081f92d8b7c7ea4d84f5bcba8de95bc9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

081f92d8b7c7ea4d84f5bcba8de95bc9_JaffaCakes118
Size

318KB
MD5

081f92d8b7c7ea4d84f5bcba8de95bc9
SHA1

029af4dbc2d1c00f482869a5fcec4b70652dec14
SHA256

123fa1db8368fa65be1c6db323de4ae91c61234ec469edca3f125954950c4151
SHA512

0b5a39c4e940814e0764d94867826360572b72c9596028bf6c98b164017247eb243d1dbb37a6be691474b2144194a040864fcd1beb0185800c621a1ab3a646d6
SSDEEP

6144:5jN1PSFPg7MWtzAgfi5bXbN13kLiyYGlayKTx3T9iJV/qPb/YV6Xfu16:5jHIPgv05bXbn3kLE1lKVQb1P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
081f92d8b7c7ea4d84f5bcba8de95bc9_JaffaCakes118

Files

081f92d8b7c7ea4d84f5bcba8de95bc9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

70e8cbe33ebc1e0ead2b7538f3d25792

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\Warhammer\Obj\PC\Bin\GSLobby.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
QueryPerformanceCounter
DisableThreadLibraryCalls
GetTickCount

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

luaconfig

??9Iterator@LuaConfig@@QBE_NABV01@@Z
?IterateEnd@LuaConfig@@QAE?AVIterator@1@XZ
?IterateBegin@LuaConfig@@QAE?AVIterator@1@XZ
?PushTable@LuaConfig@@QAEXPBD@Z
?LoadLua@LuaConfigSave@@SG_NAAVLuaConfig@@PBD@Z
??0LuaConfig@@QAE@PBD@Z
?GetName@Iterator@LuaConfig@@QBEPBDXZ
?GetString@LuaConfig@@QAE_NPBDPADI@Z
?LCGetWString@@YG_NAAVLuaConfig@@PBDPA_WI@Z
??EIterator@LuaConfig@@QAEAAV01@XZ
?PopTable@LuaConfig@@QAEXXZ
??1LuaConfig@@QAE@XZ
?LCGetInt@@YG_NAAVLuaConfig@@PBDAAH@Z
?LCGetWString@@YG_NAAVLuaConfig@@PBDAAV?$basic_string@_WV?$char_traits@_W@_STL@@V?$allocator_string@_W@2@@_STL@@@Z

debug

?dbTimeStampedTracefAux@@YAXPBDZZ

stlport

?_Rebalance@?$_Rb_global@_N@_STL@@SGXPAU_Rb_tree_node_base@2@AAPAU32@@Z
?length@?$char_traits@D@_STL@@SGIPBD@Z
?assign@?$char_traits@D@_STL@@SGXAADABD@Z
?_Rebalance_for_erase@?$_Rb_global@_N@_STL@@SGPAU_Rb_tree_node_base@2@PAU32@AAPAU32@11@Z
?_M_decrement@?$_Rb_global@_N@_STL@@SGPAU_Rb_tree_node_base@2@PAU32@@Z
?_M_increment@?$_Rb_global@_N@_STL@@SGPAU_Rb_tree_node_base@2@PAU32@@Z
?compare@?$__char_traits_base@_WG@_STL@@SGHPB_W0I@Z
?__stl_throw_out_of_range@_STL@@YGXPBD@Z
?deallocate@__new_alloc@_STL@@SGXPAXI@Z
?allocate@__new_alloc@_STL@@SGPAXI@Z
?__stl_throw_length_error@_STL@@YGXPBD@Z
?length@?$__char_traits_base@_WG@_STL@@SGIPB_W@Z

platform

?GetSeconds@Time@Plat@@YGMXZ

localizer

?LocString2String@Localizer@@SGXPADIPB_W@Z

memory

??1MMOverloads@@QAE@XZ
?ModuleFromAddress@MMAPIHook@@YGPAUHINSTANCE__@@PAX@Z
??0MMOverloads@@QAE@PAUHINSTANCE__@@@Z
??1MemoryPoolObj@@QAE@XZ
??0MemoryPoolObj@@QAE@PBDW4MEMPOOLTYPE@@I@Z
?MemPoolAlloc@@YGPAXPAU_HMEMPOOL@@I@Z
?MemPoolFree@@YGXPAU_HMEMPOOL@@PAX@Z
?MemPoolRealloc@@YGPAXPAU_HMEMPOOL@@PAXI@Z
?MemStringFree@@YGXPAX@Z
?MemStringAlloc@@YGPAXII@Z

