0a1a358e3dec99e95c4802162417ae7e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a1a358e3dec99e95c4802162417ae7e_JaffaCakes118
Size

300KB
MD5

0a1a358e3dec99e95c4802162417ae7e
SHA1

bf369a2a7a5664001642b6564dd6391300ee54fe
SHA256

af98c14dec35608b80f4b8625cf1507958a95026436185a4bb9dbba1c404bf3c
SHA512

06459029656cefb0504178d2267037d01a161a8f5eae0fa4622843fb883fa7c7a2e2de6467bbcc3dd6c091bd5952dfb3f3a8b369b27d86e865b98089f2743beb
SSDEEP

6144:0H+W1RutsG8qW1sOghS5WhlMnKyP7R2q9ql/fm25goBsQcbsj:0H+W1RuV+ZwlMnK0Rt9E3m2XsI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a1a358e3dec99e95c4802162417ae7e_JaffaCakes118

Files

0a1a358e3dec99e95c4802162417ae7e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9125253b66ca3820996848c9a6c3c079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\wc\divxconnectedrepository\dseplugins-03_01_01_rotteneggs\bin\win32vs05\releasedynamic\DFXAudioPlugin.pdb

Imports

kernel32

GetCurrentThreadId
GetCurrentProcessId
CreateMutexA
lstrlenW
WaitForSingleObject
CloseHandle
ReleaseMutex
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

MessageBoxA

advapi32

RegQueryInfoKeyW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW

msvcp80

??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z

msvcr80

_CIpow
calloc
free
_CIexp
_CIfmod
_CIlog10
_CIsqrt
realloc
malloc
_CIasin
_CIatan2
_CItan
_CIcos
_CIsin
__CxxFrameHandler3
??3@YAXPAX@Z
??_V@YAXPAX@Z
strncpy
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_invalid_parameter_noinfo
??2@YAPAXI@Z
_purecall
memmove_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_CxxThrowException
sprintf

Exports

Exports

_getPlugin

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9125253b66ca3820996848c9a6c3c079

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 176KB - Virtual size: 176KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 176KB - Virtual size: 176KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB