5c91d1540aff7edaa8fb0c06096456d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c91d1540aff7edaa8fb0c06096456d9_JaffaCakes118
Size

303KB
MD5

5c91d1540aff7edaa8fb0c06096456d9
SHA1

229f460637d47fc3a09fcbefb07a5d3916fe885a
SHA256

0c4d4118921b4a0bf76bcd1f0ddac4c00cf48be4546de0feeee73629ed69841b
SHA512

e99f0645a00def7f82c93068b5dd827ba9bfe700532d159c144a98f5805cf2bb94b48a00667766371daa502f0abbb8f5c72c64c4d3bef9b14be17ed38322213b
SSDEEP

6144:hY1ZN6sfi5Me+vRuvIMFIWqGW555uMtSTSJHfm0Nu4588AZ5QF3IQaDfZtcTWeMj:hY1Z25+Z0IdGmrtSTSxT88AZKBaDRtc+

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Nestopia/Nestopia/kailleraclient.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Nestopia/Nestopia/kailleraclient.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nestopia/Nestopia/7zxa.dll
unpack001/Nestopia/Nestopia/kailleraclient.dll
unpack002/out.upx
unpack001/Nestopia/Nestopia/language/english.nlg

Files

5c91d1540aff7edaa8fb0c06096456d9_JaffaCakes118
.rar
Nestopia/Nestopia/7zxa.dll
.dll windows:4 windows x86 arch:x86

dd1fcfec6ca1a2b0bfb46d7f425f87a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharUpperW
CharUpperA

oleaut32

SysFreeString
SysAllocStringByteLen
VariantClear
SysAllocString

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
WriteFile
CreateEventA
LeaveCriticalSection
EnterCriticalSection
ResetEvent
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateThread
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
GetSystemInfo
HeapAlloc
HeapFree
RaiseException
RtlUnwind
GetCommandLineA
GetVersion
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
LCMapStringA

Exports

Exports

CreateObject
GetHandlerProperty

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nestopia/Nestopia/changelog.txt
Nestopia/Nestopia/copying.txt
Nestopia/Nestopia/kailleraclient.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_kailleraChatSend@4
_kailleraEndGame@0
_kailleraGetVersion@4
_kailleraInit@0
_kailleraModifyPlayValues@8
_kailleraSelectServerDialog@4
_kailleraSetInfos@4
_kailleraShutdown@0

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nestopia/Nestopia/language/english.nlg
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

heatray0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

heatray1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

heatray2
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dd1fcfec6ca1a2b0bfb46d7f425f87a4

Headers

File Characteristics

Imports

user32

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 13KB - Virtual size: 37KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 11KB - Virtual size: 10KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

heatray0 Size: - Virtual size: 64KB

heatray1 Size: 17KB - Virtual size: 20KB

heatray2 Size: - Virtual size: 5KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 13KB - Virtual size: 37KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 11KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB

heatray0
Size: - Virtual size: 64KB

heatray1
Size: 17KB - Virtual size: 20KB

heatray2
Size: - Virtual size: 5KB