4c1f2dcec3347e1a63c3e191055921f8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4c1f2dcec3347e1a63c3e191055921f8_JaffaCakes118
Size

1.3MB
MD5

4c1f2dcec3347e1a63c3e191055921f8
SHA1

825a1a68a3f0f63728b42b6a7287cd8a33e11e28
SHA256

bdc369796eacc875a343b160de88957f995d72cebc9ff7bb63a3cd7061b53cc5
SHA512

f14a18105243009f8dc8d275d0b0b70d2f063a0ca0f31d1266b5def3428a0f3ff988c9e971731850b32737e1f4e3b15b3cb0248171b390aa44b3dca5ec3e1b31
SSDEEP

24576:S5RswhT/Nt/DTlQCaFf7ftruVUhoFSPmRckZbIdm7eZsebYTAn+r9Skw177ylIty:BSf7xQC8f7l2Ud+qKYln09Q7Erp

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/hInGame.exe
unpack002/inside.dll

Files

4c1f2dcec3347e1a63c3e191055921f8_JaffaCakes118
.rar
la2world.at.ua/Bonus/La2world.at.ua.jpg
.jpg
la2world.at.ua/Bonus/Thumbs.db
la2world.at.ua/ingame-l2/ingame-lineage2.rar
.zip
Readme.txt
data/options.ini
data/system/items.ini
data/system/npc.ini
hInGame.exe
.exe windows:4 windows x86 arch:x86

2a163aba4628d168ad3790b4aee5127c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

Sections

CODE
Size: 192KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
inside.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
log/fes.htm
.html

Sharing

General

Malware Config

Signatures

Files

2a163aba4628d168ad3790b4aee5127c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

comctl32

shell32

Sections

CODE Size: 192KB - Virtual size: 2.0MB

.rsrc Size: 13KB - Virtual size: 16KB

Headers

File Characteristics

Sections

CODE Size: 12KB - Virtual size: 12KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 968B

.rsrc Size: 512B - Virtual size: 512B

CODE
Size: 192KB - Virtual size: 2.0MB

.rsrc
Size: 13KB - Virtual size: 16KB

CODE
Size: 12KB - Virtual size: 12KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 968B

.rsrc
Size: 512B - Virtual size: 512B