cf3c18ed1349cde5e8199dc7262ef9c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf3c18ed1349cde5e8199dc7262ef9c9_JaffaCakes118
Size

171KB
MD5

cf3c18ed1349cde5e8199dc7262ef9c9
SHA1

fc38a2337df95a25cf50cdca0a51353d2d89645b
SHA256

112af9422b8dcc8cd70d43d1cf225c94ac9b4b4adb094bf7a8d8fe54201a3e58
SHA512

ed21b1c82e40fb7bd7ee60d519cc4a49033ec0a14f5868fac9983f0f59f6dc4a4601466151b6609140cf6e2fb088d66f79d90bfb3feedaa25f5ecf76dc6c0757
SSDEEP

3072:QiDJ7Sysk6dyJlsRtslSdHl5xyEUnGcSZmE95a36qcxEjlv5QCM:/J7S8JJSRUXSt95u6q8EjMT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf3c18ed1349cde5e8199dc7262ef9c9_JaffaCakes118

Files

cf3c18ed1349cde5e8199dc7262ef9c9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6e043e7fe0aac7bcf2f485ef19e4a139

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\opera\gst-opera\Release\gstwavparse.pdb

Imports

gstreamer

g_object_unref
gst_riff_parse_strf_auds
gst_adapter_push
gst_message_new_segment_start
g_free
gst_pad_activate_pull
gst_caps_replace
g_type_check_class_cast
gst_object_unref
gst_pad_start_task
g_static_rec_mutex_lock
gst_riff_create_audio_template_caps
gst_query_parse_duration
gst_event_new_eos
g_intern_static_string
gst_event_new_flush_stop
_gst_element_error_printf
gst_adapter_take_buffer
gst_pad_pull_range
gst_pad_set_caps
gst_adapter_peek
gst_pad_pause_task
gst_query_set_duration
gst_riff_init
gst_element_get_type
gst_element_class_get_pad_template
gst_event_parse_seek
gst_segment_set_seek
gst_query_set_convert
gst_element_remove_pad
gst_pad_push_event
gst_caps_unref
gst_mini_object_unref
gst_static_pad_template_get
g_type_check_instance_cast
gst_type_register_static_full
g_once_init_leave
gst_pad_set_chain_function
gst_riff_read_chunk
gst_segment_set_last_stop
gst_pad_new_from_static_template
gst_element_register
gst_element_add_pad
gst_structure_has_name
gst_util_uint64_scale
gst_pad_activate_push
gst_element_class_add_pad_template
gst_mini_object_replace
gst_element_message_full
gst_adapter_available
gst_event_new_seek
gst_event_new_new_segment_full
g_static_rec_mutex_unlock
gst_query_parse_position
gst_pad_set_active
gst_query_new_seeking
gst_query_set_seeking
gst_segment_init
gst_query_set_position
gst_element_post_message
gst_pad_event_default
gst_message_new_segment_done
gst_pad_query_default
gst_pad_set_query_function
gst_object_get_parent
gst_event_new_new_segment
g_once_init_enter_impl
gst_pad_query_peer_duration
gst_buffer_make_metadata_writable
gst_adapter_clear
gst_caps_from_string
gst_element_no_more_pads
gst_pad_set_activate_function
gst_pad_template_new
gst_util_uint64_scale_int
gst_pad_use_fixed_caps
gst_event_new_flush_start
gst_riff_create_audio_caps
gst_element_class_set_details_simple
gst_stream_error_quark
gst_query_parse_convert
gst_flow_get_name
gst_adapter_new
gst_pad_set_activatepull_function
gst_riff_parse_file_header
gst_buffer_set_caps
gst_pad_peer_query
gst_pad_check_pull_range
gst_pad_new_from_template
gst_util_guint64_to_gdouble
gst_pad_query_convert
gst_caps_get_structure
g_type_class_peek_parent
gst_segment_set_duration
gst_adapter_flush
gst_pad_push
gst_pad_stop_task
gst_query_parse_seeking
gst_pad_set_event_function
gst_pad_set_query_type_function
gst_segment_set_newsegment_full
gst_event_parse_new_segment_full

kernel32

HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
GetModuleHandleA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteFile
HeapReAlloc
VirtualAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
Sleep
HeapFree
InterlockedDecrement
GetLastError
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCurrentThreadId

Exports

Exports

gst_plugin_desc

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6e043e7fe0aac7bcf2f485ef19e4a139

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gstreamer

kernel32

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 3KB

.text Size: 94KB - Virtual size: 96KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 94KB - Virtual size: 96KB