123d99af11b021e4bff8a8b715abf965_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

123d99af11b021e4bff8a8b715abf965_JaffaCakes118
Size

261KB
MD5

123d99af11b021e4bff8a8b715abf965
SHA1

ad79cdecba217775bd8d1eb0e6a3d565fb16ab5e
SHA256

abe98e736f8c96a6dc9da213156cc5342f7a077ea7bd71815aae3174938fd946
SHA512

8b9eb12c5e2895dad8ec1e931d33c5846c88505f66a6ebc664ce92b371de97af5f0ce8f970eec05b663bfc04ac29ec315265dd2153f1b9589a70c08f61854863
SSDEEP

6144:hY1ZN6sfi5Me+vRuvIMFIWqGW555uMtSTSJHfm0Nu4588AZ5QF3IQaDC:hY1Z25+Z0IdGmrtSTSxT88AZKBaDC

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Nestopia/Nestopia/kailleraclient.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Nestopia/Nestopia/kailleraclient.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nestopia/Nestopia/7zxa.dll
unpack001/Nestopia/Nestopia/kailleraclient.dll
unpack002/out.upx
unpack001/Nestopia/Nestopia/language/english.nlg

Files

123d99af11b021e4bff8a8b715abf965_JaffaCakes118
.rar
Nestopia/Nestopia/7zxa.dll
.dll windows:4 windows x86 arch:x86

dd1fcfec6ca1a2b0bfb46d7f425f87a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharUpperW
CharUpperA

oleaut32

SysFreeString
SysAllocStringByteLen
VariantClear
SysAllocString

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
WriteFile
CreateEventA
LeaveCriticalSection
EnterCriticalSection
ResetEvent
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateThread
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
GetSystemInfo
HeapAlloc
HeapFree
RaiseException
RtlUnwind
GetCommandLineA
GetVersion
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
LCMapStringA

Exports

Exports

CreateObject
GetHandlerProperty

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nestopia/Nestopia/changelog.txt
Nestopia/Nestopia/copying.txt
Nestopia/Nestopia/kailleraclient.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_kailleraChatSend@4
_kailleraEndGame@0
_kailleraGetVersion@4
_kailleraInit@0
_kailleraModifyPlayValues@8
_kailleraSelectServerDialog@4
_kailleraSetInfos@4
_kailleraShutdown@0

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nestopia/Nestopia/language/english.nlg
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

heatray0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

heatray1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

heatray2
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dd1fcfec6ca1a2b0bfb46d7f425f87a4

Headers

File Characteristics

Imports

user32

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 13KB - Virtual size: 37KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 11KB - Virtual size: 10KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

heatray0 Size: - Virtual size: 64KB

heatray1 Size: 17KB - Virtual size: 20KB

heatray2 Size: - Virtual size: 5KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 13KB - Virtual size: 37KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 11KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB

heatray0
Size: - Virtual size: 64KB

heatray1
Size: 17KB - Virtual size: 20KB

heatray2
Size: - Virtual size: 5KB