6a8cef53e4f857e936405839cc1bbdfe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6a8cef53e4f857e936405839cc1bbdfe_JaffaCakes118
Size

1.4MB
MD5

6a8cef53e4f857e936405839cc1bbdfe
SHA1

c509b988582fa6f5e857dde06a8759717c080ec6
SHA256

3cc07bdafdec73ca012136eb9d4764531ad0b266f9c7a702afdc19c27a81cd16
SHA512

ea933d787dad1ca5f2509017f2b13446fe4e5de209d149935077b4f8d8f54a3229fe747417b3dc6f4f7bb40f48f187a853df9ae71d1a254c7edd2001157b64af
SSDEEP

24576:D1O2Kd3hq0TagSHjWgiwQr7u8l5XjNxidrRVF+Ru6hOnFDaF5v/u6:D1O2KdVTEHq1ri8/jNxiNqEk5vm6

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Chess Blitz.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Chess Blitz.exe

Files

6a8cef53e4f857e936405839cc1bbdfe_JaffaCakes118
.zip
Chess Blitz.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 35KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.324324
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Readme.txt
nardy-online.exe
.exe windows:4 windows x86 arch:x86

7582dd33416d6622d0faa7641a388437

Code Sign

60:45:0c:28:52:09:85:3b:c8:05:36:ee:f6:9f:17:ce
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27-10-2006 00:00

Not After

23-11-2009 23:59

Subject

CN=InterLogic Ltd.,OU=Digital ID Class 3 - Microsoft VBA Software Validation v2+OU=Skill Games,O=InterLogic Ltd.,L=Carmel,ST=North,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a9:c1:e1:e6:d1:b7:56:7f:b5:39:09:04:61:09:bf:b5:03:2a:db:d3
Signer

Actual PE Digest

a9:c1:e1:e6:d1:b7:56:7f:b5:39:09:04:61:09:bf:b5:03:2a:db:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetLastError
lstrcmpiA
lstrlenW
lstrlenA
GetStringTypeW
GetStringTypeA
GetCPInfo
CloseHandle
CompareStringA
CompareStringW
WriteFile
CreateFileA
CreateDirectoryA
DeleteFileA
CopyFileA
TerminateProcess
OpenProcess
GetOEMCP
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
SetLastError
GetFileAttributesA
IsBadCodePtr
IsBadReadPtr
FlushFileBuffers
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
SetStdHandle
VirtualFree
HeapCreate
SetFilePointer
ExitThread
GetCurrentThreadId
MultiByteToWideChar
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
LockResource
LoadResource
FindResourceA
GetStartupInfoA
RtlUnwind
FreeLibrary
LoadLibraryExA
Sleep
VirtualQuery
GetSystemInfo
SizeofResource
SetEndOfFile
MulDiv
SetEnvironmentVariableA
LocalFree
VirtualAlloc
GlobalFree
GlobalUnlock
GlobalLock
FreeResource
GlobalAlloc
ReadFile
GetFileSize
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
VirtualProtect
lstrcpynA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
IsDBCSLeadByte
MoveFileExA
GetCurrentProcessId
EnterCriticalSection
MoveFileA
ExitProcess
GetProcAddress
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
FindClose
FindNextFileA
FindFirstFileA
HeapSize
CreateThread
HeapReAlloc
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
HeapDestroy
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
TlsAlloc
InterlockedExchange

user32

IsWindowVisible
EnumWindows
GetWindowThreadProcessId
SetWindowTextA
CreateWindowExA
GetWindowLongA
PostMessageA
RegisterClassExA
DefWindowProcA
PostQuitMessage
UnregisterClassA
LoadCursorA
wsprintfA
GetClassInfoExA
MessageBoxA
ShowWindow
MoveWindow
SetWindowPos
InvalidateRect
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
GetClientRect
SetWindowLongA
SendMessageA
CharNextA
GetWindowDC
CreateIconFromResource
GetActiveWindow
DialogBoxParamA
SendDlgItemMessageA
CallWindowProcA
ClientToScreen
GetSysColor
FillRect
GetCursorPos
WindowFromPoint
GetCapture
ReleaseCapture
EndDialog
DestroyWindow
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints

shell32

SHFileOperationA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA

gdi32

DeleteObject
GetMapMode
SetMapMode
LPtoDP
GetDeviceCaps
DPtoLP
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
DeleteDC

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA

wininet

InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetReadFile
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
CoInitialize
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
OleLoadPicture
SysAllocStringLen
SysFreeString

comctl32

_TrackMouseEvent
InitCommonControlsEx

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 35KB - Virtual size: 72KB

DATA Size: 1024B - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 8KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 24KB

.324324 Size: 7KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

7582dd33416d6622d0faa7641a388437

Code Sign

60:45:0c:28:52:09:85:3b:c8:05:36:ee:f6:9f:17:ceCertificate

Extended Key Usages

Key Usages

a9:c1:e1:e6:d1:b7:56:7f:b5:39:09:04:61:09:bf:b5:03:2a:db:d3Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

gdi32

advapi32

wininet

ole32

oleaut32

comctl32

Sections

.text Size: 140KB - Virtual size: 136KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 112KB - Virtual size: 110KB

CODE
Size: 35KB - Virtual size: 72KB

DATA
Size: 1024B - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 8KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 24KB

.324324
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

60:45:0c:28:52:09:85:3b:c8:05:36:ee:f6:9f:17:ce
Certificate

a9:c1:e1:e6:d1:b7:56:7f:b5:39:09:04:61:09:bf:b5:03:2a:db:d3
Signer

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 112KB - Virtual size: 110KB