7c403edbf4d36fc7bbfeb7ab0b94b18d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7c403edbf4d36fc7bbfeb7ab0b94b18d_JaffaCakes118
Size

624KB
MD5

7c403edbf4d36fc7bbfeb7ab0b94b18d
SHA1

8205af369cb7d34435ffe543b4005d8051a16f8e
SHA256

1c2a5a96bbd554840a70773a8947277f7af940389f1cbbc71bcf5aed0eae940d
SHA512

8af4b80cf1528fcb7d63074841e4b864c7108bb8620c03cd2f4796f06e83a0470d668e2c9fd2ec52198c86d7e8d574ece8462ba8d1f4362aa25c2ad1be732714
SSDEEP

12288:M1YvX2pCAnjuIf7U8U36GZpaos4PvDBAmuK25AHoy+mZMqrSA21e:h2pdf7UKGP79uduoIS4V

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/110.dll
unpack001/111.dll
unpack001/D2Hackmap.exe

Files

7c403edbf4d36fc7bbfeb7ab0b94b18d_JaffaCakes118
.rar
110.dll
.dll windows:4 windows x86 arch:x86

1685d9382369669d9e7a1e1bdfc097a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\workshop\projects\d2x\d2hackmap\bin\hackmap.pdb

Imports

kernel32

VirtualFree
GetProcAddress
LoadLibraryA
GetModuleHandleA
UnmapViewOfFile
VirtualAlloc
MapViewOfFile
CloseHandle
CreateFileMappingA
CreateFileA
GetCurrentProcessId
FreeLibrary
GetCurrentProcess
WaitForSingleObject
CreateThread
VirtualProtect
SetUnhandledExceptionFilter
GetTickCount
GetLocalTime
SetFilePointer
CopyFileA
MultiByteToWideChar
lstrcmpiA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
GetModuleFileNameA
DisableThreadLibraryCalls
ReadProcessMemory
WriteProcessMemory
WriteFile
ReadFile
GetFileSize
GetVersionExA
FlushFileBuffers
SetStdHandle
GetSystemInfo
RtlUnwind
RaiseException
ExitProcess
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
TerminateProcess
HeapSize
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
IsBadWritePtr
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

MessageBeep
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
wsprintfW
wsprintfA
SendMessageA
wvsprintfA
MessageBoxA

Exports

Exports

QueryInterface

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 727KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
111.dll
.dll windows:4 windows x86 arch:x86

56275405de8db1b2403a1b76b78e7866

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\workshop\projects\d2x111b\D2hackmap\bin\hackmap.pdb

Imports

kernel32

CloseHandle
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
FreeLibrary
GetCurrentProcess
CreateFileA
LoadLibraryA
WaitForSingleObject
CreateThread
VirtualProtect
SetUnhandledExceptionFilter
OutputDebugStringA
GetTickCount
GetLocalTime
SetFilePointer
CopyFileA
MultiByteToWideChar
lstrcmpiA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
OutputDebugStringW
GetModuleFileNameA
GetCommandLineA
VirtualFree
VirtualAlloc
DisableThreadLibraryCalls
ReadProcessMemory
WriteProcessMemory
WriteFile
ReadFile
GetFileSize
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsBadCodePtr
IsBadReadPtr
InitializeCriticalSection
RtlUnwind
HeapFree
HeapAlloc
RaiseException
GetCurrentThreadId
GetVersionExA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
LCMapStringA
LCMapStringW
InterlockedExchange
VirtualQuery
HeapDestroy
HeapCreate
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
IsBadWritePtr
ExitProcess
TerminateProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetCPInfo
GetLocaleInfoA
GetACP
GetOEMCP
GetSystemInfo

user32

MessageBeep
GetWindowInfo
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
wsprintfW
wsprintfA
SendMessageA
wvsprintfA
MessageBoxA

Exports

Exports

QueryInterface

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
D2Hackmap.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 84KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 358KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
blobcell.bmp
blobcircle.bmp
blobcross1.bmp
blobcross2.bmp
blobdiamond.bmp
blobdot.bmp
d2hackmap.cfg
d2hackmap.ini
d2hackmap.vcb
history-chs.txt
minishrine00.bmp
minishrine01.bmp
minishrine02.bmp
minishrine03.bmp
minishrine06.bmp
minishrine07.bmp
minishrine08.bmp
minishrine09.bmp
minishrine10.bmp
minishrine11.bmp
minishrine12.bmp
minishrine15.bmp
minishrine17.bmp
minishrine18.bmp
pluginloader.ini
readme-chs.txt
shrine00.bmp
shrine01.bmp
shrine02.bmp
shrine03.bmp
shrine06.bmp
shrine07.bmp
shrine08.bmp
shrine09.bmp
shrine10.bmp
shrine11.bmp
shrine12.bmp
shrine13.bmp
shrine14.bmp
shrine15.bmp
shrine17.bmp
shrine18.bmp
shrine19.bmp
shrine21.bmp
shrine22.bmp
waypoint.bmp
使用说明.txt
当下软件园.url
.url

Sharing

General

Malware Config

Signatures

Files

1685d9382369669d9e7a1e1bdfc097a2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 727KB

.reloc Size: 12KB - Virtual size: 10KB

56275405de8db1b2403a1b76b78e7866

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 78KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 728KB

.reloc Size: 12KB - Virtual size: 10KB

Headers

File Characteristics

Sections

Size: 84KB - Virtual size: 192KB

Size: 13KB - Virtual size: 28KB

Size: 2KB - Virtual size: 16KB

.rsrc Size: 6KB - Virtual size: 40KB

Size: - Virtual size: 16KB

.data Size: 358KB - Virtual size: 360KB

.adata Size: - Virtual size: 4KB

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 727KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 728KB

.reloc
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 6KB - Virtual size: 40KB

.data
Size: 358KB - Virtual size: 360KB

.adata
Size: - Virtual size: 4KB