152c66c792ec1a4ec5585ccf3bb33e27_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

152c66c792ec1a4ec5585ccf3bb33e27_JaffaCakes118
Size

372KB
MD5

152c66c792ec1a4ec5585ccf3bb33e27
SHA1

09355000eabf1dc5052f920fc87adcc58e5cd154
SHA256

04bc58c59576019a05fddb8cdc875dc0d161238138462133ae4c085acf2606eb
SHA512

c6dd869282c3791717296421b7049cbb8e41d05f89d81c203e2e4ec7840a1730850742b11d1586096e6c5798b08fe94a12c41705e0b0b602e06fe124990a768c
SSDEEP

6144:nhpA+++/GGsfibQI2VyAHLqWi9j0UdmijNs7N:nhC7Vfibtyo9wd0ON

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
152c66c792ec1a4ec5585ccf3bb33e27_JaffaCakes118

Files

152c66c792ec1a4ec5585ccf3bb33e27_JaffaCakes118
.exe windows:6 windows x86 arch:x86

dd8c4e452cfc99f456f587a9d962b7e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\GameCube\GamesCube\Output\Release\bin\CubeProxy.pdb

Imports

kernel32

GetModuleHandleW
LocalFree
GetModuleFileNameW
CreateDirectoryW
CreateFileW
GetCurrentThreadId
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetCurrentProcess
CloseHandle
GetCommandLineW
GetSystemTimeAsFileTime
WaitForSingleObject
TerminateProcess
SetUnhandledExceptionFilter
CreateMutexW
GetLastError
LocalLock
LocalAlloc
GetModuleFileNameA
GetFileAttributesA
OpenProcess
GetEnvironmentVariableA
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
DecodePointer
EncodePointer
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitOnceExecuteOnce
Sleep
GetTickCount64
SetEvent
CreateEventW
WideCharToMultiByte
GetModuleHandleA
MultiByteToWideChar

user32

GetWindowThreadProcessId
DefWindowProcW
GetWindowLongW
CreateWindowExA
ChangeWindowMessageFilter
MsgWaitForMultipleObjectsEx
GetWindowTextA
PeekMessageW
IsWindow
PostMessageW
SendMessageW
DestroyWindow
ShowWindow
SetWindowLongW
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
PostQuitMessage

shell32

CommandLineToArgvW

ntdll

ZwQueryInformationProcess

proxy

GetNodeAndPing
m_vecNodes
SetCallBack_Type
ProxyInit
GetAppidByGameid
YueLun_login
SetGameConfig
StartYueLunAcc
Delete_YueLun_GameInfoByID
StopYueLunAcc
GetCurrentGameInfo
InstallTun
RetNetwork
RepairLsp
GetGameAllList
Add_YueLun_GameInfoByID

msvcrt

memchr
fseek
_fsopen
tolower
_cexit
__setusermatherr
_initterm
_initterm_e
_exit
_set_fmode
atoi
__p__commode
_amsg_exit
_except_handler4_common
__getmainargs
atexit
_controlfp_s
__DestructExceptionObject
__pctype_func
_iob
strtol
wctomb_s
wcsnlen
strnlen
__uncaught_exception
_CxxThrowException
_unlock
__dllonexit
__set_app_type
_ismbblead
_acmdln
_isatty
_fileno
_CIlog10
_ftol2_sse
ceil
_clearfp
??3@YAXPAX@Z
?terminate@@YAXXZ
_strtoui64
_strtoi64
_XcptFilter
free
_time64
setvbuf
setlocale
fgetpos
wcsrtombs_s
_errno
memset
localeconv
strcpy_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
memmove
fgetc
strcspn
fclose
??2@YAPAXI@Z
fflush
_localtime64_s
calloc
abort
strtok_s
??_V@YAXPAX@Z
__CxxFrameHandler3
strtod
fputc
fwrite
_ctime64_s
strrchr
??0exception@@QAE@XZ
??_U@YAPAXI@Z
exit
_beginthreadex
wcstoul
malloc
_fseeki64
fread
isdigit
_mkdir
memcpy
fsetpos
atol
isspace
strcat_s
strstr
frexp
_lock
ungetc
_c_exit

msvcp60

_Tolower
_Getcvt
_Toupper
_Getctype

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd8c4e452cfc99f456f587a9d962b7e3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ntdll

proxy

msvcrt

msvcp60

Sections

.text Size: 284KB - Virtual size: 284KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 284KB - Virtual size: 284KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 15KB - Virtual size: 15KB