General

Malware Config

Signatures

Files

• fd3220532d1871ae5165a5b6d7d9978b_JaffaCakes118

  .zip
• SpecialForce.exe

  .exe windows:4 windows x86 arch:x86

  fdcd7ee600f642850cec3f77fddfe3ea

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LoadResource

  FindResourceA

  GetFullPathNameA

  lstrcpyA

  MoveFileA

  GetFileInformationByHandle

  CreateEventA

  ResetEvent

  SetEvent

  MapViewOfFile

  CreateFileMappingA

  CreateFileW

  UnmapViewOfFile

  FindResourceW

  IsProcessorFeaturePresent

  HeapValidate

  GetTempFileNameA

  GetTempPathA

  GetSystemDefaultLangID

  VirtualQuery

  InterlockedExchange

  RtlUnwind

  GetTimeZoneInformation

  GetSystemTime

  RaiseException

  GetStartupInfoA

  GetCommandLineA

  ExitProcess

  TlsSetValue

  ExitThread

  SizeofResource

  HeapReAlloc

  FatalAppExitA

  LCMapStringA

  LCMapStringW

  GetCPInfo

  CompareStringA

  GetVersion

  TlsAlloc

  TlsFree

  SetLastError

  TlsGetValue

  GetCurrentThread

  GetACP

  GetOEMCP

  HeapSize

  SetHandleCount

  GetStdHandle

  GetFileType

  HeapDestroy

  HeapCreate

  VirtualFree

  VirtualAlloc

  SetFilePointer

  GetProcessHeap

  HeapAlloc

  HeapFree

  GetVersionExW

  MulDiv

  IsBadWritePtr

  FlushFileBuffers

  UnhandledExceptionFilter

  FreeEnvironmentStringsA

  LockResource

  lstrlenA

  CreateThread

  SetThreadPriority

  WaitForSingleObject

  lstrcmpA

  DeleteCriticalSection

  InitializeCriticalSection

  InterlockedDecrement

  EnterCriticalSection

  GetSystemTimeAsFileTime

  LocalAlloc

  LocalFree

  WideCharToMultiByte

  MultiByteToWideChar

  GetLocalTime

  GetModuleHandleA

  CreateDirectoryA

  RemoveDirectoryA

  TerminateProcess

  OpenProcess

  GetPrivateProfileStringA

  GetPrivateProfileIntA

  ReleaseMutex

  CloseHandle

  GetCurrentDirectoryA

  CreateMutexA

  QueryPerformanceCounter

  QueryPerformanceFrequency

  GetVersionExA

  LeaveCriticalSection

  GetModuleFileNameA

  GetCurrentThreadId

  GetCurrentProcessId

  GetCurrentProcess

  SetUnhandledExceptionFilter

  DeleteFileA

  OutputDebugStringA

  GetTickCount

  Sleep

  LoadLibraryA

  GetProcAddress

  FreeLibrary

  WriteFile

  FindFirstFileA

  FindNextFileA

  GetLastError

  FindClose

  WritePrivateProfileStringA

  CreateFileA

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  GetEnvironmentStringsW

  SetStdHandle

  SetConsoleCtrlHandler

  IsValidLocale

  IsValidCodePage

  GetLocaleInfoA

  EnumSystemLocalesA

  GetUserDefaultLCID

  GetStringTypeA

  GetStringTypeW

  IsBadReadPtr

  IsBadCodePtr

  SetEndOfFile

  GetLocaleInfoW

  SetEnvironmentVariableA

  lstrlenW

  GetFileSize

  ReadFile

  CompareStringW

  InterlockedIncrement

  user32

  DrawTextW

  SetRect

  ClientToScreen

  SetCursorPos

  SendMessageA

  SystemParametersInfoA

  GetSystemMetrics

  GetTopWindow

  GetWindowTextA

  GetWindow

  MessageBoxA

  PostMessageA

  ShowCursor

  SetForegroundWindow

  SetFocus

  SetWindowPos

  GetIconInfo

  PtInRect

  BeginPaint

  EndPaint

  GetAsyncKeyState

  GetClientRect

  DrawTextA

  GetWindowRect

  SetClassLongA

  SetTimer

  EnableWindow

  DestroyWindow

  KillTimer

  GetParent

  GetCursorPos

  ScreenToClient

  GetKeyboardLayout

  CallWindowProcA

  GetDC

  ReleaseDC

  DrawTextExA

  SetWindowTextA

  GetWindowLongA

  SetWindowLongA

  GetFocus

  wsprintfA

  InvalidateRect

  GetWindowThreadProcessId

  FindWindowA

  UnhookWindowsHookEx

  SetWindowsHookExA

  CallNextHookEx

  DefWindowProcA

  ClipCursor

  PostQuitMessage

  DialogBoxParamA

  PeekMessageA

  TranslateMessage

  DispatchMessageA

  UnregisterClassA

  LoadCursorA

  RegisterClassExA

  CreateWindowExA

  ShowWindow

  UpdateWindow

  MoveWindow

