263784b4501d12201c07ef92173fdf61_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

263784b4501d12201c07ef92173fdf61_JaffaCakes118
Size

1.2MB
MD5

263784b4501d12201c07ef92173fdf61
SHA1

f1ae7c76ca8e3ba6f424736cb05bb1284f6e6e4f
SHA256

8357a173bf0644a94b5f8e5ac0959ab1c0024b24d8ba91e49f060df2892e993c
SHA512

e9428728e5ea0d2e4a44ebf2dbb011a4608eeaea0ca70d4fde583efe9a10ea1574521da47dbd107f0286517a9f785fa090adb0f62b88dbf296e4fac3c07bb945
SSDEEP

24576:s++wrBYwOsSLBNVzRWjkZIIozo0r8iZkaoPcvQ1hRfWvHzLOqRCdZIIUc9:21rdNNVswZIRzo0YpUsR+fzcGFC

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ultra hack ( mir-hack.ru )/uh.dll
unpack001/ultra hack ( mir-hack.ru )/uh.exe

Files

263784b4501d12201c07ef92173fdf61_JaffaCakes118
.rar
ultra hack ( mir-hack.ru )/uh.dll
.dll windows:6 windows x86 arch:x86

c1f585ad6afdfe7570377198cf0c47bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcess
K32GetMappedFileNameA
VirtualQuery
ExitThread
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
FreeLibraryAndExitThread
CreateThread
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
MulDiv
IsProcessorFeaturePresent
DisableThreadLibraryCalls
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualProtect
GetPrivateProfileStringA
CreateDirectoryA
WritePrivateProfileStringA
DeleteFileA
GetLastError
Sleep
IsDebuggerPresent
GetModuleFileNameA

user32

SetWindowLongA
ReleaseCapture
SetCursorPos
GetWindowThreadProcessId
GetWindowRect
IsWindowVisible
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetActiveWindow
SetCursor
SetCapture
ClientToScreen
GetCapture
GetKeyState
EnumWindows
CallWindowProcA
GetClientRect
GetClassNameA

gdi32

SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
GetDeviceCaps
DeleteDC
SetTextColor
SetBkColor
DeleteObject
SetMapMode
SetTextAlign
AddFontResourceExA
CreateFontA
ExtTextOutA

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
_Xtime_get_ticks
_Query_perf_frequency
_Query_perf_counter
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z

winmm

PlaySoundA

imm32

ImmSetCompositionWindow
ImmGetContext

vcruntime140

__CxxFrameHandler3
__std_type_info_destroy_list
_CxxThrowException
memset
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
_purecall
strchr
__std_terminate
memmove
__std_exception_destroy
memcpy
strstr
memchr
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
terminate
_initialize_onexit_table
_initterm_e
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno
_configure_narrow_argv
_seh_filter_dll
_initialize_narrow_environment
_initterm

api-ms-win-crt-stdio-l1-1-0

ftell
fputc
fopen
fflush
_wfopen
fclose
fseek
__stdio_common_vsprintf_s
fgetc
setvbuf
_get_stream_buffer_pointers
_fseeki64
__stdio_common_vsscanf
fread
fsetpos
ungetc
__acrt_iob_func
fgetpos
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-convert-l1-1-0

atof
atoi

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-math-l1-1-0

_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_CIfmod
_libm_sse2_sqrt_precise
roundf
_libm_sse2_tan_precise
ceil
_libm_sse2_acos_precise
round
floor
_CIatan2
_except1

api-ms-win-crt-string-l1-1-0

isprint
toupper
tolower
_stricmp
strncpy
strcpy_s
strncat_s
strncpy_s

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 688KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ultra hack ( mir-hack.ru )/uh.exe
.exe windows:4 windows x86 arch:x86

1db9912ff75b32133e7eae8dc720dacc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Home\Desktop\New Folder\load\Exe\Release\GDL.pdb

Imports

winmm

timeGetTime

kernel32

ExitProcess
Sleep
CreateThread
CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
OpenProcess
lstrlenW
lstrlenA
GetCurrentProcess
GetModuleHandleA
CreateMutexA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
ReadFile
SetEndOfFile
SetFilePointer
GetCPInfo
GetOEMCP
GetACP
GetModuleFileNameA
VirtualProtect
GetLastError
TerminateProcess
LoadLibraryA
CreateFileA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
GetSystemInfo
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
InterlockedExchange
VirtualQuery
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers

user32

CreateDialogParamA
ShowWindow
UpdateWindow
LoadCursorA
GetMessageA
TranslateMessage
DispatchMessageA
SetCursor
SetDlgItemTextA
wsprintfW
FindWindowA
GetWindowThreadProcessId

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

OGRE2.01
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ultra hack ( mir-hack.ru )/uhdata/default.cfg
ultra hack ( mir-hack.ru )/uhdata/default.net
ultra hack ( mir-hack.ru )/uhdata/default.snd

Sharing

General

Malware Config

Signatures

Files

c1f585ad6afdfe7570377198cf0c47bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcp140

winmm

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 688KB - Virtual size: 688KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 18KB - Virtual size: 1.6MB

.reloc Size: 28KB - Virtual size: 28KB

1db9912ff75b32133e7eae8dc720dacc

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

advapi32

shell32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

OGRE2.01 Size: 4KB - Virtual size: 4KB

.text
Size: 688KB - Virtual size: 688KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 18KB - Virtual size: 1.6MB

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

OGRE2.01
Size: 4KB - Virtual size: 4KB