2a84b9808c74dbf864dd2de78f3924bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a84b9808c74dbf864dd2de78f3924bc_JaffaCakes118
Size

196KB
MD5

2a84b9808c74dbf864dd2de78f3924bc
SHA1

c817a615b31b2449247649b0b58b4633b3cdd166
SHA256

1e72d2cce38daefc0f416689d3c7f96d19de572a266cdc814eb9440fa3b52a22
SHA512

0e98408c2a75a229bff93f8e4dffed3fe5aba5bbfac7a993d45c9dbdedbd41cbd0e21bfe7df95def4b33406c62b280ec1b1c131d79d0e44788ef1219f024f601
SSDEEP

3072:pWvVWHbtXc00RxX/Liy/OZjr5q0pHNOY0j6wgpaT8D3g5Ka95lWJcOKV+OJUCbo6:uwc00bOyGR1qUtOB4D3oblCctU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a84b9808c74dbf864dd2de78f3924bc_JaffaCakes118

Files

2a84b9808c74dbf864dd2de78f3924bc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3376e9a8d28b936f96ba9aeb76dff1df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Sources\Virtools Dev\Bin\Release\Plugins\WavReader.pdb

Imports

winmm

mmioClose
mmioGetInfo
mmioRead
mmioAdvance
mmioSetInfo
mmioAscend
mmioDescend
mmioSeek
mmioOpenA

msacm32

acmStreamOpen
acmStreamConvert
acmStreamSize
acmStreamClose
acmStreamUnprepareHeader
acmStreamPrepareHeader

vxmath

??1XString@@QAE@XZ
??4XString@@QAEAAV0@PBD@Z
??0XString@@QAE@PBDH@Z

ck2

?CKStrupr@@YAPADPAD@Z

kernel32

GetTickCount
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GlobalAlloc
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
DisableThreadLibraryCalls
GetCurrentProcessId

ole32

CoCreateInstance

oleaut32

VariantInit
VariantClear

msvcr71

??2@YAPAXI@Z
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
__security_error_handler
_purecall
??3@YAXPAX@Z
__CxxFrameHandler
strstr

Exports

Exports

CKGetPluginInfo
CKGetPluginInfoCount
CKGetReader

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3376e9a8d28b936f96ba9aeb76dff1df

Headers

File Characteristics

PDB Paths

Imports

winmm

msacm32

vxmath

ck2

kernel32

ole32

oleaut32

msvcr71

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 168KB - Virtual size: 168KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 1024B - Virtual size: 820B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 1024B - Virtual size: 820B