6fc99cfcb370b4d37e104e17c8f30f7e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6fc99cfcb370b4d37e104e17c8f30f7e_JaffaCakes118
Size

222KB
MD5

6fc99cfcb370b4d37e104e17c8f30f7e
SHA1

d871d44e1ed3ec6316d89b66de2764d3dafa741c
SHA256

bffaf0b994a9a674605d4451170bd02a49e8098a83f1abca8850d134fe939c00
SHA512

9ddbc9e6fccbfc3d967c95a7fe3eeec8c83f565bcb4c8a4fd0398d9f3321321107a0920f255bcfa30d4f190c3a495d3ac6eb4979ee1d5fd5fd0dcd4259dc7bab
SSDEEP

3072:5E4+MHucL6ZNoaDoaVmxiZTDigJIJbe49dFEAU91QO/T:7KDo0mxiNvAbrvFEpSO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fc99cfcb370b4d37e104e17c8f30f7e_JaffaCakes118

Files

6fc99cfcb370b4d37e104e17c8f30f7e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7259fcc09454956330fe3d88d0b3f9d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\vadim_bors\Dropbox\You Just Lost The Game\Debug\You Just Lost The Game.pdb

Imports

kernel32

GetTickCount
LoadLibraryA
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
LoadLibraryW
GetProcAddress
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
FreeLibrary

sdl

SDL_GetKeyState
SDL_GetError
SDL_SetModuleHandle
SDL_strlcpy
SDL_strlcat
SDL_DisplayFormat
SDL_Quit
SDL_Init
SDL_SetVideoMode
SDL_WM_SetCaption
SDL_WM_SetIcon
SDL_getenv
SDL_Flip
SDL_Delay
SDL_PollEvent
SDL_FreeSurface
SDL_UpperBlit

sdl_image

IMG_Load

sdl_ttf

TTF_RenderText_Solid
TTF_OpenFont
TTF_Init

msvcp100

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Xlength_error@std@@YAXPBD@Z
?width@ios_base@std@@QAE_J_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?good@ios_base@std@@QBE_NXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

msvcr100

fwrite
fputc
ungetc
memcpy_s
fgetc
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
_CxxThrowException
memmove
memcpy
strlen
fclose
memset
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_CRT_RTC_INITW
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_lock_file
cos
sin
srand
atan
log
sqrt
rand
abs
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
_unlock_file
_itoa
isspace
fprintf
__iob_func
remove
fopen
setbuf
freopen
strrchr
atoi
??_V@YAXPAX@Z

Sections

.textbss
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7259fcc09454956330fe3d88d0b3f9d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

sdl

sdl_image

sdl_ttf

msvcp100

msvcr100

Sections

.textbss Size: - Virtual size: 81KB

.text Size: 185KB - Virtual size: 185KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 1KB - Virtual size: 5KB

.idata Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 7KB - Virtual size: 7KB

.textbss
Size: - Virtual size: 81KB

.text
Size: 185KB - Virtual size: 185KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 7KB - Virtual size: 7KB