2735f72afa3fb0cce36d3507005b4080_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2735f72afa3fb0cce36d3507005b4080_JaffaCakes118
Size

5.1MB
MD5

2735f72afa3fb0cce36d3507005b4080
SHA1

4057753b2016aadae467a1ca78a98a821bdc1724
SHA256

d83a512699b09a110d009ece7748f2176d9b4d4f58060da6fcbeb47ce14988f6
SHA512

685b21fed8f31fafa60ef32e82cb2070765d5258bc03c5a5ede2d41f78b1a48f0dba3d47fe498d7ff519083a726df9b4f1d186d7824185c081ad3a382a84d7f2
SSDEEP

98304:TtRnAs72/eCn4Y6uuj4O98DWY1Q9NfQk52Hq4BBVsDT+g:hweCn4Yruj4O98MQFpBBV/g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2735f72afa3fb0cce36d3507005b4080_JaffaCakes118

Files

2735f72afa3fb0cce36d3507005b4080_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5200e6792fc39d86c5c275c82e3c2e8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDeriveKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExA
RegSetValueExA

uxtheme

ord1

ddraw

DirectDrawCreateEx

deutil

?GetAttackSpeed@MStatusManager@@QAEHXZ
?GetProtection@MStatusManager@@QAEHXZ
?GetTOHIT@MStatusManager@@QAEHXZ
?GetMaxDAM@MStatusManager@@QAEHXZ
?GetMinDAM@MStatusManager@@QAEHXZ
?g_StatusManager@@3VMStatusManager@@A
?GetDefense@MStatusManager@@QAEHXZ

dinput

DirectInputCreateA

dsound

DirectSoundCreate

gdi32

CreateSolidBrush
GetTextMetricsA
GetObjectA
Rectangle
StretchBlt
CreateCompatibleDC
CreateFontIndirectA
CreatePen
MoveToEx
DeleteDC
GetStockObject
DeleteObject
SetTextAlign
SetBkMode
SetBkColor
SetTextColor
TextOutA
SelectObject
GetTextExtentPoint32A
LineTo

gl

?InitializeGL@@YAXHHHH@Z
?rectangle@@YAXPAUS_SURFACEINFO@@PAVRect@@H@Z
?FillRect@@YAXPAUS_SURFACEINFO@@PAVRect@@H@Z
?SetSurfaceInfo@@YAXPAUS_SURFACEINFO@@PBU_DDSURFACEDESC2@@@Z

ifc22

?Stop@CImmEffect@@UAEHXZ
?Unload@CImmEffect@@UAEJXZ
?Reload@CImmEffect@@UAEXXZ
?buffer_ifr_data@CImmPeriodic@@MAEHPAD@Z
?get_ffe_data@CImmPeriodic@@MAEHPAUDIEFFECT@@@Z
?Initialize@CImmPeriodic@@UAEHPAVCImmDevice@@KKKJJJKPAUFEELIT_ENVELOPE@@K@Z
?InitializePolar@CImmPeriodic@@UAEHPAVCImmDevice@@KKKJJKPAUFEELIT_ENVELOPE@@K@Z
??1CImmProject@@QAE@XZ
?Start@CImmProject@@QAEHPBDKKPAVCImmDevice@@@Z
??1CImmPeriodic@@UAE@XZ
?GetIsCompatibleGUID@CImmPeriodic@@UAEHAAU_GUID@@@Z
?Close@CImmProject@@QAEXXZ
??0CImmPeriodic@@QAE@XZ
?OpenFile@CImmProject@@QAEHPBDPAVCImmDevice@@@Z
??0CImmProject@@QAE@XZ
?Start@CImmEffect@@UAEHKKH@Z
?GetEffectType@CImmPeriodic@@UAEKXZ
?Initialize@CImmPeriodic@@UAEHPAVCImmDevice@@ABUFEELIT_EFFECT@@K@Z
?CreateDevice@CImmDevice@@SAPAV1@PAUHINSTANCE__@@PAUHWND__@@@Z
?InitializeFromProject@CImmEffect@@UAEHAAVCImmProject@@PBDPAVCImmDevice@@K@Z

