aa38386693ba03c2f5175750c00ca75d_JaffaCakes118

General

Target

aa38386693ba03c2f5175750c00ca75d_JaffaCakes118
Size

4.4MB
MD5

aa38386693ba03c2f5175750c00ca75d
SHA1

821ffe43107a2bbf767b4256ec91cba1ad143f27
SHA256

4b1a84606704ce5d8192f53a2b6442754616def1eca785b91f894785f7085486
SHA512

5c08fd60d5704fb11b084de3d3bd4e79059d40052db5c4a982eb9e213be4a2d61a1433412fa8caededbd5bef365f99301caea5482d4c288cb2349133a9e997c5
SSDEEP

98304:xmPeaC5oEtiPI/WdaAeSj8lLYYhNhn/JeDo9WuR/x2Wv:x1tPUJdaJlLYADn/Jzbxf

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CoD4Rbot/CoD4_RageHack.dll
unpack001/CoD4Rbot/Loader.exe

Files

aa38386693ba03c2f5175750c00ca75d_JaffaCakes118
.zip
CoD4Rbot/CoD4_RageHack.dll
.dll windows:5 windows x86 arch:x86

bf08627033ae81b4e9f31e3767a1d63c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

FindWindowA

winmm

sndPlaySoundA

Sections

.text
Size: 4.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CoD4Rbot/Loader.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 159KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf08627033ae81b4e9f31e3767a1d63c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winmm

Sections

.text Size: 4.2MB - Virtual size: 5.2MB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

CODE Size: 352KB - Virtual size: 352KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 159KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 26KB - Virtual size: 26KB

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 4.2MB - Virtual size: 5.2MB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B

CODE
Size: 352KB - Virtual size: 352KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 159KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 34KB - Virtual size: 34KB