7fb8a2441497256bd571edc8b3dd04e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7fb8a2441497256bd571edc8b3dd04e8_JaffaCakes118
Size

9.3MB
MD5

7fb8a2441497256bd571edc8b3dd04e8
SHA1

4e1d341ac27e4d6eaa4e6fb66a81c25ad07f486f
SHA256

34037da3792e48514102435cdbd0ba64ee15808af6916b8cd8f6ecaf59193566
SHA512

3226d75b08de035e16de01fb07dc9d0b096ce4ca7f6d691058fd2b561d071f588803ebc834b11e55ae500c2874bf28f444bd78288272d610020407ad193fc376
SSDEEP

98304:v8qRqSFNjP7bb7UMR55E/dQv1AqGoxD068MLB4BVSA7pVXWJ+D+LAkUvuQy2Bne:ZoSFNz74Eu/G7C6LESIpJCLjSuQy2Bne

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fb8a2441497256bd571edc8b3dd04e8_JaffaCakes118

Files

7fb8a2441497256bd571edc8b3dd04e8_JaffaCakes118
.exe windows:6 windows x64 arch:x64

b617cea38b717093163ab8695565e903

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

L:\Sniper3_TickTock\PC_Release\bin_local\Sniper3_Retail_Submission_x64.pdb

Imports

d3d11

D3D11CreateDevice

d3d9

D3DPERF_SetOptions

dinput8

DirectInput8Create

winmm

timeBeginPeriod
timeEndPeriod

wsock32

accept
getsockopt
send
ntohl
WSAStartup
recv
listen
__WSAFDIsSet
inet_ntoa
inet_addr
setsockopt
recvfrom
select
ntohs
getsockname
closesocket
WSAGetLastError
bind
htons
ioctlsocket
connect
WSACleanup
sendto
socket

xinput1_3

ord3
ord4
ord2

kernel32

ResetEvent
SetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
CopyFileA
GetComputerNameA
GetModuleHandleA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
LoadLibraryExA
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
VirtualProtect
GetVersionExA
GetEnvironmentVariableA
CreateMutexA
OpenProcess
SetUnhandledExceptionFilter
CreateEventA
SetCurrentDirectoryA
SetDllDirectoryA
VirtualQuery
FindClose
FindNextFileA
FindFirstFileA
IsProcessorFeaturePresent
GetLocalTime
UnmapViewOfFile
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateSemaphoreA
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesA
CreateFileA
WriteFile
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
GetCurrentThread
GetModuleFileNameA
CreateDirectoryA
GetLastError
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
HeapAlloc
GetProcessHeap
HeapFree
GlobalMemoryStatusEx
TlsGetValue
RaiseException
TlsAlloc
TlsSetValue
GetSystemInfo
ExitThread
SwitchToThread
Sleep
WaitForSingleObject
ReleaseSemaphore
QueryPerformanceFrequency
CreateWaitableTimerA
QueryPerformanceCounter
SetWaitableTimer
GetPriorityClass
GetCommandLineA
SetPriorityClass
MultiByteToWideChar
ReadFile
GetFileAttributesExA
GetFileSize
CreateFileMappingA
MapViewOfFile

user32

IsCharLowerW
CharUpperBuffW
ShowWindow
MessageBoxA
RegisterWindowMessageA
SendMessageA
GetForegroundWindow
GetSystemMetrics
AdjustWindowRect
DestroyWindow
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
UpdateWindow
PeekMessageA
TranslateMessage
DispatchMessageA
GetWindowRect
GetClientRect
BeginPaint
EndPaint
PostQuitMessage
GetKeyState
DefWindowProcA
SetWindowPos
MoveWindow
ClientToScreen
GetCursorPos
ShowCursor
SetWindowLongA
SetForegroundWindow
SetCursorPos
ClipCursor
GetDoubleClickTime
GetAsyncKeyState
MapVirtualKeyA
GetKeyboardLayoutNameA
GetKeyboardLayout

advapi32

GetUserNameA

shell32

SHGetFolderPathA
SHGetFolderPathAndSubDirA

ole32

CoInitializeEx
CoGetClassObject
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

msvcp140

_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z

dbghelp

SymSetSearchPath
SymGetSearchPath
SymInitialize
SymGetOptions
SymSetOptions
SymLoadModule64
EnumerateLoadedModules64
SymGetLineFromAddr64
UnDecorateSymbolName
SymFromAddr
SymFunctionTableAccess64
SymGetModuleBase64
StackWalk64
SymGetModuleInfo64

psapi

GetProcessImageFileNameA
EnumProcesses

vcruntime140

memset
wcsstr
strstr
wcschr
strrchr
strchr
_purecall
memmove
_CxxThrowException
__CxxFrameHandler3
__C_specific_handler
memcmp
__vcrt_InitializeCriticalSectionEx
memcpy

api-ms-win-crt-heap-l1-1-0

malloc
_aligned_malloc
_aligned_free
_set_new_mode
free

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-string-l1-1-0

iswdigit
iswspace
isdigit
isupper
isspace
tolower
strncmp
strncpy
_strnicmp
_stricmp
islower
toupper
wcsncpy
strnlen
strncat
_wcsnicmp
_wcsicmp
wcsncmp

api-ms-win-crt-math-l1-1-0

sinf
sinhf
cosf
modff
tanf
asinf
powf
logf
log10f
__setusermatherr
floorf
sin
cos
fmodf
atan2f
expf
_isnanf
acosf

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
fread
fclose
ftell
fseek
fopen
__p__fmode
_set_fmode
__p__commode

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
exit
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_fpieee_flt
_beginthreadex
_initialize_narrow_environment
_configure_narrow_argv
_exit
terminate

api-ms-win-crt-filesystem-l1-1-0

_splitpath

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b617cea38b717093163ab8695565e903

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3d9

dinput8

winmm

wsock32

xinput1_3

kernel32

user32

advapi32

shell32

ole32

msvcp140

dbghelp

psapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 176KB - Virtual size: 1.5MB

.pdata Size: 441KB - Virtual size: 440KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 44B

_RDATA Size: 512B - Virtual size: 48B

.rsrc Size: 61KB - Virtual size: 60KB

.reloc Size: 64KB - Virtual size: 64KB

.bind Size: 176KB - Virtual size: 176KB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 176KB - Virtual size: 1.5MB

.pdata
Size: 441KB - Virtual size: 440KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 44B

_RDATA
Size: 512B - Virtual size: 48B

.rsrc
Size: 61KB - Virtual size: 60KB

.reloc
Size: 64KB - Virtual size: 64KB

.bind
Size: 176KB - Virtual size: 176KB