02842bb76343f88237b92104cdaf8071_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

02842bb76343f88237b92104cdaf8071_JaffaCakes118
Size

130KB
MD5

02842bb76343f88237b92104cdaf8071
SHA1

236b010451e3d1e5dffed81868481f63b7ac9b25
SHA256

db15feb74fb0f41680f062d4e440348bbf4b6b6abce060001137721baab232dd
SHA512

7618a2d1e3e80ff5116369d5ce7eee41c7125405054ca183758a46b3b631063c169f09543306b5de7a80efdedff30f55bcddb3f640bf4e953e7d8a460b36feae
SSDEEP

3072:eaG2DinqZSb/8l8D4gk8BUQDlEprtx58M:vDifb/VDNSQDlEZ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02842bb76343f88237b92104cdaf8071_JaffaCakes118

Files

02842bb76343f88237b92104cdaf8071_JaffaCakes118
.exe windows:4 windows x86 arch:x86

362f6441529e61122c0de4f2fcf6f664

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\pc connectivity solution\pccs 3.3\source files\platform\media servers\ncltobtsrv\mediahandler\win32\release\NclToBTSrv.pdb

Imports

tosbtapi

BtGetRemoteName
BtCancelDiscoverRemoteDevice
BtFreePBTANALYZEDATTRLIST2
BtDiscoverRemoteDevice2
BtAnalyzeProtocolParameter2
BtAnalyzeServiceAttributeLists2
BtDiscoverRemoteName
BtServiceSearchAttribute2
BtGetRemoteClassOfDevice
BtMakeAttributeIDList2
BtGetRemoteDeviceList2
BtMakeServiceSearchPattern2
BtGetLocalInfo2
BtDisconnectSDP
BtCloseAPI
BtConnectSDP
BtNotifyEvent
BtGetLocalDeviceName
BtOpenAPI
BtSetAutoConnectCOMMState
BtSetAutoConnectCOMMInfo
BtRemoveRemoteDevice
BtAssignSCN
BtConnectCOMM2
BtCreateCOMM
BtMemFree
BtGetCOMMCreatorName2
BtGetCOMMInfoList2
BtDisconnectCOMM
BtNotifyCOMM
BtRemoveServiceRecord
BtFreeSCN
BtDestroyCOMM
BtAddServiceRecord
BtGetLocalInfo

kernel32

GetOEMCP
GetCPInfo
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
SetCommMask
HeapValidate
SetCommState
ReadFile
GetProcessHeap
GetCommState
GetLastError
HeapAlloc
WaitForMultipleObjects
IsBadCodePtr
CreateMutexW
ResetEvent
GetOverlappedResult
WriteFile
PeekNamedPipe
ConnectNamedPipe
IsValidCodePage
GetTickCount
ClearCommError
WaitCommEvent
lstrlenW
CreateEventW
CreateThread
CreateFileW
SetEvent
SetThreadPriority
WaitForSingleObject
CancelIo
TerminateThread
DisconnectNamedPipe
CloseHandle
HeapFree
ReleaseMutex
GetCurrentThreadId
HeapSize
ExitThread
PurgeComm
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
Sleep
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
TlsSetValue
GetStringTypeW
GetStringTypeA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCommModemStatus
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
RtlUnwind
RaiseException
GetStartupInfoW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

ShowWindow
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
CharUpperBuffW
DefWindowProcW
UnregisterClassW
UpdateWindow
PostMessageW
CreateWindowExW
RegisterClassExW
GetMessageW
PostQuitMessage

advapi32

RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW

ole32

CoTaskMemFree
CLSIDFromString
StringFromCLSID

oleaut32

VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

362f6441529e61122c0de4f2fcf6f664

Headers

File Characteristics

PDB Paths

Imports

tosbtapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.text Size: 5KB - Virtual size: 4KB

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 4KB