0e85da3d437807a21ec2e51f866766d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e85da3d437807a21ec2e51f866766d9_JaffaCakes118
Size

280KB
MD5

0e85da3d437807a21ec2e51f866766d9
SHA1

7121e9a37691a0957cbb25dd7e15ad8cdfe27412
SHA256

f86aecd1f3d07f22e02a18fac44b3adb78dec84f4885f68d5f23604473729587
SHA512

85fe80945c3e3d91a409e9a4a5dc47d8c0dfb6dae6347ddd5979044f4af7279899160618f5181a9ae93ea2a1b0fdf24087319c5704649eb1fa00d8f2ce4fb6ce
SSDEEP

6144:r9CeShchEMx8lkBgguXWZfJ3hiNt4gcAOGk6l:weichENWB6XztQT6l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e85da3d437807a21ec2e51f866766d9_JaffaCakes118

Files

0e85da3d437807a21ec2e51f866766d9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

63c451c0b92817644b2e8b7e27f2be71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\admin\Desktop\hl2 pub\Hl2\Release\PULICA.pdb

Imports

winmm

sndPlaySoundA

kernel32

GetStdHandle
GetProcAddress
GetModuleHandleA
WriteProcessMemory
OpenProcess
VirtualProtect
Sleep
CreateThread
IsBadReadPtr
GetModuleFileNameA
WritePrivateProfileStringA
ExitProcess
GetPrivateProfileIntA
VirtualQuery
HeapAlloc
GetProcessHeap
CloseHandle
GetLocaleInfoW
FlushFileBuffers
GetSystemInfo
VirtualAlloc
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
MultiByteToWideChar
RtlUnwind
GetLocalTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcess
SetHandleCount
ReadFile
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
IsBadWritePtr
IsBadCodePtr
SetFilePointer
RaiseException
InitializeCriticalSection
InterlockedExchange
LoadLibraryA
LCMapStringA

user32

GetWindowTextA
wsprintfA
FindWindowA
GetAsyncKeyState
GetWindowThreadProcessId

shell32

ShellExecuteA

vstdlib

RandomSeed
Q_strncpy
Q_snprintf
KeyValuesSystem
Q_strnicmp
RandomFloat

tier0

?ExitScope@CVProfNode@@QAE_NXZ
Error
?EnterScope@CVProfNode@@QAEXXZ
GetCPUInformation
?GetSubNode@CVProfNode@@QAEPAV1@PBDH0H@Z
g_VProfCurrentProfile
Msg
g_pMemAlloc

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63c451c0b92817644b2e8b7e27f2be71

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

shell32

vstdlib

tier0

Sections

.text Size: 200KB - Virtual size: 197KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 215KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 200KB - Virtual size: 197KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 215KB

.reloc
Size: 20KB - Virtual size: 18KB