d994c68b4367816f87c615fd420a6a81_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d994c68b4367816f87c615fd420a6a81_JaffaCakes118
Size

83KB
MD5

d994c68b4367816f87c615fd420a6a81
SHA1

80599bc3050e03a2e6bc8d05f8efcd03d13782c4
SHA256

1edec1ddecb0b672f5154dd1dadcaa32e670885c63809c9c3d83241612fbac53
SHA512

ed214ad94d915f11c5f27e6990b2b519e00d3d2de4a66fe58d179819d01423de940f18cfb18dfbeb2046db0d34e010cbe43b3a24102f1c9efcf6d4dc11e06970
SSDEEP

1536:iWODeblquIHL9Yn7GyYiCciwWlsaNiFJ9Mx6fhgGvMLP:i/DQo92PYkUsd/9q2i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/[SA] No Shadows/GTA San Andreas/NoShadows.asi

Files

d994c68b4367816f87c615fd420a6a81_JaffaCakes118
.rar
[SA] No Shadows/GTA San Andreas/NoShadows.asi
.dll windows:5 windows x86 arch:x86

aec4afc4132c9462b1c6e53f27fb6172

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32First
GetProcAddress
Process32Next
VirtualProtect
CreateToolhelp32Snapshot
CloseHandle
Sleep
GetModuleHandleA
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

user32

CharUpperA

msvcr120

_unlock
_calloc_crt
__dllonexit
_onexit
_snprintf
__crtUnhandledException
__crtTerminateProcess
??1type_info@@UAE@XZ
_lock
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_except_handler4_common
?terminate@@YAXXZ
__clean_type_info_names_internal
rand
_hypot
??3@YAXPAX@Z
_purecall
isalnum
__CppXcptFilter
_beginthread
memmove
??2@YAPAXI@Z
realloc
malloc
free
__CxxFrameHandler3
memcpy
_crt_debugger_hook
_CxxThrowException
memset

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
??0id@locale@std@@QAE@I@Z

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[SA] No Shadows/GTA San Andreas/models/particle.txd
[SA] No Shadows/GTA San Andreas/Лучшие моды для GTA.url
[SA] No Shadows/GTA San Andreas/Прочти.txt
[SA] No Shadows/ReadMe.txt
[SA] No Shadows/Лучшие моды для GTA.url
[SA] No Shadows/Прочти.txt

Sharing

General

Malware Config

Signatures

Files

aec4afc4132c9462b1c6e53f27fb6172

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr120

msvcp120

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB