3632900bb610894a769b121ef6169560_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3632900bb610894a769b121ef6169560_JaffaCakes118
Size

182KB
MD5

3632900bb610894a769b121ef6169560
SHA1

c310119c466ff33f081b6ffcd3893da4069418e3
SHA256

46e312b6434c6179f81191b3fe45662084f73b16f039d3ea963d094a09d37f84
SHA512

88230416b6422c69d55515bd2f15c38d97fe507454f1e6d1ca2e7ea5c1dbe1b55e0ea7ee0cb3465e28db927621308dcf25b30485314fb4d1b0f5c1c88cc0753c
SSDEEP

3072:m9cMokmGHiD/7dNqtrn1wq7Jq06zbjZKm+tQ7oI8rKTf8YIDFTKPQwsKGekmhfny:mY4iT7mtnO0JqGm+tQ7oI8rKTf8YIDFZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3632900bb610894a769b121ef6169560_JaffaCakes118

Files

3632900bb610894a769b121ef6169560_JaffaCakes118
.dll windows:5 windows x86 arch:x86

16c1b4e2d52d2298e53af4933ce2f704

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\GTA IV\AdvancedHook\AdvancedHook\trunk\Release\AdvancedHook.pdb

Imports

scripthook

?IsThreadAlive@ScriptThread@@IAE_NXZ
?Wait@ScriptThread@@IAEXI@Z
??0ScriptThread@@QAE@XZ
?SetName@ScriptThread@@IAEXPAD@Z
?RegisterService@ScriptHookManager@@SAXPAVIService@@@Z
?RegisterThread@ScriptHookManager@@SAXPAVScriptThread@@@Z
??1ScriptThread@@UAE@XZ
?OnKill@ScriptThread@@MAEXXZ
?OnStart@ScriptThread@@MAEXXZ
?RunScript@ScriptThread@@MAEXXZ
?RunTick@ScriptThread@@MAEXXZ
??1IService@@UAE@XZ

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW

kernel32

UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
QueryPerformanceCounter
DecodePointer
EncodePointer
GetCurrentThreadId
GetSystemTimeAsFileTime
InterlockedExchange
GetModuleHandleA
LoadLibraryA
WriteProcessMemory
DisableThreadLibraryCalls
GetFileAttributesA
GetModuleHandleW
GetCurrentThread
RtlCaptureStackBackTrace
GetCurrentProcess
Sleep
IsDebuggerPresent
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetLocalTime
Thread32Next
OpenThread
CloseHandle
Thread32First
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
ExitProcess
CreateThread
VirtualProtect
VirtualAlloc
FreeLibrary
SetLastError
ReadProcessMemory
OutputDebugStringA
GetLastError
GetProcAddress
LoadLibraryW
GetEnvironmentVariableW
GetFileAttributesW
GetModuleFileNameW
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetCurrentDirectoryA
ResumeThread
GetThreadContext
SuspendThread
GetTickCount

user32

MessageBoxA

advapi32

GetUserNameA

msvcr100

memcpy_s
fwrite
fgetpos
_fseeki64
fsetpos
sprintf
remove
malloc
_strdup
wcscat_s
strcpy_s
_vsnprintf_s
strcat_s
printf
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
setvbuf
_unlock_file
_lock_file
ungetc
fputc
fgetc
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
_CxxThrowException
??0bad_cast@std@@QAE@PBD@Z
_itoa_s
strncat_s
calloc
fopen
fprintf
fclose
free
??_V@YAXPAX@Z
memset
memmove
memchr
memcpy
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
__CxxFrameHandler3
??3@YAXPAX@Z
_purecall
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
_cexit
__FrameUnwindFilter
?__ExceptionPtrCopy@@YAXPAXPBX@Z
??_U@YAPAXI@Z
fflush

msvcp100

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??_7ios_base@std@@6B@
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Id_cnt@id@locale@std@@0HA
??1_Lockit@std@@QAE@XZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Decref@facet@locale@std@@QAEPAV123@XZ

dbghelp

SymInitialize
SymFromAddr

mscoree

_CorDllMain

Exports

Exports

??0GenericLogger@@QAE@ABV0@@Z
??0GenericLogger@@QAE@XZ
??0IFunctions@AdvancedHook@@QAE@ABV01@@Z
??0IFunctions@AdvancedHook@@QAE@XZ
??0IFunctionsService@AdvancedHook@@QAE@ABV01@@Z
??0IFunctionsService@AdvancedHook@@QAE@XZ
??0IService@@QAE@ABV0@@Z
??0IService@@QAE@XZ
??0ScriptThread@@QAE@ABV0@@Z
??1GenericLogger@@UAE@XZ
??1IFunctionsService@AdvancedHook@@UAE@XZ
??4Game@@QAEAAV0@ABV0@@Z
??4GenericLogger@@QAEAAV0@ABV0@@Z
??4IFunctions@AdvancedHook@@QAEAAV01@ABV01@@Z
??4IFunctionsService@AdvancedHook@@QAEAAV01@ABV01@@Z
??4IService@@QAEAAV0@ABV0@@Z
??4Log@@QAEAAV0@ABV0@@Z
??4Main@AdvancedHook@@QAEAAV01@ABV01@@Z
??4ScriptHookManager@@QAEAAV0@ABV0@@Z
??4ScriptThread@@QAEAAV0@ABV0@@Z
??4ScriptingHelpers@@QAEAAV0@ABV0@@Z
??_7GenericLogger@@6B@
??_7IFunctions@AdvancedHook@@6B@
??_7IFunctionsService@AdvancedHook@@6B@
??_7IService@@6B@
??_7ScriptThread@@6B@
?Debug@GenericLogger@@UAEXPBD@Z
?Error@GenericLogger@@UAEXPBD@Z
?Fatal@GenericLogger@@UAEXPBD@Z
?GetNext@GenericLogger@@QAEPAV1@XZ
?HasInitializedProperly@Main@AdvancedHook@@SA_NXZ
?Info@GenericLogger@@UAEXPBD@Z
?Log@GenericLogger@@EAEXPBD0@Z
?SetNext@GenericLogger@@QAEXPAV1@@Z
?Warn@GenericLogger@@UAEXPBD@Z

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16c1b4e2d52d2298e53af4933ce2f704

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

scripthook

version

kernel32

user32

advapi32

msvcr100

msvcp100

dbghelp

mscoree

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 105KB - Virtual size: 104KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 105KB - Virtual size: 104KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 5KB - Virtual size: 4KB