20f564e56e469456f9f2809e072f256b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

20f564e56e469456f9f2809e072f256b_JaffaCakes118
Size

363KB
MD5

20f564e56e469456f9f2809e072f256b
SHA1

3c83d436d0aea32eff72b607a50154a2b7df6520
SHA256

37fd56da08fa94b86296e6d4ecd971c392a6b9da08bf1af5c2d019ed96e10cb8
SHA512

477bdf9a471bc5f5b3ac8b5046d8c1d5fc653056ce3b60cd5e0a43bb5d8a6f34bfd1882a6dfa3a84eabac1e2c31f705a3fda84095445d80c46f76d5c9193a7b9
SSDEEP

6144:VIFXh/tXDFbzhSH+d+/QsF6g4W/cgc25fqhuMgF9g4TIaOXM2T6NJHF:VeVtlhSHAlsF6g4KcgcWfq94QXIj

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Game Bandit vip/Game Bandit vip/Game-Bandit VIP.dll
unpack001/Game Bandit vip/Game Bandit vip/Game-Bandit VIP.exe

Files

20f564e56e469456f9f2809e072f256b_JaffaCakes118
.rar
Game Bandit vip/Game Bandit vip/Game-Bandit VIP.dll
.dll windows:5 windows x86 arch:x86

1638ae416de6d79d10e4e11464f539e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Craig\Desktop\edel.pdb

Imports

winmm

timeGetTime

kernel32

VirtualProtect
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTickCount
VirtualFree
MultiByteToWideChar
Process32First
Module32First
Process32Next
GetModuleFileNameA
CreateToolhelp32Snapshot
Module32Next
CloseHandle
VirtualQuery
GetCurrentProcess
CreateDirectoryA
GetSystemTime
GetModuleHandleA
Sleep
ExitProcess
GetComputerNameA
FreeLibrary
GetVolumeInformationA
LoadLibraryA
CreateThread
HeapAlloc
GetProcessHeap
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
SetFilePointer
WriteConsoleW
GetProcAddress
SetUnhandledExceptionFilter
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
HeapFree
WideCharToMultiByte
GetLastError
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetSystemTimeAsFileTime
GetLocalTime
GetModuleHandleW
GetCurrentThreadId
GetCommandLineA
RtlUnwind
GetFullPathNameA
InterlockedIncrement
InterlockedDecrement
RaiseException
TerminateProcess
UnhandledExceptionFilter
GetStringTypeW
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetCurrentDirectoryA
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetTimeZoneInformation
WriteFile
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
SetEndOfFile

user32

MessageBoxA
ScreenToClient
GetForegroundWindow
GetCursorPos
GetAsyncKeyState

advapi32

GetUserNameA

vstdlib

RandomSeed
RandomFloat
KeyValuesSystem

tier0

GetCPUInformation
g_pMemAlloc
?Lock@CThreadMutex@@QBEXXZ
CommandLine_Tier0
Warning
DevMsg
?DevMsg@@YAXPBDZZ
AssertValidStringPtr
Error
_AssertValidWritePtr
Msg
?Lock@CThreadMutex@@QAEXXZ

Sections

.text
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 41KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Game Bandit vip/Game Bandit vip/Game-Bandit VIP.exe
.exe windows:4 windows x86 arch:x86

a33e40346cb4ddaff78c494b881a00f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

kernel32

ExitProcess
Sleep
CreateThread
CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
OpenProcess
lstrlenW
lstrlenA
GetCurrentProcess
GetModuleHandleA
CreateMutexA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
ReadFile
SetEndOfFile
SetFilePointer
GetCPInfo
GetOEMCP
GetACP
GetModuleFileNameA
VirtualProtect
GetLastError
QueryPerformanceCounter
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
TerminateProcess
GetSystemInfo
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
InterlockedExchange
VirtualQuery
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryA

user32

CreateDialogParamA
ShowWindow
UpdateWindow
LoadCursorA
GetMessageA
TranslateMessage
DispatchMessageA
SetCursor
SetDlgItemTextA
wsprintfW
FindWindowA
GetWindowThreadProcessId

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Game Bandit vip/Game Bandit vip/Game-Bandit VIp.nfo
Game Bandit vip/Game Bandit vip/resources/Fonts/BEBAS.TTF
Game Bandit vip/Game Bandit vip/resources/Fonts/BREAK.TTF

Sharing

General

Malware Config

Signatures

Files

1638ae416de6d79d10e4e11464f539e3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

advapi32

vstdlib

tier0

Sections

.text Size: 434KB - Virtual size: 433KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 22KB - Virtual size: 114KB

.reloc Size: 41KB - Virtual size: 50KB

a33e40346cb4ddaff78c494b881a00f7

Headers

File Characteristics

Imports

winmm

kernel32

user32

advapi32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 256KB - Virtual size: 256KB

.text
Size: 434KB - Virtual size: 433KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 22KB - Virtual size: 114KB

.reloc
Size: 41KB - Virtual size: 50KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 256KB - Virtual size: 256KB