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_callnewh
_vscwprintf
_vsnwprintf
??_V@YAXPAX@Z
_except_handler3
_adjust_fdiv
wcscpy
?terminate@@YAXXZ
wcscmp
towlower
swprintf
wcschr
wcsstr
_wtoi
_purecall
??3@YAXPAX@Z
_CxxThrowException
__CppXcptFilter
sprintf
memmove
qsort
malloc
free
realloc
clock
time
tolower
strncpy
_stricmp
atoi
strchr
strtok
strstr
wcsncpy
isdigit
vsprintf
rand
iswdigit
fclose
fopen
rewind
ftell
fseek
fread
strcspn
strncmp
isspace
sscanf
fwrite
_atoi64
_strnicmp
_strlwr
strncat
wcslen
atof
remove
toupper
fgetc
fscanf
fprintf
strtoul
_fstat
__CxxFrameHandler
srand

wsock32

ioctlsocket
gethostbyname
sendto
socket
closesocket
recvfrom
WSAStartup
WSACleanup
inet_ntoa
setsockopt
getsockopt
__WSAFDIsSet
select
gethostname
ntohl
WSAGetLastError
connect
shutdown
send
recv
getsockname
bind
inet_addr
htonl
ntohs
listen
accept
htons

Exports

Exports

??0GSAutoMatchOptions@@QAE@ABV0@@Z
??0GSAutoMatchOptions@@QAE@XZ
??0GSHTTP@@QAE@XZ
??0GSID@@QAE@ABV0@@Z
??0GSID@@QAE@XZ
??0GSLobbyPlayerDesc@@QAE@ABV0@@Z
??0GSLobbyPlayerDesc@@QAE@XZ
??0GSLobbySessionDesc@@QAE@ABV0@@Z
??0GSLobbySessionDesc@@QAE@XZ
??0GSPeer@@QAE@XZ
??0GSPersist@@QAE@ABV0@@Z
??0GSPersist@@QAE@XZ
??1GSAutoMatchOptions@@QAE@XZ
??1GSHTTP@@QAE@XZ
??1GSLobbyPlayerDesc@@QAE@XZ
??1GSLobbySessionDesc@@QAE@XZ
??1GSPeer@@QAE@XZ
??1GSPersist@@QAE@XZ
??4GSAutoMatchOptions@@QAEAAV0@ABV0@@Z
??4GSHTTP@@QAEAAV0@ABV0@@Z
??4GSID@@QAEAAV0@ABV0@@Z
??4GSLobbyPlayerDesc@@QAEAAV0@ABV0@@Z
??4GSLobbySessionDesc@@QAEAAV0@ABV0@@Z
??4GSPatcher@@QAEAAV0@ABV0@@Z
??4GSPeer@@QAEAAV0@ABV0@@Z
??4GSPersist@@QAEAAV0@ABV0@@Z
??4GSTracker@@QAEAAV0@ABV0@@Z
??_7GSID@@6B@
?AutoMatchGetOptions@GSPeer@@QAEAAVGSAutoMatchOptions@@XZ
?AutoMatchGetSessionDesc@GSPeer@@QAEXAAVGSLobbySessionDesc@@@Z
?AutoMatchGetVersion@GSPeer@@QAEPB_WXZ
?AutoMatchHostDesc@GSPeer@@QAEXABVGSLobbySessionDesc@@@Z
?AutoMatchIsHost@GSPeer@@QBE_NXZ
?AutoMatchIsOn@GSPeer@@QBE_NXZ
?AutoMatchSessionUpdate@GSPeer@@QBE_NXZ
?AutoMatchSetVersion@GSPeer@@QAEXPB_W@Z
?AutoMatchStart@GSPeer@@QAEXIF@Z
?AutoMatchStartGame@GSPeer@@QAEXXZ
?AutoMatchStop@GSPeer@@QAEXXZ
?AutoMatchStopGame@GSPeer@@QAEXXZ
?AvailableCheckStart@GSPeer@@QBEXPB_W@Z
?BeginNegotiation@GSNAT@@YG?AW4NegotiateError@@HHP6GXW4NegotiateState@@PAX@ZP6GXW4NegotiateResult@@IPAUsockaddr_in@@1@Z1@Z
?BeginNegotiationWithSocket@GSNAT@@YG?AW4NegotiateError@@IHHP6GXW4NegotiateState@@PAX@ZP6GXW4NegotiateResult@@IPAUsockaddr_in@@1@Z1@Z
?CDAuthenticate@GSPeer@@AAE_NPB_W@Z
?Cancel@GSNAT@@YGXH@Z
?CancelDownload@GSHTTP@@QAEXXZ
?CancelPatchCheck@GSPatcher@@SGXXZ
?ChatMessage@GSPeer@@QAEXW4GSLobbyChatType@@PB_W1@Z
?CheckForPatch@GSPatcher@@SG_NHPB_WH_NAAVCheckCallback@1@@Z
?Clear@GSLobbySessionDesc@@QAEXXZ
?Copy@GSAutoMatchOptions@@QAEXABV1@@Z
?Disconnect@GSPeer@@QAEXXZ
?DownloadFile@GSHTTP@@QAE_NPB_W0@Z
?FreeNegotiateList@GSNAT@@YGXXZ
?GameStarted@GSPeer@@QAEX_N@Z
?GetAvailableStatus@GSPeer@@QBE?AW4AvailableStatus@1@XZ
?GetData@GSPersist@@QAE_NPAVGSPersistListener@@@Z
?GetFileSize@GSHTTP@@QAE_NPB_W@Z
?GetGSValue@GSLobbySessionDesc@@QBEXHAAV?$basic_string@_WV?$char_traits@_W@_STL@@V?$allocator_string@_W@2@@_STL@@@Z
?GetHttp@GSPeer@@QAEPAVGSHTTP@@XZ
?GetLocalSession@GSPeer@@QBEABVGSLobbySessionDesc@@XZ
?GetMode@GSAutoMatchOptions@@QAEHXZ
?GetNews@GSPersist@@QAEXPAVGSPersistListener@@PB_W@Z
?GetOtherPlayerStats@GSPeer@@QAEPAVGameSpyPlayerStats@@PB_W@Z
?GetPersist@GSPeer@@QBEPAVGSPersist@@XZ
?GetPlayerCompleteStats@GSPersist@@QAE_NPAVGSPersistListener@@PB_W@Z
?GetPlayerStats@GSPeer@@QAEXPB_W@Z
?GetPlayerStats@GSPersist@@QAEAAVGameSpyPlayerStats@@XZ
?GetProfileID@GSPeer@@QBEHPB_W@Z
?GetProfileID@GSPeer@@QBEHXZ
?GetPublicIP@GSPeer@@QBEHXZ
?GetValue@GSLobbySessionDesc@@QBE_NPB_WAAJ@Z
?GetValue@GSLobbySessionDesc@@QBE_NPB_WAAV?$basic_string@_WV?$char_traits@_W@_STL@@V?$allocator_string@_W@2@@_STL@@@Z
?GetValue@GSPersist@@AAEXPADPBD1@Z
?InitHttp@GSPeer@@QAE_NXZ
?InitPersist@GSPeer@@QAE_NXZ
?InitialiseSystems@GSPeer@@SGXXZ
?Initialize@GSPeer@@QAE_NPBVGSID@@PAVGSEvent@@@Z
?Initialize@GSPersist@@QAE_NPAVGSPeer@@PBD1PB_W@Z
?IsConnected@GSPeer@@QBE_NXZ
?IsInitialized@GSPeer@@QBE_NXZ
?IsInitialized@GSPersist@@QBE_NXZ
?Logon@GSPeer@@QAEXPB_W000@Z
?MakeNiceNick@GSPeer@@QAE_NPB_WAAV?$basic_string@_WV?$char_traits@_W@_STL@@V?$allocator_string@_W@2@@_STL@@@Z
?OnDownloadComplete@GSHTTP@@QAEXW4CompletionResult@1@@Z
?OnDownloadProgress@GSHTTP@@QAEXW4DownloadStatus@1@HH@Z
?OnGetDataCallBack@GSPersist@@QAEX_NPAXH@Z
?OnSetDataCallBack@GSPersist@@QAEX_N@Z
?OneNewsCompleteGet@GSPersist@@QAEXHPAX@Z
?PlayerGetDesc@GSPeer@@QBE_NPB_WAAVGSLobbyPlayerDesc@@@Z
?PlayerGetList@GSPeer@@QAEXAAV?$vector@V?$basic_string@_WV?$char_traits@_W@_STL@@V?$allocator_string@_W@2@@_STL@@V?$allocator@V?$basic_string@_WV?$char_traits@_W@_STL@@V?$allocator_string@_W@2@@_STL@@@2@@_STL@@@Z
