27f40e8aa6ddf6d8f1d6bcd0cae8fce4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27f40e8aa6ddf6d8f1d6bcd0cae8fce4_JaffaCakes118
Size

1.5MB
MD5

27f40e8aa6ddf6d8f1d6bcd0cae8fce4
SHA1

b3816818ddc0ed960076d3bdb9e733bb51a6d312
SHA256

05dd84f5951d6936b9d74ee6c941c612ab486a7fe79250dc143c2630f3c3ef9e
SHA512

d6a200d0a91ff758f1101a5a8abd97774eab86499e73cdb575d18ae78aa1bf1d546e4ff7a3af25c71280c082a58a2c8313f0322c7af353b58f3e7943fcac9f70
SSDEEP

24576:vcC1UW3j/+MfPDSnko6R+eyIunxbvzuwvd4WX50BhnQcikmxLuXaCIQBSK8YBe:ECSW3j/+eunko5fIunxDzLvdPX5UxQtZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EasyAntiCheat.exe

Files

27f40e8aa6ddf6d8f1d6bcd0cae8fce4_JaffaCakes118
.rar
EasyAntiCheat.exe
.exe windows:5 windows x86 arch:x86

40e5571dca1f8845898a85b95ea1dec6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileA
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
CreateToolhelp32Snapshot
GetVersionExA
CloseHandle
GetTempPathA
LocalFree
WriteProcessMemory
CreateThread
GetFileSize
GetFileAttributesA
ReadFile
GetCompressedFileSizeA
Module32First
VirtualProtectEx
LoadLibraryA
VirtualProtect
Module32Next
CompareStringW
GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
HeapReAlloc
LocalAlloc
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetStringTypeW
SetLastError
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
ExitProcess
GetModuleHandleW
HeapCreate
IsProcessorFeaturePresent
GetTimeZoneInformation
CreateFileMappingA
Process32Next
GetPrivateProfileStringA
VirtualAllocEx
EnterCriticalSection
CopyFileA
IsValidLocale
GetProcAddress
GetLastError
FindFirstFileA
CreateDirectoryA
TerminateProcess
LeaveCriticalSection
SizeofResource
Sleep
TerminateThread
GetPrivateProfileIntA
OpenProcess
InitializeCriticalSection
GetSystemWow64DirectoryA
GetCommandLineA
GetWindowsDirectoryA
SetFileTime
CreateRemoteThread
GetCurrentThread
WaitForSingleObject
Process32First
GetCurrentProcess
LoadResource
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
HeapAlloc
RtlUnwind
RaiseException
UnmapViewOfFile
MapViewOfFile
FindResourceA
CreateFileA
GetCurrentProcessId
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetSystemTimeAsFileTime
DeleteFileA
HeapFree
DeleteCriticalSection
DecodePointer
EncodePointer
MultiByteToWideChar
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
SetEnvironmentVariableA

user32

SendMessageA
LoadIconA
MoveWindow
LoadCursorA
DestroyMenu
UpdateWindow
SetWindowTextA
InsertMenuA
GetSystemMetrics
ReleaseCapture
SystemParametersInfoA
DispatchMessageA
IsWindow
GetActiveWindow
CreatePopupMenu
EnumWindows
GetCursorPos
GetDesktopWindow
DefWindowProcA
ReleaseDC
CreateWindowExA
InvalidateRect
GetWindowPlacement
TranslateMessage
IsDialogMessageA
GetDC
BeginPaint
SetFocus
LoadBitmapA
SetForegroundWindow
SetCapture
TrackPopupMenu
PostQuitMessage
RegisterClassExA
MessageBoxA
GetWindowThreadProcessId
ShowWindow
EndPaint
ClientToScreen
DestroyWindow
GetMessageA
GetWindowRect

gdi32

CreateFontA
AddFontResourceExA
SetBkMode
DeleteObject
GetStockObject
CreateSolidBrush
SetTextColor

advapi32

FreeSid
OpenThreadToken
SetSecurityDescriptorGroup
AccessCheck
RegSetValueExA
RegCloseKey
AdjustTokenPrivileges
GetLengthSid
IsValidSecurityDescriptor
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateToken
RegQueryValueExA
OpenProcessToken

shell32

Shell_NotifyIconA
ShellExecuteA

wininet

DeleteUrlCacheEntry
InternetCloseHandle
InternetReadFile
FtpOpenFileA
InternetOpenA
FtpGetFileSize
InternetConnectA

comctl32

ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Add

ws2_32

recv
setsockopt
htons
inet_addr
WSAStartup
inet_ntoa
connect
socket
closesocket
gethostbyname
send

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

GetModuleFileNameExA

gdiplus

GdiplusStartup
GdipCloneImage
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipLoadImageFromFile
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageHeight
GdipFree
GdiplusShutdown
GdipGetImageWidth

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40e5571dca1f8845898a85b95ea1dec6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

comctl32

ws2_32

version

psapi

gdiplus

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 17KB - Virtual size: 17KB