fa7cdc6ac23785b6ba07af157a2fa3a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa7cdc6ac23785b6ba07af157a2fa3a4_JaffaCakes118
Size

339KB
MD5

fa7cdc6ac23785b6ba07af157a2fa3a4
SHA1

588f06098a72ea02b7ff83ecf27fadaf00dfb814
SHA256

da291d2634a2a9a1972057e6d68d85402a909cad4f8da8da740740b4e3815a43
SHA512

484f16701451f7dad48e5f0c5e7b791287dec5613560abef9b2a3faffd879247313575207e77d3c06be2f14902006523be8ad3b60e8063b01ae215617a52ca95
SSDEEP

6144:yTRbiwo4YhBs1OT86rpenPFTBuyBDMJ3U1c:KRbNgBsE46rpUPFTsyG6c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa7cdc6ac23785b6ba07af157a2fa3a4_JaffaCakes118

Files

fa7cdc6ac23785b6ba07af157a2fa3a4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8c49c6bdf1b1d1bd268a5eb24650546f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Project\From\Rakion\Buddy2\Release\Buddy2.pdb

Imports

d3d8h

?GetLocalPlayer@CPlayer@@QAEPAV1@XZ

kernel32

LocalAlloc
GetThreadContext
HeapReAlloc
SetThreadContext
HeapAlloc
HeapFree
InterlockedCompareExchange
Thread32First
HeapDestroy
HeapCreate
Thread32Next
FlushInstructionCache
OpenThread
SuspendThread
ResumeThread
VirtualQuery
VirtualFree
VirtualAlloc
lstrlenA
SetErrorMode
GetModuleHandleA
ReleaseMutex
GetVersionExA
TerminateThread
CreateProcessA
lstrcatA
lstrcpyA
Process32First
lstrcmpiA
Process32Next
SetFilePointer
GlobalAlloc
GetVolumeInformationA
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
FindFirstFileExA
RemoveDirectoryA
GlobalFree
MoveFileA
FindNextFileA
GlobalReAlloc
DeleteFileA
QueryDosDeviceA
LocalReAlloc
LocalSize
GlobalSize
GlobalLock
GlobalUnlock
GetProcessHeap
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetACP
MapViewOfFile
FreeLibrary
SetEndOfFile
SetStdHandle
FlushFileBuffers
GetConsoleCP
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetModuleFileNameA
ReadConsoleW
GetConsoleMode
Module32NextW
GetStringTypeW
GetCPInfo
GetOEMCP
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
HeapSize
RtlUnwind
RaiseException
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
AreFileApisANSI
CreateToolhelp32Snapshot
lstrcatW
lstrcmpiW
Process32NextW
Module32FirstW
QueryDosDeviceW
Process32FirstW
FindClose
GetLogicalDriveStringsA
GetCurrentProcess
CreateFileW
GetModuleFileNameW
ReadFile
FormatMessageW
GetDriveTypeA
QueryPerformanceCounter
GetLogicalDriveStringsW
GetFileSize
GetCommandLineW
LoadLibraryExW
GetCurrentProcessId
GetCurrentThreadId
OpenFileMappingW
OpenProcess
WriteFile
GetSystemInfo
GetVersionExW
InterlockedDecrement
OpenFileMappingA
OpenEventA
UnmapViewOfFile
WriteProcessMemory
VirtualProtect
IsBadWritePtr
GetModuleHandleW
OutputDebugStringA
WideCharToMultiByte
OutputDebugStringW
DeviceIoControl
CreateFileA
CreateThread
CancelIo
ResetEvent
InterlockedExchange
CreateEventA
Sleep
GetTickCount
SetEvent
WaitForSingleObject
GetFileAttributesW
lstrcpyW
CloseHandle
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
ExitThread
DecodePointer
EncodePointer
CreateFileMappingW
GetProcAddress
LocalFree
LoadLibraryW
GetExitCodeProcess
TerminateProcess
GetLastError
lstrlenW
IsValidCodePage
GetDiskFreeSpaceExA
SetFilePointerEx
MultiByteToWideChar

user32

CharNextA
GetWindowTextA
mouse_event
LoadCursorA
SetClipboardData
SystemParametersInfoA
OpenClipboard
BlockInput
DestroyCursor
EmptyClipboard
GetClipboardData
SetCursorPos
MapVirtualKeyA
SendMessageA
GetUserObjectInformationA
SetCapture
CloseClipboard
OpenDesktopA
ExitWindowsEx
GetThreadDesktop
OpenInputDesktop
CloseDesktop
SetThreadDesktop
PostMessageA
EnumWindows
MessageBoxW
wsprintfW
keybd_event
GetCursorPos
GetDesktopWindow
ReleaseDC
SetRect
GetCursorInfo
GetWindowTextW
GetClassNameW
IsWindowVisible
wsprintfA
GetAsyncKeyState
GetWindowThreadProcessId
WindowFromPoint
GetSystemMetrics
MessageBoxA
GetDC

gdi32

BitBlt
CreateCompatibleBitmap
DeleteDC
CreateDIBSection
DeleteObject
GetDIBits
SelectObject
CreateCompatibleDC

advapi32

OpenProcessToken
AdjustTokenPrivileges
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
RegQueryInfoKeyW
CryptCreateHash
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExA
RegSetValueExA
CloseEventLog
OpenEventLogA
ClearEventLogA
RegQueryValueA
RegOpenKeyExA
LookupPrivilegeValueA
RegOpenKeyA
RegQueryValueExA
CryptHashData
RegCloseKey
CryptDestroyHash
LookupPrivilegeValueW

shell32

CommandLineToArgvW
SHGetFileInfoA
ShellExecuteW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

ws2_32

WSACleanup
WSAEventSelect
htons
WSAEnumNetworkEvents
WSAGetLastError
select
recv
socket
WSACreateEvent
closesocket
WSAResetEvent
gethostbyname
send
WSAWaitForMultipleEvents
connect
WSAStartup
setsockopt
WSAIoctl
ntohs
getsockname
gethostname
inet_ntoa
inet_addr

winmm

timeBeginPeriod

vmprotectsdk32

VMProtectBeginUltra
VMProtectDecryptStringW
VMProtectBeginVirtualization
VMProtectDecryptStringA
VMProtectBegin
VMProtectIsValidImageCRC
VMProtectBeginMutation
VMProtectIsDebuggerPresent
VMProtectEnd

shlwapi

SHDeleteKeyW

psapi

GetProcessImageFileNameA
GetProcessImageFileNameW
GetModuleInformation

imm32

ImmAssociateContext
ImmSetConversionStatus

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

iphlpapi

GetAdaptersInfo
SendARP

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

avicap32

capGetDriverDescriptionA

Exports

Exports

AirElemental
AmmoItem
AmmoPack
AnimationChanger
AnimationHub
AreaMarker
ArmorDebris
ArmorItem
BackgroundViewer
Barrier
BasicEffect
Basis
Battlebow
Beast
BigHead
BillBoardImage
BlendController
BlessBall
BloodEmitter
BloodSpray
BloodStain
Boneman
Bouncer
BoxItem
Bullet
CPEffect
Camera
CameraMarker
CannonBall
CannonRotating
CannonStatic
ChainsawFreak
ChristmasBoxItem
Copier
Counter
CrateBus
CrateRider
CreateBuddy2
CreditsHolder
Damager
Debris
DebrisSka
Demon
DestroyableArchitecture
DestroyableArchitecture2
Devil
DevilMarker
DoorController
EffectMarker
Effector
Elemental
EnemyBase
EnemyCounter
EnemyDive
EnemyFly
EnemyMarker
EnemyRunInto
EnemySpawner
EntityStateDisplay
EnvironmentBase
EnvironmentMarker
EnvironmentParticlesHolder
Eruptor
EventItem
ExotechLarva
ExotechLarvaBattery
ExotechLarvaCharger
ExplEffect
Eyeman
FireEff
Fireworks
Fish
Flame
FloatingScore
FogMarker
Freeze
Gizmo
Global
GradientMarker
GravityMarker
GravityRouter
Grunt
Guffy
HazeMarker
Headman
HealthItem
HudPicHolder
IceWind
Indicator
Item
KeyItem
LarvaOffspring
Light
Lightning
LongBow
MageHold
MagicBomb
MagicMissile
MapItem
MapNpc
Marker
MenuController
MessageHolder
MessageItem
MessageManager
MeteorShower
MirrorMarker
ModelDestruction
ModelForSequence
ModelForSequenceMarker
ModelHolder
ModelHolder2
ModelHolder3
MovingBrush
MovingBrushMarker
MusicChanger
MusicHolder
NavigationMarker
NpcBase
NpcBasicEffects
NpcBlazer1
NpcBlazer2
NpcBlazer3
NpcBlazer4
NpcBlazerBase
NpcChocolateCake
NpcCrossBow1
NpcCrossBow2
NpcCrossBow3
NpcCrossBow4
NpcCrossBowBase
NpcDragon1
NpcDragon2
NpcDragon3
NpcDragon4
NpcDragonBase
NpcGoldGolem
NpcGolem1
NpcGolem2
NpcGolem3
NpcGolem4
NpcGolemBase
NpcGolemStoneDebris
NpcIceWind1
NpcIceWind2
NpcIceWind3
NpcIceWind4
NpcIceWindBase
NpcLongBow1
NpcLongBow2
NpcLongBow3
NpcLongBow4
NpcLongBowBase
NpcMasterGolem
NpcNak1
NpcNak2
NpcNak3
NpcNak4
NpcNakBase
NpcPanzer1
NpcPanzer2
NpcPanzer3
NpcPanzer4
NpcPanzerBase
NpcProjectile
NpcSoulCannon1
NpcSoulCannon2
NpcSoulCannon3
NpcSoulCannon4
NpcSoulCannonBase
NpcTaurus1
NpcTaurus2
NpcTaurus3
NpcTaurus4
NpcTaurusBase
NpcWatcher
ParticleEmitter
ParticleMessage
ParticleSeed
ParticlesHolder
Passive
Pendulum
PhotoAlbum
Player
PlayerAnimator
PlayerMarker
PlayerView
PlayerWeapons
PowerUpItem
Projectile
PyramidSpaceShip
PyramidSpaceShipMarker
QMarker
QstJudge
QstNpcSpawn
QstSwitch
QstTrigger
RangeWeapon
Reminder
RollingStone
Santa
SaveGameBooth
Scorpman
ScrollHolder
SeriousBomb
Ship
ShipMarker
Shooter
SoulCannon
SoulCharge
SoundHolder
SpawnerProjectile
Spine
SpineJut
Spinner
StormController
Summoner
SummonerMarker
Switch
SwitchPointer
TacticsChanger
TacticsHolder
Teleport
TerrainEntity
TextFXHolder
TimeController
TouchField
TreasureItem
Trigger
Twister
VideoHolder
VoiceHolder
Walker
WatchPlayers
Watcher
WeaponEffect
WeaponEffectBase
WeaponEffectEmitter
WeaponEffectKit
WeaponEffectSkeleton
WeaponEffectTrail
WeaponItem
Werebull
Woman
WorldBase
WorldLink
WorldSettingsController
init
initializeitem
sChat
windowsmode
wmax

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c49c6bdf1b1d1bd268a5eb24650546f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d8h

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

winmm

vmprotectsdk32

shlwapi

psapi

imm32

wininet

iphlpapi

version

avicap32

Exports

Exports

Sections

.text Size: 233KB - Virtual size: 233KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 233KB - Virtual size: 233KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB