443d5db1724ebcb86f7a9eb98203f7f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

443d5db1724ebcb86f7a9eb98203f7f1_JaffaCakes118
Size

78KB
MD5

443d5db1724ebcb86f7a9eb98203f7f1
SHA1

b93a45c8cbd33cb8f5e82854cc9d899126c35877
SHA256

dc0b488835dd4f2a530980f9febc12037750451a9d9601f7716e776dd367706c
SHA512

754c68a2381e317ab8674617467dc9038fd45347e424e64a609096f1d778fae940c170db47e1701f3a86461ae288daffb6e833612936803f2cb3ec9743246d08
SSDEEP

1536:Z5dbzVm4ZWRFMBE7r+sBxbk+wPhQ4s4trp0Bg6agnOfissrUTAXYj2y8SWxp:jdVm4ZW/G8r+Mxg+WhQ4s4AFVZrqAXYK

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/C0d4Wallhack/Hack.dll
unpack001/C0d4Wallhack/Loader.exe

Files

443d5db1724ebcb86f7a9eb98203f7f1_JaffaCakes118
.zip
C0d4Wallhack/Hack.dll
.dll windows:4 windows x86 arch:x86

6857e69bb043722dd96d9d1a0496f265

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Administrator\Desktop\Cod\Hack\Hack\Hack\Release\Hack.pdb

Imports

kernel32

VirtualProtect
GetProcAddress
LoadLibraryA
GetModuleHandleA
Sleep
CloseHandle
CreateThread
DisableThreadLibraryCalls
GetSystemInfo
HeapAlloc
RtlUnwind
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RaiseException
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
SetUnhandledExceptionFilter
InitializeCriticalSection
InterlockedExchange
VirtualQuery
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
SetFilePointer
SetStdHandle
FlushFileBuffers
CreateFileA
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
ReadFile

user32

MessageBoxA

d3dx9_33

D3DXCreateTextureFromFileInMemory
D3DXCreateFontIndirectA

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C0d4Wallhack/Loader.exe
.exe windows:4 windows x86 arch:x86

2d283680eda3fc521d35b42a752bb0ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Administrator\Desktop\Cod\Loader\Loader with Create\Loader\Debug\Loader.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
OpenProcess
CreateProcessA
GetCurrentDirectoryA
GetVersion
GetModuleHandleA
GlobalFree
ReadProcessMemory
GlobalAlloc
SetThreadContext
SuspendThread
Sleep
ResumeThread
WriteProcessMemory
VirtualProtectEx
GetThreadContext
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
ExitProcess
GetSystemInfo
VirtualProtect
GetCommandLineA
GetVersionExA
DebugBreak
RaiseException
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
GetLastError
GetFileAttributesA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
HeapAlloc
GetProcessHeap
FreeLibrary
SetFilePointer
IsBadWritePtr
IsBadReadPtr
HeapValidate
SetConsoleCtrlHandler
GetExitCodeProcess
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
VirtualQuery
InterlockedExchange
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

MessageBoxA

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
C0d4Wallhack/Readme.txt

Sharing

General

Malware Config

Signatures

Files

6857e69bb043722dd96d9d1a0496f265

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

d3dx9_33

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 5KB

2d283680eda3fc521d35b42a752bb0ec

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 14KB

.idata Size: 4KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 5KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 14KB

.idata
Size: 4KB - Virtual size: 2KB