d:\Projects\PK\trunk\src\Bin\Resurrection\Resurrection.pdb
Behavioral task
behavioral1
Sample
853810a64c7c162d7bc7a7bccba90ca6_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
1 signatures
150 seconds
General
-
Target
853810a64c7c162d7bc7a7bccba90ca6_JaffaCakes118
-
Size
3.4MB
-
MD5
853810a64c7c162d7bc7a7bccba90ca6
-
SHA1
9103979e2c2f3b4495ae5eee83088614beda88f9
-
SHA256
b307338542a4ed1eefbddf3256fad6eb7fedcfe4f771f0483ec18973587eef31
-
SHA512
d92f48b153c795daad2ba80c2346aea0088cf98ddf2ec0f689ff57391130aa8f5ba4f023e7e8cf298c7da07ec91f29ff196b4f6b8954a6b73de5a1dfa4b18b10
-
SSDEEP
49152:cxkgwjed+wAuQxFC/cbudguMGTLiOY6RXlzOGGJR0bQ8yB:ETwjedgRyniOIJ+9C
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 853810a64c7c162d7bc7a7bccba90ca6_JaffaCakes118
Files
-
853810a64c7c162d7bc7a7bccba90ca6_JaffaCakes118.exe windows:5 windows x86 arch:x86
33d7b0be38cb17963bc7e409f9427105
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
winmm
PlaySoundA
timeGetTime
resurrectionengine
?CreateRunningMutexes@@YAXXZ
?ShowMenu@EngineGame@@QAEXXZ
??1ScriptObject@@QAE@XZ
?GetString@ScriptObject@@QBEPBDXZ
??AScriptObject@@QAE?AV0@PBD@Z
?Globals@Script@@QAE?AVScriptObject@@XZ
?gDemoRec@@3PAVDemoRecording2@@A
?SwitchConsole@EngineGame@@QAEXXZ
?GScript@@3VScript@@A
?DoString@Script@@QAAXPBDZZ
?GEngine@@3PAVPCFSystem@@A
?FullScreenHWND@GraphicsDevice@@QBEPAUHWND__@@XZ
??1Script@@QAE@XZ
?MuiGetMessageBoxOwner@@YAPAUHWND__@@XZ
?GetString@Script@@QAEPBDHPBD@Z
??0Script@@QAE@PAUlua_State@@H@Z
?DoFile@Script@@QAE_NPBD_N@Z
?GetBool@Script@@QAE_NH_N@Z
??1PCFSystem@@QAE@XZ
??1String@@QAE@XZ
??1?$DynamicArray@D@@QAE@XZ
?StripColorInfo@HUD@@SA?AVString@@V2@@Z
??0String@@QAE@PBD@Z
?GetInt@Script@@QAEHHH@Z
?Release@Script@@QAEXXZ
?GetTimeAsString@SystemDriver@@SAXAAY0BAA@D@Z
?GetLogName@@YAPADAAY0BAE@DPBD@Z
?RegisterLibrary@Script@@QAEXPBDPBUluaL_reg@@_N@Z
?RegisterFunction@Script@@QAEXPBDP6AHPAUlua_State@@@Z@Z
??0EngineGame@@QAE@XZ
??_7EngineGame@@6B@
??0View@@QAE@XZ
??1View@@UAE@XZ
?Resize@?$DynamicArray@D@@QAEXH@Z
?IsNil@ScriptObject@@QBE_NXZ
?ErrorMessageBox@StackTracer@@SAXXZ
?Close@LogBuffer@@QAEXXZ
?GLog@@3VLogBuffer@@A
?Initialize@PCFSystem@@QAEHPAUHINSTANCE__@@PBD@Z
??YString@@QAEAAV0@PBD@Z
??0PCFSystem@@QAE@XZ
?OurView@@3P6APAVView@@XZA
?OurGame@@3P6APAVEngineGame@@XZA
?GFileManAudio@@3VGFileManager@@A
?RegisterPacks@GFileManager@@QAEXPBD00@Z
?GFileMan@@3VGFileManager@@A
?SetCallbackFunc@LogBuffer@@QAEXP6AXPBD@Z@Z
?MuiSetMessageBoxMainWindow@@YAXPAUHWND__@@@Z
?PhysicsEngineTick@PhysicsEngine@@QAE_NM_N@Z
?SetMasterVolumeLevel@MilesEngine@@QAEXM@Z
?ReloadTextures@MaterialSystem@@QAEHXZ
?FloorSelection@Pathfinder@@QAEXPAUtagRECT@@H@Z
?Selection@Pathfinder@@QAEHMPAUtagRECT@@H@Z
?FloorSelection@Pathfinder2@@QAEXABVViewport@@PAUtagRECT@@_N@Z
?Selection@Pathfinder2@@QAEHAAVViewport@@MPAUtagRECT@@_N@Z
?PrepareFloors@Pathfinder@@QAEXXZ
?PrepareFloors@Pathfinder2@@QAEXXZ
?SelectUnselectWaypointsOnSelectedFloors@Pathfinder@@QAEXH@Z
?Select_OnSelectedFloors@Pathfinder2@@QAEX_N@Z
?ConnectSelected@Pathfinder@@QAEXXZ
?Selected_ConnectDisconnect@Pathfinder2@@QAEXMMHH@Z
?DisconnectSelected@Pathfinder@@QAEXXZ
?CopySelected@Pathfinder@@QAEXXZ
?Selected_Copy@Pathfinder2@@QAEXABVVector@@@Z
