27586f3870aec369739bf81a911f9527_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27586f3870aec369739bf81a911f9527_JaffaCakes118
Size

3.0MB
MD5

27586f3870aec369739bf81a911f9527
SHA1

7a3bb2fe5bfb3843ce708895d55d8c43f50b4d1c
SHA256

37c37a9fb05b6e4d28cf27e10271e1b5858b8538d92e4fbddad5947626cc705f
SHA512

16a2a80aba857f56504eb54679480de8b61d510c8cb88819e204a64eda705193494b61d79915690b8fd1b87691983a878d6453dc3dc816b40787ba03c30a8465
SSDEEP

49152:kXTejO1IRUuYB+wMWpmZJG529sBLkpnm1KtPGfTRg+2Oo:41rB7sw5MhgFE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27586f3870aec369739bf81a911f9527_JaffaCakes118

Files

27586f3870aec369739bf81a911f9527_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a03e552cb981b9b0f2c7529f7159c8b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\DEV\ezquake.NIGHTLY\make\ezquake-gl.pdb

Imports

comctl32

ord17

opengl32

glGetIntegerv
glVertex2f
glTexParameterf
glOrtho
glTexCoord2f
glEnd
glTexImage2D
glDisable
glBegin
glColor4f
glCopyTexSubImage2D
glBlendFunc
glTexEnvf
glMatrixMode
glViewport
glEnable
glLoadIdentity
glColor3ubv
glScissor
glPopAttrib
glColor4ubv
glDrawBuffer
glCullFace
glRectf
glPushAttrib
glLineWidth
glColor4ub
glColor3f
glVertex3fv
glShadeModel
glPopMatrix
glPushMatrix
glScalef
glHint
glColor3fv
glDepthMask
glDepthFunc
glClear
glClearColor
glFinish
glBindTexture
glFogi
glFogfv
glGetFloatv
glRotatef
glReadPixels
glPolygonMode
glPolygonOffset
glAlphaFunc
wglDeleteContext
wglUseFontBitmapsA
wglDescribeLayerPlane
wglGetProcAddress
glFogf
glTranslatef
glFrustum
glDepthRange
glVertex3f
glColor4fv
glTexSubImage2D
glColorMask
wglGetLayerPaletteEntries
wglCreateContext
wglGetCurrentContext
wglCopyContext
wglUseFontOutlinesA
wglCreateLayerContext
wglSwapLayerBuffers
wglSetLayerPaletteEntries
glGetError
glGetString
wglGetCurrentDC
glTexEnvi
wglMakeCurrent
wglRealizeLayerPalette
wglShareLists

wsock32

inet_addr
select
ntohs
__WSAFDIsSet
sendto
recvfrom
WSACleanup
htonl
WSAStartup
connect
gethostname
WSAAsyncSelect
getsockopt
getservbyname
getpeername
setsockopt
gethostbyname
inet_ntoa
htons
recv
bind
socket
listen
accept
WSAGetLastError
closesocket
send
ioctlsocket
gethostbyaddr
getsockname

winmm

timeGetTime
joyGetPosEx
joyGetDevCapsA
joyGetNumDevs
waveOutClose
waveOutWrite
waveOutReset
waveOutUnprepareHeader
waveOutOpen
waveOutPrepareHeader
mciSendCommandA
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

