60a9101da5de3262a54138909f22dbf9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60a9101da5de3262a54138909f22dbf9_JaffaCakes118
Size

52KB
MD5

60a9101da5de3262a54138909f22dbf9
SHA1

b7013bc8968fb4cdbaccd56a660e66c7f6f38633
SHA256

66e341da3b086cfe9aa31027bda8f6e8c46f244fe0234f8e29d34f66692a1e06
SHA512

2e16d121673f7025e1974835762ba6d873b3eb7bb199dd1dd58a29273c11d6bcb90a239c0deee562b241bf0814522e72aed1ed0ad46e1082b75fded10e2a3e61
SSDEEP

768:LEZVqLZzR0YPNMs1Qm0n3PpmBAx3COZ3G0g:LvV0Zs1dc0BJOZ3G0g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60a9101da5de3262a54138909f22dbf9_JaffaCakes118

Files

60a9101da5de3262a54138909f22dbf9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bcb5a10bdfb4b991bc7873de180e69e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\V2Demo\Release\Plugin_FakeVolumeLight.pdb

Imports

oocore

?REAL_MAX@Math@oo@@3MA
??HVector3@oo@@QBE?AV01@ABV01@@Z
??DVector3@oo@@QBE?AV01@M@Z
??KVector3@oo@@QBE?AV01@M@Z
?normalize@Vector3@oo@@QAEXXZ
?cross@Vector3@oo@@QBE?AV12@ABV12@@Z
??GVector3@oo@@QBE?AV01@ABV01@@Z
?transform@Matrix4@oo@@QBE?AVVector4@2@ABV32@@Z
?parse@cString@oo@@YAAAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAH@Z
?IDENTITY@Matrix4@oo@@2V12@B
?format@uString@oo@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDZZ
??0Vector3@oo@@QAE@ABV01@@Z
?parse@cString@oo@@YAAAMABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAM@Z
?makeTranslation@Matrix4@oo@@QAEXMMM@Z
?toString@cString@oo@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABK@Z
?toString@cString@oo@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABH@Z
?fromQuaternion@Matrix4@oo@@QAEXABVQuaternion@2@@Z
??DMatrix4@oo@@QBE?AV01@ABV01@@Z
?parse@cString@oo@@YAAAKABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAK@Z
?toString@cString@oo@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABM@Z
?op_new_vc@@YAPAXIPBDH@Z
?op_delete_vc@@YAXPAX@Z
?transform@Matrix4@oo@@QBE?AVVector3@2@ABV32@@Z

ooobject

?addLoadingError@OObject@oo@@SAXW4LoadingErrorCode@12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?createEnum@EnumManager@oo@@QAEPAVEnumValue@2@XZ
?createObject@OClass@oo@@QAEPAVOObject@2@XZ
?Value@TiXmlNode@@QBEPBDXZ
?logWarning@oo@@YAXHPBDZZ
?logError@oo@@YAXHPBDZZ
?LM_Core@oo@@3_NA
?getEnumManager@oo@@YAPAVEnumManager@1@XZ
?registerEnum@EnumManager@oo@@QAEXPAVEnumValue@2@@Z
?SetAttribute@TiXmlElement@@QAEXPBDH@Z
?beforeSaved@OObject@oo@@UAEXXZ
??2OObject@oo@@SAPAXIPBDH@Z
??1EClassNotFound@oo@@QAE@XZ
??_VOObject@oo@@SAXPAX@Z
??3OObject@oo@@SAXPAXPBDH@Z
?getBaseClass@OClass@oo@@QAEPAV12@XZ
??0OO_CLASSINIT@oo@@QAE@PAVOClass@1@0KK@Z
?release@OUnknown@oo@@QAEXXZ
?FirstChildElement@TiXmlNode@@QBEPAVTiXmlElement@@PBD@Z
?SetAttribute@TiXmlElement@@QAEXPBD0@Z
?postSaved@OObject@oo@@UAEXXZ
??1TiXmlElement@@UAE@XZ
?postLoaded@OObject@oo@@UAEXK@Z
??0TiXmlElement@@QAE@PBD@Z
?loadFromFile@OObject@oo@@SAPAV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAK@Z
??3OObject@oo@@SAXPAX@Z
??0EClassNotFound@oo@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?InsertEndChild@TiXmlNode@@QAEPAV1@ABV1@@Z
?postEdited@OObject@oo@@UAEXPAVOAttribute@2@@Z
?mainThreadCallStack@oo@@3V?$vector@UGuardInstInfo@StackGuard@oo@@V?$allocator@UGuardInstInfo@StackGuard@oo@@@std@@@std@@A
??1GuardInst@StackGuard@oo@@QAE@XZ
??0GuardInst@StackGuard@oo@@QAE@AAV?$vector@UGuardInstInfo@StackGuard@oo@@V?$allocator@UGuardInstInfo@StackGuard@oo@@@std@@@std@@PBDK@Z
??0EClassNotFound@oo@@QAE@ABU01@@Z
?fromName@OClass@oo@@SAPAV12@PBD_N@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?postLoaded@OObject@oo@@UAEXXZ
?Attribute@TiXmlElement@@QBEPBDPBDPAH@Z

oographics

?getUp@Camera@oo@@QAEABVVector3@2@XZ
?instancePtr@RenderSystem@oo@@SAPAV12@XZ
?setMaterial@RenderSystem@oo@@QAEXPAVMaterial@2@@Z
?_CLASS@Material@oo@@2VOClass@2@A
?render@RenderSystem@oo@@QAEXPAXKW4PrimitiveType@2@I@Z
?getRight@Camera@oo@@QAEABVVector3@2@XZ

ooworld

?insertDrawActor@World@@QAEXPAVActor@@W4ActorRenderLayer@@PAX@Z
??0Actor_AC@@QAE@XZ
?_objVisit@Actor_AC@@UAEXAAUArgReadXml@oo@@_N@Z
??1Actor_AC@@UAE@XZ
?frameMove@Actor@@UAEXAAVTimer@oo@@ABUDrawParams@@@Z
?getPosition@Actor@@UBEABVVector3@oo@@XZ
?setPosition@Actor@@UAEXABVVector3@oo@@@Z
?getRotation@Actor@@UBEABVQuaternion@oo@@XZ
??1Actor@@UAE@XZ
?setRotation@Actor@@UAEXABVQuaternion@oo@@@Z
?_objVisit@Actor_AC@@UAEXAAUArgWriteBin@oo@@_N@Z
?getScaling@Actor@@UBEABVVector3@oo@@XZ
??4Actor@@QAEAAV0@ABV0@@Z
?_objVisit@Actor_AC@@UAEXAAUArgReadBin@oo@@_N@Z
??0Actor@@QAE@ABV0@@Z
?destroy@Actor@@UAEXK@Z
?_objVisit@Actor_AC@@UAEXAAVArgBase@oo@@@Z
?fillRenderQueue@Actor@@UAEXAAVRenderQueue@oo@@@Z
?generateName@Actor@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?_CLASS@Actor_AC@@2VOClass@oo@@A
?_CLASS@Actor@@2VOClass@oo@@A
?assign@Actor@@UAEXPAVOObject@oo@@@Z
?isGlow@Actor@@UAEHXZ
?_objVisit@Actor@@UAEXAAUArgWriteXml@oo@@_N@Z
?setGlow@Actor@@UAEXH@Z
?_objVisit@Actor@@UAEXAAUArgReadXml@oo@@_N@Z
?postLoaded@Actor@@MAEXXZ
?_objVisit@Actor_AC@@UAEXAAUArgWriteXml@oo@@_N@Z
??0Actor@@IAE@XZ
?_objVisit@Actor@@UAEXAAVArgBase@oo@@@Z
?_objVisit@Actor@@UAEXAAUArgReadBin@oo@@_N@Z
?_objVisit@Actor@@UAEXAAUArgWriteBin@oo@@_N@Z
?setScaling@Actor@@UAEXABVVector3@oo@@@Z

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?uncaught_exception@std@@YA_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z

msvcr80

_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
free
_encoded_null
_malloc_crt
_encode_pointer
?terminate@@YAXXZ
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3
_CxxThrowException
__clean_type_info_names_internal
_CIatan

kernel32

QueryPerformanceCounter
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange

Exports

Exports

??$FakeVolumeLight_objVisit@UArgReadBin@oo@@@FakeVolumeLight@@QAEXAAUArgReadBin@oo@@@Z
??0FakeVolumeLight@@QAE@ABV0@@Z
??0FakeVolumeLight@@QAE@XZ
??1FakeVolumeLight@@UAE@XZ
??4FakeVolumeLight@@QAEAAV0@ABV0@@Z
??_7FakeVolumeLight@@6B@
?_CLASS@FakeVolumeLight@@2VOClass@oo@@A
?_objVisit@FakeVolumeLight@@UAEXAAUArgReadBin@oo@@_N@Z
?_objVisit@FakeVolumeLight@@UAEXAAUArgReadXml@oo@@_N@Z
?_objVisit@FakeVolumeLight@@UAEXAAUArgWriteBin@oo@@_N@Z
?_objVisit@FakeVolumeLight@@UAEXAAUArgWriteXml@oo@@_N@Z
?_objVisit@FakeVolumeLight@@UAEXAAVArgBase@oo@@@Z
?build@FakeVolumeLight@@UAEXK@Z
?createObject@FakeVolumeLight@@KAPAVOObject@oo@@XZ
?deferDraw@FakeVolumeLight@@UAEXABUDrawParams@@@Z
?doRelease@FakeVolumeLight@@MAEXXZ
?draw@FakeVolumeLight@@UAEXABUDrawParams@@AAUActorDrawArgs@@@Z
?eventCreate@FakeVolumeLight@@UAEXXZ
?eventDestroy@FakeVolumeLight@@UAEXXZ
?getAABB@FakeVolumeLight@@UAEABVAABB@oo@@XZ
?getBaseClass@FakeVolumeLight@@SAPAVOClass@oo@@XZ
?getClass@FakeVolumeLight@@UBEPAVOClass@oo@@XZ
?onSeen@FakeVolumeLight@@UAEXAAVTimer@oo@@ABUDrawParams@@@Z
?tick@FakeVolumeLight@@UAEXAAVTimer@oo@@@Z

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcb5a10bdfb4b991bc7873de180e69e1

Headers

File Characteristics

PDB Paths

Imports

oocore

ooobject

oographics

ooworld

msvcp80

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 428B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 428B

.reloc
Size: 4KB - Virtual size: 2KB