a8afe42fa34b18fd90126859e4e6f681_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a8afe42fa34b18fd90126859e4e6f681_JaffaCakes118
Size

76KB
MD5

a8afe42fa34b18fd90126859e4e6f681
SHA1

2b81d8dfa7ff8a756f756bef3271a0a59f527353
SHA256

16345eedea2881e8785f27100ac55f9d2048def7fb00395d921cf100c9f70096
SHA512

35970d0f581e8d335448401f1cde76d7651f808d16e94157352ac15695d88c41f85ec6ab3b28709ec3a873bb34b9f3614cc32b5fb15e56472ceab10322666368
SSDEEP

1536:xkor5BxnXUtumHgPhY2NMXGmJDVsjaAliNg4DSD:xHRS1/KFL4DSD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8afe42fa34b18fd90126859e4e6f681_JaffaCakes118

Files

a8afe42fa34b18fd90126859e4e6f681_JaffaCakes118
.dll windows:4 windows x86 arch:x86

de9efea5b14d89393234f859c7366615

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

M:\Games\Richard Burns Rally Original\Plugins\RBRTestPlugin.pdb

Imports

dinput8

DirectInput8Create

kernel32

WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
Sleep
GetCurrentProcessId
CreateThread
GetTickCount
HeapSize
ReadFile
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcAddress
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
CloseHandle
EnterCriticalSection
LeaveCriticalSection
WriteFile
FlushFileBuffers
DeleteCriticalSection
HeapAlloc
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
SetFilePointer
VirtualAlloc
HeapReAlloc
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetLocaleInfoA
GetACP
GetOEMCP
SetStdHandle
InitializeCriticalSection
CreateFileA
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
SetEndOfFile

user32

GetWindowThreadProcessId
GetWindow
GetParent
FindWindowA

Exports

Exports

RBR_CreatePlugin

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de9efea5b14d89393234f859c7366615

Headers

File Characteristics

PDB Paths

Imports

dinput8

kernel32

user32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 5KB