84f855041ef332e834a193b0408c654a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

84f855041ef332e834a193b0408c654a_JaffaCakes118
Size

1.9MB
MD5

84f855041ef332e834a193b0408c654a
SHA1

3763ea6a1fce0a1fbead03bb78b56018f45b31bb
SHA256

6118145c6a7bbbd0ebc5bc56b9aa47b8381e493fdc077c5f387813931d74ad62
SHA512

b7b436c080ed2321e933186cf6302665b58228e1515153618eec2599f8aa627e57b5a6b4ab67bc2c2daf4c3264363b4b9bbd3d99a0f137ec484e26a80884fb3f
SSDEEP

49152:/XJwcXa6rPdkdyLvIEgGti5k83Jju2g/q5STOy8+O3:xwoa+kYLvCX5kqs/qco

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hpp hack v4/dsound.dll
unpack001/Hpp hack v4/extremeinjectorv3.7.2.exe
unpack001/Hpp hack v4/project1.dll

Files

84f855041ef332e834a193b0408c654a_JaffaCakes118
.rar
Hpp hack v4/dsound.dll
.dll windows:6 windows x86 arch:x86

b874bda50b153f0c06a07098ec774fda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\plzac\Desktop\Hpp Hack CS 1.6222\Release\Hpp Hack CS 1.6.pdb

Imports

opengl32

glMatrixMode
glLoadIdentity
glClearColor
glPushMatrix
glPolygonMode
glBindTexture
glEnable
glLineWidth
glDisable
glDepthFunc
glViewport
glEnableClientState
glPopAttrib
glGenTextures
glVertexPointer
glScissor
glDisableClientState
glBlendFunc
glTexParameteri
glDeleteTextures
glTexCoordPointer
glTexImage2D
glColorPointer
glDrawElements
glOrtho
glGetIntegerv
glPushAttrib
glPopMatrix

kernel32

FindFirstFileExA
ReadConsoleW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
OutputDebugStringW
DeleteFileW
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleA
GetProcAddress
CreateDirectoryA
FindFirstFileA
SetLastError
FindNextFileA
FindClose
GetLastError
GetFileAttributesA
DeleteFileA
WritePrivateProfileStringA
SetFileAttributesA
RemoveDirectoryA
GetPrivateProfileStringA
GetCurrentProcess
TerminateProcess
IsBadCodePtr
Sleep
CreateThread
HeapAlloc
GetProcessHeap
lstrcmpiA
IsBadReadPtr
GetTickCount
GetVolumeInformationA
IsValidCodePage
VirtualProtect
GetCurrentThread
FlushInstructionCache
GetFullPathNameA
GlobalAlloc
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
VirtualQuery
WriteFile
FlushFileBuffers
GetACP
GetFileAttributesExW
HeapFree
HeapReAlloc
ReadFile
GetLocalTime
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
LoadLibraryExW
RaiseException
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
SetEnvironmentVariableA
SetStdHandle
RtlUnwind
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
CreateFileW
HeapSize
GetComputerNameA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CloseHandle

user32

FindWindowA
MessageBoxA
SetWindowLongA
ShowCursor
GetAsyncKeyState
SetClipboardData
CallWindowProcA
EmptyClipboard
CloseClipboard
OpenClipboard
GetDesktopWindow
GetWindowLongA
GetWindowRect
GetKeyState
wsprintfA
GetClipboardData

advapi32

GetUserNameA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptAcquireContextA
GetCurrentHwProfileA
CryptCreateHash
CryptReleaseContext

shell32

SHGetFolderPathA

wininet

InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpOpenRequestA

imm32

ImmGetContext
ImmSetCompositionWindow

Exports

Exports

_DllMain@12
_ReflectiveLoader@0

Sections

.text
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 607KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

#PCR#
Size: 512B - Virtual size: 256B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Hpp hack v4/extremeinjectorv3.7.2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hpp hack v4/project1.dll
.dll windows:6 windows x86 arch:x86

a9ab4f87347b217278e42ee083bebbcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Руслан\Desktop\NorAdrenaline-master\Release\NorAdrenaline.pdb

Imports

kernel32

lstrcmpA
GetTickCount
MultiByteToWideChar
Sleep
VirtualProtect
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLastError
IsBadCodePtr
HeapAlloc
GetProcessHeap
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcpyA
CreateThread
IsBadReadPtr
GetCurrentProcess
TerminateProcess
GetModuleHandleA
FlushInstructionCache
GetProcAddress
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetLastError

user32

SendInput
mouse_event
GetAsyncKeyState
MapVirtualKeyA
GetKeyNameTextA
FindWindowA
CallWindowProcA
SetWindowLongA
MessageBoxA

shell32

SHGetFolderPathA

msvcp140

?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Xlength_error@std@@YAXPBD@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

opengl32

glTexEnvi
glGetFloatv
glOrtho
glDepthFunc
glClearColor
glMatrixMode
glBindTexture
glEnable
glDisable
glPopMatrix
glEnd
glBlendFunc
glLoadIdentity
glBegin
glVertex2i
glPushMatrix
glColor4ub

vcruntime140

memchr
__CxxFrameHandler3
_CxxThrowException
__std_terminate
strstr
__std_exception_destroy
__std_exception_copy
memset
memcpy
memmove
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initterm_e
_initterm
_execute_onexit_table
_cexit
_crt_atexit
terminate
_seh_filter_dll
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

_CIfmod
_libm_sse2_sqrt_precise
_libm_sse2_acos_precise
_dtest
_libm_sse2_tan_precise
floor
roundf
_libm_sse2_cos_precise
_except1
_libm_sse2_log10_precise
_CIatan2
_libm_sse2_pow_precise
_fdtest
_libm_sse2_sin_precise

api-ms-win-crt-convert-l1-1-0

atoi
atof

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fputc
fflush
fclose
fgetc
fwrite
fgetpos
fsetpos
ungetc
__stdio_common_vsprintf
setvbuf
_fseeki64
fread

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-string-l1-1-0

strcpy_s
toupper
isalpha
strcat_s
_strnicmp
_stricmp
isspace

api-ms-win-crt-filesystem-l1-1-0

_access
_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

Exports

Exports

_ReflectiveLoader@4

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hpp hack v4/settings.xml

Sharing

General

Malware Config

Signatures

Files

b874bda50b153f0c06a07098ec774fda

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

kernel32

user32

advapi32

shell32

wininet

imm32

Exports

Exports

Sections

.text Size: 556KB - Virtual size: 556KB

.rdata Size: 607KB - Virtual size: 608KB

.data Size: 6KB - Virtual size: 188KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 33KB - Virtual size: 36KB

#PCR# Size: 512B - Virtual size: 256B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 12B

a9ab4f87347b217278e42ee083bebbcd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

msvcp140

opengl32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 151KB

.rdata Size: 251KB - Virtual size: 251KB

.data Size: 4KB - Virtual size: 139KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 556KB - Virtual size: 556KB

.rdata
Size: 607KB - Virtual size: 608KB

.data
Size: 6KB - Virtual size: 188KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 33KB - Virtual size: 36KB

#PCR#
Size: 512B - Virtual size: 256B

.text
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 251KB - Virtual size: 251KB

.data
Size: 4KB - Virtual size: 139KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 18KB - Virtual size: 17KB