17716e6a04ab23408d2629cee1a7b3e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17716e6a04ab23408d2629cee1a7b3e6_JaffaCakes118
Size

5.2MB
MD5

17716e6a04ab23408d2629cee1a7b3e6
SHA1

2e437220172610ec56a855333549d18a0b794674
SHA256

ecd7af5171ec0f607f42428f1da3efa859b5748f8e02f408842554255fb0a487
SHA512

985c2ca4c1672e7c73962753cc50fe0defd9d6eb60b5a2d075032e54675d1162e7e2c4ad87a967e27da531460a29c0561364dc6b778341ec957feb1d9a80c755
SSDEEP

98304:/6w5MwnZwAGf6nl6kIsh1cLf6V6EI6qvUCSXK8E:/5MwnZwAGfI6kIsh1cD6V6EswXE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17716e6a04ab23408d2629cee1a7b3e6_JaffaCakes118

Files

17716e6a04ab23408d2629cee1a7b3e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a5be2b58357f008db76495ebe4af690

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

zlibwapi

ord46
ord2
ord26

elementskill

?Condition@ElementSkill@GNET@@SAHIAAUUseRequirement@2@H@Z
?PetLearn@ElementSkill@GNET@@SAHIAAUPetRequirement@2@H@Z
?GetAbility@ElementSkill@GNET@@SAHI@Z
?GetAbilityPercent@ElementSkill@GNET@@SAHI@Z
?GetName@ElementSkill@GNET@@SAPBGI@Z
?NextSkill@ElementSkill@GNET@@SAII@Z
?Query@VisibleState@GNET@@SAPBV12@HH@Z
?GetNativeName@ElementSkill@GNET@@SAPBDI@Z
?Create@ElementSkill@GNET@@SAPAV12@IH@Z
?GetRequiredBook@ElementSkill@GNET@@SAHIH@Z
?Query@TeamState@GNET@@SAPBV12@H@Z
?GetIcon@ElementSkill@GNET@@SAPBDI@Z
?GetRequiredMoney@ElementSkill@GNET@@SAHIH@Z
?GetRequiredSp@ElementSkill@GNET@@SAHIH@Z
?GetEffect@ElementSkill@GNET@@SAPBDI@Z
?GetExecuteTime@ElementSkill@GNET@@SAHIH@Z
?GetType@ElementSkill@GNET@@SADI@Z
?GetVersion@ElementSkill@GNET@@SAHXZ
?SetAbility@ElementSkill@GNET@@SAHIH@Z
?LearnCondition@ElementSkill@GNET@@SAHIAAULearnRequirement@2@H@Z
?Destroy@ElementSkill@GNET@@QAEXXZ
?LoadSkillData@ElementSkill@GNET@@SAXPAX@Z
?SetLevel@ElementSkill@GNET@@SAHIH@Z

kernel32

GetFileAttributesA
GetModuleHandleA
Process32Next
ReadProcessMemory
OutputDebugStringA
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
lstrlenA
LoadLibraryA
GlobalMemoryStatus
HeapFree
GetProcessHeap
HeapAlloc
SystemTimeToFileTime
GetSystemTime
FlushInstructionCache
ReleaseMutex
IsBadWritePtr
QueryPerformanceCounter
QueryPerformanceFrequency
OpenFile
InterlockedExchange
GetWindowsDirectoryA
GetSystemDirectoryA
VirtualQuery
SetLastError
VirtualProtect
ResetEvent
SuspendThread
WriteFile
IsDBCSLeadByte
ExitProcess
CreateThread
SetThreadPriority
SetThreadPriorityBoost
DeleteCriticalSection
InitializeCriticalSection
IsProcessorFeaturePresent
GetVersionExA
ReleaseSemaphore
FindClose
ReadFile
CopyFileA
GetFileSize
GetExitCodeThread
WaitForMultipleObjects
TerminateThread
CreateFileA
GlobalAlloc
GlobalLock
GlobalUnlock
MapViewOfFile
CreateFileMappingA
GetCommandLineA
GetPrivateProfileStringA
GetPrivateProfileIntA
DuplicateHandle
FindFirstFileA
DeleteFileA
FindNextFileA
CompareStringA
GetLocalTime
SetEvent
WaitForSingleObject
ResumeThread
Sleep
IsDebuggerPresent
GetVersion
GetCurrentDirectoryA
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentThread
GetLastError
FreeLibrary
CloseHandle
GetCurrentThreadId
EnterCriticalSection
GetCurrentProcessId
GetCurrentProcess
LeaveCriticalSection
GetModuleFileNameA
IsBadReadPtr
GetTickCount
GetSystemInfo
UnmapViewOfFile
VirtualQueryEx
FormatMessageA
SetEndOfFile
SetFilePointer
GetFileType
WinExec
GlobalReAlloc
GlobalSize
GlobalFree

advapi32

RegQueryValueExA
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
RegOpenKeyA

user32

GetClassNameA
GetWindowTextA
GetWindow
GetWindowThreadProcessId
GetKeyState
PostQuitMessage
OpenClipboard
GetClientRect
GetCapture
SetCursorPos
ClientToScreen
GetAsyncKeyState
ReleaseCapture
SetCapture
ScreenToClient
GetCursorPos
InvalidateRect
SetWindowPos
AdjustWindowRectEx
MessageBoxA
SetCursor
EndPaint
BeginPaint
ShowWindow
TranslateMessage
SetForegroundWindow
GetTopWindow
UpdateWindow
MoveWindow
GetSystemMetrics
AdjustWindowRect
CloseClipboard
SetClipboardData
EmptyClipboard
CreateCaret
SetCaretPos
GetKeyboardLayout
IsWindowVisible
CreateWindowExA
GetParent
WindowFromDC
EnumThreadWindows
SetRect
IntersectRect
DestroyCursor
LoadCursorFromFileA
GetDesktopWindow
SetTimer
KillTimer
GetDC
ReleaseDC
EnumWindows
UnhookWindowsHookEx
PtInRect
FindWindowA
GetWindowRect
IsRectEmpty
CallNextHookEx
GetActiveWindow

