8218d95087cafa8b8f7dbc905091274f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8218d95087cafa8b8f7dbc905091274f_JaffaCakes118
Size

847KB
MD5

8218d95087cafa8b8f7dbc905091274f
SHA1

9ea2c4b9082196dc435e854d4594e3b60dfabcbb
SHA256

c5a0ddd3bcffd7b157c6b72d20ffa713b2a6823c65f6c1cd3bcf0d712f95894e
SHA512

6c9633e7bec922b6d0b6d3d9a8a7e43c151b6c19210eef5a05f2409cd78214d9a2c84e2e485e7afd7fe0989a0df92c72de481c346360f59441207ebca312d576
SSDEEP

12288:GTk5vwjTIFyABsRFGXvjbkMy2cakiqm3zW85ibKtWU448FYF+kat:GTkGjTVABsRFIvjVKA9zW8KUiqQL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8218d95087cafa8b8f7dbc905091274f_JaffaCakes118

Files

8218d95087cafa8b8f7dbc905091274f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0f9afd06d95a5835f773ce999861696f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\root\Devel\Projects\Bravostudio\gamevance\Bin\Gamevancesetup.pdb

Imports

shlwapi

wnsprintfA
StrToIntA
StrStrA
StrStrIA
StrChrA
StrNCatA

rpcrt4

UuidToStringA
UuidCreate

kernel32

lstrlenW
GetModuleHandleW
GetCurrentThreadId
CreateThread
CreateEventA
InterlockedIncrement
InterlockedDecrement
SetEvent
GetCommandLineA
ExitProcess
CreateMutexA
lstrcpyA
LocalFree
ReadFile
GetFileSize
LocalAlloc
GetVersionExA
GetLocalTime
GetCurrentProcessId
GetTempPathA
GetExitCodeProcess
MoveFileExA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WaitForSingleObject
FreeEnvironmentStringsA
GetFileType
SetHandleCount
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetStdHandle
HeapCreate
HeapReAlloc
VirtualFree
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
lstrcmpA
Sleep
GetModuleFileNameA
GetTickCount
GetModuleHandleA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcatA
lstrlenA
GetWindowsDirectoryA
DeleteFileA
LoadLibraryA
GetProcAddress
GetCurrentProcess
FreeLibrary
CreateFileA
WriteFile
GetProcessHeap
HeapAlloc
HeapFree
VirtualProtect
lstrcpynA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetEnvironmentStrings

user32

RedrawWindow
EnableWindow
GetWindowTextLengthA
IsDlgButtonChecked
CheckRadioButton
FillRect
SetWindowTextA
GetDlgCtrlID
GetDlgItem
SetWindowLongA
GetKeyState
InvalidateRect
UpdateWindow
GetParent
BeginPaint
DrawTextA
IsWindowEnabled
LoadBitmapA
GetWindowTextA
EndPaint
PostMessageA
MessageBeep
GetDC
ReleaseDC
LoadCursorA
LoadIconA
RegisterClassExA
SystemParametersInfoA
CreateWindowExA
ShowWindow
SetFocus
IsDialogMessageA
GetWindowLongA
DefWindowProcA
DestroyWindow
SendMessageA
PostQuitMessage
PeekMessageA
GetWindowRect
GetClientRect
SetWindowPos
MessageBoxA
PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage
FindWindowA
CharNextW
CharUpperA
CharNextA
ExitWindowsEx
SetCursor
GetFocus

gdi32

CreateSolidBrush
SetBkColor
CreateCompatibleDC
GetObjectA
CreateFontA
SetBkMode
GetTextExtentPointA
SetTextColor
TextOutA
BitBlt
DeleteDC
SelectObject
GetStockObject
DeleteObject
CreateDIBitmap

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetNamedSecurityInfoA
LookupPrivilegeValueA
AdjustTokenPrivileges
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
FreeSid
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyA
RegQueryValueExA
OpenProcessToken
RegOpenKeyA
RegCloseKey

shell32

SHGetFolderPathA
ShellExecuteA
ShellExecuteExA

ole32

StringFromGUID2
CoUninitialize
CoInitialize
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance

oleaut32

UnRegisterTypeLi
SysFreeString
RegisterTypeLi
SysStringLen
LoadTypeLi
SysAllocString

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 697KB - Virtual size: 697KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f9afd06d95a5835f773ce999861696f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 6KB - Virtual size: 13KB

.cdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 697KB - Virtual size: 697KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 6KB - Virtual size: 13KB

.cdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 697KB - Virtual size: 697KB