7852ea2d94ad6b94de1eba19b2c94f7d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7852ea2d94ad6b94de1eba19b2c94f7d_JaffaCakes118
Size

17.1MB
MD5

7852ea2d94ad6b94de1eba19b2c94f7d
SHA1

f6cf3a8e6aa81b05baf25d248cfa45da1ef587a6
SHA256

6320f6f5ad30c50a3b279d8ac32b5388e5b5081a4c1ad9a92f23a8a99b1225c3
SHA512

7b7fbdf122e913c1c05108cd20f621b696316eda265ca4b763d247a97e92e38bd94a76c6d4c67dcacc5dce6263b61fbffcdf715d35d74eaa584fd3e6bf1aa0f5
SSDEEP

393216:oq0gvrRt1DWIsXIzNxe7AuvW+yPYVBqBFbdK2A28AGQKJEQDOhn:pjb1DXsXIz5uvW+pqBHKx28ZTDOhn

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/pes2012.exe
unpack002/rld.dll

Files

7852ea2d94ad6b94de1eba19b2c94f7d_JaffaCakes118
.zip
rld-pes12106.7z
.7z
pes2012.exe
.exe windows:5 windows x86 arch:x86

72553c7907b79007066c3c1fa81036c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\soccer\pes12_patch106\pes12\Project\vs_win_master\00_Solution\Release_LTCG\PES12_MASTER_Release_LTCG.pdb

Imports

d3d9

Direct3DCreate9

ddraw

DirectDrawCreate

dsound

ord12
ord2
ord11

kernel32

CreateMutexA
GetProcessAffinityMask
QueryPerformanceFrequency
ReleaseMutex
GetVersionExA
CloseHandle
GetFileAttributesA
CreateDirectoryA
CreateDirectoryW
SetWaitableTimer
WaitForSingleObject
CancelWaitableTimer
SetThreadPriority
RaiseException
CreateWaitableTimerA
ResumeThread
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
GetCommandLineA
GetStartupInfoA
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
ExitThread
CreateThread
RtlUnwind
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetCPInfo
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
HeapSize
HeapAlloc
HeapReAlloc
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
ReadFile
QueryPerformanceCounter
GetConsoleMode
GetProcAddress
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
SetFilePointer
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileSize
FindFirstFileA
RemoveDirectoryA
FindClose
MoveFileA
FindNextFileA
DeleteFileA
GetFileAttributesExA
CreateFileW
SetFileAttributesA
GetFileAttributesExW
SetFileAttributesW
InterlockedCompareExchange
TryEnterCriticalSection
CreateSemaphoreA
ReleaseSemaphore
SetThreadAffinityMask
SuspendThread
SetFileTime
CreateEventA
GetFullPathNameA
SetEvent
GetThreadPriority
ResetEvent
GetExitCodeThread
GetLocalTime
SetErrorMode
GetSystemInfo
SetCurrentDirectoryW
GetLastError
GetFileAttributesW
Sleep
VirtualAlloc
WideCharToMultiByte
FileTimeToSystemTime
lstrcatA
lstrcpyA
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetFullPathNameW
GetCurrentDirectoryA
GetExitCodeProcess
FreeLibrary
MultiByteToWideChar
GlobalMemoryStatus
GetConsoleCP
LoadLibraryA
CreateProcessA
GetDriveTypeA
SignalObjectAndWait
SizeofResource
SetThreadExecutionState
LoadResource
GetLocaleInfoA
FindResourceA
FindNextFileW
DeleteFileW
CopyFileW
GetTempPathW
GetFileSizeEx
GetDiskFreeSpaceExW
LocalAlloc
GetCurrentProcess
DeleteCriticalSection
EnterCriticalSection
GetLogicalDriveStringsW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
InterlockedExchangeAdd

user32

IsIconic
AttachThreadInput
GetMonitorInfoA
GetWindowRect
RegisterDeviceNotificationA
RedrawWindow
DrawMenuBar
SystemParametersInfoA
GetWindowThreadProcessId
MonitorFromRect
EndPaint
SetCursor
GetMessageA
RegisterClassExA
PostQuitMessage
SetForegroundWindow
LoadIconA
GetClientRect
SetFocus
BeginPaint
MessageBoxA
TranslateMessage
GetForegroundWindow
SetWindowLongA
InvalidateRect
UnregisterClassA
GetWindowLongA
CreateWindowExA
PeekMessageA
TranslateAcceleratorA
GetCursorPos
ShowWindow
DispatchMessageA
AdjustWindowRectEx
UpdateWindow
ScreenToClient
SetWindowPos
EnumDisplaySettingsA
GetDC
ReleaseDC
ShowCursor
GetKeyboardLayout
DefWindowProcA
GetActiveWindow
PostMessageA
MessageBoxW
GetSystemMetrics
CallWindowProcA
GetDoubleClickTime

gdi32

GetStockObject
GetDeviceCaps

advapi32

CryptGenRandom
RegCloseKey
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
ShellExecuteA
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree

dfengine

GetDFEngine

d3dx9_30

D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXAssembleShader
D3DXGetPixelShaderProfile
D3DXCompileShader
D3DXGetShaderConstantTable
D3DXGetVertexShaderProfile
D3DXCreateTexture
D3DXLoadSurfaceFromMemory
D3DXLoadVolumeFromMemory
D3DXCreateVolumeTexture
D3DXCreateCubeTexture
D3DXCreateCubeTextureFromFileInMemoryEx

winmm

timeKillEvent
timeSetEvent
timeGetSystemTime
timeBeginPeriod
timeGetTime

imm32

ImmGetContext
ImmAssociateContext

dinput8

DirectInput8Create

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetSetStatusCallback
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetReadFileExA
InternetConnectA
HttpQueryInfoA

iphlpapi

GetIpAddrTable
GetBestRoute
GetIpForwardTable
GetAdaptersInfo
GetNetworkParams
SetIpForwardEntry

oleaut32

SysStringLen
SysFreeString
SysAllocString

Sections

.text
Size: 16.1MB - Virtual size: 16.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PSFD00
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eOpifEf
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
reloaded.nfo
rld.dll
.dll windows:5 windows x86 arch:x86

8bc8dd400f2c0f536c3105bba5225f70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
ReadFile
CreateFileW
lstrlenW
CloseHandle
lstrcpyA
SetFilePointer
VirtualFree
MultiByteToWideChar
SetLastError
VirtualAlloc
VirtualProtect
lstrcpynA
GetCurrentProcess
QueryPerformanceCounter
SetEnvironmentVariableA
GetModuleHandleA
QueryPerformanceFrequency
GetCurrentProcessId
CreateEventA
GetProcAddress
LoadLibraryA
ExitProcess
lstrcmpiA
lstrcmpiW
GetThreadContext
lstrcmpA
SetThreadContext
TerminateProcess
GetLastError
VirtualAllocEx
ResumeThread
FreeLibrary
HeapAlloc
HeapCreate
lstrlenA
CreateDirectoryA
GetModuleFileNameA
GetTempPathA
GetFileSize
SetEndOfFile
CompareFileTime
UnlockFile
SetEvent
LockFile
GetTickCount
WriteFile
GetProcessTimes
VirtualFreeEx
ReadProcessMemory
GetFileAttributesA
GetFileAttributesW
ExitThread
FlushFileBuffers
OpenEventA
WaitForMultipleObjects
GetFileTime
GetCurrentThreadId
WriteProcessMemory
CreateThread
SetStdHandle
HeapFree
AddVectoredExceptionHandler
lstrcatA
CreateFileA

user32

KillTimer
PostQuitMessage
RegisterClassExA
SetTimer
GetMessageA
SetWindowLongA
UnregisterClassA
CharLowerA
SendMessageA
GetWindowLongA
CreateWindowExA
DefWindowProcA
IsWindow
DispatchMessageA
MessageBoxA
wsprintfA

advapi32

OpenProcessToken

userenv

GetUserProfileDirectoryA

Exports

Exports

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RLD0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RLD1
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
 ᪠砭  ᠩ PlayGround.ru.url
.url

Sharing

General

Malware Config

Signatures

Files

72553c7907b79007066c3c1fa81036c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

ddraw

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

dfengine

d3dx9_30

winmm

imm32

dinput8

wininet

iphlpapi

oleaut32

Sections

.text Size: 16.1MB - Virtual size: 16.1MB

PSFD00 Size: 7KB - Virtual size: 7KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 1.0MB - Virtual size: 6.5MB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 247KB - Virtual size: 246KB

.eOpifEf Size: 1024B - Virtual size: 1024B

8bc8dd400f2c0f536c3105bba5225f70

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

userenv

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 1KB

.RLD0 Size: 2KB - Virtual size: 1KB

.RLD1 Size: 286KB - Virtual size: 286KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16.1MB - Virtual size: 16.1MB

PSFD00
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 1.0MB - Virtual size: 6.5MB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 247KB - Virtual size: 246KB

.eOpifEf
Size: 1024B - Virtual size: 1024B

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 1KB

.RLD0
Size: 2KB - Virtual size: 1KB

.RLD1
Size: 286KB - Virtual size: 286KB

.reloc
Size: 1KB - Virtual size: 1KB