b1136d6de0e30fc7438aae0c80e0f280_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1136d6de0e30fc7438aae0c80e0f280_JaffaCakes118
Size

30KB
MD5

b1136d6de0e30fc7438aae0c80e0f280
SHA1

b60a7e8f2feec932c5c77819939931009bae675c
SHA256

e64170a492ec619e4b3c4f21e2fab9be1c3207fdac63f5698b9e29bd523be7cc
SHA512

cad38e4fd1a88d1c0353ed765e659ee5c6c2901bfff9827e31faee2e5e44a69018da983320ad67cd00ef1bccbf012859305d24ad95a76715eff0334ede252aa6
SSDEEP

768:SP23oI11hP69NZRoVpD2vRpnOJi0TG9+g:s23oITz2JJOI0yJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1136d6de0e30fc7438aae0c80e0f280_JaffaCakes118

Files

b1136d6de0e30fc7438aae0c80e0f280_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6c1552b6260f90d071529efa5ba5dba5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Kubuś\Desktop\ELExTrO D3D--2\ELExTrO D3D\Release\ELExTrO D3D.pdb

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MulDiv
CreateThread
VirtualProtect
GetModuleHandleA
VirtualProtectEx
VirtualAlloc
Sleep
GetCurrentProcess
QueryPerformanceCounter
TerminateProcess
IsProcessorFeaturePresent
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer

user32

SetRect
DestroyWindow
keybd_event
GetAsyncKeyState
CreateWindowExA
ShowWindow
GetSystemMetrics

gdi32

SetTextColor
DeleteDC
CreateDIBSection
CreateFontA
GetDeviceCaps
SetBkColor
DeleteObject
SelectObject
CreateCompatibleDC
SetMapMode
SetTextAlign
ExtTextOutA
GetTextExtentPoint32A

msvcr100

free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
memcpy
memset
_malloc_crt
sprintf
ceil
??2@YAPAXI@Z
malloc
??3@YAXPAX@Z

d3d9

Direct3DCreate9

Sections

_TEXT
Size: 512B - Virtual size: 431B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c1552b6260f90d071529efa5ba5dba5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcr100

d3d9

Sections

_TEXT Size: 512B - Virtual size: 431B

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1KB - Virtual size: 1KB

_TEXT
Size: 512B - Virtual size: 431B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB