6d5e665236534dd31838698c4bb3bfae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6d5e665236534dd31838698c4bb3bfae_JaffaCakes118
Size

10.4MB
MD5

6d5e665236534dd31838698c4bb3bfae
SHA1

4e939ff1100ccec8efd53e87335ddf18781a10a8
SHA256

3eba02e58ecdb95893f3875b62a51eda51857d1c77e8fd98e242e56d83399759
SHA512

1c403b31d88749464dbf5527c6191b902c886385b402346472f2f37f1a2fa69d4ac8ae8aeb9689e1e8f0bef08fb7a86f43ad27b356633d0a836ad2c079744f8b
SSDEEP

196608:/ZCZXV7PrnhdhIT+IJlal5Aj8iCzTHl8Jqb2/AOGlBH8iwaEfcOQ:/ZCxRrnfy+SC5XiG5q/PGP8RcOQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Clan Spin/GDFwSvc.exe
unpack001/Clan Spin/rev0lt/bin/rev0lt.dll

Files

6d5e665236534dd31838698c4bb3bfae_JaffaCakes118
.rar
Clan Spin/GDFwSvc.exe
.exe windows:4 windows x86 arch:x86

e7075482c29e949390e49ccafcdce0e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Ex777\Desktop\Rev0lt\Rev0lt Loader\release\Rev0lt Loader.pdb

Imports

kernel32

Sleep
CloseHandle
CreateRemoteThread
GetProcAddress
CreateMutexA
VirtualAllocEx
GetLastError
OpenProcess
GlobalFree
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalLock
ReadFile
GetFileSize
CreateFileA
GetPrivateProfileStringA
lstrlenA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetTickCount
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
RaiseException
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateThread
GetModuleHandleA
FindFirstFileA
WriteProcessMemory
WriteFile
GetCurrentDirectoryA

user32

GetWindowLongA
SetWindowLongA
LoadCursorA
RegisterClassExA
GetClassInfoExA
TranslateMessage
DispatchMessageA
GetMessageA
CreateWindowExA
SetRect
GetClientRect
DrawTextA
GetWindowTextA
GetParent
SetWindowTextA
DefWindowProcA
EndPaint
PostQuitMessage
SetWindowPos
SetWindowRgn
InvalidateRect
UnregisterClassA
LoadIconA
UpdateWindow
SendMessageA
MessageBoxA
GetWindowThreadProcessId
FindWindowA
ShowWindow
PostMessageA
LoadImageA
BeginPaint

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdi32

BitBlt
GetObjectA
ExtCreateRegion
CombineRgn
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GetCurrentObject
SetTextColor
CreateFontA
SetBkMode

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Clan Spin/rev0lt/bin/rev0lt.dll
.dll windows:4 windows x86 arch:x86

60a6a61741598595851e0867d2c79dd2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Dokumente und Einstellungen\Dieter Detmers\Eigene Dateien\HL²\AldiSkill's Hack\AldiSkill's Hack v1\Bunny 1.2\HL2\Release\HL2.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualProtect
Sleep
CreateThread
GetModuleFileNameA
VirtualQuery
HeapAlloc
GetProcessHeap
CloseHandle
GetLocaleInfoW
FlushFileBuffers
GetSystemInfo
VirtualAlloc
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
RaiseException
SetFilePointer
InitializeCriticalSection
InterlockedExchange
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
ReadFile

tier0

Error
g_pMemAlloc
GetCPUInformation

vstdlib

Q_snprintf
KeyValuesSystem

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Clan Spin/rev0lt/skin/Main.bmp
Clan Spin/rev0lt/skin/Mask.bmp
Clan Spin/rev0lt/skin/Thumbs.db
Clan Spin/rev0lt/skin/skin.ini
dlya_vesa)

Sharing

General

Malware Config

Signatures

Files

e7075482c29e949390e49ccafcdce0e2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

gdi32

ole32

oleaut32

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 68KB - Virtual size: 66KB

60a6a61741598595851e0867d2c79dd2

Headers

File Characteristics

PDB Paths

Imports

kernel32

tier0

vstdlib

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 54KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 68KB - Virtual size: 66KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 54KB

.reloc
Size: 16KB - Virtual size: 15KB