f2c7ca8b3eed230d4f1a101ca2428276_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f2c7ca8b3eed230d4f1a101ca2428276_JaffaCakes118
Size

3.9MB
MD5

f2c7ca8b3eed230d4f1a101ca2428276
SHA1

2dcd245a0f59bb4be18296f4ec17804c9c1b9c24
SHA256

254ef1a1355e60813898d1097765c64d2cf7b69db4226fe115c5c215d7af5f6f
SHA512

5002db5018d0a35efa7cf3d5dc233d8e31dd1eb9d5d656226f99132aa89f4e7c47896bc65aebe979ae8c9a0a006332aefc4287917ae945192c6b9571f6cf3549
SSDEEP

49152:Jd/MpMc2W39dq89hl+szohFgEdIEwzo2Zx6TxvedvFg4DD:Xmt78ezQedvFg4DD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2c7ca8b3eed230d4f1a101ca2428276_JaffaCakes118

Files

f2c7ca8b3eed230d4f1a101ca2428276_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aa685310ad8dbac2b96c7e310172177d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ZC\__2.55\ZeldaClassic\Release\zelda.pdb

Imports

kernel32

Sleep
InterlockedCompareExchange
WriteFile
GetLastError
ConnectNamedPipe
CreateProcessA
GetStartupInfoA
CreateNamedPipeA
GetTickCount
CloseHandle
DisconnectNamedPipe
GetStdHandle
FreeConsole
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
SetConsoleTitleA
AllocConsole
EnterCriticalSection
LeaveCriticalSection
CreateMutexA
OpenMutexA
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryA
SetEndOfFile
CreateFileW
GetLocaleInfoW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
SetConsoleCtrlHandler
HeapSize
ReadFile
GetModuleFileNameA
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetCurrentThread
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
InitializeCriticalSectionAndSpinCount
SetLastError
SetHandleCount
FatalAppExitA
GetModuleHandleA
GetTimeZoneInformation
GetCPInfo
LCMapStringW
LCMapStringA
HeapReAlloc
GetCommandLineA
GetFileAttributesA
SetFileAttributesA
CreateDirectoryA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetFullPathNameA
GetDriveTypeA
ExitProcess
GetModuleHandleW
DeleteFileA
HeapAlloc
HeapFree
RaiseException
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
MultiByteToWideChar
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetProcessHeap

user32

SetWindowLongA
MessageBoxA
GetWindowLongA

zcsound

zcmusic_change_track
zcmusic_set_speed
zcmusic_set_curpos
zcmusic_get_curpos
zcmusic_pause
zcmusic_bufsz
zcmusic_stop
zcmusic_unload_file
zcmusic_init
zcmusic_exit
zcmusic_poll
zcmusic_play
zcmusic_load_file
zcmusic_load_file_ex
zcmusic_get_tracks

