03110c8bf98d58b0f1c8a50707322b89_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03110c8bf98d58b0f1c8a50707322b89_JaffaCakes118
Size

187KB
MD5

03110c8bf98d58b0f1c8a50707322b89
SHA1

411bda89838d1a5cb0b2e7be77c651e179c5e542
SHA256

89ee46816d448bafdb773b54718a585d350c21201b66a7a1e42fb50618f3baa9
SHA512

1dce2750542e9ff3248b00838814868394f6595b5d6cebf3ba023774e1f74c33827676c3046ba4814067e5ebc413876126c64af2ee94296e6392384d6bf66b07
SSDEEP

3072:QOOccXStB1ReMCndwyGFO8a8abetcrUUy8:vcQReMja86YY

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/seren1ty_aimbot_r173/seren1ty_aimbot_r17/Aimbot.dll
unpack001/seren1ty_aimbot_r173/seren1ty_aimbot_r17/Aimbot.exe

Files

03110c8bf98d58b0f1c8a50707322b89_JaffaCakes118
.rar
seren1ty_aimbot_r173/seren1ty_aimbot_r17/Aimbot.dll
.dll windows:4 windows x86 arch:x86

38bb29598083170b3bbdf8bf97f2b894

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
SetThreadContext
GetThreadContext
GetCurrentThread
AddVectoredExceptionHandler
lstrcmpA
QueryPerformanceCounter
lstrcpyA
IsBadReadPtr
Sleep
lstrcmpiA
CreateThread
lstrcatA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTickCount
LoadLibraryA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RaiseException
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSection
WriteFile
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapSize
ExitProcess
CloseHandle
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
ReadFile
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
VirtualAlloc

user32

GetAsyncKeyState
SetCursorPos

gdi32

SelectObject
GetTextExtentPoint32A
DeleteObject
CreateFontA

opengl32

glDepthFunc
glPushAttrib
glGetFloatv
glRasterPos2i
glListBase
glCallLists
glPopAttrib
glColor4fv
glRasterPos2f
glDeleteLists
wglGetCurrentDC
glShadeModel
glHint
glGenLists
wglUseFontBitmapsA
glPushMatrix
glLoadIdentity
glDisable
glEnable
glBlendFunc
glColor4ub
glLineWidth
glBegin
glVertex2i
glEnd
glPopMatrix

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
seren1ty_aimbot_r173/seren1ty_aimbot_r17/Aimbot.exe
.exe windows:4 windows x86 arch:x86

caf751567efa7665e39ca2db0db83b2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
OpenThread
OpenProcess
Sleep
CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
LoadLibraryA
GetModuleFileNameA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
seren1ty_aimbot_r173/seren1ty_aimbot_r17/readme.txt
Заработок на файлах.url
.url
Читы напрямую с сервера.url
.url

Sharing

General

Malware Config

Signatures

Files

38bb29598083170b3bbdf8bf97f2b894

Headers

File Characteristics

Imports

kernel32

user32

gdi32

opengl32

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 53KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 9KB

caf751567efa7665e39ca2db0db83b2c

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 53KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 176B