74295998d1e0acff1be3c971a940d2d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

74295998d1e0acff1be3c971a940d2d2_JaffaCakes118
Size

1.7MB
MD5

74295998d1e0acff1be3c971a940d2d2
SHA1

1aed8ba5643c42c691fa98a8e88fba365d007b2a
SHA256

060703fb8d18a0043cf686daf7ed14f14c761a3f267cea73e59a9bd4b4c03f68
SHA512

10fbda575799f743c5e85cf793344d7a32ef3545c37d3079e98fa5e86f53a679bb24174a3c0d6013d1b8c3393741bccccbdb14c511f467962469b629a5e7debd
SSDEEP

12288:b95t3j5365VPa3Yxbz3uWFLGi45rB+7nlUJNo:bB3j5365VMYxf3uWFLt4No

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74295998d1e0acff1be3c971a940d2d2_JaffaCakes118

Files

74295998d1e0acff1be3c971a940d2d2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5a824f3a15be3034c16559ffc012ab67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileSizeEx
GetFileTime
WritePrivateProfileStringA
SetErrorMode
GetTickCount
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
SetEnvironmentVariableA
SetCurrentDirectoryA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
Sleep
ExitProcess
HeapSize
SetStdHandle
GetFileType
GetACP
GetTimeZoneInformation
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetModuleHandleW
GetThreadLocale
InterlockedIncrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
InterlockedExchange
lstrcmpA
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
ResetEvent
GetCurrentThreadId
FindFirstFileA
FindClose
CreateMutexA
ReleaseMutex
GetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
TerminateProcess
GetCurrentProcessId
CompareStringA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
GetStartupInfoA
CreateProcessA
lstrcpyA
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
GetModuleFileNameA
lstrlenA
GetCommandLineA
GetModuleHandleA
GetLastError
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
IsValidCodePage
SizeofResource

user32

RegisterClipboardFormatA
PostThreadMessageA
LoadCursorA
GetSysColorBrush
CharNextA
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
GetDesktopWindow
CreateDialogIndirectParamA
EndDialog
GetWindowThreadProcessId
GetCursorPos
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DefWindowProcA
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
UnhookWindowsHookEx
GetWindowTextLengthA
GetWindowTextA
GetFocus
SetFocus
IsWindowEnabled
ShowWindow
MoveWindow
GetDlgCtrlID
IsWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
GetMenuState
GetMenuItemID
DrawStateA
DestroyIcon
ReleaseDC
GetDC
GetMenuItemCount
SetWindowPos
SetWindowsHookExA
CallWindowProcA
LoadIconA
ScreenToClient
SetWindowRgn
MessageBoxW
CallNextHookEx
SetWindowLongA
MessageBoxA
MessageBeep
GetNextDlgGroupItem
GetSystemMetrics
ReleaseCapture
SetCapture
PtInRect
InvalidateRgn
CopyAcceleratorTableA
CharUpperA
CreateWindowExA
UnregisterClassA
CopyRect
InflateRect
OffsetRect
FrameRect
DrawFocusRect
SendMessageA
GetWindowRect
GetClientRect
ClientToScreen
InvalidateRect
GetActiveWindow
GetNextDlgTabItem
GetParent
WindowFromPoint
EnableWindow
GetWindowLongA
SetCursor
GetSysColor
PostMessageA
TrackPopupMenuEx
GetSubMenu
LoadImageA
DestroyCursor
DestroyMenu
LoadBitmapA
UpdateWindow
SetTimer
KillTimer
LoadStringA
IsRectEmpty
IntersectRect
TabbedTextOutA
SetRect
GrayStringA
DrawTextExA
DrawTextA

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
ScaleViewportExtEx
CreatePen
CreateRectRgnIndirect
GetMapMode
GetRgnBox
OffsetViewportOrgEx
SetViewportExtEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
DeleteObject
GetClipBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
GetBitmapBits
CreateRectRgn
CombineRgn
CreateSolidBrush
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextColor
GetBkColor
GetObjectA
CreateCompatibleBitmap
GetPixel
SetPixel
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyA
RegCloseKey
RegSetValueExA
RegQueryValueA
RegOpenKeyA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteExA

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID
CoTaskMemFree

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString

wsock32

WSASetLastError
WSACleanup
send
htons
ioctlsocket
closesocket
WSAGetLastError
WSAStartup
connect
recv

nmcogame

NMCO_CallNMFunc
NMCO_SetLocaleAndRegion
NMCO_SetPatchOption
NMCO_MemoryFree

ws2_32

WSAEventSelect
WSACreateEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSASocketA
WSAEnumNetworkEvents

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a824f3a15be3034c16559ffc012ab67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

nmcogame

ws2_32

Sections

.text Size: 249KB - Virtual size: 249KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 11KB - Virtual size: 30KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 249KB - Virtual size: 249KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 11KB - Virtual size: 30KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB