4674ea5dc9004c0d3ff4f1a6c04de3ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4674ea5dc9004c0d3ff4f1a6c04de3ca_JaffaCakes118
Size

741KB
MD5

4674ea5dc9004c0d3ff4f1a6c04de3ca
SHA1

2ffc23c371c7e1123f10aa5102b3c2f5a5e64f3e
SHA256

dbf4f0693c3ca84c6dfe9f1daeb4f5b6eeae97e7e13b443c6d3438b437b0542e
SHA512

30c426731e5c7654e30b02148135f926d2d16b6745bae838ea18d33027cfb5831795add28adbe57f7deb759e67bd3804349093c9af74b280cb75f2dd9b6bde47
SSDEEP

12288:ANmtZTPFTk7Mz9+/PpBsJYeDsoss3/tAP7TT4LSfRgHmM3Y2kWiibdAPaAqXKFQ0:dPFTkgzuhBUsq/tAP7gLLGM3YbWBx8a0

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Сама программа/Bot.exe
unpack001/Сама программа/Bots 0.3.7-R2 [samp] by ZOOPI.exe
unpack001/Сама программа/Обязательный плагин/YSF.dll

Files

4674ea5dc9004c0d3ff4f1a6c04de3ca_JaffaCakes118
.rar
Сама программа/Bot.exe
.exe windows:6 windows x86 arch:x86

20e2fd40d33816d18740a63ac12de650

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
WSAGetLastError
WSACleanup
WSAStartup
gethostname
gethostbyname
socket
setsockopt
sendto
inet_addr
ntohs
htons
getsockname
ioctlsocket
bind
closesocket
inet_ntoa

comctl32

ord17

kernel32

GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetCommandLineW
GetEnvironmentStringsW
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
SetWaitableTimer
CreateWaitableTimerA
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetStdHandle
CreateThread
FlushConsoleInputBuffer
SetConsoleTitleA
AllocConsole
ReadConsoleA
SetConsoleCtrlHandler
SetConsoleMode
GetTickCount
GetLocalTime
TerminateThread
GetModuleHandleA
GetConsoleWindow
MulDiv
lstrlenA
GetCommandLineA
DecodePointer
FlushFileBuffers
FreeEnvironmentStringsW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
LCMapStringW
HeapReAlloc
HeapAlloc
HeapFree
GetACP
WriteFile
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetFileType
SetStdHandle
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
FreeLibrary
EncodePointer
GetLastError
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetCurrentThreadId
SetEndOfFile
GetProcessHeap
CreateFileW
WriteConsoleW
HeapSize
GetStringTypeW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
SetEvent
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId

user32

MessageBoxA
SystemParametersInfoA
IsDialogMessageA
GetWindow
GetParent
GetWindowLongA
DrawFocusRect
MapWindowPoints
GetClientRect
GetWindowTextLengthA
GetWindowTextA
RedrawWindow
EndPaint
BeginPaint
ReleaseDC
GetDC
DrawTextA
GetKeyState
GetFocus
SetFocus
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
PostQuitMessage
DefWindowProcA
LoadIconA
LoadCursorA
GetWindowRect
SetForegroundWindow
UpdateWindow
SetWindowTextA
ShowWindow
CreateWindowExA
RegisterClassExA
DispatchMessageA
TranslateMessage
GetMessageA
DestroyWindow
UnregisterClassA
SendMessageA
GetDlgItem

gdi32

SetTextColor
SetBkColor
ExtTextOutA
DeleteObject
DeleteDC
CreateCompatibleDC
GetDeviceCaps
GetTextMetricsA
CreateFontA

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 150KB - Virtual size: 823KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Сама программа/Bots 0.3.7-R2 [samp] by ZOOPI.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\C# [проекты]\1Bots\WindowsFormsApp1\obj\Debug\Bots.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Сама программа/NickNames.txt
Сама программа/desktop.ini
Сама программа/Обязательный плагин/YSF.dll
.dll windows:6 windows x86 arch:x86

cd61d425c8244f57c212eef7920c1688

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Program Files\Rockstar Games\GTA San Andreas\Samp server\0.3.7\YSF\YSF\bin\win32\Release\YSF.pdb

Imports

kernel32

VirtualProtect
GetTickCount
GetCurrentProcess
GetModuleHandleA
K32GetModuleInformation
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcessId
CreateDirectoryA
EnterCriticalSection
LocalFree
WideCharToMultiByte
MultiByteToWideChar
GetLastError
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear

ws2_32

inet_ntoa
sendto
htons

msvcp140

_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Cnd_wait
_Mtx_init
_Thrd_start
_Thrd_detach
_Mtx_destroy
_Cnd_init
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Throw_Cpp_error@std@@YAXH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?_Xbad_alloc@std@@YAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Cnd_signal
_Mtx_unlock
_Query_perf_counter
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPBD@Z
_Query_perf_frequency
_Mtx_trylock
?uncaught_exception@std@@YA_NXZ

vcruntime140

_CxxThrowException
__CxxFrameHandler3
_purecall
_except_handler4_common
__std_type_info_destroy_list
__std_exception_copy
memset
memmove
__std_exception_destroy
memcpy
__std_terminate

api-ms-win-crt-stdio-l1-1-0

fopen
feof
_popen
fclose
fgets
__stdio_common_vsprintf
_pclose
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
realloc
malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
terminate
_initialize_narrow_environment

api-ms-win-crt-filesystem-l1-1-0

rename

api-ms-win-crt-string-l1-1-0

strncpy
strncmp

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise

Exports

Exports

AmxLoad
AmxUnload
Load
ProcessTick
Supports
Unload
subhook_free
subhook_get_dst
subhook_get_src
subhook_get_trampoline
subhook_install
subhook_is_installed
subhook_new
subhook_read_dst
subhook_remove

Sections

.text
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Сама программа/Обязательный плагин/YSF.so
.elf linux x86

Sharing

General

Malware Config

Signatures

Files

20e2fd40d33816d18740a63ac12de650

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

comctl32

kernel32

user32

gdi32

Sections

.text Size: 235KB - Virtual size: 234KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 150KB - Virtual size: 823KB

.rsrc Size: 111KB - Virtual size: 111KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 127KB - Virtual size: 127KB

.rsrc Size: 113KB - Virtual size: 112KB

.reloc Size: 512B - Virtual size: 12B

cd61d425c8244f57c212eef7920c1688

Headers

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

ws2_32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 259KB - Virtual size: 258KB

.rdata Size: 358KB - Virtual size: 357KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 235KB - Virtual size: 234KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 150KB - Virtual size: 823KB

.rsrc
Size: 111KB - Virtual size: 111KB

.text
Size: 127KB - Virtual size: 127KB

.rsrc
Size: 113KB - Virtual size: 112KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 259KB - Virtual size: 258KB

.rdata
Size: 358KB - Virtual size: 357KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB