832d2c0efe01182e70694eba403a6071_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

832d2c0efe01182e70694eba403a6071_JaffaCakes118
Size

52KB
MD5

832d2c0efe01182e70694eba403a6071
SHA1

c47401fb2459850e0dc13eae4919174620ab7401
SHA256

063535fe8d3e605c0826425f524979374fe3f5a333a413eb0b55cd118cb49085
SHA512

50514adf5107c1edf657b14da84d7aa10b2aec55f66fac135b785ef2f63082037f2f161af3d83ed20967dec5f74e2172c8edf602afc79c3819d09a17c7a1c633
SSDEEP

768:QnDvh7bnh4KjxwQlpyRfw6MaCd4Takar8ivMgANHEthDYO5VGyXYh9335ssXH:Otnh4wBlGEm2kar8ivMath0O5/XAx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
832d2c0efe01182e70694eba403a6071_JaffaCakes118

Files

832d2c0efe01182e70694eba403a6071_JaffaCakes118
.dll windows:5 windows x86 arch:x86

969409a1603212b8268aaa56738cecc0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\rizky\My Documents\Visual Studio 2008\kebo david\Release\D3DSeepz.pdb

Imports

kernel32

ReadProcessMemory
VirtualAlloc
VirtualProtectEx
LoadLibraryA
VirtualProtect
ExitProcess
IsBadReadPtr
IsBadWritePtr
SetFileAttributesA
GetModuleHandleA
DeleteFileA
CreateThread
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetCurrentProcess

user32

DestroyWindow
RegisterClassExA
SetRect
GetAsyncKeyState
mouse_event
GetCursorPos
GetDesktopWindow
DefWindowProcA
ReleaseDC
CreateWindowExA
GetDC
GetForegroundWindow

gdi32

GetPixel

msvcr90

_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
free
remove
malloc
memmove
sprintf
??2@YAPAXI@Z
memset

winmm

sndPlaySoundA

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateFontA
D3DXCreateSprite
D3DXCreateLine
D3DXCreateTextureFromFileInMemoryEx

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

969409a1603212b8268aaa56738cecc0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcr90

winmm

d3d9

d3dx9_43

wininet

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 2KB - Virtual size: 2KB