2e1dd3a21d1599b8d54efbed8693bca0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2e1dd3a21d1599b8d54efbed8693bca0_JaffaCakes118
Size

88KB
MD5

2e1dd3a21d1599b8d54efbed8693bca0
SHA1

4bbce63a1a4b9d64cc338b7f6f056281e151a457
SHA256

9218101b34c3d9c3c8bd308af924087add30ef81783b8ed4354f378603416ade
SHA512

4eb4f7b36fd1a8535e5aa4284e6df09cb8594329ca847b15645ee6115f5b20676b7c4fe69d23c1d0306fb4c6e7530b3ff0f3ce828aad8e757a1ecc7170f6f76b
SSDEEP

1536:qT2nRv27vHoc1XZ5AIivGiQW3f0LGQhalCuIesUnJd3U3:KCJQoc1p5Sv9QWv0aQhMBJa3

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GameNoobz Public D3D/GameNoobz Public D3D.dll
unpack001/GameNoobz Public D3D/GameNoobz Public D3D.exe

Files

2e1dd3a21d1599b8d54efbed8693bca0_JaffaCakes118
.rar
GameNoobz Public D3D/GameNoobz Public D3D.dll
.dll windows:5 windows x86 arch:x86

9453516088e7e897e36aab1971ec940b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
ExitProcess
GetModuleHandleA
VirtualAlloc
VirtualProtect
Sleep
IsProcessorFeaturePresent
GetSystemInfo
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
GetProcAddress
OutputDebugStringA

user32

GetAsyncKeyState
DestroyWindow
ShowWindow
CreateWindowExA
MessageBoxA
SetRect

gdi32

GetGlyphOutlineA
SetBkMode
GetTextMetricsA
GetObjectW
GetCharacterPlacementW
GetCharacterPlacementA
DeleteObject
ExtTextOutW
MoveToEx
CreateFontIndirectW
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW
DeleteDC
GetObjectA
ExtTextOutA
SetTextAlign
SetBkColor
SetTextColor
SelectObject
SetMapMode
CreateDIBSection
CreateCompatibleDC

msvcr90

iswdigit
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
sprintf
??2@YAPAXI@Z
malloc
memcpy
memset
free
??3@YAXPAX@Z
_ftol
strncpy
iswpunct
iswalpha
iswspace
_CIacos
_finite
__CxxFrameHandler

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

d3d9

Direct3DCreate9

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameNoobz Public D3D/GameNoobz Public D3D.exe
.exe windows:4 windows x86 arch:x86

1db3b3242a7e1a6c813bb8505c719998

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetLastError
OpenProcess
GlobalFree
Sleep
LoadLibraryA
GetModuleHandleA
GlobalAlloc
CreateToolhelp32Snapshot
Process32First
lstrcmpA
CloseHandle
Process32Next
GetModuleFileNameA
lstrlenA
lstrcatA
FindFirstFileA
lstrcpyA
SetLastError
ExitProcess
CreateThread
GetProcAddress

user32

SetRect
BeginPaint
FrameRect
EndPaint
DefWindowProcA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
LoadCursorA
RegisterClassExA
RedrawWindow
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA

gdi32

SelectObject
SetBkColor
SetTextColor
GetTextExtentPointA
CreateFontA
TextOutA
DeleteObject
GetTextMetricsA
CreateSolidBrush

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9453516088e7e897e36aab1971ec940b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcr90

wininet

d3d9

advapi32

Sections

.text Size: 117KB - Virtual size: 117KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 40KB - Virtual size: 50KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 20KB - Virtual size: 20KB

1db3b3242a7e1a6c813bb8505c719998

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 904B

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 40KB - Virtual size: 50KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 20KB - Virtual size: 20KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 904B

.rsrc
Size: 8KB - Virtual size: 4KB