winmm

timeEndPeriod
timeBeginPeriod

alleg44

mouse_b
simulate_keypress
position_mouse_z
position_mouse
destroy_midi
vsync
rest
draw_trans_sprite
masked_blit
color_map
textprintf_ex
font
is_windowed_mode
enable_triple_buffer
gfx_capabilities
set_gfx_mode
remove_int
allegro_message
gfx_driver
create_video_bitmap
set_display_switch_mode
screen
gui_mouse_focus
set_palette
get_color_depth
allegro_error
show_mouse
get_palette
is_relative_filename
exists
unload_datafile
midi_pos
midi_seek
set_volume
stop_midi
get_volume
allegro_exit
set_keyboard_rate
win_get_window
rgb_map
set_display_switch_callback
set_config_int
set_window_title
set_close_button_callback
install_sound
set_uformat
load_datafile
set_color_conversion
packfile_password
set_color_depth
desktop_color_depth
append_filename
install_int_ex
install_joystick
install_mouse
install_keyboard
install_timer
register_bitmap_file_type
three_finger_flag
_install_allegro_version_check
register_trace_handler
_WinMain
replace_extension
pack_mgetw
pack_mgetl
delete_file
line
palette_color
gui_mg_color
unscare_mouse
scare_mouse
d_keyboard_proc
release_screen
acquire_screen
utolower
make_relative_filename
stretch_blit
rectfill
gui_bg_color
textout_ex
uvszprintf
d_text_proc
d_ctext_proc
d_check_proc
d_button_proc
d_edit_proc
rect
gui_fg_color
set_clip_rect
clear_keybuf
keypressed
stop_sample
set_palette_range
fade_interpolate
joy
poll_joystick
play_sample
black_palette
create_trans_table
draw_rle_sprite
bestfit_color
readkey
object_message
uisok
_allegro_vline
solid_mode
drawing_mode
putpixel
bitmap_color_depth
makecol
get_color
textout_centre_ex
set_color
create_rgb_table
_allegro_count
put_backslash
file_exists
canonicalize_filename
uwidth_max
get_extension
fix_filename_case
uinsert
ustrncmp
for_each_file_ex
replace_filename
ugetx
ustrtok_r
_ustrdup
ustrpbrk
fix_filename_slashes
_al_getdcwd
_al_getdrive
get_config_text
d_yield_proc
gui_textout_ex
_allegro_hline
pack_mputl
broadcast_dialog_message
release_bitmap
acquire_bitmap
gui_font_baseline
rest_callback
gui_strlen
scancode_to_ascii
active_menu
_rgb_b_shift_15
_rgb_g_shift_15
_rgb_scale_5
_rgb_r_shift_15
_rgb_scale_6
_current_palette
fixdiv
draw_sprite
gui_get_screen
set_dialog_color
arc
circlefill
d_list_proc
create_sub_bitmap
_cos_tbl
rotate_sprite
rotate_scaled_sprite
save_bitmap
floodfill
spline
stretch_sprite
quad3d_f
triangle3d_f
masked_stretch_blit
polygon
ellipse
ellipsefill
rotate_sprite_v_flip
rotate_sprite_v_flip_lit
rotate_sprite_lit
rotate_sprite_v_flip_trans
rotate_sprite_trans
pivot_sprite_v_flip_lit
pivot_sprite_lit
draw_lit_sprite
draw_sprite_vh_flip
draw_sprite_h_flip
pivot_sprite_v_flip
draw_sprite_ex
draw_sprite_v_flip
pivot_sprite_trans
pivot_sprite
textout_right_ex
load_bitmap
set_trans_blender
pack_mputw
do_dialog
popup_dialog
gui_set_screen
shutdown_dialog
update_dialog
init_dialog
_gfx_mode_set_count
_mouse_screen
scare_mouse_area
flush_config_file
set_config_string
textprintf_right_ex
d_bitmap_proc
midi_pause
midi_resume
deallocate_voice
voice_get_position
voice_set_volume
allocate_voice
voice_start
voice_set_position
voice_set_pan
voice_set_playmode
voice_stop
get_config_float
set_mouse_sprite
triangle
request_video_bitmap
poll_scroll
midi_loop_start
midi_loop_end
play_midi
midi_driver
num_joysticks
unselect_palette
select_palette
create_bitmap
register_datafile_object
bitmap_mask_color
_rgb_g_shift_16
_rgb_a_shift_32
_rgb_r_shift_32
_rgb_r_shift_16
_rgb_b_shift_24
_rgb_b_shift_16
_rgb_b_shift_32
_rgb_g_shift_32
_rgb_r_shift_24
_rgb_g_shift_24
geta32
getb32
getg32
getr32
getb24
getg24
getr24
getb16
getg16
getr16
getb15
getg15
getr15
is_memory_bitmap
makecol_depth
generate_332_palette
_color_load_depth
_fixup_loaded_bitmap
file_size
makecol24
empty_string
ugetxc
ustrlwr
uszprintf
ustrsizez
utoupper
uatof
ustrtol
_add_exit_func
uconvert
find_allegro_resource
get_executable_name
get_filename
clear_to_color
create_bitmap_ex
text_height
text_length
ustrcmp
ustricmp
ustrzcat
uoffset
al_assert
system_driver
file_size_ex
need_uconvert
uconvert_size
do_uconvert
ucwidth
_al_malloc
allegro_errno
_al_sane_realloc
uwidth
uisspace
ustrzcpy
_al_ustrdup
ustrlen
usetat
ugetat
_remove_exit_func
_al_free
usetc
pack_fopen
pack_fputs
ugetc
pack_fclose
get_config_string
blit
set_config_file
getpixel
clear_bitmap
set_clip_state
get_config_int
al_trace
destroy_bitmap
pack_iputl
pack_igetl
pack_iputw
pack_igetw
pack_putc
pack_feof
pack_getc
pack_ferror
pack_fread
pack_fseek
pack_fwrite
gui_mouse_x
gui_mouse_z
gui_mouse_y
gui_mouse_b
key
circle
key_shifts
_al_drive_exists

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 973KB - Virtual size: 32.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa685310ad8dbac2b96c7e310172177d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

zcsound

winmm

alleg44

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 227KB - Virtual size: 227KB

.data Size: 973KB - Virtual size: 32.7MB

.rsrc Size: 308KB - Virtual size: 308KB

.reloc Size: 244KB - Virtual size: 244KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 227KB - Virtual size: 227KB

.data
Size: 973KB - Virtual size: 32.7MB

.rsrc
Size: 308KB - Virtual size: 308KB

.reloc
Size: 244KB - Virtual size: 244KB