000b47320401bc430f5719f1fe682e10_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

000b47320401bc430f5719f1fe682e10_JaffaCakes118
Size

2.1MB
MD5

000b47320401bc430f5719f1fe682e10
SHA1

be4e0dbbd25bf136889e98d51d915005bf9595bc
SHA256

4e1dd56c593faf9ae606c2ca69c2bee551d856d088b92cd1a3f03a542debd5f1
SHA512

89b7473ece9316a4d315c2eb82bdfc33efd9cc26d33653db54ab4b5e8b50d9f36b6d8ec71cf53823b4910cd6c3d7a4c1bcb4dbffbc6c80899dd27d8becc54121
SSDEEP

49152:EvWofwSBG58pG2OWWUPV7qgOTcG91ZEymheHWW37AP:E1mOE2OyP9qgOl33n7AP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Game.exe

Files

000b47320401bc430f5719f1fe682e10_JaffaCakes118
.zip
Game.exe
.exe windows:6 windows x86 arch:x86

731d4a3408d52ee699eddf77a7777b8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Archivos de Source\Source PTL OFICIAL\SrcGame\src\Release\Game.pdb

Imports

dsound

ord1

kernel32

GetPrivateProfileIntA
GetPrivateProfileStringA
CreateDirectoryA
WriteFile
OutputDebugStringA
GetCurrentDirectoryA
CreateProcessA
WritePrivateProfileStringA
SetFilePointer
VirtualProtect
VirtualQuery
GlobalAlloc
GetComputerNameA
SuspendThread
ResumeThread
CopyFileA
WaitForSingleObject
SetThreadPriority
TerminateThread
GetExitCodeThread
_lopen
_lcreat
_lread
_lwrite
_lclose
CompareFileTime
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
LocalAlloc
LocalFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
TerminateProcess
GetVersionExA
HeapSize
WriteConsoleW
CreateFileW
SetStdHandle
OutputDebugStringW
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetCurrentThreadId
FindNextFileW
FindFirstFileExW
FindNextFileA
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapReAlloc
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
FreeLibrary
GetLastError
RtlUnwind
RaiseException
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
FormatMessageW
FindClose
ExitProcess
GetFileSize
ReadFile
FindFirstFileA
lstrcmpiA
lstrcmpA
lstrcatA
ExitThread
GetCurrentThread
Sleep
Module32Next
Module32First
Thread32Next
CreateThread
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
SetEndOfFile
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
Thread32First
CreateToolhelp32Snapshot
LoadLibraryA
lstrlenA
lstrcpyA
lstrcpynA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
FreeLibraryAndExitThread
GetTickCount
FindFirstFileExA
OpenThread
EnterCriticalSection
InitializeCriticalSection
DuplicateHandle
CloseHandle
IsDebuggerPresent
GetLocalTime
DeleteFileA
CreateFileA
IsValidCodePage

user32

SetMenu
LoadMenuA
CheckMenuItem
EnableMenuItem
SetForegroundWindow
CreateMenu
GetMenu
LoadIconA
DestroyIcon
SetWindowPos
GetAsyncKeyState
AdjustWindowRect
SetWindowLongA
CharToOemA
OemToCharA
CharUpperA
GetWindowTextA
FindWindowA
GetWindow
GetSystemMetrics
CharLowerA
EnumWindows
GetClassNameA
GetDC
ReleaseDC
SetWindowTextA
GetClientRect
ClientToScreen
OffsetRect
SendMessageA
GetKeyState
MessageBoxA
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
TranslateMessage
DispatchMessageA
PeekMessageA
DefWindowProcA
PostMessageA
PostQuitMessage
CallWindowProcA
SetFocus
GetForegroundWindow
AdjustWindowRectEx
ShowCursor
GetWindowLongA
SetTimer
wsprintfA
RegisterClassA
CreateWindowExA
DestroyWindow
ShowWindow
CreateDialogParamA
GetDlgItem
WaitMessage
UpdateWindow
LoadCursorA

gdi32

CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetDIBits
SelectObject
GetObjectA
GetStockObject
SetTextColor
GetTextColor
BitBlt

advapi32

RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateFontA
D3DXCreateTextureFromFileInMemoryEx
D3DXGetImageInfoFromFileInMemory

winmm

mmioOpenA
mmioClose
mmioRead
timeEndPeriod
mmioGetInfo
mmioSetInfo
mmioAdvance
timeBeginPeriod
timeKillEvent
mixerSetControlDetails
timeSetEvent
timeGetTime
mmioWrite
mmioDescend
mmioAscend
mmioCreateChunk
mixerGetDevCapsA
mixerOpen
mixerClose
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mmioSeek

shlwapi

PathFileExistsA

msvfw32

ICDecompress
ICSendMessage
ICClose
ICLocate

avifil32

AVIStreamInfoA
AVIStreamLength
AVIStreamOpenFromFileA
AVIStreamRelease
AVIFileExit
AVIStreamRead
AVIStreamReadFormat
AVIFileInit

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
HttpQueryInfoA
InternetOpenA

iphlpapi

GetAdaptersInfo

wsock32

gethostbyname
ioctlsocket
WSACleanup
accept
bind
connect
inet_ntoa
htons
inet_addr
select
__WSAFDIsSet
WSAAsyncSelect
WSAGetLastError
WSAStartup
gethostname
listen
socket
setsockopt
send
recv
closesocket

imm32

ImmSetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext
ImmGetProperty
ImmGetDescriptionA

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 97.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
image/Sinimage/help/haTeleport_Field[4].sin

Sharing

General

Malware Config

Signatures

Files

731d4a3408d52ee699eddf77a7777b8a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

d3d9

d3dx9_43

winmm

shlwapi

msvfw32

avifil32

wininet

iphlpapi

wsock32

imm32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 512KB - Virtual size: 511KB

.data Size: 1.2MB - Virtual size: 97.9MB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 2KB - Virtual size: 2KB

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 512KB - Virtual size: 511KB

.data
Size: 1.2MB - Virtual size: 97.9MB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 2KB - Virtual size: 2KB

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB