d4a9cb318fee5a1c53d1587dc0529af2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4a9cb318fee5a1c53d1587dc0529af2_JaffaCakes118
Size

300KB
MD5

d4a9cb318fee5a1c53d1587dc0529af2
SHA1

cb80ddbead99e03dfb564e92a2ae428213e1bdec
SHA256

be8ef6502c4c3369a7147ef16dbee3a98c9bd8dd0f9124501ba89e1efcf3e576
SHA512

6f19268bb4b87d79a4d9f9354deb708a598b8f1355ee010fae082c770f906f55df66939bfc703b2dcab67bd02ea569690e84cea41da6d9f7bff50a8319837c44
SSDEEP

6144:rTlUpiF1TVqbiwqi8u7zSWYgKTQRiIGIA44dky0lva6m41MsCFxv:rTlUpiPVqbKu7zSWYCRsfWyka6mgC/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4a9cb318fee5a1c53d1587dc0529af2_JaffaCakes118

Files

d4a9cb318fee5a1c53d1587dc0529af2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8635cbb72d7679cd83715984e724e51c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\pc connectivity solution\pccs 3.10\source files\platform\media servers\ncltobtsrv\mediahandler\win32\release\NclToBTSrv.pdb

Imports

tosbtapi

BtFreePBTANALYZEDATTRLIST2
BtAnalyzeProtocolParameter2
BtCancelDiscoverRemoteDevice
BtAnalyzeServiceAttributeLists2
BtDiscoverRemoteDevice2
BtServiceSearchAttribute2
BtDiscoverRemoteName
BtMakeAttributeIDList2
BtGetRemoteClassOfDevice
BtMakeServiceSearchPattern2
BtGetRemoteDeviceList2
BtDisconnectSDP
BtGetLocalInfo2
BtConnectSDP
BtGetLocalDeviceName
BtSetAutoConnectCOMMState
BtSetAutoConnectCOMMInfo
BtRemoveRemoteDevice
BtAssignSCN
BtConnectCOMM2
BtCreateCOMM
BtMemFree
BtGetCOMMCreatorName2
BtGetCOMMInfoList2
BtCloseAPI
BtNotifyEvent
BtOpenAPI
BtDisconnectCOMM
BtNotifyCOMM
BtRemoveServiceRecord
BtFreeSCN
BtDestroyCOMM
BtAddServiceRecord
BtGetLocalInfo

kernel32

GetCPInfo
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
WaitForMultipleObjects
CreateEventW
ResetEvent
CreateThread
GetOverlappedResult
WriteFile
PeekNamedPipe
ConnectNamedPipe
GetCommModemStatus
GetTickCount
SetEvent
WaitForSingleObject
ClearCommError
TerminateThread
WaitCommEvent
CloseHandle
HeapFree
GetOEMCP
GetCurrentThreadId
HeapSize
Sleep
ExitThread
HeapValidate
GetProcessHeap
HeapAlloc
IsBadCodePtr
CreateFileW
SetThreadPriority
CancelIo
DisconnectNamedPipe
CreateMutexW
ReleaseMutex
PurgeComm
SetCommMask
SetCommState
ReadFile
GetCommState
GetLastError
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
TlsSetValue
GetStringTypeA
IsValidCodePage
SetFilePointer
GetConsoleCP
lstrlenW
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
RtlUnwind
RaiseException
GetStartupInfoW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleMode

user32

UpdateWindow
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
PostMessageW
CharUpperBuffW
DefWindowProcW
UnregisterClassW
SendMessageW
ShowWindow
CreateWindowExW
RegisterClassExW
GetMessageW
PostQuitMessage

advapi32

RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW

ole32

CoTaskMemFree
CLSIDFromString
StringFromCLSID

oleaut32

SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8635cbb72d7679cd83715984e724e51c

Headers

File Characteristics

PDB Paths

Imports

tosbtapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.text Size: 166KB - Virtual size: 168KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 166KB - Virtual size: 168KB