0d4996031881b59c0990208e6caf9829_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d4996031881b59c0990208e6caf9829_JaffaCakes118
Size

641KB
MD5

0d4996031881b59c0990208e6caf9829
SHA1

1828e07db14a9665f134095335e4530e1955ab11
SHA256

5a91a180ab53b7f723ee76b748d8cbd97e2a9a880ae53adf689e13989902fbf7
SHA512

b7ac9d563d77a16da69c370a527762ba1ea3e271ad72b03c07f197c1f840fac975e3c0ac80a25779396406057c629c3a661866b7e6099c1310a6d3dc19f53935
SSDEEP

12288:9ei/QfGF6C/bJAfdlz30UhJp9kbaVNLewar++WjXIqsD7rwFMYvFBc8qxJyXSSQ0:9ei43C/tVCLFVs0Rq5JmMli7fl0MYb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d4996031881b59c0990208e6caf9829_JaffaCakes118

Files

0d4996031881b59c0990208e6caf9829_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f5dfb00ae47598e79d0d3cccce96b2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindNextFileA
FindFirstFileA
GetStartupInfoA
GetCommandLineA
FreeLibrary
LoadLibraryA
GetModuleHandleA

msvcp71

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z

msvcr71

_CxxThrowException
rand
__CxxFrameHandler
_purecall
memmove
??_V@YAXPAX@Z
fopen
fwrite
fread
strncpy
tolower
printf
fclose
strtok
_stricmp
fgets
strrchr
exit
sprintf
strchr
atoi
strstr
srand
time
fprintf
_iob
rewind
free
_strlwr
_setjmp3
vsprintf
malloc
_callnewh
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
?terminate@@YAXXZ
_controlfp
longjmp
_isctype
__mb_cur_max
_pctype
_stat
??0exception@@QAE@ABV0@@Z
??3@YAXPAX@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ

sdl_image

IMG_Load

sdl

SDL_JoystickEventState
SDL_JoystickOpen
SDL_NumJoysticks
SDL_InitSubSystem
SDL_GetError
SDL_SoftStretch
SDL_SetColorKey
SDL_MapRGB
SDL_CreateRGBSurface
SDL_FreeSurface
SDL_DisplayFormat
SDL_UnlockSurface
SDL_SetError
SDL_LockSurface
SDL_RWFromFile
SDL_WaitEvent
SDL_JoystickName
SDL_SetVideoMode
SDL_Quit
SDL_Init
SDL_SetAlpha
SDL_DisplayFormatAlpha
SDL_SetModuleHandle
SDL_UpperBlit
SDL_FillRect
SDL_Delay
SDL_PollEvent
SDL_strlcpy
SDL_Flip
SDL_GetTicks
SDL_ShowCursor
SDL_WM_SetCaption

sdl_mixer

Mix_PlayMusic
Mix_HaltMusic
Mix_ResumeMusic
Mix_PauseMusic
Mix_FreeMusic
Mix_PlayingMusic
Mix_ChannelFinished
Mix_LoadWAV_RW
Mix_HookMusicFinished
Mix_Playing
Mix_PlayChannelTimed
Mix_Volume
Mix_HaltChannel
Mix_CloseAudio
Mix_OpenAudio
Mix_AllocateChannels
Mix_LoadMUS
Mix_FreeChunk
Mix_QuerySpec
Mix_VolumeMusic

Exports

Exports

?musicfinished@@YAXXZ
?soundfinished@@YAXH@Z

Sections

.text
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

csnqukg
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3f5dfb00ae47598e79d0d3cccce96b2a

Headers

File Characteristics

Imports

kernel32

msvcp71

msvcr71

sdl_image

sdl

sdl_mixer

Exports

Exports

Sections

.text Size: 550KB - Virtual size: 549KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 9KB - Virtual size: 143KB

.rsrc Size: 30KB - Virtual size: 31KB

csnqukg Size: - Virtual size: 4KB

.text
Size: 550KB - Virtual size: 549KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 9KB - Virtual size: 143KB

.rsrc
Size: 30KB - Virtual size: 31KB

csnqukg
Size: - Virtual size: 4KB