?PlayerGetName@GSPeer@@QBEPB_WXZ
?PlayerSetPlaying@GSPeer@@QAEX_N@Z
?PlayerUpdateList@GSPeer@@QAEXXZ
?ProcessData@GSNAT@@YG_NPADHHF@Z
?ProcessData@GSPeer@@QAE_NPADHHF@Z
?RankedOptions@GSAutoMatchOptions@@QAEXXZ
?RefreshRoomNames@GSPeer@@QAEXXZ
?RegisterAndLogon@GSPeer@@QAEXPB_W000@Z
?RegisterKeys@GSPeer@@QAEXXZ
?Release@GSPeer@@QAEXXZ
?Release@GSPersist@@QAEXXZ
?Report@GSPersist@@QAE_NXZ
?Reset@GSAutoMatchOptions@@QAEXXZ
?RoomGetDesc@GSPeer@@QBE_NIAAVGSLobbyRoomDesc@@@Z
?RoomGetList@GSPeer@@QAEXXZ
?RoomJoin@GSPeer@@QAE_NI@Z
?RoomJoinTitle@GSPeer@@QAE_NXZ
?RoomLeave@GSPeer@@QAE_NXZ
?RoomLeaveTitle@GSPeer@@QAE_NXZ
?SendNATCookie@GSPeer@@QAEXHFH@Z
?SessionCancel@GSPeer@@QAEXXZ
?SessionChangeSettings@GSPeer@@QAEXABVGSLobbySessionDesc@@@Z
?SessionGetDesc@GSPeer@@QBE_NIAAVGSLobbySessionDesc@@@Z
?SessionGetList@GSPeer@@QAEXXZ
?SessionGetListStop@GSPeer@@QAEXXZ
?SessionHost@GSPeer@@QAEXABVGSLobbySessionDesc@@IF@Z
?SessionJoin@GSPeer@@QAEXPB_W@Z
?SessionStart@GSPeer@@QAEXXZ
?SessionUpdate@GSPeer@@QBE_NI@Z
?SetConnected@GSPersist@@QAEX_N@Z
?SetFromGSValue@GSLobbySessionDesc@@QAEXABV?$basic_string@_WV?$char_traits@_W@_STL@@V?$allocator_string@_W@2@@_STL@@@Z
?SetGSEvent@GSHTTP@@QAEXPAVGSEvent@@@Z
?SetRanked@GSPersist@@QAEX_N@Z
?SetSessionID@GSPersist@@QAEXH@Z
?SetSystem@GSPersist@@QAE_NPB_W@Z
?SetValue@GSLobbySessionDesc@@QAEXPB_WABV?$basic_string@_WV?$char_traits@_W@_STL@@V?$allocator_string@_W@2@@_STL@@@Z
?SetValue@GSLobbySessionDesc@@QAEXPB_WJ@Z
?Shutdown@GSHTTP@@SG_NXZ
?Startup@GSHTTP@@SG_NXZ
?StopGame@GSPeer@@AAEXXZ
?Think@GSHTTP@@QAEXXZ
?Think@GSNAT@@YGXXZ
?Think@GSPeer@@QAEXXZ
?Think@GSPersist@@QAEXXZ
?ThinkHTTP@GSPatcher@@SGXXZ
?TrackUsage@GSTracker@@SGXHHPB_WH@Z
?UpdateSession@GSPeer@@AAEXAAVGSLobbySessionDesc@@@Z
?WantPacket@GSPeer@@SG_NPBDH@Z
?s_usagesTracked@GSTracker@@0IA

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70e8cbe33ebc1e0ead2b7538f3d25792

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

luaconfig

debug

stlport

platform

localizer

memory

msvcp71

msvcr71

wsock32

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 176KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 3KB - Virtual size: 21KB

.rsrc Size: 98KB - Virtual size: 98KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 3KB - Virtual size: 21KB

.rsrc
Size: 98KB - Virtual size: 98KB

.reloc
Size: 9KB - Virtual size: 9KB