  SetDlgItemTextA

  IsDlgButtonChecked

  GetDlgItemTextA

  SendDlgItemMessageA

  EndDialog

  GetActiveWindow

  gdi32

  SetTextAlign

  GetTextExtentPoint32A

  GetDeviceCaps

  CreateFontA

  CreateCompatibleDC

  CreateDIBSection

  SelectObject

  SetBkMode

  SetTextColor

  PatBlt

  DeleteDC

  DeleteObject

  GetStockObject

  SetMapMode

  ExtTextOutA

  GetDIBits

  CreateFontIndirectA

  GetObjectA

  SetBkColor

  comdlg32

  GetSaveFileNameA

  GetOpenFileNameA

  advapi32

  RegOpenKeyA

  RegCreateKeyA

  RegCloseKey

  RegSetValueExA

  CryptDecrypt

  CryptAcquireContextA

  CryptCreateHash

  CryptHashData

  CryptDeriveKey

  CryptEncrypt

  CryptDestroyHash

  CryptDestroyKey

  CryptReleaseContext

  RegisterEventSourceA

  ReportEventA

  DeregisterEventSource

  RegOpenKeyExA

  RegQueryValueExA

  shell32

  SHFileOperationA

  ole32

  CoInitialize

  CoCreateInstance

  CoUninitialize

  oleaut32

  CreateErrorInfo

  VariantChangeType

  SetErrorInfo

  GetErrorInfo

  SafeArrayUnaccessData

  SafeArrayAccessData

  VariantClear

  SafeArrayCreateVector

  SysAllocStringByteLen

  SysStringByteLen

  VariantInit

  SysFreeString

  SysAllocString

  winmm

  timeEndPeriod

  timeBeginPeriod

  timeGetTime

  mmioClose

  mmioOpenA

  mmioAscend

  mmioRead

  mmioDescend

  mmioWrite

  mmioAdvance

  mmioSetInfo

  mmioSeek

  mmioCreateChunk

  mmioGetInfo

  ws2_32

  getsockname

  accept

  setsockopt

  listen

  ntohl

  ioctlsocket

  WSASendTo

  WSARecvFrom

  __WSAFDIsSet

  inet_ntoa

  inet_addr

  gethostbyname

  WSAStartup

  closesocket

  bind

  htons

  htonl

  socket

  WSACleanup

  WSAGetLastError

  connect

  WSAAsyncSelect

  gethostname

  recvfrom

  sendto

  ntohs

  recv

  send

  select

  shutdown

  gethostbyaddr

  comctl32

  InitCommonControlsEx

  imm32

  ImmGetDefaultIMEWnd

  ImmNotifyIME

  ImmSetConversionStatus

  ImmGetConversionStatus

  ImmGetContext

  ImmGetCandidateListA

  ImmGetCompositionStringA

  ImmGetIMEFileNameA

  ImmSetCompositionFontA

  ImmSetCompositionWindow

  ImmReleaseContext

  iphlpapi

  GetUdpTable

  d3d8

  Direct3DCreate8

  ddraw

  DirectDrawCreateEx

  dinput8

  DirectInput8Create

  dsound

  ord11

  mss32

  _AIL_allocate_sample_handle@4

  _AIL_decompress_ASI@24

  _AIL_WAV_info@8

  _AIL_decompress_ADPCM@12

  _AIL_file_type@8

  _AIL_start_sample@4

  _AIL_startup@0

  _AIL_open_digital_driver@16

  _AIL_stop_sample@4

  _AIL_release_sample_handle@4

  _AIL_close_digital_driver@4

  _AIL_set_sample_volume_levels@12

  _AIL_set_sample_reverb_levels@12

  _AIL_set_sample_file@12

  _AIL_sample_status@4

  _AIL_set_digital_master_volume_level@8

  _AIL_mem_free_lock@4

  _AIL_release_3D_sample_handle@4

  _AIL_resume_sample@4

  _AIL_open_3D_listener@4

  _AIL_open_3D_provider@4

  _AIL_enumerate_3D_providers@12

  _AIL_allocate_3D_sample_handle@4

  _AIL_3D_sample_status@4

  _AIL_set_3D_rolloff_factor@8

  _AIL_set_3D_doppler_factor@8

  _AIL_set_3D_sample_distances@12

  _AIL_set_3D_sample_file@8

  _AIL_start_3D_sample@4

  _AIL_set_3D_sample_occlusion@8

  _AIL_set_3D_sample_effects_level@8

  _AIL_set_3D_sample_volume@8

  _AIL_set_3D_sample_loop_count@8

  _AIL_set_3D_room_type@8

  _AIL_3D_sample_offset@4

  _AIL_3D_sample_length@4

  _AIL_stop_3D_sample@4

  _AIL_resume_3D_sample@4

  _AIL_set_3D_sample_obstruction@8

  _AIL_3D_position@16

  _AIL_set_3D_orientation@28

  _AIL_end_sample@4

  _AIL_end_3D_sample@4

  _AIL_set_digital_master_room_type@8

  _AIL_set_3D_position@16

  _AIL_active_sample_count@4

  _AIL_set_sample_loop_count@8

  _AIL_set_redist_directory@4

  _AIL_shutdown@0

  Exports

  Exports

  fcEXP

  Sections

  .text

  Size: 3.1MB - Virtual size: 3.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 176KB - Virtual size: 175KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 336KB - Virtual size: 391KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data1

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 12KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• data/force/force_014.sff
• data/lobby/LobbyData54.mrg
• data/lobby/Notice.txt
• data/lobby/PatchLog.log
• data/scr/scr_001.sff
• xtrap/XDataFI0.Xtp
• xtrap/XTrap.xt

  .exe windows:4 windows x86 arch:x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Sections

  Size: 38KB - Virtual size: 80KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 4KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 6KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 62KB - Virtual size: 392KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 298KB - Virtual size: 300KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .adata

  Size: - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• xtrap/XTrapVa.dll

  .dll windows:4 windows x86 arch:x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Exports

  Exports

  SHA1Digest_Buf

  SHA1Digest_BufEx

  SHA1Digest_File

  UniperDecFunc_Buf

  UniperEncFunc_Buf

  XProc1

  XProc2

  XProc3

  XProc4

  XProc5

  XProc6

  XProc7

  XProc8

  Sections

  Size: 55KB - Virtual size: 144KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 1KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 12KB - Virtual size: 64KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 16KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 8KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 264KB - Virtual size: 264KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .adata

  Size: - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• xtrap/psapi.dll

  .dll windows:5 windows x86 arch:x86

  56c78d77e4cd475b23af92183b7936ad

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  psapi.pdb

  Imports

  ntdll

  RtlUnwind

  wcslen

  wcschr

  _stricmp

  atoi

  NtStopProfile

  sprintf

  _chkstk

  DbgPrint

  RtlUnicodeToOemN

  RtlAdjustPrivilege

  RtlMultiByteToUnicodeN

  NtAllocateVirtualMemory

  NtCreateProfile

  NtSetIntervalProfile

  NtStartProfile

  NtWriteFile

  NtSetInformationProcess

  NtQueryInformationProcess

  NtQueryVirtualMemory

  NtQuerySystemInformation

  RtlNtStatusToDosError

  kernel32

  GetSystemInfo

  LoadLibraryA

  InterlockedExchange

  FreeLibrary

  GetProcAddress

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  GetLastError

  DisableThreadLibraryCalls

  OpenFileMappingA

  MapViewOfFile

  UnmapViewOfFile

  CreateFileA

  CloseHandle

  GetProcessHeap

  LocalFree

  LocalAlloc

  SetLastError

  MultiByteToWideChar

  WideCharToMultiByte

  ReadProcessMemory

  RaiseException

  SetProcessWorkingSetSize

  GetProcessWorkingSetSize

  lstrcpyA

  lstrlenA

  HeapFree

  HeapAlloc

  Exports

  Exports

  EmptyWorkingSet

  EnumDeviceDrivers

  EnumPageFilesA

  EnumPageFilesW

  EnumProcessModules

  EnumProcesses

  GetDeviceDriverBaseNameA

  GetDeviceDriverBaseNameW

  GetDeviceDriverFileNameA

  GetDeviceDriverFileNameW

  GetMappedFileNameA

  GetMappedFileNameW

  GetModuleBaseNameA

  GetModuleBaseNameW

  GetModuleFileNameExA

  GetModuleFileNameExW

  GetModuleInformation

  GetPerformanceInfo

  GetProcessImageFileNameA

  GetProcessImageFileNameW

  GetProcessMemoryInfo

  GetWsChanges

  InitializeProcessForWsWatch

  QueryWorkingSet

  Sections

  .text

  Size: 16KB - Virtual size: 15KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 992B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 964B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