3d0b3baa8e2fb0fea6828624aca49492_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3d0b3baa8e2fb0fea6828624aca49492_JaffaCakes118
Size

799KB
MD5

3d0b3baa8e2fb0fea6828624aca49492
SHA1

f1127f44d35efd69b3b795d5b8d9055573c3f2e1
SHA256

43eb05193691bcab4e693a00a8621be0dafae3508bb1ce3b05741ec0f925c8b1
SHA512

9b835e04ddd364196476788975f60618b83d60b933370b631c8c7db88a5fcb83ce6f1e148ce5b575c7dc1faae8012dcb44ebc755fa73c58d3f04af29a36adf72
SSDEEP

24576:swLmTSP6Qm8H2rc+WMI/86StDnULqpaoFynP:5iTrQmap+WMI/86CTbaoFyP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Faith of Danschant v1.9-v1.15 Plus 16 Trainer.exe

Files

3d0b3baa8e2fb0fea6828624aca49492_JaffaCakes118
.zip
Faith of Danschant v1.9-v1.15 Plus 16 Trainer.exe
.exe windows:5 windows x64 arch:x64

67fb58be94e265bf27113797548a9c4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SizeofResource
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
LockResource
CreateFileW
GetFileAttributesW
GetModuleFileNameW
GetCurrentProcess
FreeLibrary
IsWow64Process
ReadProcessMemory
GetNativeSystemInfo
GetSystemInfo
VirtualQueryEx
VirtualAllocEx
SetLastError
VirtualFreeEx
VirtualProtectEx
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
CreateRemoteThread
ResumeThread
WaitForSingleObject
GetPrivateProfileStringW
WritePrivateProfileStringW
FindResourceW
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetProcessHeap
GetOEMCP
GetACP
IsValidCodePage
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
GetFileType
GetStdHandle
GetModuleHandleW
DeleteCriticalSection
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
HeapFree
HeapAlloc
HeapReAlloc
GetProcAddress
LoadLibraryW
GetCurrentProcessId
WriteProcessMemory
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CloseHandle
Sleep
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
SetEvent
SetEnvironmentVariableA
CreateTimerQueue
LoadLibraryExW
ExitThread
CreateThread
CreateSemaphoreW
GetTickCount
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
IsProcessorFeaturePresent
GetCPInfo
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetLastError
CreateEventW
GetCommandLineW
CreateDirectoryW
GetModuleHandleExW
ExitProcess
GetSystemTimeAsFileTime
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
DuplicateHandle
GetCurrentThread
GetCurrentThreadId
EncodePointer

user32

LoadCursorW
CreateWindowExW
SendMessageW
MessageBoxW
GetAsyncKeyState
SystemParametersInfoW
LoadIconW
RegisterClassExW
GetSystemMetrics
SetWindowLongPtrW
ShowWindow
UpdateWindow
PostMessageW
GetWindowRect
UpdateLayeredWindow
ReleaseDC
GetWindowLongPtrW
DefWindowProcW
SetLayeredWindowAttributes
BeginPaint
EndPaint
PostQuitMessage
SetTimer
SetCursor
KillTimer
ReleaseCapture
MoveWindow
DispatchMessageW
TranslateMessage
GetDC
GetMessageW
LoadAcceleratorsW
TranslateAcceleratorW

gdi32

DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateFontIndirectW

advapi32

ControlService
CreateServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DeleteService
OpenSCManagerW
CloseServiceHandle
StartServiceW
QueryServiceStatus
OpenServiceW

shell32

SHGetFolderPathW

ole32

CreateStreamOnHGlobal

gdiplus

GdipGetImageHeight
GdipCreateTexture
GdipCreateTextureIAI
GdipSetTextureWrapMode
GdipTranslateTextureTransform
GdipFillRectangleI
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipGetTextureImage
GdipFree
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateSolidFill
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipSetStringFormatFlags
GdipDeleteFont
GdipSetSolidFillColor
GdipMeasureString
GdipDrawString
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetStringFormatAlign
GdipDeleteBrush
GdipCloneBrush
GdipAlloc
GdipGetImageWidth
GdipDisposeImageAttributes
GdipCreateFont
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes

winmm

PlaySoundW
mciSendStringW

comctl32

InitCommonControlsEx
_TrackMouseEvent

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 493KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TrAntiAntiCheat_x64.sys
.sys windows:10 windows x64 arch:x64

960ec0d939e5ea631c6052a6eaf72f73

Code Sign

5f:78:14:9e:b4:f7:5e:b1:74:04:a8:14:3a:ae:ae:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23-03-2011 00:00

Not After

22-03-2012 23:59

Subject

CN=上海域联软件技术有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=上海域联软件技术有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:aa:b8:cf:7e:08:ed:c9:4c:f3:6e:84:f0:2f:a2:4f:87:57:7b:20
Signer

Actual PE Digest

c4:aa:b8:cf:7e:08:ed:c9:4c:f3:6e:84:f0:2f:a2:4f:87:57:7b:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

N:\PRO\TrAntiAntiCheat\Release\TrAntiAntiCheat_x64.pdb

Imports

ntoskrnl.exe

PsProcessType
PsThreadType
ObUnRegisterCallbacks
RtlCopyUnicodeString
ObRegisterCallbacks
_vsnwprintf
ZwOpenEvent
KeBugCheckEx
ZwClose

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67fb58be94e265bf27113797548a9c4a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

winmm

comctl32

version

Sections

.text Size: 493KB - Virtual size: 493KB

.rdata Size: 154KB - Virtual size: 153KB

.data Size: 17KB - Virtual size: 46KB

.pdata Size: 24KB - Virtual size: 24KB

.rsrc Size: 756KB - Virtual size: 755KB

.reloc Size: 5KB - Virtual size: 4KB

960ec0d939e5ea631c6052a6eaf72f73

Code Sign

5f:78:14:9e:b4:f7:5e:b1:74:04:a8:14:3a:ae:ae:d7Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c4:aa:b8:cf:7e:08:ed:c9:4c:f3:6e:84:f0:2f:a2:4f:87:57:7b:20Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 228B

.gfids Size: 512B - Virtual size: 4B

INIT Size: 1024B - Virtual size: 546B

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 512B - Virtual size: 36B

.text
Size: 493KB - Virtual size: 493KB

.rdata
Size: 154KB - Virtual size: 153KB

.data
Size: 17KB - Virtual size: 46KB

.pdata
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 756KB - Virtual size: 755KB

.reloc
Size: 5KB - Virtual size: 4KB

5f:78:14:9e:b4:f7:5e:b1:74:04:a8:14:3a:ae:ae:d7
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c4:aa:b8:cf:7e:08:ed:c9:4c:f3:6e:84:f0:2f:a2:4f:87:57:7b:20
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 228B

.gfids
Size: 512B - Virtual size: 4B

INIT
Size: 1024B - Virtual size: 546B

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 36B