95d34ae3c61a72630e52bde77c776867_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

95d34ae3c61a72630e52bde77c776867_JaffaCakes118
Size

512KB
MD5

95d34ae3c61a72630e52bde77c776867
SHA1

9eccf28596994295d2ce4118ccf0ff99368bd637
SHA256

3779f18946b734bf2830f1931a41199b65d3e05462760824e586e66dd072a814
SHA512

d4a764f5a88f15bab1b571bd705bd71b5cc491f6e808255aacfcee4d8fff7a031b6a5e4e81c87be995a8938f649e9a02eb589cfc989789059c5a2c4b08c2fc38
SSDEEP

6144:ush7614JQfIK1BO9mlGOTG4Gv/s6hzLw1I/u1tHxgIh5nQCrOOOko6:ush76lf9kmlGOTRyJ5U1Im3pHQCaOOf6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95d34ae3c61a72630e52bde77c776867_JaffaCakes118

Files

95d34ae3c61a72630e52bde77c776867_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a425c36722509488e711bce15d99359b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\ep1\src\filesystem\filesystem_stdio\Release_Steam\filesystem_steam.pdb

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentDirectoryA
OutputDebugStringA
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
IsDebuggerPresent
GetEnvironmentVariableA
VirtualQuery
HeapAlloc
GetProcessHeap
GetLocaleInfoW
SetEndOfFile
SetConsoleCtrlHandler
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
GetCPInfo
CompareStringA
CreateFileA
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
SetFilePointer
ReadFile
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
SetLastError
TlsAlloc
SetCurrentDirectoryA
CloseHandle
FatalAppExitA
EnterCriticalSection
RtlUnwind
GetFullPathNameA
WideCharToMultiByte
GetProcAddress
LoadLibraryA
FreeLibrary
WaitForMultipleObjects
GetLastError
CreateDirectoryA
MoveFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
SetFileAttributesA
GetFileAttributesA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteFileA

user32

DestroyWindow
GetForegroundWindow
MessageBoxA

shell32

SHGetFileInfoW

steam

_f
SteamFindFirst
SteamFindClose

tier0

??0CThread@@QAE@XZ
?Start@CThread@@UAE_NI@Z
?Init@CThread@@MAE_NXZ
?OnExit@CThread@@MAEXXZ
?WaitForCreateComplete@CThread@@MAE_NPAVCThreadEvent@@@Z
?GetThreadProc@CThread@@MAEP6GIPAX@ZXZ
?GetPriority@CThread@@QBEHXZ
ThreadGetPriority
?SetPriority@CThread@@QAE_NH@Z
??0CThreadMutex@@QAE@XZ
Warning
Plat_FloatTime
Error
_SpewInfo
_SpewMessage
ShouldUseNewAssertDialog
DoNewAssertDialog
_ExitOnFatalAssert
?Sleep@CThread@@SAXI@Z
??1CThread@@UAE@XZ
?DevMsg@@YAXPBDZZ
ThreadInterlockedExchange
?Set@CThreadLocalBase@@QAEXPAX@Z
?Get@CThreadLocalBase@@QBEPAXXZ
??0CThreadLocalBase@@QAE@XZ
ThreadInterlockedExchangeAdd
ThreadInMainThread
??1CThreadLocalBase@@QAE@XZ
?Lock@CThreadFastMutex@@QCEXI@Z
CommandLine_Tier0
?ExitScope@CVProfile@@QAEXXZ
g_VProfCurrentProfile
?EnterScope@CVProfile@@QAEXPBDH0_NH@Z
ThreadInterlockedDecrement
ThreadInterlockedIncrement
?Lock@CThreadMutex@@QBEXXZ
?Lock@CThreadMutex@@QAEXXZ
g_pMemAlloc
g_ClockSpeedMillisecondsMultiplier
?Join@CThread@@QAE_NI@Z
?CallWorker@CWorkerThread@@QAEHII_N@Z
ThreadSleep
g_pVCR
?GetCurrentCThread@CThread@@SAPAV1@XZ
?Reply@CWorkerThread@@QAEXI@Z
?GetCallParam@CWorkerThread@@QBEIXZ
?GetCallHandle@CWorkerThread@@QAEPAXXZ
Msg
AssertValidStringPtr
_AssertValidWritePtr
_AssertValidReadPtr
DevMsg
?TryLock@CThreadMutex@@QAE_NXZ
?Wait@CThreadSyncObject@@QAE_NI@Z
?Release@CThreadSemaphore@@QAE_NJPAJ@Z
?Resume@CThread@@QAEIXZ
?Suspend@CThread@@QAEIXZ
?BoostPriority@CWorkerThread@@QAEHXZ
??1CThreadEvent@@QAE@XZ
??1CThreadMutex@@QAE@XZ
??1CWorkerThread@@UAE@XZ
??0CThreadSemaphore@@QAE@JJ@Z
??0CThreadEvent@@QAE@_N@Z
??0CWorkerThread@@QAE@XZ
??1CThreadSyncObject@@QAE@XZ
?Set@CThreadEvent@@QAE_NXZ
?Reset@CThreadEvent@@QAE_NXZ

vstdlib

KeyValuesSystem
GetCVarIF
RandomInt

Exports

Exports

CreateInterface

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a425c36722509488e711bce15d99359b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

steam

tier0

vstdlib

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 257KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 24KB

.reloc Size: 16KB - Virtual size: 15KB

.text Size: 196KB - Virtual size: 196KB

.text
Size: 260KB - Virtual size: 257KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 24KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 196KB - Virtual size: 196KB