3aacbc89707ada11618c4dfbc6e18893_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3aacbc89707ada11618c4dfbc6e18893_JaffaCakes118
Size

504KB
MD5

3aacbc89707ada11618c4dfbc6e18893
SHA1

775c3bc562c1c463944b86107332dd7ddec820c1
SHA256

e0c1ff33054108a0d93e442157db2349ac88bd2537850ee605d24ccbd2b73ff6
SHA512

7992f439b90b306eb8ea05e0fffc7ac91ba4437f24a5b190fb3af803a61607511e5e90564244517cfbc3477e37786d0ce10e7bc753a058eef298d1a726487370
SSDEEP

12288:f/jLUAtQIs2Ig5VhvJy40EeivcANTZ8bov8QKNi5GU7ErXXShvsUVhlwC22c:HjwSQk1doAN18bNidErChVhlk2c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Anno 2205 v1.0 Plus 6 Trainer.exe

Files

3aacbc89707ada11618c4dfbc6e18893_JaffaCakes118
.zip
Anno 2205 v1.0 Plus 6 Trainer.exe
.exe windows:5 windows x64 arch:x64

9215d8d08ccfb5df03bb5412f2a17a2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
CreateFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileAttributesW
ReadProcessMemory
WriteProcessMemory
IsWow64Process
GetCurrentProcess
GetNativeSystemInfo
GetSystemInfo
VirtualQueryEx
VirtualAllocEx
VirtualFreeEx
GetProcAddress
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32NextW
GetPrivateProfileStringW
WritePrivateProfileStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
GetFileType
GetStdHandle
GetCurrentThreadId
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetLastError
CloseHandle
Sleep
GetProcessHeap
HeapAlloc
Module32FirstW
HeapFree
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetLastError
SetUnhandledExceptionFilter
SetEnvironmentVariableA
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
IsProcessorFeaturePresent
GetCPInfo
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineW
CreateDirectoryW
EncodePointer
GetStringTypeW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
HeapSize
GetTimeZoneInformation
HeapDestroy

user32

CreateWindowExW
SendMessageW
MessageBoxW
GetAsyncKeyState
SystemParametersInfoW
LoadIconW
RegisterClassExW
GetSystemMetrics
SetWindowLongPtrW
ShowWindow
UpdateWindow
GetDC
LoadCursorW
UpdateLayeredWindow
ReleaseDC
GetWindowLongPtrW
DefWindowProcW
PostMessageW
DispatchMessageW
SetLayeredWindowAttributes
BeginPaint
EndPaint
PostQuitMessage
SetTimer
SetCursor
ReleaseCapture
KillTimer
MoveWindow
GetWindowRect
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
TranslateMessage

gdi32

DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateFontIndirectW

shell32

SHGetFolderPathW

ole32

CreateStreamOnHGlobal

gdiplus

GdipFree
GdipCreateTextureIAI
GdipSetTextureWrapMode
GdipTranslateTextureTransform
GdipFillRectangleI
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDeleteBrush
GdipCloneImage
GdipDisposeImage
GdipGetTextureImage
GdipGetImageHeight
GdipAlloc
GdipCloneBrush
GdipCreateImageAttributes
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateTexture
GdipGetImageWidth
GdipSetStringFormatAlign
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawString
GdipMeasureString
GdipSetSolidFillColor
GdipDeleteFont
GdipSetStringFormatFlags
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipCreateSolidFill
GdipSetImageAttributesColorMatrix
GdipCreateFontFamilyFromName
GdipDisposeImageAttributes

winmm

mciSendStringW
PlaySoundW

comctl32

InitCommonControlsEx
_TrackMouseEvent

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

Sections

.text
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
说明.txt

Sharing

General

Malware Config

Signatures

Files

9215d8d08ccfb5df03bb5412f2a17a2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

gdiplus

winmm

comctl32

version

psapi

Sections

.text Size: 338KB - Virtual size: 338KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 12KB - Virtual size: 23KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 417KB - Virtual size: 417KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 338KB - Virtual size: 338KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 12KB - Virtual size: 23KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 417KB - Virtual size: 417KB

.reloc
Size: 4KB - Virtual size: 3KB