gdi32

SetTextAlign
SetBkColor
SetTextColor
SelectObject
PtInRegion
CreatePolygonRgn
CreateEllipticRgn
SetMapMode
CreateCompatibleDC
TextOutA
BitBlt
DeleteDC
GetStockObject
DeleteObject
CreateDIBSection
GetDeviceCaps

shell32

ShellExecuteA

ws2_32

gethostbyname
send
inet_ntoa
connect
ioctlsocket
setsockopt
htons
socket
closesocket
WSAGetLastError
recv
sendto
select
__WSAFDIsSet
getsockname
bind
WSACleanup
ntohs
WSAStartup
inet_addr

imm32

ImmGetCompositionStringW
ImmGetCandidateListW
ImmAssociateContext
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetDescriptionW
ImmGetProperty
ImmIsIME
ImmReleaseContext
ImmGetContext

d3d8

Direct3DCreate8

ddraw

DirectDrawCreate

dsound

ord11

ole32

CoUninitialize
CoInitialize

speedtreert

?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?Authorize@CSpeedTreeRT@@SAXPBD@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
??3CSpeedTreeRT@@SAXPAX@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
??0STextures@CSpeedTreeRT@@QAE@XZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetDiscreteLeafLodLevel@CSpeedTreeRT@@QBEGM@Z
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??1CSpeedTreeRT@@QAE@XZ
??2CSpeedTreeRT@@SAPAXI@Z
??0CSpeedTreeRT@@QAE@XZ
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?GetTreeSize@CSpeedTreeRT@@QBEXAAM0@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z

ftdriver

?CreateFTManager@@YAPAVIFTManager@@HHH@Z

shlwapi

StrToIntW
PathFindExtensionA
PathFileExistsA

wininet

InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetReadFile

msvcrt

_itoa
_strcmpi
_strnicmp
_strupr
_fileno
_CIsinh
_CIcosh
_CItanh
_CIfmod
modf
_HUGE
tolower
strpbrk
system
remove
rename
tmpnam
getenv
clock
strftime
mktime
difftime
_popen
tmpfile
clearerr
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_strlwr
_exit
_ecvt
_fcvt
_fpclass
_isnan
_copysign
??1exception@@UAE@XZ
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
memchr
frexp
ldexp
toupper
_snwprintf
wcsncmp
localeconv
strcoll
strtod
setvbuf
_pclose
tan
sin
pow
sqrt
strtoul
_isctype
__mb_cur_max
_pctype
_errno
strerror
_iob
getc
ungetc
_wcsicmp
atan2
_XcptFilter
sprintf
_ftol
__CxxFrameHandler
fclose
fwrite
fopen
strstr
_CIacos
ceil
acos
_CxxThrowException
wcslen
strrchr
atoi
_wtoi
localtime
time
memmove
_purecall
_except_handler3
strncpy
wcscmp
wcscpy
vswprintf
gmtime
free
rand
realloc
swprintf
fseek
__RTDynamicCast
_access
_CIpow
wcscat
wcsstr
swscanf
_stat
malloc
_CIasin
qsort
isdigit
wcsncpy
strncmp
fread
sscanf
ftell
floor
_findclose
_findnext
_findfirst
_wmkdir
wcsrchr
fgetws
fgetwc
strchr
fputs
_beginthreadex
_beginthread
fprintf
asctime
atof
_snprintf
printf
srand
fwprintf
strcspn
fgets
_stricmp
_local_unwind2
calloc
fscanf
vsprintf
wcschr
strncat
wcsncat
_vsnprintf
fflush
_wcslwr
_fstat
strtok
_chsize
_finite
_controlfp
longjmp
_setjmp3
isspace
isalpha
isalnum
_strdup
setlocale
exit
_assert
cos
fabs

winmm

timeGetTime

immwrapper

??0AMImmWrapper@@QAE@XZ
?Init@AMImmWrapper@@QAE_NPAUHINSTANCE__@@PAUHWND__@@PAD2@Z
?Release@AMImmWrapper@@QAE_NXZ
??1AMImmWrapper@@QAE@XZ
?ReleaseImmEffect@AMImmWrapper@@QAE_NAAPAVAMImmEffect@@@Z
?LoadImmEffect@AMImmWrapper@@QAE_NPADPAPAVAMImmEffect@@@Z
?Start@AMImmEffect@@QAE_NXZ
?Stop@AMImmEffect@@QAE_NXZ

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 428KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 372KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a5be2b58357f008db76495ebe4af690

Headers

File Characteristics

Imports

zlibwapi

elementskill

kernel32

advapi32

user32

gdi32

shell32

ws2_32

imm32

d3d8

ddraw

dsound

ole32

speedtreert

ftdriver

shlwapi

wininet

msvcrt

winmm

immwrapper

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 428KB - Virtual size: 426KB

.data Size: 372KB - Virtual size: 613KB

.tls Size: 8KB - Virtual size: 4KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 428KB - Virtual size: 426KB

.data
Size: 372KB - Virtual size: 613KB

.tls
Size: 8KB - Virtual size: 4KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB