3422553e4edbd001d6b22ceb2d4d007c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3422553e4edbd001d6b22ceb2d4d007c_JaffaCakes118
Size

249KB
MD5

3422553e4edbd001d6b22ceb2d4d007c
SHA1

f772ef419338836cf447493d78255288e10315c4
SHA256

5f8bedc3c4ddd7bba2972fd5f7c10fdabac5d63c880aec086c37bbcc9dd37cc2
SHA512

17708f156bc54b6254f22c8619423d4851cc3e775abe0a18d81f0f3c62fe085d29c7afcb3a50fb821df12c5e19038f83b90c4f1a423c1b07603e132fcb7ead08
SSDEEP

6144:TuEUYWXzeud/yHt0GtQeeaQee5QeesQee2iQeehQeezPer6VPwcBzMTs37:KEUYGC4KlerXcll

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3422553e4edbd001d6b22ceb2d4d007c_JaffaCakes118

Files

3422553e4edbd001d6b22ceb2d4d007c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3d2c00818b3d5e4725699d0600cbfff5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Acer\Desktop\Flamer\Hacks\Nero\d3d9 base\Release\Flamers WR D3D.pdb

Imports

kernel32

SetUnhandledExceptionFilter
GlobalFree
GlobalAlloc
CreateThread
VirtualProtect
GetModuleHandleA
Sleep
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetTimeFormatA
ExitProcess
IsProcessorFeaturePresent
GetSystemInfo
OutputDebugStringA
GetProcAddress
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent

user32

ShowWindow
GetAsyncKeyState
GetSystemMetrics
CreateWindowExA
GetCursorPos
ScreenToClient
GetForegroundWindow
SetRect
DestroyWindow
keybd_event

gdi32

GetGlyphOutlineA
GetObjectA
SetTextColor
DeleteDC
CreateDIBSection
GetTextMetricsA
GetObjectW
ExtTextOutW
MoveToEx
CreateFontIndirectW
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW
SetBkMode
GetCharacterPlacementW
GetCharacterPlacementA
ExtTextOutA
SetTextAlign
SetMapMode
CreateCompatibleDC
SelectObject
DeleteObject
SetBkColor

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA

msvcp90

??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ

d3d9

Direct3DCreate9

msvcr90

_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
iswdigit
iswpunct
_ftol
strncpy
free
??2@YAPAXI@Z
??3@YAXPAX@Z
clock
vsprintf_s
malloc
vsprintf
sprintf
iswalpha
__CxxFrameHandler
_finite
_CIacos
_encoded_null
iswspace
memcpy
memset

Sections

_TEXT
Size: 512B - Virtual size: 431B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d2c00818b3d5e4725699d0600cbfff5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcp90

d3d9

msvcr90

Sections

_TEXT Size: 512B - Virtual size: 431B

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 42KB - Virtual size: 54KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 20KB - Virtual size: 19KB

_TEXT
Size: 512B - Virtual size: 431B

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 42KB - Virtual size: 54KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 20KB - Virtual size: 19KB