8958c1e0048bdaeb774667bf6224267b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8958c1e0048bdaeb774667bf6224267b_JaffaCakes118
Size

268KB
MD5

8958c1e0048bdaeb774667bf6224267b
SHA1

79c0ab293b9a8fb3aa4753cb56a6ce44621a9a78
SHA256

24c742d2605414efa7492df4155e35e1ec49dc7371859d5180ba35addb0a0dda
SHA512

83e89deea403bb70128da2e1964dc5bd978bbb7bd80d698509f27cb0c26fbf2ff5ae341701a1707e01e9d6e189e21b5c35afeadcf815e08c5ee9761e9c772120
SSDEEP

6144:mysK0PSge6hzLw1I/u1tHxgIh5nQCrOOOko/:mn6O5U1Im3pHQCaOOf/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8958c1e0048bdaeb774667bf6224267b_JaffaCakes118

Files

8958c1e0048bdaeb774667bf6224267b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

103f55afbbe4cb7ce5a5614ac927b4df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u:\Dev\rel\src\avi\Release\valve_avi.pdb

Imports

avifil32

AVIFileRelease
AVIStreamRelease
AVIStreamSetFormat
AVIMakeCompressedStream
AVISaveOptions
AVIFileCreateStreamA
AVIStreamWrite
AVIStreamGetFrameOpen
AVIStreamStart
AVIFileGetStream
AVIStreamGetFrameClose
AVIFileInit
AVIFileExit
AVIFileOpenA
AVIFileInfoA
AVIStreamGetFrame

kernel32

CloseHandle
GetProcessHeap
HeapAlloc
VirtualQuery
GetModuleFileNameA
FlushFileBuffers
SetStdHandle
GetSystemInfo
VirtualAlloc
VirtualProtect
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetLocaleInfoA
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
LCMapStringA
LCMapStringW
InterlockedExchange
SetFilePointer
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
GetStringTypeA
GetStringTypeW

user32

ReleaseDC
SetRect
GetDesktopWindow
GetDC

gdi32

SelectObject
SetDIBits
CreateCompatibleDC
CreateDIBSection
GetObjectA
DeleteObject
DeleteDC

tier0

Msg
Warning
g_pMemAlloc
Error

vstdlib

Q_strncmp
Q_SetExtension
Q_snprintf
Q_DefaultExtension
KeyValuesSystem

Exports

Exports

CreateInterface

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

103f55afbbe4cb7ce5a5614ac927b4df

Headers

File Characteristics

PDB Paths

Imports

avifil32

kernel32

user32

gdi32

tier0

vstdlib

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 16KB

.reloc Size: 8KB - Virtual size: 5KB

.text Size: 196KB - Virtual size: 196KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 16KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 196KB - Virtual size: 196KB