138dddb8a7623ff3d5f7742690818fc2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

138dddb8a7623ff3d5f7742690818fc2_JaffaCakes118
Size

602KB
MD5

138dddb8a7623ff3d5f7742690818fc2
SHA1

31518731cd06e3c904b2b33e0038dd81c77fc2f1
SHA256

cf3d5e41f924da99260de010e8b8ff88fb7ce30f3ff72a1006e491c2a0317291
SHA512

2ee7546a80f41ea3e523f5ba5433d226ffe0a90d68e9ef51aa8410d457db9203b24bc2de04acaf735a97d3d6ada969bb39e14889d0ecd52f94139d3b18b10d8a
SSDEEP

12288:KjGfsU8EDBjN7Uy/JiBkfvvc8p7PGBy4k97iRUbzpVrS8ei0sGTot572E6io:KqfsVE9dPcUPJ70UbzpVrSObGO724o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/STAR WARS Battlefront Promo Trainer.exe

Files

138dddb8a7623ff3d5f7742690818fc2_JaffaCakes118
.zip
STAR WARS Battlefront Promo Trainer.exe
.exe windows:4 windows x64 arch:x64

8ccae697bf5e93663b4d80276b00e410

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
memmove
sprintf
strstr
strncmp
strncpy
_strnicmp
_strdup
free
fseek
fread
fclose
ftell
memcpy
log10
fopen
strlen
strcpy
strcmp
strcat
memcmp
longjmp
_setjmp
_stricmp
tolower
fmodf
fabs
malloc
ceil
floor
pow
??3@YAXPEAX@Z
realloc
_errno
calloc
toupper
perror
atan
fprintf
log
cos
sin
ldexp
qsort
exp
sqrt
exit
acos
frexp
memchr
modf
strerror
abort
atof
_gmtime64
fflush
ferror
remove
fwrite
sinf
cosf
abs

kernel32

GetModuleHandleA
HeapCreate
IsDebuggerPresent
OpenProcess
GetTickCount
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
CloseHandle
CreateToolhelp32Snapshot
Module32First
Module32Next
VirtualProtectEx
HeapDestroy
ExitProcess
GetCurrentProcess
VirtualQueryEx
GetProcAddress
GetLastError
HeapFree
TlsGetValue
HeapAlloc
TlsSetValue
TlsAlloc
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
GetCurrentThread
DuplicateHandle
CreateSemaphoreA
CreateThread
ReleaseSemaphore
LeaveCriticalSection
WaitForMultipleObjects
LoadLibraryA
CreateFileA
GetFileSize
ReadFile
Sleep
FreeLibrary
GetCurrentProcessId
GetCommandLineA
GetModuleFileNameA
CreatePipe
GetStdHandle
CreateProcessA
TerminateProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
WideCharToMultiByte
MultiByteToWideChar
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
GlobalFree
HeapReAlloc
GetModuleHandleW
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryA
GetTempPathA
CreateDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
DeleteFileA
CopyFileA
GetDriveTypeA
FindFirstFileA
FindClose
GetFileAttributesA
WriteFile
SetFilePointer
MulDiv
DeleteCriticalSection

user32

GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardState
GetAsyncKeyState
ShowWindow
SetClassLongPtrA
RedrawWindow
GetWindowLongPtrA
WindowFromPoint
SendMessageA
GetKeyNameTextA
MapVirtualKeyA
PeekMessageA
RegisterHotKey
UnregisterHotKey
CharUpperA
CharLowerA
MessageBoxA
DefWindowProcA
GetWindowTextLengthA
GetWindowTextA
EnableWindow
DestroyWindow
UnregisterClassA
LoadIconA
LoadCursorA
RegisterClassExA
IsWindowEnabled
GetSystemMetrics
CreateWindowExA
SetWindowLongPtrA
SetFocus
CreateAcceleratorTableA
SetForegroundWindow
BringWindowToTop
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
DestroyAcceleratorTable
IsWindowVisible
EnumWindows
SetWindowPos
BeginPaint
EndPaint
GetWindowRect
GetParent
MapWindowPoints
MoveWindow
InvalidateRect
SetWindowTextA
GetIconInfo
UpdateWindow
ReleaseCapture
DrawStateA
SetCapture
CallWindowProcA
ScreenToClient
GetPropA
RemovePropA
SetPropA
SetScrollPos
GetDC
InflateRect
ReleaseDC
GetWindowDC
GetClientRect
SetScrollInfo
GetScrollPos
GetScrollRange
FillRect
GetSysColor
GetSysColorBrush
GetFocus
GetClassNameA
EnumPropsExA
GetWindow
SetActiveWindow
DestroyIcon
RegisterClassA
AdjustWindowRectEx
GetMenu
DefFrameProcA
EnumChildWindows
PostMessageA
GetActiveWindow
MsgWaitForMultipleObjects
GetKeyState
IsChild
RegisterWindowMessageA
GetCursorPos
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
DrawIconEx
CopyImage
CreateIconFromResourceEx
CreateIconFromResource

gdi32

CreatePatternBrush
GetStockObject
GetObjectType
GetObjectA
DeleteObject
ExcludeClipRect
SetTextColor
SetBkColor
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
GetDeviceCaps
SelectPalette
RealizePalette
GetDIBits
SetPixelV
Rectangle
Ellipse
CreateCompatibleDC
BitBlt
DeleteDC
SetStretchBltMode
StretchDIBits
StretchBlt
SetBkMode
MoveToEx
TextOutA
SetROP2
GetPixel
ExtFloodFill
CreatePen
LineTo
SetTextAlign
RoundRect
CreateFontIndirectA
GetTextMetricsA
CreateCompatibleBitmap
GdiGetBatchLimit
GdiSetBatchLimit
SetBrushOrgEx
CreateDIBSection
CreateBitmap
SetPixel
CreateDCA
CreateFontA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetCurrentHwProfileA

ole32

CoInitialize
OleInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
RevokeDragDrop
OleCreate
OleSetContainedObject

shell32

ShellExecuteExA

winmm

timeBeginPeriod

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

comctl32

InitCommonControlsEx

oleaut32

SysFreeString
SysAllocString
VariantInit
DispGetParam
VariantClear
SysStringLen
SysAllocStringLen

Sections

.code
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 292KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
swbfpromo-readme.txt

Sharing

General

Malware Config

Signatures

Files

8ccae697bf5e93663b4d80276b00e410

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

shell32

winmm

gdiplus

urlmon

wininet

comctl32

oleaut32

Sections

.code Size: 110KB - Virtual size: 110KB

.text Size: 452KB - Virtual size: 452KB

.rdata Size: 64KB - Virtual size: 63KB

.pdata Size: 22KB - Virtual size: 22KB

_RDATA Size: 512B - Virtual size: 48B

.data Size: 292KB - Virtual size: 301KB

.rsrc Size: 73KB - Virtual size: 73KB

.code
Size: 110KB - Virtual size: 110KB

.text
Size: 452KB - Virtual size: 452KB

.rdata
Size: 64KB - Virtual size: 63KB

.pdata
Size: 22KB - Virtual size: 22KB

_RDATA
Size: 512B - Virtual size: 48B

.data
Size: 292KB - Virtual size: 301KB

.rsrc
Size: 73KB - Virtual size: 73KB