1b8e649af0e95fb676a018ed1d796b30_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b8e649af0e95fb676a018ed1d796b30_JaffaCakes118
Size

1.9MB
MD5

1b8e649af0e95fb676a018ed1d796b30
SHA1

44fd56842cf4c99ac61efe0f7d92ba3f753bc9e3
SHA256

96bf345ae2ff4a74683460041a0e7c43c449eadb9829000c06d12bb40749c139
SHA512

3113465aaeb5bf1df4c7079307f6267951e2ceb857c428d0858b093099d4184d5a1b85599b920ec3339df60bf68fcace36aeb3e4df09871eb21ffa125de659f3
SSDEEP

49152:bntyHFsrzdC48fRmxWv2BatR0vH0NTH0VF5X/97Pk+R9y22:bnAHFAC5RmxWOBQltH0VTX/ZH9U

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/System/DSETUP.dll
unpack001/System/warrock.exe

Files

1b8e649af0e95fb676a018ed1d796b30_JaffaCakes118
.zip
Data/Tool.srl
Data/UI/UISChannel_r.bin
Data/UI/UISMainMenu_r.bin
Data/textdata_eng.lua
System/DSETUP.dll
.dll windows:5 windows x86 arch:x86

437902adef7d05a048fcf34e160f5ab0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

ws2_32

send

user32

MessageBoxA

advapi32

FreeSid

d3dx9_42

D3DXCreateSprite

msvcp90

?eof@ios_base@std@@QBE_NXZ

msvcr90

free

winmm

timeGetTime

fmodex

FMOD_System_Create

Exports

Exports

___E__0__@0
___E__10__@0
___E__11__@0
___E__12__@0
___E__13__@0
___E__14__@0
___E__15__@0
___E__1__@0
___E__2__@0
___E__3__@0
___E__4__@0
___E__5__@0
___E__6__@0
___E__7__@0
___E__8__@0
___E__9__@0

Sections

.text
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHOX_VM
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
System/warrock.exe
.exe windows:5 windows x86 arch:x86

e780508628fe8151d4c237df0077fb25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

advapi32

OpenThreadToken

user32

MessageBoxA

Sections

.text
Size: 19KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHOX_VM
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Texture/UI/Broad/BroadCastUI.tga
Texture/UI/Broad/BroadCastUI.tga.xml
Texture/UI/Broad/Ingame_De.tga
Texture/UI/Broad/Ingame_De.tga.xml
Texture/UI/Broad/Ingame_NIU.tga
Texture/UI/Broad/Ingame_NIU.tga.xml
Texture/UI/CreateRoom01.tga
Texture/UI/CreateRoom01.tga.xml
Texture/UI/CreateRoom02.tga
Texture/UI/CreateRoom02.tga.xml
Texture/UI/CreateRoom03.tga
Texture/UI/CreateRoom03.tga.xml
Texture/UI/CreateRoom03_Ger.tga
Texture/UI/CreateRoom03_tur.tga
Texture/UI/CreateRoom04.tga
Texture/UI/CreateRoom04.tga.xml
Texture/UI/MainLoading/MainLoadingBG01.dds
Texture/UI/MainLoading/MainLoadingBG02.dds
Texture/UI/MainLoading/MainLoadingBG03.dds
Texture/UI/MainLoading/MainLoadingBG04.dds
Texture/UI/WRPSPwelcome.tga
Texture/UI/WRPSPwelcome.tga.xml
Texture/UI/button_01.tga
Texture/UI/button_01.tga.xml
Texture/UI/button_02.tga
Texture/UI/button_02.tga.xml

Sharing

General

Malware Config

Signatures

Files

437902adef7d05a048fcf34e160f5ab0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

d3dx9_42

msvcp90

msvcr90

winmm

fmodex

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 688B

.reloc Size: 2KB - Virtual size: 2KB

SHOX_VM Size: 4KB - Virtual size: 8KB

e780508628fe8151d4c237df0077fb25

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: 19KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 400B

.reloc Size: 2KB - Virtual size: 5KB

SHOX_VM Size: 3KB - Virtual size: 4KB

.text
Size: 10KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 688B

.reloc
Size: 2KB - Virtual size: 2KB

SHOX_VM
Size: 4KB - Virtual size: 8KB

.text
Size: 19KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 400B

.reloc
Size: 2KB - Virtual size: 5KB

SHOX_VM
Size: 3KB - Virtual size: 4KB