemHUnlock
CSMemHandAndHand
CSMemHandToHand
CSMemMunger
CSMemNewEmptyHandle
CSMemNewHandle
CSMemNewHandleClear
CSMemNewPtr
CSMemNewPtrClear
CSMemPtrAndHand
CSMemPtrToHand
CSMemPtrToXHand
CSMemReallocateHandle
CSMemRecoverHandle
CSMemSetHandleSize
CSMemSetPtrSize
CTab2Palette
CTabChanged
CalcCMask
CalcMask
CalcMenuSize
CallComponent
CallComponentCanDo
CallComponentClose
CallComponentExecuteWiredAction
CallComponentFunctionWithStorage
CallComponentGetMPWorkFunction
CallComponentGetPublicResource
CallComponentOpen
CallComponentRegister
CallComponentTarget
CallComponentUnregister
CallComponentVersion
CallMeWhen
CanQuickTimeOpenDataRef
CanQuickTimeOpenFile
CancelCallBack
CaptureComponent
CautionAlert
ChangedResource
CharByte
CharType
CharWidth
CharacterByteType
CharacterType
CheckItem
CheckQuickTimeRegistration
ChooseMovieClock
ClearMenuBar
ClearMovieChanged
ClearMovieSelection
ClearMoviesStickyError
ClipRect
ClockCallMeWhen
ClockCancelCallBack
ClockDisposeCallBack
ClockGetRate
ClockGetRateChangeConstraints
ClockGetTime
ClockGetTimesForRateChange
ClockNewCallBack
ClockRateChanged
ClockSetTimeBase
ClockStartStopChanged
ClockTimeChanged
CloneRgn
CloseCPort
CloseComponent
CloseComponentResFile
CloseDialog
CloseMixerSoundComponent
CloseMovieFile
CloseMovieStorage
ClosePicture
ClosePoly
ClosePort
CloseResFile
CloseRgn
CodecManagerVersion
Color2Index
ColorBit
Comp3to1
Comp6to1
CompAdd
CompCompare
CompDiv
CompFixMul
CompMul
CompMulDiv
CompMulDivTrunc
CompNeg
CompShift
CompSquareRoot
CompSub
CompactMem
CompactMemSys
ComponentFunctionImplemented
ComponentSetTarget
CompressImage
CompressPicture
CompressPictureFile
CompressSequenceBegin
CompressSequenceFrame
ConcatMatrix
ConvertDataRefToMovieDataRef
ConvertFileToMovieFile
ConvertImage
ConvertMovieToDataRef
ConvertMovieToFile
ConvertTime
ConvertTimeScale
ConvertTimeToClockTime
CopyBits
CopyBitsGDI
CopyDeepMask
CopyMask
CopyMatrix
CopyMediaMutableSampleTable
CopyMediaUserData
CopyMovieSelection
CopyMovieSettings
CopyMovieUserData
CopyMutableSampleTableFromMediaEntries
CopyPalette
CopyPixMap
CopyPixPat
CopyTrackSettings
CopyTrackUserData
CopyUserData
CoreAudioErrToMacErr
Count1Resources
Count1Types
CountComponentInstances
CountComponents
CountDITL
CountImageDescriptionExtensionType
CountMItems
CountResources
CountTypes
CountUserDataType
CreateChannelLayoutForUnmarkedAudio
CreateMovieControl
CreateMovieFile
CreateMovieFileUnicode
CreateMovieStorage
CreatePortAssociation
CreateShortcutMovieFile
CurResFile
CurveAddAtomToVectorStream
CurveAddPathAtomToVectorStream
CurveAddZeroAtomToVectorStream
CurveCountPointsInPath
CurveCreateVectorStream
CurveGetAtomDataFromVectorStream
CurveGetLength
CurveGetNearestPathPoint
CurveGetPathPoint
CurveInsertPointIntoPath
CurveLengthToPoint
CurveNewPath
CurvePathPointToLength
CurveSetPathPoint
CustomGetFile
CustomGetFilePreview
CustomPutFile
CutMovieSelection
DTInstall
DataCodecBeginInterruptSafe
DataCodecCompress
DataCodecCompressPartial
DataCodecDecompress
DataCodecDecompressPartial
DataCodecEndInterruptSafe
DataCodecGetCompressBufferSize
DataHAddMovie
DataHAppend64
DataHCanUseDataRef
DataHCloseForRead
DataHCloseForWrite
DataHCompareDataRef
DataHCreateFile
DataHCreateFileWithFlags
DataHDeleteFile
DataHDoesBuffer
DataHFinishData
DataHFlushCache
DataHFlushData
DataHGetAvailableFileSize
DataHGetAvailableFileSize64
DataHGetCacheSizeLimit
DataHGetData
DataHGetDataAvailability
DataHGetDataAvailability64
DataHGetDataInBuffer
DataHGetDataRate
DataHGetDataRef
DataHGetDataRefAsType
DataHGetDataRefExtension
Sections
.text Size: 184KB - Virtual size: 181KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 112KB - Virtual size: 112KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE