dc9fd887964f046d73d1cc7b98c6b1be_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc9fd887964f046d73d1cc7b98c6b1be_JaffaCakes118
Size

836KB
MD5

dc9fd887964f046d73d1cc7b98c6b1be
SHA1

b00d056286d29e1a5a6998a1440ffd1a539ba52c
SHA256

99546b7ccb0335a598101a5f5ffc73173dd08a436f6889d858e65f20833343fb
SHA512

67c76139325361012838cbc4c3e06944f0f5b9344473d29a4c1439fe5cf5250be161f72289e31924c22137ad2d5e40e15efead11829e134a162a32319fb592a2
SSDEEP

6144:v/LdbWiOaxae6SAz2fPVjVqcSATwuAr9GnmoujAjGImIcdsATRW/Dy5TBifmOgHd:5hxaeYz2WLsucoRWO5T4NNuv5ApTU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc9fd887964f046d73d1cc7b98c6b1be_JaffaCakes118

Files

dc9fd887964f046d73d1cc7b98c6b1be_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a9051ec39bddce532d8cb0785032f36f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ddimage

??1Iop@Image@DD@@UAE@XZ
??1Executable@Image@DD@@MAE@XZ
?_validate@Iop@Image@DD@@MAEX_N@Z
?validate@Op@Image@DD@@QAEX_N@Z
?input@Op@Image@DD@@QBEPAV123@H@Z
?copy@Row@Image@DD@@QAEXABV123@ABVChannelSet@23@HH@Z
?aborted@Op@Image@DD@@QBE_NXZ
?get@Row@Image@DD@@QAEXAAVIop@23@HHHABVChannelSet@23@@Z
??1Row@Image@DD@@QAE@XZ
??0Row@Image@DD@@QAE@HH@Z
?progressFraction@Op@Image@DD@@QAEXN@Z
?progressMessage@Op@Image@DD@@QAAXPBDZZ
?error@Op@Image@DD@@QAAXPBDZZ
?SetFlags@Image@DD@@YAXAAVKnob_Closure@12@H@Z
?Tooltip@Image@DD@@YAXAAVKnob_Closure@12@PBD@Z
?execPythonKnob@Image@DD@@3P6A_NPBDPAVKnob@12@@ZA
?knob@Op@Image@DD@@QBEPAVKnob@23@PBD@Z
??0Executable@Image@DD@@QAE@PAVOp@12@@Z
??_7PixelIop@Image@DD@@6B@
??0Iop@Image@DD@@IAE@PAVNode@@@Z
?ctor2@Description@Image@DD@@AAEXP6AXPAV123@@Z@Z
?add@Description@Op@Image@DD@@KAXPAV134@@Z
?abi6_2_1@Op@Image@DD@@EAEHXZ
?_invalidate@Iop@Image@DD@@MAEXXZ
?_open@Iop@Image@DD@@MAEXXZ
?_close@Iop@Image@DD@@MAEXXZ
?doAnyHandles@Op@Image@DD@@MAE_NPAVViewerContext@23@@Z
?_fetchMetaData@Op@Image@DD@@UAEABVBundle@MetaData@@PBD@Z
?memUsage@Iop@Image@DD@@UBEIXZ
?build_handles@Iop@Image@DD@@UAEXPAVViewerContext@23@@Z
?draw_handle@Op@Image@DD@@UAEXPAVViewerContext@23@@Z
?optional_input@Op@Image@DD@@UBEHXZ
?minimum_inputs@Op@Image@DD@@UBEHXZ
?maximum_inputs@Op@Image@DD@@UBEHXZ
?test_input@Iop@Image@DD@@UBE_NHPAVOp@23@@Z
?inputs@Op@Image@DD@@UAEXH@Z
?set_input@Op@Image@DD@@UAEXHPAV123@HH@Z
?setOutputContext@Op@Image@DD@@UAEXABVOutputContext@23@@Z
?append@Op@Image@DD@@UAEXAAVHash@23@@Z
?uses_input@Op@Image@DD@@UBEMH@Z
?build_splits@Op@Image@DD@@UAEXXZ
?split_input@Op@Image@DD@@UBEHH@Z
?inputContext@Op@Image@DD@@UBEABVOutputContext@23@HHAAV423@@Z
?inputUIContext@Op@Image@DD@@UBEPBVOutputContext@23@HAAV423@@Z
?default_input@Iop@Image@DD@@UBEPAVOp@23@H@Z
?node_shape@Op@Image@DD@@UBEPBDXZ
?node_color@PixelIop@Image@DD@@UBEIXZ
?input_label@Op@Image@DD@@UBEPBDHPAD@Z
?input_longlabel@Op@Image@DD@@UBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?inUse@Iop@Image@DD@@MBE_NXZ
?firstEngineRendersWholeRequest@Op@Image@DD@@UBE_NXZ
?displayName@Op@Image@DD@@UBEPBDXZ
?_request@Iop@Image@DD@@MAEXHHHHABVChannelSet@23@H@Z
?engine@PixelIop@Image@DD@@MAEXHHHABVChannelSet@23@AAVRow@23@@Z
?doFetchPlane@Iop@Image@DD@@MAEXAAVImagePlane@23@@Z
?set_texturemap@Iop@Image@DD@@UAE_NPAVViewerContext@23@_N@Z
?unset_texturemap@Iop@Image@DD@@UAEXPAVViewerContext@23@@Z
?shade_GL@Iop@Image@DD@@UAE_NPAVViewerContext@23@AAVGeoInfo@23@@Z
?vertex_shader@Iop@Image@DD@@UAEXAAVVertexContext@23@@Z
?fragment_shader@Iop@Image@DD@@UAEXABVVertexContext@23@AAVPixel@23@@Z
?sample@Iop@Image@DD@@UAEXABVVector2@23@00PAVFilter@23@AAVPixel@23@@Z
?sample@Iop@Image@DD@@UAEXMMMMPAVFilter@23@AAVPixel@23@@Z
?sample_shadowmap@Iop@Image@DD@@UAEMPAV123@_NMMMMPAVFilter@23@M@Z
?gpuEngine_decl@Iop@Image@DD@@UBEPBDXZ
?gpuEngine_body@Iop@Image@DD@@UBEPBDXZ
?gpuEngine_getNumRequiredTexUnits@Iop@Image@DD@@UBEHXZ
?gpuEngine_GL_begin@Iop@Image@DD@@UAEXPAVGPUContext@23@@Z
?gpuEngine_GL_end@Iop@Image@DD@@UAEXPAVGPUContext@23@@Z
?abi6_0_1@Executable@Image@DD@@EAEHXZ
?beginExecuting@Executable@Image@DD@@UAEXXZ
?endExecuting@Executable@Image@DD@@UAEXXZ
?execViewMode@Executable@Image@DD@@UAE?AW4ExecMode@123@XZ
?execFrameMode@Executable@Image@DD@@UAE?AW4ExecMode@123@XZ
?views@Executable@Image@DD@@UAEABV?$set@HU?$less@H@std@@V?$allocator@H@2@@std@@XZ
?isWrite@Executable@Image@DD@@UBE_NXZ
?skipForContext@Executable@Image@DD@@UBE_NABVOutputContext@23@@Z

msvcp80

??_7ctype_base@std@@6B@
?id@?$ctype@D@std@@2V0locale@2@A
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
?id@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??_7?$codecvt@DDH@std@@6B@
??_7codecvt_base@std@@6B@
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??_7?$ctype@D@std@@6B@
_Getctype
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??0_Mutex@std@@QAE@XZ
??1_Mutex@std@@QAE@XZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Locinfo_ctor@_Locinfo@std@@SAXPAV12@PBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Id_cnt@id@locale@std@@0HA
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??_7?$numpunct@D@std@@6B@
_Getcvt
?_Locinfo_dtor@_Locinfo@std@@SAXPAV12@@Z
?facet_Register@facet@locale@std@@CAXPAV123@@Z
_Toupper
_Tolower
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@_String_base@std@@SAXXZ
?_Xlen@_String_base@std@@SAXXZ
??_7facet@locale@std@@6B@

msvcr80

fclose
fwrite
strncpy
strchr
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
_isnan
_purecall
?what@exception@std@@UBEPBDXZ
qsort
floor
ceil
_stricmp
free
??0exception@std@@QAE@XZ
strcspn
memchr
sprintf_s
??_V@YAXPAX@Z
localeconv
_invalid_parameter_noinfo
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
memcpy_s
memmove_s
__CxxFrameHandler
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
memset
memcpy

kernel32

LoadLibraryA
GetProcAddress
InterlockedExchange
Sleep
InterlockedCompareExchange
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

Sections

.text
Size: 396KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9051ec39bddce532d8cb0785032f36f

Headers

File Characteristics

Imports

ddimage

msvcp80

msvcr80

kernel32

Sections

.text Size: 396KB - Virtual size: 392KB

.text1 Size: 28KB - Virtual size: 25KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 12KB - Virtual size: 12KB

.data1 Size: 172KB - Virtual size: 171KB

.rsrc Size: 96KB - Virtual size: 93KB

.reloc Size: 64KB - Virtual size: 61KB

.text
Size: 396KB - Virtual size: 392KB

.text1
Size: 28KB - Virtual size: 25KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 12KB

.data1
Size: 172KB - Virtual size: 171KB

.rsrc
Size: 96KB - Virtual size: 93KB

.reloc
Size: 64KB - Virtual size: 61KB