1eccbc0c64b7a0e9e287bae59d6f39cb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1eccbc0c64b7a0e9e287bae59d6f39cb_JaffaCakes118
Size

3.3MB
MD5

1eccbc0c64b7a0e9e287bae59d6f39cb
SHA1

448e8c6b8e12c7a839bc67ec67fdbcce19a3c26b
SHA256

8df2a27aad33167e37f59c4c466ab63af11f6c9724d2909ac8aa54eaedc1ded9
SHA512

0797669e3f19549712bacab19512ab7e6c4224cd7e8e58d52c65fe5311a224a24a3c66c8ec15615f9fc47dad12c9625a4015068f7814b282dbd355af8f76fc39
SSDEEP

98304:+cf6yNIS1EqAMayc0zksyef1YggMoaHTqPn:+cfmdqAM5zz1ysTkn

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/DragonAge3Inq+16Tr-LNG-v1.12/DragonAge3Inq+16Tr-LNG-v1.12.exe
unpack002/DragonAge3Inq+16Tr-LNG-v1.12/SlimDX.dll

Files

1eccbc0c64b7a0e9e287bae59d6f39cb_JaffaCakes118
.rar
3946/DragonAge3Inq%2B16Tr-LNG-v1.12.rar
.rar
DragonAge3Inq+16Tr-LNG-v1.12/DragonAge3Inq+16Tr-LNG-v1.12 - INFO.txt
DragonAge3Inq+16Tr-LNG-v1.12/DragonAge3Inq+16Tr-LNG-v1.12.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DragonAge3Inq+16Tr-LNG-v1.12/SlimDX.dll
.dll windows:5 windows x64 arch:x64

4d7c174b663f14dee86b937ffa3a3449

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Promit\Documents\Projects\SlimDX\Main\trunk\build\x64\Public-4.0\SlimDX.pdb

Imports

msvcr100

?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__CppXcptFilter
__C_specific_handler
_amsg_exit
_encoded_null
free
__CxxFrameHandler3
_purecall
isdigit
atoi
strchr
strstr
isspace
_stricmp
_initterm_e
_initterm
?what@exception@std@@UEBAPEBDXZ
??3@YAXPEAX@Z
memcpy
floorf
sin
cos
memset
_vsnwprintf
__FrameUnwindFilter
_cexit
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
wcsncpy_s
asinf
sinf
log10f
_vsnprintf
memcmp
??2@YAPEAX_K@Z
??0exception@std@@QEAA@AEBV01@@Z
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
__crt_debugger_hook
??_V@YAXPEAX@Z
malloc
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
memmove
_CxxThrowException
strncpy_s
powf

kernel32

CreateFileW
DebugBreak
OutputDebugStringW
LocalAlloc
LocalFree
GetProcAddress
FreeLibrary
GetLastError
LoadLibraryA
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
HeapAlloc
HeapFree
GetProcessHeap
EncodePointer
DecodePointer
Sleep
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

user32

PeekMessageW
ReleaseDC
GetDC
GetIconInfo
RegisterRawInputDevices
GetRawInputData
GetRawInputDeviceInfoW
MessageBoxW
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
GetRawInputDeviceList
GetForegroundWindow

gdi32

SelectObject
CreateDCW
GetDeviceCaps
GetDIBits
GetRegionData
GetObjectW
CreateCompatibleDC
DeleteObject
DeleteDC

winmm

mmioSeek
mmioRead
mmioAscend
mmioDescend
mmioOpenW
mmioClose

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

msvcp100

??1_Lockit@std@@QEAA@XZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Incref@facet@locale@std@@QEAAXXZ
??0_Lockit@std@@QEAA@H@Z

mscoree

_CorDllMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DragonAge3Inq+16Tr-LNG-v1.12/VERY IMPORTANT!.txt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rsrc Size: 23KB - Virtual size: 23KB

4d7c174b663f14dee86b937ffa3a3449

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr100

kernel32

ole32

user32

gdi32

winmm

advapi32

msvcp100

mscoree

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.nep Size: 21KB - Virtual size: 20KB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 73KB - Virtual size: 80KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 504B

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rsrc
Size: 23KB - Virtual size: 23KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.nep
Size: 21KB - Virtual size: 20KB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 73KB - Virtual size: 80KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 30KB - Virtual size: 29KB