imm32

ImmNotifyIME
ImmSetConversionStatus
ImmGetContext
ImmGetOpenStatus

kernel32

GetTickCount
GetWindowsDirectoryA
InitializeCriticalSection
SetThreadPriority
CreateThread
CreateEventA
TerminateThread
DeleteCriticalSection
CloseHandle
WaitForSingleObject
ResetEvent
LeaveCriticalSection
EnterCriticalSection
SetEvent
SetCurrentDirectoryA
GetModuleFileNameA
ReleaseMutex
GetLastError
CreateMutexA
GlobalMemoryStatus
Sleep
GetExitCodeThread
GetCurrentThread
GetVersionExA
GetCurrentDirectoryA
lstrcatA
OutputDebugStringA
GetLogicalDrives
FindClose
FindNextFileA
FindFirstFileA
GetSystemInfo
GetModuleHandleA
WriteFile
CreateFileA
ResumeThread
RtlUnwind
RaiseException
DeleteFileA
GetFileAttributesA
InterlockedDecrement
InterlockedIncrement
GetFileType
IsBadReadPtr
FileTimeToSystemTime
FileTimeToLocalFileTime
RemoveDirectoryA
GetFullPathNameA
GetDriveTypeA
SetEnvironmentVariableA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ReadFile
DuplicateHandle
GetCurrentProcess
SetFilePointer
HeapFree
CreateDirectoryA
GetFileSize
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
HeapAlloc
HeapReAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapSize
GetProcAddress
SetUnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
SetEndOfFile
SetHandleCount
GetStdHandle
FlushFileBuffers
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
CreateProcessA
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetACP
GetOEMCP
LoadLibraryA
CompareStringA
CompareStringW
GetLocaleInfoW
InterlockedExchange
OpenEventA
GetCurrentProcessId
FreeLibrary
GetComputerNameA
lstrlenA
lstrcmpA
QueryPerformanceCounter
CreatePipe
PeekNamedPipe
MoveFileA

shell32

ShellExecuteA

user32

SetFocus
UpdateWindow
SetCursor
RegisterClassA
LoadCursorA
LoadIconA
wsprintfA
SystemParametersInfoA
WaitMessage
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
GetDoubleClickTime
ClientToScreen
GetWindowRect
LoadImageA
GetKeyState
SetWindowTextA
SendMessageA
GetSystemMetrics
CreateWindowExA
ShowCursor
ShowWindow
MessageBoxA
DestroyWindow
GetCursorPos
GetClientRect
DefWindowProcA
SetRect
PostQuitMessage

winmm

midiOutGetVolume
midiOutSetVolume
mciSendStringA
mmioClose
mmioAscend
mmioRead
mmioDescend
mmioOpenA
waveOutGetVolume
waveOutSetVolume
timeGetTime
mciSendCommandA
midiOutClose
midiOutOpen

wsock32

socket
WSAGetLastError
inet_addr
htons
ntohs
WSACleanup
gethostbyname
inet_ntoa
WSAStartup
bind
connect
listen
accept
setsockopt
send
sendto
recvfrom
closesocket
htonl
ioctlsocket
recv

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 227KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 9.3MB

.as_0001
Size: 114KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 8KB

.as_0002
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5200e6792fc39d86c5c275c82e3c2e8b

Headers

File Characteristics

Imports

advapi32

uxtheme

ddraw

deutil

dinput

dsound

gdi32

gl

ifc22

imm32

kernel32

shell32

user32

winmm

wsock32

ole32

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.data Size: 227KB - Virtual size: 228KB

Size: 174KB - Virtual size: 1.3MB

.rsrc Size: 14KB - Virtual size: 16KB

.idata Size: 7KB - Virtual size: 8KB

.zero Size: - Virtual size: 9.3MB

.as_0001 Size: 114KB - Virtual size: 120KB

.zero Size: - Virtual size: 8KB

.as_0002 Size: 48KB - Virtual size: 48KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.data
Size: 227KB - Virtual size: 228KB

.rsrc
Size: 14KB - Virtual size: 16KB

.idata
Size: 7KB - Virtual size: 8KB

.zero
Size: - Virtual size: 9.3MB

.as_0001
Size: 114KB - Virtual size: 120KB

.zero
Size: - Virtual size: 8KB

.as_0002
Size: 48KB - Virtual size: 48KB