3cfbbf9290c43263505b61766b7abdea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cfbbf9290c43263505b61766b7abdea_JaffaCakes118
Size

44KB
MD5

3cfbbf9290c43263505b61766b7abdea
SHA1

561e45cb766dde1214a55506be2016e1fd5e91fb
SHA256

198586564ab9e7d861391d9d12639603c46f70fd18cd1623e38a7d5f8797c8ad
SHA512

917872b2853229faf47598b6a4f97076930499274478959744d09f3c526f079b0daefda2555beae5cf8f16c94311b39e4f9f1fc7383470d3b9aedcbfb37239f4
SSDEEP

768:IDA4WPRjDh59tJP1QdAIsGPE9wGOMXXMWt:/dZGewGOMXX3t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cfbbf9290c43263505b61766b7abdea_JaffaCakes118

Files

3cfbbf9290c43263505b61766b7abdea_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f787b68bdfec4226e8f48ea40a5551fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ck2

?GetOutputParameter@CKBehavior@@QAEPAVCKParameterOut@@H@Z
?SetCompatibleClassId@CKObjectDeclaration@@QAEXJ@Z
?SetCreationFunction@CKObjectDeclaration@@QAEXP6AJPAPAVCKBehaviorPrototype@@@Z@Z
?SetVersion@CKObjectDeclaration@@QAEXK@Z
?SetAuthorName@CKObjectDeclaration@@QAEXPAD@Z
?SetAuthorGuid@CKObjectDeclaration@@QAEXUCKGUID@@@Z
?SetGuid@CKObjectDeclaration@@QAEXUCKGUID@@@Z
?SetType@CKObjectDeclaration@@QAEXH@Z
?SetCategory@CKObjectDeclaration@@QAEXPAD@Z
?SetDescription@CKObjectDeclaration@@QAEXPAD@Z
?CreateCKObjectDeclaration@@YAPAVCKObjectDeclaration@@PAD@Z
?SetBehaviorCallbackFct@CKBehaviorPrototype@@QAEXP6AJABUCKBehaviorContext@@@ZKPAX@Z
?SetFunction@CKBehaviorPrototype@@QAEXP6AHABUCKBehaviorContext@@@Z@Z
?SetBehaviorFlags@CKBehaviorPrototype@@QAEXW4CK_BEHAVIOR_FLAGS@@@Z
?SetFlags@CKBehaviorPrototype@@QAEXW4CK_BEHAVIORPROTOTYPE_FLAGS@@@Z
?DeclareSetting@CKBehaviorPrototype@@QAEHPADUCKGUID@@0@Z
?DeclareLocalParameter@CKBehaviorPrototype@@QAEHPADUCKGUID@@0@Z
?CreateCKBehaviorPrototype@@YAPAVCKBehaviorPrototype@@PAD@Z
?SetOutputParameterValue@CKBehavior@@QAEJHPBXH@Z
?SendMessageSingle@CKMessageManager@@QAEPAVCKMessage@@HPAVCKBeObject@@0@Z
?GetInputParameterValue@CKBehavior@@QAEJHPAX@Z
?GetLocalParameterValue@CKBehavior@@QAEJHPAX@Z
?GetLocalParameterWriteDataPtr@CKBehavior@@QAEPAXH@Z
?OutputToConsoleEx@CKContext@@QAAJPADZZ
?GetManagerByGuid@CKContext@@QAEPAVCKBaseManager@@UCKGUID@@@Z
?GetTarget@CKBehavior@@QAEPAVCKBeObject@@XZ
?GetOwner@CKBehavior@@QAEPAVCKBeObject@@XZ
?ActivateInput@CKBehavior@@QAEXHH@Z
?IsInputActive@CKBehavior@@QAEHH@Z
?AddMessageType@CKMessageManager@@QAEHPAD@Z
?SetLocalParameterValue@CKBehavior@@QAEJHPBXH@Z
?GetMessageManager@CKContext@@QAEPAVCKMessageManager@@XZ
?GetLocalParameterReadDataPtr@CKBehavior@@QAEPAXH@Z
?ActivateOutput@CKBehavior@@QAEXHH@Z
?GetOutputParameterValue@CKBehavior@@QAEJHPAX@Z
?DeleteOutput@CKBehavior@@QAEJH@Z
?GetOutputCount@CKBehavior@@QAEHXZ
?GetStringBuffer@CKContext@@QAEPADH@Z
?AddOutput@CKBehavior@@QAEHPAD@Z
?SetFunction@CKBehavior@@QAEXP6AHABUCKBehaviorContext@@@Z@Z
?SetName@CKObject@@QAEXPADH@Z
?GetOutput@CKBehavior@@QAEPAVCKBehaviorIO@@H@Z
?GetVersion@CKBehavior@@QAEKXZ
?GetInputParameterReadDataPtr@CKBehavior@@QAEPAXH@Z
?NeedManager@CKObjectDeclaration@@QAEXUCKGUID@@@Z
?CreateLocalParameter@CKBehavior@@QAEPAVCKParameterLocal@@PADUCKGUID@@@Z
?GetLocalParameter@CKBehavior@@QAEPAVCKParameterLocal@@H@Z
?GetInputParameter@CKBehavior@@QAEPAVCKParameterIn@@H@Z
?GetInputParameterCount@CKBehavior@@QAEHXZ
?SetGUID@CKParameterIn@@QAEXUCKGUID@@HPAD@Z
?CreateInputParameter@CKBehavior@@QAEPAVCKParameterIn@@PADUCKGUID@@@Z
?RemoveOutputParameter@CKBehavior@@QAEPAVCKParameterOut@@H@Z
?CreateOutputParameter@CKBehavior@@QAEPAVCKParameterOut@@PADUCKGUID@@@Z
?CKDestroyObject@@YAXPAVCKObject@@KPAVCKDependencies@@@Z
?RemoveInputParameter@CKBehavior@@QAEPAVCKParameterIn@@H@Z
?DestroyObject@CKContext@@QAEJPAVCKObject@@KPAVCKDependencies@@@Z
?DeleteInput@CKBehavior@@QAEJH@Z
?AddInput@CKBehavior@@QAEHPAD@Z
?GetInput@CKBehavior@@QAEPAVCKBehaviorIO@@H@Z
?CKStoreDeclaration@@YAXPAV?$XArray@PAVCKObjectDeclaration@@@@PAVCKObjectDeclaration@@@Z
?GetParameterTypeDescription@CKParameterManager@@QAEPAUCKParameterTypeDesc@@UCKGUID@@@Z
?RegisterNewFlags@CKParameterManager@@QAEJUCKGUID@@PAD1@Z
?GetParameterManager@CKContext@@QAEPAVCKParameterManager@@XZ
?UnRegisterParameterType@CKParameterManager@@QAEJUCKGUID@@@Z

vxmath

??4XString@@QAEAAV0@PBD@Z
??1XString@@QAE@XZ
?VxScanCodeToAscii@@YADKQAE@Z

msvcrt

_ftol
??1type_info@@UAE@XZ
sprintf
memmove
strchr
strncpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_CxxThrowException
_initterm
__CxxFrameHandler
malloc
__dllonexit
_onexit
free
_adjust_fdiv

kernel32

DisableThreadLibraryCalls

Exports

Exports

CKGetPluginInfo
CKGetPluginInfoCount
RegisterBehaviorDeclarations

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f787b68bdfec4226e8f48ea40a5551fc

Headers

File Characteristics

Imports

ck2

vxmath

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 960B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 960B

.reloc
Size: 4KB - Virtual size: 1KB