d9f4cc2a47d963b48742e29cee57bf5f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d9f4cc2a47d963b48742e29cee57bf5f_JaffaCakes118
Size

414KB
MD5

d9f4cc2a47d963b48742e29cee57bf5f
SHA1

4e3b6e1f22f96f6f126ba021ea5fa2760935c855
SHA256

93d3e9ac6d2bc0868d960339752312ddc86bbe5371875aa080e82f609cda7ffb
SHA512

0a4bf59059b34b15499e615afabec229953485370f27fdf7185eefdf895e93145a7e38d9182357152eb0495fd24e5d7d7f5ad14c99cf92d59ea1b754f34c8d84
SSDEEP

6144:9C5c26OSGVla7kCyO+LEGu6GLfBtY4FOt3/JLmr+jdDt6BN9zQedjRFe58uIAey:PeeF3Kmr+9t6BNOedjR9D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9f4cc2a47d963b48742e29cee57bf5f_JaffaCakes118

Files

d9f4cc2a47d963b48742e29cee57bf5f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

69796217cde807f3e1921fd1f1a4b615

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\HARP_REL_5_30_21\win_external_wl\src\wl\cpl\lib\WlAdapter\DLL\Releasev\bcmwlapi.pdb

Imports

mfc90

ord1649
ord1323
ord446
ord698
ord1134
ord1165
ord612
ord945
ord6156
ord6496
ord1603
ord6613
ord305
ord1611
ord335
ord6490
ord2698
ord941
ord398
ord899
ord942
ord5869
ord554
ord758
ord5891
ord1039
ord1252
ord2691
ord5835
ord265
ord2481
ord274
ord819
ord599
ord1143
ord1607
ord4311
ord2692
ord2327
ord300
ord266
ord4197
ord589
ord793
ord1254
ord5851
ord6791
ord5750
ord6491
ord1247
ord6802
ord5761
ord1087
ord801
ord322
ord1137
ord1075
ord1145
ord1275
ord1277
ord1152
ord391
ord2084
ord1233
ord1180
ord1268
ord1241
ord1243
ord321
ord1278
ord605
ord3579
ord5963
ord3178
ord5997
ord817
ord4392
ord2547
ord2539
ord910
ord3621
ord316
ord820
ord310
ord601
ord800
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord2447
ord4333
ord4981
ord5663
ord5646
ord6001
ord2766
ord2978
ord3107
ord4714
ord2961
ord3110
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4890
ord4667
ord3659
ord3213
ord4029

msvcr90

_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_mbsicmp
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_purecall
__CxxFrameHandler3
__FrameUnwindFilter
_cexit
_wcsicmp
memmove
_access
qsort
ceil
memcpy_s
_snprintf
strncpy
atoi
_localtime64_s
strftime
_time64
strcpy_s
malloc
_mbsrchr
wcschr
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
??2@YAPAXI@Z

kernel32

GetWindowsDirectoryA
CreateEventA
WideCharToMultiByte
GetComputerNameA
GetOverlappedResult
DeviceIoControl
SetLastError
GetLastError
MultiByteToWideChar
HeapFree
HeapAlloc
GetProcessHeap
SetEvent
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
ExpandEnvironmentStringsA
CreateFileA
CloseHandle
EnterCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalAlloc
LocalFree

user32

IsWindow
PostMessageA

advapi32

IsTextUnicode
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
CreateServiceA
CloseServiceHandle
OpenServiceA
StartServiceA
OpenSCManagerA
RegCloseKey

iphlpapi

GetIfEntry
GetAdaptersInfo

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

wlanapi

WlanCloseHandle
WlanEnumInterfaces
WlanQueryInterface
WlanFreeMemory
WlanSetInterface
WlanIhvControl
WlanScan
WlanOpenHandle

rpcrt4

UuidEqual
UuidFromStringA

ole32

CoCreateInstance
CoTaskMemFree

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ

mscoree

_CorDllMain

Exports

Exports

BCMWLAEnableRadio
BCMWLAGetRadioState
BCMWLAInitialize
BCMWLAIsBroadcomAdapter
BCMWLAIsRadioEnabled
BCMWLARunDiagnostics
BCMWLAUninitialize

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69796217cde807f3e1921fd1f1a4b615

Headers

File Characteristics

PDB Paths

Imports

mfc90

msvcr90

kernel32

user32

advapi32

iphlpapi

setupapi

wlanapi

rpcrt4

ole32

msvcm90

mscoree

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 263KB - Virtual size: 354KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 263KB - Virtual size: 354KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB