eea8d2e9e3e71f5695319e62820ca5d7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eea8d2e9e3e71f5695319e62820ca5d7_JaffaCakes118
Size

277KB
MD5

eea8d2e9e3e71f5695319e62820ca5d7
SHA1

5f6f58effc367ced63a031ac77b164c646515bff
SHA256

e3d708647970e874d3c9e841378276cf32c42525614eef0838eb6c3e22f365a5
SHA512

2487e90c4d635238e04b615d4dd06b2241107593a8d855b484d037d2e9383399247b96b9332884f730fd348c0cee23583b21e6818f0b419f0fddec27b33ec013
SSDEEP

3072:xcDJaAmtAixWWT3buhOTGkAwaR6E+RwpkJBtOg5oVpBZwn7atIe6++JvCr27:xcDEA83xn3HGBRnPz3p/wn7aZ6lN7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eea8d2e9e3e71f5695319e62820ca5d7_JaffaCakes118

Files

eea8d2e9e3e71f5695319e62820ca5d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1efaf96c48a94a155ad984473a28f87e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\buildslave\steam_rel_client_win32\build\src\steamerrorreporter\Release\steamerrorreporter.pdb

Imports

kernel32

GetCurrentThreadId
GetModuleFileNameA
VirtualQuery
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
Sleep
OutputDebugStringW
GetTickCount
CloseHandle
CreateEventA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
GetLocaleInfoA
LoadLibraryA
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
QueryPerformanceCounter
GetFileType
UnregisterWait
SetEvent
DuplicateHandle
GetCurrentProcess
GetLastError
ConnectNamedPipe
ResetEvent
GetOverlappedResult
ReadFile
DisconnectNamedPipe
GetCurrentProcessId
DeleteCriticalSection
ReleaseMutex
UnregisterWaitEx
InterlockedDecrement
InitializeCriticalSection
QueueUserWorkItem
InterlockedIncrement
RegisterWaitForSingleObject
WriteFile
CreateNamedPipeW
CreateEventW
CreateMutexW
OpenProcess
ReadProcessMemory
GetSystemTimeAsFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
GetSystemTime
FlushFileBuffers
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
GetFileTime
DeleteFileW
SetEndOfFile
SetFilePointer
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
HeapFree
GetVersionExA
GetStartupInfoA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
FindNextFileW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStdHandle
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount

tier0_s

?Push@CValidator@@QAEXPBDPAX0@Z
?ClaimArrayMemory@CValidator@@QAEXPAX@Z
?Pop@CValidator@@QAEXXZ
??1CThreadMutex@@QAE@XZ
g_dwDllEntryThreadId
??0CThreadMutex@@QAE@XZ
g_pMemAllocSteam
Plat_IsInDebugSession
WriteMiniDump
Plat_ExitProcess
AssertMsgImplementation

vstdlib_s

V_FixDoubleSlashes
Q_snprintf
Q_UnicodeToUTF8
Q_UTF8ToUnicode
Q_strncat
Q_StripTrailingSlash
Q_StripLastDir
Q_FixSlashes
Q_MakeAbsolutePath
Q_strncpy

psapi

EnumProcessModules
GetModuleBaseNameW

wininet

InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetOptionW
HttpSendRequestW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1efaf96c48a94a155ad984473a28f87e

Headers

File Characteristics

PDB Paths

Imports

kernel32

tier0_s

vstdlib_s

psapi

wininet

Sections

.text Size: 148KB - Virtual size: 146KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 88KB - Virtual size: 88KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 88KB - Virtual size: 88KB