068a5d995adf3f72d5d5ab45bf2c79ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

068a5d995adf3f72d5d5ab45bf2c79ca_JaffaCakes118
Size

260KB
MD5

068a5d995adf3f72d5d5ab45bf2c79ca
SHA1

6b028e8d8533566d6cb781b93c40dc40a162e70a
SHA256

9f0d266fa7ff285c1ebaefccf8c902b02d2e98a26273eb591b2fc68355f846cc
SHA512

54f000207f1e8bfef0954fabb8edd53d42b6aca97cae38bbb063e9f9fdc0f8a894eec4c37345dfd36873008f25dcacc6b2c2e2fd126828fb3a0f56b36b2b64ce
SSDEEP

3072:ulOppG5S8gvTuP1+uGSnW5+Dvc2I8WXBQDDXIwAJYKvhUbDLiedacgVMPhlvTI7P:GqpEp70SnZIfXKD4GkVMPhlvTCAOHi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
068a5d995adf3f72d5d5ab45bf2c79ca_JaffaCakes118

Files

068a5d995adf3f72d5d5ab45bf2c79ca_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9f929d31a6e8742724f668f618a1b781

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Dokumente und Einstellungen\Administrator\Desktop\BaseHook pub1d\Hl2\Release\HL2.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualProtect
Sleep
CreateThread
LoadLibraryA
GetTickCount
ExitProcess
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
VirtualQuery
HeapAlloc
GetProcessHeap
CloseHandle
FlushFileBuffers
ReadFile
GetLocaleInfoW
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetSystemInfo
VirtualAlloc
InterlockedExchange
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
IsBadReadPtr
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
IsBadCodePtr
GetACP
GetOEMCP
SetFilePointer
InitializeCriticalSection

user32

wsprintfA

tier0

Msg
?GetSubNode@CVProfNode@@QAEPAV1@PBDH0H@Z
?EnterScope@CVProfNode@@QAEXXZ
?ExitScope@CVProfNode@@QAE_NXZ
Error
g_pMemAlloc
GetCPUInformation
g_VProfCurrentProfile

vstdlib

Q_snprintf
KeyValuesSystem
Q_strnicmp
Q_strncpy

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f929d31a6e8742724f668f618a1b781

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

tier0

vstdlib

Sections

.text Size: 184KB - Virtual size: 180KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 12KB - Virtual size: 59KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 184KB - Virtual size: 180KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 12KB - Virtual size: 59KB

.reloc
Size: 20KB - Virtual size: 16KB