fb81f86f84df1279efa609c6e3380fa6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb81f86f84df1279efa609c6e3380fa6_JaffaCakes118
Size

4.2MB
MD5

fb81f86f84df1279efa609c6e3380fa6
SHA1

1a688821a0bb06d0bd4d1216d2303cf535df17db
SHA256

71e3a5078e48abce4477b6e5e5f523ddcb46e9d531fbe66660bd04fb9a0d5605
SHA512

d6da0d15650fa7bbcebf752753a94e1c9a21d5f7d93b275a8f24a4f30abacafadf2875a4bb70cc6dc80ca4e689ae285ca222ecfbcc0f5310237cb075c596d3fe
SSDEEP

98304:sYgGHNE652pG4m5JxgclOvVlqECwNG5baF2LkS9Bf+SR:qkNE6n4m5JxQE4uR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb81f86f84df1279efa609c6e3380fa6_JaffaCakes118

Files

fb81f86f84df1279efa609c6e3380fa6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bd8169197713e713fc5ff7622049e934

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\한국(korea)\20101214\RagnarokClient\Release Sakray\RagexeRE.pdb

Imports

dinput

DirectInputCreateA

binkw32

_BinkWait@4
_BinkClose@4
_BinkGoto@12
_BinkOpen@8
_BinkPause@8
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8

ddraw

DirectDrawCreateEx

ijl15

ord2
ord3
ord4
ord5

ws2_32

gethostname
ntohl
gethostbyname
sendto
inet_ntoa
WSAStartup
send
recv
ioctlsocket
inet_addr
htons
connect
WSACleanup
select
WSAGetLastError
closesocket
socket

mss32

_AIL_mem_free_lock@4
_AIL_release_3D_sample_handle@4
_AIL_close_stream@4
_AIL_allocate_sample_handle@4
_AIL_enumerate_3D_providers@12
_AIL_open_3D_provider@4
_AIL_3D_speaker_type@4
_AIL_set_3D_speaker_type@8
_AIL_open_3D_listener@4
_AIL_allocate_3D_sample_handle@4
_AIL_close_3D_listener@4
_AIL_close_3D_provider@4
_AIL_release_sample_handle@4
_AIL_decompress_ADPCM@12
_AIL_shutdown@0
_AIL_3D_room_type@4
_AIL_set_3D_room_type@8
_AIL_3D_sample_status@4
_AIL_set_3D_sample_file@8
_AIL_set_3D_sample_effects_level@8
_AIL_set_3D_position@16
_AIL_set_3D_orientation@28
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_distances@12
_AIL_start_3D_sample@4
_AIL_open_digital_driver@16
_AIL_sample_status@4
_AIL_startup@0
_AIL_WAV_info@8
_AIL_decompress_ASI@24
_AIL_file_type@8
_AIL_close_digital_driver@4
_AIL_set_redist_directory@4
_AIL_set_stream_volume@8
_AIL_stream_volume@4
_AIL_pause_stream@8
_AIL_start_stream@4
_AIL_set_stream_loop_count@8
_AIL_open_stream@12
_AIL_stream_status@4
_AIL_end_3D_sample@4
_AIL_end_sample@4
_AIL_start_sample@4
_AIL_set_sample_volume@8
_AIL_set_sample_file@12
_AIL_init_sample@4
_AIL_set_preference@8

imm32

ImmGetCandidateListW
ImmGetCompositionStringW
ImmNotifyIME
ImmGetContext
ImmGetVirtualKey
ImmGetCompositionStringA
ImmReleaseContext

cps

uncompress
compress

winmm

timeEndPeriod
timeGetTime
timeGetDevCaps
timeBeginPeriod

granny2

_GrannySetControlLoopCount@8
_GrannyPlayControlledAnimation@12
_GrannyGetControlDurationLeft@4
_GrannyVersionsMatch_@16
_GrannyNewLocalPose@4
_GrannyFreeFileSection@8
_GrannyGetFileInfo@4
_GrannyInstantiateModel@4
_GrannyNewWorldPose@4
_GrannyGetSystemSeconds@0
_GrannyCopyMeshIndices@12
GrannyPNT332VertexType
_GrannyGetMeshVertexType@4
_GrannyNewMeshDeformer@12
_GrannyNewMeshBinding@12
_GrannyReadEntireFileFromMemory@8
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyGetMeshBindingToBoneIndices@4
_GrannyGetMeshVertexCount@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetWorldPoseComposite4x4@8
_GrannyGetMeshIndexCount@4
_GrannyGetMeshVertices@4
_GrannyDeformVertices@24
_GrannyGetMeshBytesPerIndex@4
_GrannyGetMeshIndices@4
_GrannyMeshIsRigid@4
_GrannyGetSourceSkeleton@4
_GrannyGetSecondsElapsed@8
_GrannyCopyMeshVertices@12
_GrannySetModelClock@8
_GrannyFreeControl@4
_GrannySetControlActive@8
_GrannyFreeFile@4
_GrannyFreeLocalPose@4
_GrannyFreeWorldPose@4
_GrannyFreeModelInstance@4
_GrannyFreeMeshDeformer@4
_GrannyFreeMeshBinding@4
_GrannyCopyTextureImage@32
GrannyRGBA8888PixelFormat
_GrannyTextureHasAlpha@4
_GrannyGetMaterialTextureByType@8
_GrannyFreeCompletedModelControls@4
_GrannyBuildWorldPose@24
_GrannySampleModelAnimations@16

aossdk

Aossdk_StartAosSDKA
Aossdk_SetAuthServerA
Aossdk_GetMkdS4Object
Aossdk_TerminatePdA

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
?_Xran@_String_base@std@@SAXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@D@Z
?construct@?$allocator@D@std@@QAEXPADABD@Z
?destroy@?$allocator@D@std@@QAEXPAD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??1strstreambuf@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??0strstreambuf@std@@QAE@PBDH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@PBD1@Z

msvcr90

_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_spawnl
_access
_stricmp
_CIacos
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
memset
sprintf
_purecall
memmove_s
??_V@YAXPAX@Z
_CItan
fclose
fwrite
fopen
free
rand
malloc
memcpy
_CIexp
memmove
atof
atoi
strrchr
strchr
strstr
strncpy
_mkdir
_localtime32
fread
ftell
fseek
strftime
strncmp
floor
_ctime32
_CIfmod
_beginthreadex
isupper
_difftime32
_mktime32
_time32
_unlink
fprintf
vsprintf
islower
_rmdir
_chmod
iswspace
feof
strerror
_errno
ferror
isprint
isspace
ungetc
getc
__iob_func
fputs
strtoul
getenv
fgets
exit
longjmp
_setjmp3
_gmtime32
tmpfile
fscanf
fflush
system
remove
rename
tmpnam
clock
setlocale
isalnum
isdigit
iscntrl
isalpha
_CIsin
_CIcos
_CIasin
_CIatan
_CIatan2
ceil
_CIsqrt
_CIpow
_CIlog
_CIlog10
frexp
ldexp
srand
realloc
strtod
strncat
strcspn
tolower
toupper
isxdigit
ispunct
memchr
strpbrk
strcoll
_wfopen
_ltoa
_vsnprintf
sscanf
strtok
_itoa
_snprintf
printf
puts
_local_unwind4
_controlfp
_unlock
__dllonexit
_strlwr

kernel32

TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
SetUnhandledExceptionFilter
CreateMutexA
CreateDirectoryA
CreateProcessA
SetPriorityClass
GlobalMemoryStatus
GetSystemTime
IsDBCSLeadByte
FileTimeToSystemTime
IsDebuggerPresent
FormatMessageA
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
UnhandledExceptionFilter
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
CreateFileMappingA
OpenProcess
GetVersionExA
lstrcatA
SetFilePointer
WriteFile
CreateFileA
GetFileSize
VirtualAlloc
ReadFile
CloseHandle
VirtualFree
QueryPerformanceFrequency
GetSystemTimeAsFileTime
LeaveCriticalSection
GetCurrentThreadId
MultiByteToWideChar
MulDiv
OutputDebugStringA
GetCurrentProcessId
QueryPerformanceCounter
GetUserDefaultLangID
WideCharToMultiByte
CreateThread
SetThreadPriority
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcess
GetCurrentThread
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
Sleep
GetCurrentDirectoryA
GetTickCount
GetLastError
FindFirstFileA
FindClose
FindNextFileA
lstrcmpiA
VirtualProtect
LoadLibraryA
GetProcAddress
FreeLibrary
GetLocalTime
GetProcessHeap
HeapCompact

user32

ClientToScreen
GetClientRect
RedrawWindow
SetRect
DrawMenuBar
ShowWindow
SetWindowLongA
GetDC
GetSystemMetrics
CharNextExA
CharPrevExA
GetKeyState
wsprintfA
GetAsyncKeyState
MoveWindow
GetWindowRect
SetWindowTextA
EndDialog
SetFocus
GetDlgItem
CloseClipboard
SetClipboardData
ShowCursor
DestroyWindow
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRect
CreateWindowExA
UpdateWindow
SetCursor
ValidateRect
GetCursorPos
ScreenToClient
GetActiveWindow
IsIconic
DefWindowProcA
SendMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
GetKeyboardLayout
GetClipboardData
DialogBoxParamA
EmptyClipboard
OpenClipboard
MessageBoxA

gdi32

TextOutW
CreateDIBSection
DeleteObject
CreateCompatibleDC
DeleteDC
GetStockObject
CreatePolygonRgn
CreateSolidBrush
FillRgn
TextOutA
GetTextExtentPoint32W
SelectObject
CreateFontA
SetTextColor
GetCurrentObject
SetBkMode
EnumFontFamiliesExA
CreateFontIndirectA

advapi32

CryptHashData
RegQueryValueExA
CryptDestroyHash
CryptGetHashParam
RegCloseKey
CryptReleaseContext
CryptCreateHash
CryptDeriveKey
CryptDecrypt
RegOpenKeyExA
RegSetValueExA
CryptDestroyKey
RegCreateKeyExA
CryptAcquireContextA

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize

oleaut32

SysFreeString

iphlpapi

GetAdaptersInfo

netapi32

Netbios

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.harm0
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.harm1
Size: 5KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.harm2
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd8169197713e713fc5ff7622049e934

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dinput

binkw32

ddraw

ijl15

ws2_32

mss32

imm32

cps

winmm

granny2

aossdk

msvcp90

msvcr90

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

netapi32

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 456KB - Virtual size: 455KB

.data Size: 65KB - Virtual size: 752KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 189KB - Virtual size: 189KB

.harm0 Size: 118KB - Virtual size: 118KB

.harm1 Size: 5KB - Virtual size: 214KB

.harm2 Size: 70KB - Virtual size: 70KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 456KB - Virtual size: 455KB

.data
Size: 65KB - Virtual size: 752KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 189KB - Virtual size: 189KB

.harm0
Size: 118KB - Virtual size: 118KB

.harm1
Size: 5KB - Virtual size: 214KB

.harm2
Size: 70KB - Virtual size: 70KB