?RemoveSelectedFloors@Pathfinder@@QAEXXZ
?RemoveSelected@Pathfinder@@QAEXXZ
?SelectedFloors_Remove@Pathfinder2@@QAEXXZ
?Selected_Remove@Pathfinder2@@QAEXXZ
?MoveSelectedToZoneTheyreIn@Pathfinder@@QAEXXZ
?GenerateAutomaticStructures@Pathfinder2@@QAEXXZ
?ClearAutomaticStructures@Pathfinder2@@QAEXXZ
?Print@LogBuffer@@QAAXPBDZZ
?SelectWaypointsNotConnectedToAnythingInCurrentRoom@Pathfinder@@QAEXXZ
?Select_NotConnectedToAnything@Pathfinder2@@QAEXXZ
?CleanStructures@Pathfinder@@QAEXXZ
?SetSelectedAsForSmallMonstersOnly@Pathfinder@@QAEXXZ
?SetSelectedAsForAllMonsters@Pathfinder@@QAEXXZ
?InvertSelection@Pathfinder@@QAEXXZ
?Select_Invert@Pathfinder2@@QAEXXZ
?ImportFromOldPathfinder@Pathfinder2@@QAEXXZ
?GetCurrentSetFromSelected@Pathfinder2@@QAEXXZ
?MakeNewSetFromSelected@Pathfinder2@@QAEXXZ
?ExpandCurrentSet@Pathfinder2@@QAEXXZ
?ContractCurrentSet@Pathfinder2@@QAEXXZ
?ValidateSets@Pathfinder2@@QAEXXZ
?MergeSetsFromSelected@Pathfinder2@@QAEXXZ
?Selected_MoveToCurrentSet@Pathfinder2@@QAEXXZ
?Select_AllInSet@Pathfinder2@@QAEX_NG@Z
?ChangeViewLimits@Pathfinder2@@QAEX_N@Z
?ApplyUndo@Pathfinder2@@QAEXXZ
?EnableSets@Pathfinder2@@QAEX_N@Z
?RandomizeSets@Pathfinder2@@QAEXXZ
?ConnectDisconnectSelected@Pathfinder@@QAEXMMHH@Z
?SelectUnselectFloorsOfAreaLowerHigherThan@Pathfinder@@QAEXHHM@Z
?Select_FloorsOfAreaLowerHigherThan@Pathfinder2@@QAEX_N0M@Z
?MergeContents@Pathfinder2@@QAE_NPBDM@Z
?LoadFloors@Pathfinder@@QAEHPBDM@Z
?LoadContents@Pathfinder@@QAEHPBDM_N@Z
?LoadFloors@Pathfinder2@@QAE_NPBDM@Z
?LoadContents@Pathfinder2@@QAE_NPBDM_N@Z
?SaveFloors@Pathfinder@@QAEHPBDM@Z
?SaveContents@Pathfinder@@QAEHPBDM@Z
?SaveFloors@Pathfinder2@@QAE_NPBDM@Z
?SaveContents@Pathfinder2@@QAE_NPBDM_N@Z
?Activate@LoadingScreen@@QAEX_NHVString@@1@Z
?Init@Script@@QAE_NXZ
?RemoveConnectionsCollidingWithGeometryInSelected@Pathfinder@@QAEXXZ
?Selected_RemoveConnectionsCollidingWithGeometry@Pathfinder2@@QAEXM@Z
?PreparePortalNodes@Pathfinder@@QAEHM@Z
?AddGridOnSelectedFloors@Pathfinder@@QAEXM@Z
?SelectedFloors_AddGrid@Pathfinder2@@QAEXM@Z
?ScaleContents@Pathfinder@@QAEXM@Z
?ScaleContents@Pathfinder2@@QAEXM@Z
?SelectWaypointsOutsideOfCurrentZone@Pathfinder@@QAEXM@Z
?LevelWaypointsWithFloors@Pathfinder@@QAEXM@Z
?SwitchToState@PCFSystem@@QAEXH@Z
?MergeWaypointsBelowDistance@Pathfinder2@@QAEXM@Z
?GetEXEBuild@@YAIXZ
?m_free_a16@@YAXPAX@Z
?TickEngine@PCFSystem@@QAEX_N@Z
?SwitchMenu@EngineGame@@QAEX_N@Z
??HString@@QBE?AV0@ABV0@@Z
?FindFiles@GFileManager@@QAEXPBDAAV?$DynamicArray@VString@@@@K@Z
?RegisterPack@GFileManager@@QAEPAVGPack@@PAV2@PBD1_N@Z
??0GPack@@QAE@XZ
?MuiMessageBox@@YAHIII@Z
?GetConfigName@@YAPADAAY0BAE@D@Z
?CheckOsVersion@@YA_N_N@Z
?PauseSounds@PainMenu@@QAEXXZ
?OpenPack@GPack@@UAE_NPBD0@Z
?GetFile@GPack@@UAEPAVGFile@@PAUFIdx@@@Z
??1GPack@@UAE@XZ
?Restart@ParticleEffect@@QAEXXZ
?Sprintf@String@@SA?AV1@PBDZZ
??0?$DynamicArray@D@@QAE@XZ
?GetTextInfo@SimpleProfiler@@QAE?AVString@@XZ
?GProfiler@@3VSimpleProfiler@@A
??1GFileManager@@QAE@XZ
??0GFileManager@@QAE@XZ
?m_malloc_a16@@YAPAXI@Z
?m_realloc_a16@@YAPAXPAXI@Z
??0?$DynamicArray@D@@QAE@ABV0@@Z
??1ScriptTableIterator@@QAE@XZ
?Next@ScriptTableIterator@@QAE_NXZ
?GetBool@ScriptObject@@QBE_NXZ
?GetFloat@ScriptObject@@QBEMXZ
?GetInt@ScriptObject@@QBEHXZ
?GetType@ScriptObject@@QBEHXZ
??0ScriptTableIterator@@QAE@AAVScriptObject@@_N@Z
?IsTable@ScriptObject@@QBE_NXZ
??AScriptObject@@QAE?AV0@H@Z
?GetCount@ScriptObject@@QBEHXZ
?Call@Script@@QAAXPBDH0ZZ
kernel32
FileTimeToLocalFileTime
lstrcpynA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
CreateDirectoryA
Sleep
CreateProcessA
GetCommandLineA
GetLastError
CreateMutexA
SetCurrentDirectoryA
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryA
GetModuleHandleA
GetProcAddress
SetLastError
MultiByteToWideChar
GetVersion
FlushInstructionCache
GetCurrentProcess
lstrlenA
MulDiv
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
GetExitCodeThread
GlobalFree
CloseHandle
SetThreadPriority
ResumeThread
GetCurrentThreadId
WaitForSingleObject
GetModuleFileNameW
InterlockedDecrement
FreeLibrary
GetVersionExA
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeResource
lstrcmpA
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetCurrentProcessId
WritePrivateProfileStringA
GlobalFlags
GetModuleHandleW
InterlockedIncrement
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetThreadLocale
FileTimeToSystemTime
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
GetFileAttributesA
GetFileTime
GetFullPathNameA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
CreateFileA
SetErrorMode
GetFileSizeEx
RtlUnwind
ExitProcess
RaiseException
GetStartupInfoA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
CreateThread
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
TerminateThread
EnumResourceTypesA
EnumResourceNamesA
user32
GetClientRect
SendMessageA
PostMessageA
ShowWindow
UpdateWindow
GetDesktopWindow
SetFocus
SetForegroundWindow
MessageBoxA
LoadCursorA
SetCursor
ReleaseCapture
LoadBitmapA
SetTimer
IsWindowEnabled
IsWindowVisible
CopyRect
DrawTextA
FillRect
FrameRect
DrawFocusRect
LockWindowUpdate
GetScrollRange
SetScrollRange
GetSystemMetrics
GetSysColor
SetRect
DefWindowProcA
GetDC
ReleaseDC
GetScrollPos
SetScrollPos
RegisterClassA
PtInRect
InflateRect
GetWindow
GetClassInfoA
GetDCEx
EnumChildWindows
CharUpperA
DestroyIcon
UnionRect
SetParent
GetSystemMenu
IsRectEmpty
DeleteMenu
UnregisterClassA
GetMenuItemInfoA
GetSysColorBrush
ShowOwnedPopups
MapVirtualKeyA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetDlgItemTextW
wsprintfW
GetDlgItemTextW
IsIconic
GetForegroundWindow
GetParent
EnableWindow
OffsetRect
GetWindowTextA
GetWindowRect
InvalidateRect
GetFocus
LoadIconA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
GetWindowThreadProcessId
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
PostQuitMessage
WinHelpA
IsChild
ShowWindowAsync
ShowCursor
RegisterWindowMessageA
WindowFromPoint
SetCapture
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
ShowScrollBar
GetClassInfoExA
ScreenToClient
EqualRect
DeferWindowPos
SetScrollInfo
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthA
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SendDlgItemMessageA
CheckRadioButton
CheckDlgButton
UnhookWindowsHookEx
AdjustWindowRectEx
RedrawWindow
SetWindowPos
TranslateAcceleratorA
TranslateMDISysAccel
BringWindowToTop
DrawMenuBar
CreateWindowExA
DefMDIChildProcA
GetMenu
DefFrameProcA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
PeekMessageA
GetCursorPos
ValidateRect
InvertRect
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
LoadImageA
GetMenuStringW
GetWindowRgn
IsMenu
ShowCaret
HideCaret
MessageBeep
WaitMessage
SetWindowRgn
GetMenuDefaultItem
DrawFrameControl
DrawStateA
GetIconInfo
CopyIcon
CreateIconIndirect
DrawIconEx
RegisterClipboardFormatA
GetCursor
SetCursorPos
SetWindowLongW
GetWindowLongW
IsWindowUnicode
IsClipboardFormatAvailable
CopyAcceleratorTableA
ToAsciiEx
GetKeyboardState
GetKeyboardLayoutList
SendMessageTimeoutA
GetDoubleClickTime
DrawEdge
CharNextA
MapDialogRect
SetWindowContextHelpId
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageA
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetKeyState
GetSubMenu
IsWindow
GetTopWindow
GetWindowLongA
SetWindowLongA
GetDlgItem
CallWindowProcA
KillTimer
GetScrollInfo
SendMessageW
GetCaretPos
GrayStringA
DrawTextExA
TabbedTextOutA
GetMenuItemCount
gdi32
GetStockObject
CreatePen
CreateSolidBrush
CreateCompatibleBitmap
SelectObject
GetBkColor
Polygon
Rectangle
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDeviceCaps
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
CreateFontIndirectA
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
DeleteObject
SelectClipRgn
GetClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetObjectA
GetPixel
GetTextExtentPoint32A
CreateRectRgnIndirect
BitBlt
SetPixel
EnumFontFamiliesExA
PtInRegion
GetTextColor
StretchBlt
GetCurrentObject
CreateDIBSection
SetViewportOrgEx
OffsetViewportOrgEx
GetDIBits
GetBitmapBits
ExtCreateRegion
GetViewportOrgEx
GetTextCharsetInfo
Polyline
Ellipse
GetWindowOrgEx
CreatePolygonRgn
GetRgnBox
RoundRect
ExtTextOutW
GetTextExtentPoint32W
CreateCompatibleDC
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetStretchBltMode
GetTextMetricsA
StretchDIBits
CreateFontA
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
comdlg32
GetFileTitleA
winspool.drv
ClosePrinter
OpenPrinterA
DocumentPropertiesA
advapi32
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
shell32
ShellExecuteA
DragQueryFileA
DragFinish
shlwapi
PathStripToRootA
PathFindFileNameA
PathRemoveFileSpecW
PathFindExtensionA
PathRemoveFileSpecA
PathIsUNCA
ole32
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
CoDisconnectObject
CLSIDFromString
CoTaskMemFree
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoCreateInstance
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
oleaut32
VariantInit
SysAllocStringLen
LoadTypeLi
VariantCopy
SafeArrayDestroy
VariantChangeType
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
OleCreateFontIndirect
ws2_32
WSACleanup
gethostbyname
gethostname
WSAStartup
comctl32
ImageList_GetImageCount
_TrackMouseEvent
ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
oledlg
ord8
ord1
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 309KB - Virtual size: 308KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 30KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 148KB - Virtual size: 147KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.UPX0 Size: 104KB - Virtual size: 252KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE