difxapi.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1a8b6c428068e13d2267e6d472a58043_JaffaCakes118.dll
Resource
win7-20240611-en
windows7-x64
1 signatures
150 seconds
General
-
Target
1a8b6c428068e13d2267e6d472a58043_JaffaCakes118
-
Size
432KB
-
MD5
1a8b6c428068e13d2267e6d472a58043
-
SHA1
d34ebe11df590c564c807d1926fb84f629bea695
-
SHA256
57fa35077af92d1503c3087f15211ca382ce16a2f112c45a701f0f3eea1c783f
-
SHA512
999adcecb76172d9a35a508f35c658b337a97531cf647d8688239c71fe600e1fd87f93e5efff3d25a93240521bdaac86b25ef0346dae0d63f393fa736f1015fe
-
SSDEEP
12288:+u13/R/3OeX7yQ5xn1ky/jd/RsvktFbkPc7DiPBEcr8:d5/eeX7P5b3jdZiUk8wBEY8
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1a8b6c428068e13d2267e6d472a58043_JaffaCakes118
Files
-
1a8b6c428068e13d2267e6d472a58043_JaffaCakes118.dll windows:6 windows x86 arch:x86
79ed523cef255858e9394e73c603ea16
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ntdll
RtlUnwind
RtlNtStatusToDosError
VerSetConditionMask
kernel32
GetVersionExW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
SetFileAttributesW
GetEnvironmentVariableW
CompareStringW
GetFileAttributesW
MoveFileExW
GetTempFileNameW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetSystemWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
GetFullPathNameW
CopyFileW
LocalFree
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateDirectoryW
LocalReAlloc
LocalAlloc
GetProcessHeap
ReleaseMutex
DeviceIoControl
WaitForSingleObject
CreateMutexW
GetSystemTimeAsFileTime
Sleep
RaiseException
GetVersionExA
HeapSize
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
GetLastError
VerifyVersionInfoW
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
LoadLibraryExA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
GetThreadLocale
WaitForMultipleObjectsEx
InterlockedCompareExchange
WaitForSingleObjectEx
SetEvent
CreateEventW
SetEndOfFile
SetLastError
InterlockedExchange
TlsFree
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
HeapReAlloc
EnterCriticalSection
HeapAlloc
LeaveCriticalSection
HeapDestroy
GetModuleHandleW
DeleteCriticalSection
GetModuleFileNameA
OutputDebugStringA
HeapCreate
InitializeCriticalSection
TlsSetValue
user32
UnregisterClassA
CharLowerW
setupapi
SetupQueueCopyIndirectW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidW
CM_Setup_DevNode
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
SetupDiSetDeviceRegistryPropertyW
SetupDiOpenClassRegKey
SetupGetTargetPathW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupOpenFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupCopyOEMInfW
SetupOpenAppendInfFileW
SetupGetIntField
SetupGetFieldCount
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
CM_Query_And_Remove_SubTreeW
CM_Enumerate_Classes
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupGetLineCountW
SetupCloseFileQueue
advapi32
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
QueryServiceStatus
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
RegCloseKey
ole32
CoInitialize
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoUninitialize
wintrust
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
crypt32
CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject
CertFreeCTLContext
Exports
Exports
DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW
Sections
.text Size: 281KB - Virtual size: 281KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 125KB - Virtual size: 128KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE