����}��\P_��F��vރ��*��w{P��\d��O��W�S��FW��%)��6w��o��;��^����x\���^�V���h����VC���mQԨm�z�%4Td� ���s ��ɑ�R��& ��\/u���M�X%���C�5�<���4�`��`4��9���@�lZ�X�#$�/a����5��=�<�T�);ڟ��*�AbO��|�~�5� ��h�IV�}�'Õ0��xu^4=T8�[��i����Z��+;JV�~�,w�ɴ�S�/�3z��10��Il���z�*�٘�a7p�B*|Qbk�EKBVq����Ga�S^)k�3��+���rD��牷���|�^�'U���h��J�8�_�4��7�ڽ�rY��� R+dE��L��eQm� ��,pB+��'��Ш�0��;��ӷ~;�ak�l��l�v�5R��O$�H!%���v=�䚉���Xq?k(�Z�GC�t���g��]⠁`K4��w���l�F_��v����s�� ���5��[��eb#�ZW�<����q���0����S�\$�ѐQ�2�g�� HM��ɘ�O��+l�3�j��-MO�_�lQ���I1�Y��DҼ��Wv��|��l��~�Z}��*�!B��CǷy����K ��ͪ�����'@��r�Hg�\h8nkhQ��'����b�>����J����b{m��g�SX�� ���p�3P��V�*q�* RZ�R�)�K��&pT�b*S�Y-�D�]�[��4����!Bp�|��������l�ϟ`�ۅ��U H��f�Ⱥ���$����Pʶ�v��S���N�I����EF|�V�=FJ�^cB|-�T�h�����x���iAz��~�@-���I������#���: ��ka�t��E�-���>a0w���lB�t��(g������);B��!9���Cz�6�&�,gF)�:�m��?74#�;��fq5S���^�:��C���%���>�w��u ��LT9���0,��.㒬_���������SǵgD������QW��)6 �a^?����Y|�U���ώ�%|��O��@����`�C�Ĉ���^�螽ԫ9���g(uu16���;af�de!�s�w]S���i��XbL�kţ����&�tГ�M���������\�*�·d�S��ls��cJHҀ:.X�A¦L�@�ɴ��M&�*��5?��<L��� Vpq�����B� d��b�^�dT+p�*�*�$�N~���>��G!�U�PNv��$��9z_����,�مjh<��a�e^?�5}2 �u���6����]AMp.ξ%�3����u3~����!a�x��Tq�%�����B�SI��o����|\һu�eys����ܽɥ7i�zo_e4,���V7A�ʏlNJ�뺅Ϫ���x4z��E�y�����3ny��V 6I~nF8%[��T2�N[{|���-*�h��I�������46��Ǝ�R\��>�[��V�{��7uh=:Xɡ�j�ޭ�iA�?X�<`�<�G%��pdr��˻@���@��R"Z��!+��;T���ϋ~32.���L6�k�����-ݏ�3ޱ�z��L���Ym �+Y��J�Q}W]�Q�ϚS��~C&�86�|��5� #r_C�&TU�x�U���i�ŒX��O�y%pONxF�@��8�8�u7d���p9^|��z^͞�ZMcJ��٬�B<��t$(-��$p�9� ���C�b�)�5�ۦ� \����e� �Z����hOW�C���8iˁ\�����=�Un�'W% � �BW�=qJpI���j�;�����x�i�v�2��Dsv;Gj[�f�m�B�_E-GX���o�~�tfrͮ������)�ۡ �����������'��4<ޣ�V1���%d��gI�����}�83�q9�A4H>��?`^oo��prB�|tp���Ξd`�Z��]��K?��u@� 흼r�����W�#C�U+"�B���1l���|�o�^�����L���F�V)=v[/��K�kQ���G? �oQl�@7�_Z�T)���������[�\Dzð�����9IF�m�2�I�K�m�eA��`4�ݘ�gr������z�ݨ���,qV��^��?�$X3�!�¬a���ꉞ��.���f����O�,�@��Q'pf����KW���CC����Tz�W��cm@�/ʏMep��������aUU�M�c���?0��R����A��f�����g�9/=K�� �p%��p��J�Fˉ!�F�Ѝ���H��hC)���T���2�=��?�%{�D~ٴ��L��<���N)��ύu٩7u�R3��su��<<�^�<Uɡ�e����7,��v��ɟ��XP�����O�s�̌����%��}_�����6��?��@E�c�U�#G�E�]P~~9�-K��)���u0&u.n����ЬD������l�1 �]�5�P-�:��G�������/��D�l�����w~O�1�.