277c6bc4b0e27676ae67e72fc6b35cd9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

277c6bc4b0e27676ae67e72fc6b35cd9_JaffaCakes118
Size

16.4MB
MD5

277c6bc4b0e27676ae67e72fc6b35cd9
SHA1

0c86155a42bac9014e05cfc478c9105ebd0457c7
SHA256

f1bfde4549f0cab382dd2c3d6be6d0959cd87449929dcb9975b8cc5b5e9f3170
SHA512

b8a748327bef716db2cac2a7ba8d5291da07fd5e480460c6b7af24173a8a6afd62ed52bd4b2200604a3446eb78d10126e57280818060fe574022e77fcb18f4ef
SSDEEP

196608:natK0K2XacX11M8mdLlI3D1kpeaAise5TlvSFe8ZbGVm:n52XPM5LlI3DypvAiZPSLbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
277c6bc4b0e27676ae67e72fc6b35cd9_JaffaCakes118

Files

277c6bc4b0e27676ae67e72fc6b35cd9_JaffaCakes118
.exe windows:6 windows x64 arch:x64

c80e7c030f780e4a863a02379f6e1830

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\nk2\program\main\program\Release\Steam\Nino2.pdb

Imports

steam_api64

SteamAPI_RegisterCallback
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamAPI_Init
SteamAPI_RunCallbacks
SteamAPI_RestartAppIfNecessary
SteamInternal_CreateInterface
SteamAPI_GetHSteamUser
SteamAPI_GetHSteamPipe
SteamInternal_ContextInit
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult

sdkencryptedappticket64

SteamEncryptedAppTicket_BIsTicketForApp
SteamEncryptedAppTicket_BDecryptTicket
SteamEncryptedAppTicket_GetUserVariableData
SteamEncryptedAppTicket_GetTicketSteamID

physx3_x64

PxUnregisterPhysicsSerializers
PxRegisterPhysicsSerializers
PxGetPhysicsBinaryMetaData
??0PxClothMotionConstraintConfigGeneratedInfo@physx@@QEAA@XZ
??0PxClothTetherConfigGeneratedInfo@physx@@QEAA@XZ
??0PxClothStretchConfigGeneratedInfo@physx@@QEAA@XZ
??0PxHeightFieldGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxTriangleMeshGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxPlaneGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxSphereGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxConvexMeshGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxMeshScaleGeneratedInfo@physx@@QEAA@XZ
??0PxCapsuleGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxBoxGeometryGeneratedInfo@physx@@QEAA@XZ
PxAddCollectionToPhysics
??0PxParticleFluidGeneratedInfo@physx@@QEAA@XZ
??0PxClothGeneratedInfo@physx@@QEAA@XZ
??0PxClothFabricGeneratedInfo@physx@@QEAA@XZ
??0PxShapeGeneratedInfo@physx@@QEAA@XZ
??0PxAggregateGeneratedInfo@physx@@QEAA@XZ
??0PxArticulationGeneratedInfo@physx@@QEAA@XZ
??0PxArticulationJointGeneratedInfo@physx@@QEAA@XZ
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxBoxGeometry@2@@Z
PxRegisterHeightFields
PxRegisterArticulations
PxCreateBasePhysics
PxRegisterCloth
??0PxArticulationLinkGeneratedInfo@physx@@QEAA@XZ
??0PxRigidStaticGeneratedInfo@physx@@QEAA@XZ
??0PxRigidDynamicGeneratedInfo@physx@@QEAA@XZ
??0PxParticleSystemGeneratedInfo@physx@@QEAA@XZ
??0PxHeightFieldDescGeneratedInfo@physx@@QEAA@XZ
??0PxMaterialGeneratedInfo@physx@@QEAA@XZ
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxHeightFieldGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxTriangleMeshGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxConvexMeshGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxPlaneGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxCapsuleGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxSphereGeometry@2@@Z
PxRegisterParticles

physx3characterkinematic_x64

PxCreateControllerManager

physx3common_x64

PxGetFoundation
?PxTransformFromSegment@physx@@YA?AVPxTransform@1@AEBVPxVec3@1@0PEAM@Z
PxCreateFoundation
?PxCreateCollection@@YAPEAVPxCollection@physx@@XZ
?errorImpl@Foundation@shdfnd@physx@@QEAAXW4Enum@PxErrorCode@3@PEBDH1PEAD@Z
?deallocate@TempAllocator@shdfnd@physx@@QEAAXPEAX@Z
?allocate@TempAllocator@shdfnd@physx@@QEAAPEAX_KPEBDH@Z
?wait@SyncImpl@shdfnd@physx@@QEAA_NI@Z
?getSize@ThreadImpl@shdfnd@physx@@SAAEBIXZ
?quit@ThreadImpl@shdfnd@physx@@QEAAXXZ
?quitIsSignalled@ThreadImpl@shdfnd@physx@@QEAA_NXZ
??1ThreadImpl@shdfnd@physx@@QEAA@XZ
??0ThreadImpl@shdfnd@physx@@QEAA@XZ
?setName@ThreadImpl@shdfnd@physx@@QEAAXPEBD@Z
?setAffinityMask@ThreadImpl@shdfnd@physx@@QEAAII@Z
?waitForQuit@ThreadImpl@shdfnd@physx@@QEAA_NXZ
?signalQuit@ThreadImpl@shdfnd@physx@@QEAAXXZ
?start@ThreadImpl@shdfnd@physx@@QEAAXIPEAVRunnable@23@@Z
?getId@ThreadImpl@shdfnd@physx@@SA_KXZ
?getDefaultStackSize@ThreadImpl@shdfnd@physx@@SAIXZ
?getSize@SListImpl@shdfnd@physx@@SAAEBIXZ
?pop@SListImpl@shdfnd@physx@@QEAAPEAVSListEntry@23@XZ
?push@SListImpl@shdfnd@physx@@QEAAXPEAVSListEntry@23@@Z
??1SListImpl@shdfnd@physx@@QEAA@XZ
??0SListImpl@shdfnd@physx@@QEAA@XZ
?getSize@SyncImpl@shdfnd@physx@@SAAEBIXZ
?reset@SyncImpl@shdfnd@physx@@QEAAXXZ
?set@SyncImpl@shdfnd@physx@@QEAAXXZ
?getAllocator@shdfnd@physx@@YAAEAVPxAllocatorCallback@2@XZ
?deallocate@Allocator@shdfnd@physx@@QEAAXPEAX@Z
?getInstance@Foundation@shdfnd@physx@@SAAEAV123@XZ
?error@Foundation@shdfnd@physx@@QEAAXW4Enum@PxErrorCode@3@PEBDH1ZZ
?incRefCount@Foundation@shdfnd@physx@@SAXXZ
?decRefCount@Foundation@shdfnd@physx@@SAXXZ
?allocate@Allocator@shdfnd@physx@@QEAAPEAX_KPEBDH@Z
??0SyncImpl@shdfnd@physx@@QEAA@XZ
??1SyncImpl@shdfnd@physx@@QEAA@XZ

physx3cooking_x64

PxCreateCooking

apexframework_x64

NxCreateApexSDK

ws2_32

htons
bind
setsockopt
inet_ntoa
listen
accept
closesocket
getsockname
recv
shutdown
socket
gethostbyname
WSAGetLastError
WSACleanup
WSAStartup
gethostname
send

kernel32

RtlCaptureContext
WaitForSingleObjectEx
FormatMessageW
GetModuleHandleW
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlVirtualUnwind
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindFirstFileExA
GetCPInfo
SetConsoleCtrlHandler
CreatePipe
MoveFileExW
GetFileAttributesExW
GetExitCodeProcess
GetCurrentDirectoryA
GetSystemDefaultLocaleName
QueryPerformanceCounter
CreateMutexA
WaitForSingleObject
GetCurrentThreadId
GetModuleHandleA
OpenProcess
GetCommandLineA
GetLastError
K32GetModuleBaseNameW
CloseHandle
K32EnumProcesses
K32EnumProcessModules
GetSystemDefaultLangID
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetThreadAffinityMask
GetCurrentProcess
GetProcessAffinityMask
SetThreadPriority
ResumeThread
GetExitCodeThread
Sleep
SetEvent
GetCurrentThread
GetThreadPriority
CreateEventA
HeapFree
InitializeCriticalSectionEx
HeapSize
QueryPerformanceFrequency
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
GetProcessHeap
VerifyVersionInfoA
GetProcAddress
VerSetConditionMask
FindFirstFileA
WriteFile
FindNextFileA
UnhandledExceptionFilter
CreateFileA
DeleteFileA
SetFileAttributesA
RemoveDirectoryA
SetUnhandledExceptionFilter
ReadFile
GetFileSizeEx
SetFilePointerEx
GetSystemInfo
ResetEvent
OutputDebugStringA
CreateDirectoryW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileAttributesA
GetFileAttributesW
GetFileSize
SetEndOfFile
SetFilePointer
MoveFileA
MoveFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetTickCount
FreeLibrary
LoadLibraryExA
GetModuleFileNameA
FormatMessageA
GetConsoleCP
HeapQueryInformation
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetTempPathW
ExitThread
GetModuleHandleExW
ExitProcess
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryW
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
EncodePointer
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
LoadLibraryA
FindClose
CreateTimerQueueTimer
GetLogicalProcessorInformation
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
CreateProcessA
TlsFree
TlsSetValue
TlsGetValue
CreateProcessW
VerifyVersionInfoW
GetFullPathNameW
LoadLibraryExW
lstrcmpA
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
TryEnterCriticalSection
LocalFree
GetSystemDirectoryW
CreateDirectoryA
RtlCaptureStackBackTrace
LocalAlloc
OutputDebugStringW
CreateSemaphoreW
TerminateThread
ReleaseSemaphore

user32

SetTimer
IsIconic
TranslateMessage
ShowWindow
IsWindowVisible
DispatchMessageA
EnumDisplayDevicesA
GetMessageA
SendInput
SetForegroundWindow
KillTimer
GetClientRect
LoadIconA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
PostMessageA
LoadCursorA
wvsprintfA
ShowCursor
SetCursorPos
ScreenToClient
GetCursorPos
GetActiveWindow
GetKeyboardLayoutNameA
GetKeyboardState
GetAsyncKeyState
MoveWindow
AdjustWindowRect
RegisterClassA
DefWindowProcA
CreateWindowExA
PeekMessageA
GetWindowLongPtrA
SetRect
PostQuitMessage
ShowWindowAsync
SetWindowPos
EnumDisplayMonitors
SetWindowLongA
SwitchToThisWindow
GetWindowLongA
UnregisterClassA
MessageBoxW
GetWindowRect
GetMonitorInfoA
GetForegroundWindow
SendMessageA
WINNLSEnableIME

advapi32

RegFlushKey
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoInitialize

oleaut32

SysFreeString
SysAllocString

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod
timeGetDevCaps

dxgi

CreateDXGIFactory

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

d3d11

D3D11CreateDevice

dinput8

DirectInput8Create

xinput1_3

ord2
ord3
ord5

gdi32

ExtEscape
DeleteDC
CreateDCW

hid

HidP_GetCaps
HidD_GetSerialNumberString
HidD_GetProductString
HidD_GetManufacturerString
HidD_SetFeature
HidD_GetFeature
HidD_FreePreparsedData
HidD_GetPreparsedData
HidD_GetHidGuid
HidD_GetAttributes
HidP_GetValueCaps

Exports

Exports

NvOptimusEnablement
agsDeInit
agsGetCrossfireGPUCount
agsInit
agsSetDisplayMode

Sections

.text
Size: 11.7MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 226KB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 750KB - Virtual size: 750KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c80e7c030f780e4a863a02379f6e1830

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

steam_api64

sdkencryptedappticket64

physx3_x64

physx3characterkinematic_x64

physx3common_x64

physx3cooking_x64

apexframework_x64

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

winmm

dxgi

setupapi

d3d11

dinput8

xinput1_3

gdi32

hid

Exports

Exports

Sections

.text Size: 11.7MB - Virtual size: 11.7MB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 226KB - Virtual size: 6.3MB

.pdata Size: 750KB - Virtual size: 750KB

.gfids Size: 5KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 281KB - Virtual size: 280KB

.reloc Size: 69KB - Virtual size: 69KB

.bind Size: 174KB - Virtual size: 174KB

.text
Size: 11.7MB - Virtual size: 11.7MB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 226KB - Virtual size: 6.3MB

.pdata
Size: 750KB - Virtual size: 750KB

.gfids
Size: 5KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 281KB - Virtual size: 280KB

.reloc
Size: 69KB - Virtual size: 69KB

.bind
Size: 174KB - Virtual size: 174KB