1bffc22ec1276afe23a0419c5b3227b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1bffc22ec1276afe23a0419c5b3227b1_JaffaCakes118
Size

212KB
MD5

1bffc22ec1276afe23a0419c5b3227b1
SHA1

6d43da1fa38c3d07babd0260206b45eedd531dd2
SHA256

638e1ebddda19ecc0cc819b7bf48fe2c178f6ed76162f5312eecd0bb52776588
SHA512

968973d88de4951672fd470b4a30e2df023c2a61bd100baf6ecbc0bf32cd0e873fa30482f0147542d6fd5ace126b3b6b202ce87730bc1c9c19da78de05124aa0
SSDEEP

6144:+wRcAIhA/Pj405eyreiTYjOgsio1nYDZQ7BwLTYgAD:/lherKJYDZQ7GPYz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bffc22ec1276afe23a0419c5b3227b1_JaffaCakes118

Files

1bffc22ec1276afe23a0419c5b3227b1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0733f98b92e02b4b747bdfb52e9f1252

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\software\hg10_directshow\third_party\directshow\altairvideorender\win32\AltairDSVideoRender.pdb

Imports

winmm

timeSetEvent
timeGetTime
timeBeginPeriod
timeEndPeriod
timeKillEvent

msvcr80

_initterm
_onexit
__CxxFrameHandler3
??3@YAXPAX@Z
??2@YAPAXI@Z
memset
_vsnwprintf
memcpy
_purecall
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_except_handler4_common
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock

kernel32

LoadLibraryA
GetVersionExW
InitializeCriticalSection
lstrcmpW
InterlockedIncrement
InterlockedDecrement
CloseHandle
CreateEventW
SetEvent
EnterCriticalSection
WaitForMultipleObjects
WaitForSingleObject
ReleaseSemaphore
GetCurrentProcess
GetCurrentThreadId
CreateSemaphoreW
CompareStringA
GetLastError
CreateFileMappingW
lstrlenW
Sleep
MulDiv
FreeLibrary
LoadLibraryW
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
InterlockedExchange
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
InterlockedCompareExchange
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
ResetEvent

user32

InSendMessage
SetWindowTextW
GetWindowTextW
MoveWindow
GetSystemMetrics
IsZoomed
IsIconic
SetParent
SystemParametersInfoW
PeekMessageW
CreateDialogParamW
MsgWaitForMultipleObjects
DispatchMessageW
LoadStringW
GetDesktopWindow
SetCursor
IsWindowVisible
GetQueueStatus
PostThreadMessageW
RegisterWindowMessageW
GetClassInfoW
LoadCursorW
RegisterClassW
CreateWindowExW
SetRectEmpty
SetForegroundWindow
InvalidateRect
GetDC
ReleaseDC
MapWindowPoints
GetParent
GetWindowRect
GetWindowLongW
AdjustWindowRectEx
SetWindowPos
ShowWindow
IsWindow
GetWindowThreadProcessId
SetWindowLongW
DestroyWindow
PostMessageW
SendMessageW
SendDlgItemMessageW
GetClientRect
FillRect
GetWindowPlacement
DefWindowProcW

gdi32

CreateCompatibleBitmap
GetDIBits
CreatePalette
GetStockObject
CreateDCA
GetSystemPaletteEntries
CreateDIBSection
GetObjectW
CreateCompatibleDC
SetStretchBltMode
RealizePalette
GdiFlush
SelectPalette
DeleteDC
GetDeviceCaps
CreateSolidBrush
DeleteObject

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyW
RegSetValueW
RegCloseKey
RegDeleteKeyW
RegSetValueExW

ole32

CoUninitialize
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries

oleaut32

SysAllocString

Exports

Exports

CLSID_AltairGrabVideo
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
IID_IAltairGrabVideo

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0733f98b92e02b4b747bdfb52e9f1252

Headers

File Characteristics

PDB Paths

Imports

winmm

msvcr80

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 104KB - Virtual size: 100KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 104KB - Virtual size: 100KB

.reloc
Size: 12KB - Virtual size: 8KB