��m�����iX:�l��@�����*P�\�V��0��aĭ�)��Ց6�D�sUӌ�嗫ѷ��/f�0�C �k��E!v\���m){�?6�l� K +o����ⶊ�ɽ)<K4uL6�x/�F������+l�Q���ߐ���c� ���C�X�wW~����+Q���Y��ƪ�G�y`:�����-��'�ְ0x@��iKƠ�K@���!�y2�?���Wv+xLw��[�b�G� V@�z]N6Z��"��r���N�)[~8��/���͛�H���-�@.{� 3z��� p?�|{s�����II����G��?jp' %7���*��.vd�i[W!ۻ��j����Ī��&g'oB���ijK��l�GsR�gW�1V6��c������O��ij��� iK62�x,�"o�hqX����0Ό���L"�ك���2V��Z ,�t�����J�,��b��8;t�QJ��G��_\!���믣���5��u�Ԃ�g�(�yI� QΆ����T 츎����!
Static task
static1
Behavioral task
behavioral1
Sample
Batman.Arkham.City_v1.02.8Tr/BAC+8Tr-LNG.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Batman.Arkham.City_v1.02.8Tr/BAC+8Tr-LNG.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Batman.Arkham.City_v1.02.8Tr/游民星空 Gamersky.com.url
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Batman.Arkham.City_v1.02.8Tr/游民星空 Gamersky.com.url
Resource
win10v2004-20240508-en
General
-
Target
781c7d0973a59bde26a8809d346e9b20_JaffaCakes118
-
Size
1.9MB
-
MD5
781c7d0973a59bde26a8809d346e9b20
-
SHA1
337564257f70e27506906cd25c6a6329ffe547f6
-
SHA256
ac4f4200ca8425481b46a788fa3db61d9331a341a23aae28c360abe1dd23d473
-
SHA512
2a0242487e66f84eb66ebc027603062c4aa0ecccc057068a6b069051124c972443cc1358c9eaec4c465d18eab9541486ea14a5387cb673b5dfe20d64beb68a80
-
SSDEEP
49152:55Ta0E35si1iavlt7A2AKWqoEZJ4cOie3VjR:55TatPzvltsdqfcc83tR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Batman.Arkham.City_v1.02.8Tr/BAC+8Tr-LNG.exe
Files
-
781c7d0973a59bde26a8809d346e9b20_JaffaCakes118.rar
-
Batman.Arkham.City_v1.02.8Tr/BAC+8Tr-LNG - I.N.F.O.txt
-
Batman.Arkham.City_v1.02.8Tr/BAC+8Tr-LNG.exe.exe windows:4 windows x86 arch:x86
075c950ba49f567d2dc940b4bb7953fe
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaBoolVar
kernel32
CreateThread
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
winmm
waveOutClose
user32
MessageBoxA
Exports
Exports
Sections
.text Size: - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21KB - Virtual size: 952KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.VCrypt0 Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
.tls Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.VCrypt1 Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Batman.Arkham.City_v1.02.8Tr/VERY IMPORTANT!.txt
-
Batman.Arkham.City_v1.02.8Tr/下载说明.txt
-
Batman.Arkham.City_v1.02.8Tr/游民星空 Gamersky.com.url.url