0014c01fa03103257fe9d2f40eca14b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0014c01fa03103257fe9d2f40eca14b0_JaffaCakes118
Size

1.5MB
MD5

0014c01fa03103257fe9d2f40eca14b0
SHA1

096fd9d07fd7e51a0bd106f924dee0b499f03dc3
SHA256

4d3a4d5318a9b46ee1cb52b67b8119325dbc8a1da8f256f46f421367f7db6c2d
SHA512

5acd3958542437114e448d930af1676d598fbed35a3dc41cd8a23d17bb2e42d30eb437bf62c14047b6534cd966a703588a6e27251c520c1a756a57745d1174d4
SSDEEP

24576:EMSAvtGtjLdYriJVFBCtPyg9mRMyxQmfL9qPcXll+pbF:+Av4tdpVvC5Sr9q4ll+f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0014c01fa03103257fe9d2f40eca14b0_JaffaCakes118

Files

0014c01fa03103257fe9d2f40eca14b0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

78a251046be3073de3292454584f83f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\BAHAN CHEAT OKTA\Debug\Peanut.pdb

Imports

kernel32

SetPriorityClass
GetLastError
GetCurrentProcess
GetModuleFileNameA
DisableThreadLibraryCalls
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
CreateThread
Beep
ExitProcess
ReadProcessMemory
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
Sleep
IsBadReadPtr
CreateFileA
VirtualAlloc
VirtualProtectEx
GetTickCount
VirtualProtect
GetModuleHandleA
lstrcmpiA
GetFullPathNameA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
FindResourceW
FindResourceA
SizeofResource
LoadResource
LockResource
UnmapViewOfFile
CreateFileW
CreateFileMappingA
GetFileSize
MapViewOfFile
WriteFile
OutputDebugStringA
VirtualFree
GetSystemInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
FreeLibrary
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
LoadLibraryW
lstrlenA
RaiseException
MultiByteToWideChar
IsDebuggerPresent
WideCharToMultiByte
DeviceIoControl
GetVersionExA
CloseHandle

user32

GetCursorPos
ScreenToClient
SetRect
SendInput
mouse_event
keybd_event
GetAsyncKeyState
MessageBoxA
GetKeyState
GetForegroundWindow

msvcp100d

??2@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??Bios_base@std@@QBEPAXXZ
?_Debug_message@std@@YAXPB_W0I@Z
??1_Container_base12@std@@QAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
??0_Lockit@std@@QAE@H@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAE_J_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??3@YAXPAXABU_DebugHeapTag_t@std@@PADH@Z
?_DebugHeapTag_func@std@@YAABU_DebugHeapTag_t@1@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

msvcr100d

_crt_debugger_hook
?terminate@@YAXXZ
__clean_type_info_names_internal
strcpy
__CppXcptFilter
_amsg_exit
_initterm_e
malloc
_initterm
_CrtSetCheckCount
_encoded_null
_free_dbg
_malloc_dbg
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_CRT_RTC_INITW
??_V@YAXPAX@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
fclose
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fgetc
memcpy_s
ungetc
fputc
fwrite
_unlock_file
_lock_file
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
memmove
_CrtDbgReportW
_invalid_parameter
_time64
_localtime64
free
_vsnprintf
strcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler3
memcpy
vsprintf_s
strncpy
isalnum
tolower
isspace
isprint
strlen
strcat
sprintf
memset
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_isnan
strchr
fread
fseek
tmpfile
_fpclass
ceil
_CItanh
_CIsinh
_CIfmod
_CIexp
sqrt
_CIacos
_finite
_ftol
_CIpow
wcsncpy
_controlfp
__CxxFrameHandler
iswpunct
iswdigit
iswalpha
iswspace
modf
longjmp
_setjmp3
isdigit
sscanf
frexp
_strdate
_strtime
ldexp
_strdup
setlocale
floor
_CIasin
_except_handler3
exit
_snprintf
_stricmp
atof
isalpha
isxdigit
toupper
atoi
qsort
_CIcosh

dinput8

DirectInput8Create

gdi32

GetTextMetricsA
GetObjectA
GetObjectW
DeleteDC
GetGlyphOutlineA
CreateDIBSection
DeleteObject
SelectObject
GetCharacterPlacementA
GetCharacterPlacementW
SetTextColor
SetBkColor
SetBkMode
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
ExtTextOutW

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Sections

.textbss
Size: - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78a251046be3073de3292454584f83f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp100d

msvcr100d

dinput8

gdi32

advapi32

Sections

.textbss Size: - Virtual size: 626KB

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 59KB - Virtual size: 104KB

.idata Size: 11KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 37KB - Virtual size: 37KB

.textbss
Size: - Virtual size: 626KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 59KB - Virtual size: 104KB

.idata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 37KB - Virtual size: 37KB