1002e6e77cc769da41e6b6b6db09d33d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1002e6e77cc769da41e6b6b6db09d33d_JaffaCakes118
Size

97KB
MD5

1002e6e77cc769da41e6b6b6db09d33d
SHA1

c10c7440b4c2dcb57146b8e000e0235ea21ac0a2
SHA256

01da16339de23cc6bab146a97b5dcafd073c3e4c42043006c6f927d9e8b5d883
SHA512

0fe760ed51eae9517944437626b743af0f5a6e542ee09a2b33341b5d14c74c862ebbfb785ba29d5358f37a4cd16da664899cf3e914c5015c3ee21a62be96908f
SSDEEP

1536:fFYbCqkA6ZEBrVAc5M1cexJBufNdO+5rTTx2ORFK7ULAX:dYeqkA6ZEFeJ8fNdP5d2ORFGULO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1002e6e77cc769da41e6b6b6db09d33d_JaffaCakes118

Files

1002e6e77cc769da41e6b6b6db09d33d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dc4723533a7823fc4dd534bb5f81a396

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gamevancelib32

?GetCheckPopServer@@YGHPADK0@Z
?GetCommon@@YAPAVCCommon@@XZ
?GetExcludedUrlsSeq@@YGKPAD@Z
GetUuid
?GetDefaultCfgServer@@YGHPADK0@Z
?GetGeoIPCountryCode@@YGHPADH0@Z
?is_ip_address@@YGHPAD@Z
?MyCfgSetString@@YGHPAD00@Z
?MyCfgGetString@@YGHPAD0H0@Z
?SetExcludedUrlsSeq@@YGHKPAD@Z
SetAdLocation
?SetCheckPopServer@@YGHPAD0@Z
?SetClientId@@YGHPAD0@Z
?SetLastPopupTimeT@@YGHU_FILETIME@@PAD@Z
?SetPopupCountT@@YGHKPAD@Z
?SetGeoIPCountryCode@@YGHPAD0@Z
?xml_parse_config@@YGHPADPAPAU_tagCONFIG_STRUCT@@PAHPAVCStringTable@@@Z
?SetPopupsStatusDisabled@@YGHKPAD@Z
?SetDefaultCfgServer@@YGHPAD0@Z
?CreateCSmallPopup@@YAPAVCSmallPopup@@XZ
?GetLastPopupTimeT@@YG?AU_FILETIME@@PAD@Z
?GetBrowserUtil@@YAPAVCBrowserUtil@@XZ
?GetClientId@@YGHPADK0@Z
GetAdLocation
?GetClientInstallDate@@YG?AU_FILETIME@@XZ
?IsPopupEngineDisabled@@YGHXZ
?IsHeaderFirstRun@@YGHXZ
?GetCfgFilePath@@YGHPADH@Z
?GetWS2SendFrame@@YGHPADK@Z
?CreateStringTable@@YAPAVCStringTable@@XZ
?CreateCPopup@@YAPAVCPopup@@XZ
?GetPopupCountT@@YGKPAD@Z
?GetCrc64@@YGHPADK0@Z
?SetClientInstallDate@@YGXU_FILETIME@@@Z
?SetCrc64@@YGHPAD0@Z

shlwapi

StrStrIA
StrToIntA
StrNCatA
StrChrA
StrStrA
wnsprintfA

kernel32

VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
VirtualFree
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
SetLastError
TlsFree
VirtualProtect
ExitProcess
CreateFileA
GetFileSize
lstrlenA
lstrcpynA
SetUnhandledExceptionFilter
SystemTimeToFileTime
HeapFree
Process32First
GetTickCount
GetProcessHeap
GetSystemTimeAsFileTime
CreateRemoteThread
RtlUnwind
Sleep
CreateProcessA
IsBadWritePtr
Module32First
GetLastError
VirtualAllocEx
GetLocalTime
LoadLibraryA
Process32Next
GetModuleFileNameA
CreateMutexA
CreateToolhelp32Snapshot
Module32Next
CloseHandle
GetCurrentProcessId
LocalFree
WriteProcessMemory
CreateThread
lstrcpyA
HeapAlloc
MapViewOfFile
UnmapViewOfFile
lstrcatA
CreateFileMappingA
lstrcmpA
WaitForSingleObject
ReleaseMutex
GetComputerNameA
HeapReAlloc
GetVolumeInformationA
GetProcAddress
GetVersionExA
VirtualQuery
WriteFile
HeapDestroy
HeapCreate
GetCurrentThreadId
GetModuleHandleA
OpenMutexA
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetStartupInfoA
GetCommandLineA
HeapSize
OpenProcess
IsBadReadPtr

user32

PostQuitMessage
KillTimer
SendMessageA
TranslateMessage
RegisterClassExA
CreateWindowExA
DefWindowProcA
GetLastInputInfo
ShowWindow
PostMessageA
DispatchMessageA
SetTimer
GetMessageA
DestroyWindow
RegisterWindowMessageA
GetWindowLongA

advapi32

RegQueryValueExA
RegCreateKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
RegCloseKey
RegOpenKeyA
SetNamedSecurityInfoA

ole32

CoInitialize

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc4723533a7823fc4dd534bb5f81a396

Headers

DLL Characteristics

File Characteristics

Imports

gamevancelib32

shlwapi

kernel32

user32

advapi32

ole32

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 32KB - Virtual size: 31KB