23981abfb48bfc0794a50e620043722f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23981abfb48bfc0794a50e620043722f_JaffaCakes118
Size

224KB
MD5

23981abfb48bfc0794a50e620043722f
SHA1

e2295ca0cce476932e4b1a585c371c7b426c782e
SHA256

8e1f08e930a594c13d60cd2120299fe34f057bfbc06bd88e767d3cac51c607cf
SHA512

cd34c10c31e05918c7f9ba58417adfcadcffb0637c3e1777e0d1f328ab1af10418be9452e27f9e8f33cb28cf4a251507825bece0190dc25bdd4df588b1032d59
SSDEEP

6144:5q/tz+Ogl8IHEepfpxrsoj81DTArS/1/cN34DR94NZjC:w/5zEpxrso0DEr61/K4DRQp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23981abfb48bfc0794a50e620043722f_JaffaCakes118

Files

23981abfb48bfc0794a50e620043722f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4413bc3a236bb80f1f8d3d1a5e42bc7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WaitForSingleObject
SetThreadPriority
GetCurrentThread
Sleep
CreateThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent

user32

GetMessageA
PostThreadMessageA

imaqmex.mexw32

?adaptorError@imaqkit@@YAXPBVIAdaptor@1@PBD1ZZ
?createCriticalSection@imaqkit@@YAPAVICriticalSection@1@XZ
?imaqfree@imaqkit@@YAXPAX@Z
?imaqmalloc@imaqkit@@YAPAXI@Z
?adaptorWarn@imaqkit@@YAXPBD0ZZ
?getCurrentTime@imaqkit@@YANXZ
?createAdaptorManager@imaqkit@@YAPAVIAdaptorManager@1@PAVIAdaptor@1@PAVIEngine@1@@Z
?createAutoCriticalSection@imaqkit@@YAPAVIAutoCriticalSection@1@PAVICriticalSection@1@_N@Z

qcamdriver

ord5
ord34
ord3
ord2
ord31
ord32
ord14
ord15
ord42
ord43
ord18
ord25
ord30
ord29
ord41
ord40
ord9
ord23
ord48
ord8
ord13
ord12
ord10
ord24
ord17
ord7
ord22
ord6
ord4

msvcp80

?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ

msvcr80

free
memmove_s
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?what@exception@std@@UBEPBDXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
_purecall
__RTDynamicCast
??_V@YAXPAX@Z
??3@YAXPAX@Z
ceil
_CIlog10
_snprintf
??0exception@std@@QAE@ABQBD@Z

Exports

Exports

createInstance
getAvailHW
getDeviceAttributes
initializeAdaptor
uninitializeAdaptor

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4413bc3a236bb80f1f8d3d1a5e42bc7d

Headers

File Characteristics

Imports

kernel32

user32

imaqmex.mexw32

qcamdriver

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 172KB - Virtual size: 170KB

.rsrc Size: 4KB - Virtual size: 428B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 172KB - Virtual size: 170KB

.rsrc
Size: 4KB - Virtual size: 428B

.reloc
Size: 8KB - Virtual size: 4KB