2d26bac0faf01d293d44b5ec763b1e09_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d26bac0faf01d293d44b5ec763b1e09_JaffaCakes118
Size

617KB
MD5

2d26bac0faf01d293d44b5ec763b1e09
SHA1

16903ea3a45d80774ea0fbd83ff8f0919d10fef8
SHA256

98852f4b3bf7ee5deb481b1f216ed333fdf80dba5a81af14a89866a8f5e0c273
SHA512

f1d7bd2bf830b9484f6c354f6616ab68026a65a4996c4bf289eea8259678fd7d8685a5b2fe3041215efde8726de84944a76ad37235e530e41803e8665bbddd41
SSDEEP

12288:U44NYzD3vNf+IcTUhgnYqAA79XMbYPukuXYVyoLzM5qhhXPn4Vt6jCd6TvH3M+H1:UxcgnYqAoZrw7GMt67vH3X5eK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d26bac0faf01d293d44b5ec763b1e09_JaffaCakes118

Files

2d26bac0faf01d293d44b5ec763b1e09_JaffaCakes118
.dll windows:6 windows x86 arch:x86

b92f3a79b38d43e798c8e6700b5bda06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sampfuncs.asi

?getSAMP@SAMPFUNCS@@QAEPAVSFSAMP@@XZ
?getRender@SAMPFUNCS@@QAEPAVSFRender@@XZ
?getGame@SAMPFUNCS@@QAEPAVSFGame@@XZ
?Log@SAMPFUNCS@@QAAXPBDZZ
?initPlugin@SAMPFUNCS@@QAE_NP6GXXZPAUHINSTANCE__@@@Z
?Print@stFontInfo@@QAEJPBDKMM_N1U?$rect@M@@@Z
?BeginRender@SFRender@@QAEJXZ
?EndRender@SFRender@@QAEJXZ
?DrawLine@SFRender@@QAEXHHHHHK@Z
?DrawBox@SFRender@@QAEXHHHHK@Z
?CreateNewFont@SFRender@@QAEPAUstFontInfo@@PADHK@Z
??0BitStream@@QAE@XZ
??1BitStream@@QAE@XZ
?Write@BitStream@@QAEXPBDH@Z
?Read@BitStream@@QAE_NPADH@Z
?WriteBits@BitStream@@QAEXPBEH_N@Z
?ReadBits@BitStream@@QAE_NPAEH_N@Z
?DecodeString@SFRakNet@@QAEXPADHPAVBitStream@@@Z
?registerRakNetCallback@SFRakNet@@QAEXW4RakNetScriptHookType@@P6G_NPAUstRakNetHookParams@@@Z@Z
?SendPacket@SFRakNet@@QAE_NPAVBitStream@@W4PacketPriority@@W4PacketReliability@@D@Z
?AddChatMessage@stChatInfo@@QAAXKPBDZZ
?DisableInput@stInputInfo@@QAEXXZ
?Close@stDialogInfo@@QAEXH@Z
?ListBoxGetItemsCount@stDialogInfo@@QAEHXZ
?ListBoxGetItemText@stDialogInfo@@QAEPADH@Z
?ShowDialog@stDialogInfo@@QAEXGHPAD000@Z
?ToggleCursor@stMiscInfo@@QAEX_N@Z
?IsInitialized@SFSAMP@@QAE_NXZ
?getInfo@SFSAMP@@QAEPAUstSAMP@@XZ
?getScreenResolution@SFGame@@QAEXPAH0@Z
?GAME@@3PAVCGame@@A
?getRakNet@SAMPFUNCS@@QAEPAVSFRakNet@@XZ
?sendDialogResponse@SFSAMP@@QAEXGEGPAD@Z
?getMisc@SFSAMP@@QAEPAUstMiscInfo@@XZ
?getDialog@SFSAMP@@QAEPAUstDialogInfo@@XZ
?getInput@SFSAMP@@QAEPAUstInputInfo@@XZ
?getChat@SFSAMP@@QAEPAUstChatInfo@@XZ

kernel32

GetACP
IsValidCodePage
HeapSize
GetFileSizeEx
GetConsoleCP
FlushFileBuffers
WriteFile
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
HeapAlloc
HeapFree
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
ReadFile
RtlUnwind
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetVersionExA
GetModuleHandleA
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetOEMCP
ExitProcess
CreateThread
GetCurrentThread
CreateProcessA
OpenProcess
GlobalMemoryStatusEx
WriteProcessMemory
GetPrivateProfileIntA
WritePrivateProfileStringA
InterlockedFlushSList
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
GetThreadTimes
SetEvent
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualAlloc
DebugBreak
SuspendThread
VirtualFree
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
GetProcessHeap
SetStdHandle
Sleep
FindNextFileW
InterlockedCompareExchange
VirtualQuery
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageW
CreateFileW
DeleteFileW
FindClose
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
CloseHandle
SetLastError
GetModuleHandleW
SwitchToThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW

user32

GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
GetClientRect
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
IsChild
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
wsprintfA
CallWindowProcA
SetWindowLongA
FindWindowA
GetWindowThreadProcessId
GetKeyState
LoadCursorA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

SHGetFolderPathA
SHGetFolderPathW

oleaut32

VariantClear
SysFreeString
SysAllocString

xinput1_3

ord4
ord2

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

d3dx9_43

D3DXCreateTextureFromFileA

Sections

.text
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b92f3a79b38d43e798c8e6700b5bda06

Headers

DLL Characteristics

File Characteristics

Imports

sampfuncs.asi

kernel32

user32

advapi32

shell32

oleaut32

xinput1_3

imm32

urlmon

wininet

d3dx9_43

Sections

.text Size: 451KB - Virtual size: 450KB

.rdata Size: 131KB - Virtual size: 131KB

.data Size: 4KB - Virtual size: 15KB

_RDATA Size: 10KB - Virtual size: 9KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 451KB - Virtual size: 450KB

.rdata
Size: 131KB - Virtual size: 131KB

.data
Size: 4KB - Virtual size: 15KB

_RDATA
Size: 10KB - Virtual size: 9KB

.reloc
Size: 19KB - Virtual size: 19KB