dsound

ord2
ord1

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
InterlockedIncrement
VirtualAlloc
VirtualFree
HeapCreate
IsDebuggerPresent
TerminateProcess
GetDriveTypeA
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
HeapReAlloc
RtlUnwind
GetDateFormatA
GetTimeFormatA
ExitProcess
GetModuleHandleW
GetCPInfo
InterlockedDecrement
GetEnvironmentStringsW
RaiseException
GetLocaleInfoA
HeapSize
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetStdHandle
SetEnvironmentVariableA
SetEnvironmentVariableW
FreeEnvironmentStringsA
GetEnvironmentStrings
SetUnhandledExceptionFilter
GetCommModemStatus
SetCommState
EscapeCommFunction
SetupComm
SetCommTimeouts
ClearCommError
GetOverlappedResult
PurgeComm
GetConsoleCP
SetConsoleMode
PeekConsoleInputA
SetHandleInformation
FlushFileBuffers
GetFileType
GetConsoleMode
GetCommState
SetEndOfFile
GetLogicalDriveStringsA
VirtualQuery
BuildCommDCBA
CopyFileA
CreateDirectoryA
DeleteFileA
GetComputerNameA
GetFullPathNameA
GetVolumeInformationA
lstrcpyA
MoveFileA
RemoveDirectoryA
SearchPathA
SetFileAttributesA
ReadConsoleA
WriteConsoleA
BuildCommDCBW
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
DeleteFileW
FindNextFileW
GetComputerNameW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetShortPathNameW
GetTempFileNameW
GetTempPathW
GetVolumeInformationW
LoadLibraryW
lstrcpyW
MoveFileW
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
GetConsoleOutputCP
CompareStringA
FreeEnvironmentStringsW
CreateFileA
FileTimeToSystemTime
GetFileTime
CloseHandle
FileTimeToLocalFileTime
GlobalMemoryStatus
SetPriorityClass
AllocConsole
GetNumberOfConsoleInputEvents
FreeLibrary
GetCurrentProcess
QueryPerformanceCounter
GlobalLock
WaitForSingleObject
WriteFile
GlobalAlloc
ReadConsoleInputA
FreeConsole
CreateEventA
CreateSemaphoreA
CreateProcessA
ReadFile
SetThreadPriority
ReleaseSemaphore
SetConsoleTitleA
GlobalUnlock
GetShortPathNameA
SetCurrentDirectoryA
GetStdHandle
FindFirstFileA
GetProcAddress
FindClose
LoadLibraryA
SetConsoleCtrlHandler
GetModuleFileNameA
FindNextFileA
GetModuleHandleA
CreateMutexA
CreateMailslotA
GetCurrentDirectoryA
QueryPerformanceFrequency
GetCurrentThreadId
GetVersionExA
ResumeThread
CreateThread
GlobalFree
Sleep
ExitThread
GetExitCodeThread
DosDateTimeToFileTime
GetPriorityClass
GetExitCodeProcess
ExpandEnvironmentStringsA
GetLocalTime
MapViewOfFile
GetTickCount
OpenFileMappingW
GetCurrentProcessId
GetTempFileNameA
GetTempPathA
HeapAlloc
GetProcessHeap
HeapFree
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
SetErrorMode
GetACP
GetSystemInfo
lstrcmpiA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetModuleFileNameW
GetLastError
DeviceIoControl
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryA
GetPrivateProfileStringA
GetWindowsDirectoryW
lstrlenW
SetFileTime
GetCurrentThread
GetFileInformationByHandle
FindFirstFileW
GetFileAttributesA
GetTimeZoneInformation
GetSystemTimeAsFileTime
WaitForSingleObjectEx
SetFilePointer
CreatePipe
TerminateThread
PeekNamedPipe
WaitForMultipleObjects
DuplicateHandle
WriteConsoleW
ReadConsoleW
SetFileAttributesW
CompareStringW

user32

AdjustWindowRect
UpdateWindow
FlashWindow
GetDesktopWindow
MonitorFromWindow
ReleaseDC
CreateWindowExA
ChangeDisplaySettingsExA
GetDC
GetMonitorInfoA
SetFocus
EnumDisplaySettingsA
LoadIconA
SetForegroundWindow
DestroyWindow
ReleaseCapture
ClipCursor
GetCursorPos
SetCursorPos
ShowCursor
RegisterWindowMessageA
GetKeyState
SetCapture
GetSystemMetrics
DefWindowProcA
GetWindowLongA
ToUnicode
GetKeyboardState
SetRect
FindWindowA
LoadCursorA
SendMessageA
wsprintfA
WaitForInputIdle
CharLowerW
CharLowerA
SetWindowLongA
PostQuitMessage
PostMessageA
UnregisterClassA
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
RegisterClassA
MoveWindow
GetMessageA
GetWindowRect
MsgWaitForMultipleObjects
CallNextHookEx
GetClientRect
TranslateMessage
MessageBoxA
GetClipboardData
PeekMessageA
EmptyClipboard
GetDlgItem
SetWindowsHookExA
SetWindowPos
ShowWindow
DispatchMessageA
GetWindowTextA
ChangeDisplaySettingsA
OpenClipboard
UnhookWindowsHookEx
SystemParametersInfoA
SetWindowTextA
SetClipboardData
CloseClipboard

gdi32

GetPixelFormat
SetPixelFormat
ChoosePixelFormat
GetDeviceCaps
DescribePixelFormat
SetDeviceGammaRamp
GetDeviceGammaRamp
SwapBuffers

advapi32

RegQueryValueExA
GetUserNameA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

ws2_32

ntohl

Exports

Exports

pcre_callout
pcre_compile
pcre_compile2
pcre_copy_named_substring
pcre_copy_substring
pcre_exec
pcre_free
pcre_free_substring
pcre_free_substring_list
pcre_fullinfo
pcre_get_named_substring
pcre_get_stringnumber
pcre_get_stringtable_entries
pcre_get_substring
pcre_get_substring_list
pcre_malloc
pcre_stack_free
pcre_stack_malloc
pcre_study

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 62.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a03e552cb981b9b0f2c7529f7159c8b0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

opengl32

wsock32

winmm

dsound

kernel32

user32

gdi32

advapi32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 354KB - Virtual size: 354KB

.data Size: 171KB - Virtual size: 62.8MB

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 354KB - Virtual size: 354KB

.data
Size: 171KB - Virtual size: 62.8MB

.rsrc
Size: 34KB - Virtual size: 34KB