a6c4d003d41693a97ab2dc61a2dc1fa3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a6c4d003d41693a97ab2dc61a2dc1fa3_JaffaCakes118
Size

1.0MB
MD5

a6c4d003d41693a97ab2dc61a2dc1fa3
SHA1

0636656ba2694a7f393cd2804ac1730c7abbf973
SHA256

1806e4b9ba369b9a1a7c0d5cfa9fbabfa99067076e93a6383618b7b6871b7860
SHA512

60f44b0a6ff9d281be49fec84077b2332c7c303dc3d11f6b12dec71637b4bebe16f8500cffa29940204c0b58d719a1b757324554954425dbc053f77bd7e9f8a2
SSDEEP

24576:DOyfT1s/3Ii21c+/cNxVKdxy1WNSJQnULmKSVx5Bo4:yyfa/3q1t/jKQNSJ9bu3B5

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/C-Hud by StaN.GomeZ/InterfaceEditor.asi	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/C-Hud by StaN.GomeZ/InterfaceEditor.asi	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/C-Hud by StaN.GomeZ/CLEO.asi
unpack001/C-Hud by StaN.GomeZ/InterfaceEditor.asi
unpack001/C-Hud by StaN.GomeZ/vorbisFile.dll
unpack001/C-Hud by StaN.GomeZ/vorbisHooked.dll

Files

a6c4d003d41693a97ab2dc61a2dc1fa3_JaffaCakes118
.rar
C-Hud by StaN.GomeZ/CLEO.asi
.dll windows:5 windows x86 arch:x86

6bf5b9ee4f2f6e86e77d82019a7dee5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\games\GTA San Andreas\CLEO.pdb

Imports

bass

BASS_ChannelIsActive
BASS_ChannelPause
BASS_ChannelPlay
BASS_Set3DPosition
BASS_Apply3D
BASS_ChannelGetLength
BASS_ChannelBytes2Seconds
BASS_ChannelGetAttribute
BASS_ChannelSetAttribute
BASS_ChannelFlags
BASS_StreamFree
BASS_StreamCreateFile
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_GetVersion
BASS_Free
BASS_ErrorGetCode
BASS_Init
BASS_Set3DFactors
BASS_ChannelSetPosition

kernel32

DisableThreadLibraryCalls
VirtualProtect
SetCurrentDirectoryA
LoadLibraryA
FreeLibrary
GetProcAddress
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetProcessHeap
SetEndOfFile
HeapReAlloc
FormatMessageA
GetThreadLocale
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
RaiseException
InitializeCriticalSectionAndSpinCount
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
SetFilePointer
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ExitProcess
GetModuleFileNameW
HeapCreate
HeapDestroy
Sleep
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
HeapSize
CreateFileA
SetStdHandle
IsProcessorFeaturePresent
WriteConsoleW
LoadLibraryW
CreateFileW

user32

GetKeyState
MessageBoxA

Exports

Exports

_CLEO_GetFloatOpcodeParam@4
_CLEO_GetGameVersion@0
_CLEO_GetIntOpcodeParam@4
_CLEO_GetOperandType@4
_CLEO_GetVersion@0
_CLEO_ReadStringOpcodeParam@12
_CLEO_RecordOpcodeParams@8
_CLEO_RegisterOpcode@8
_CLEO_RetrieveOpcodeParams@8
_CLEO_SetFloatOpcodeParam@8
_CLEO_SetIntOpcodeParam@8
_CLEO_SetThreadCondResult@8
_CLEO_SkipOpcodeParams@8
_CLEO_ThreadJumpAtLabelPtr@8
_CLEO_WriteStringOpcodeParam@8
missionLocals
opcodeParams
staticThreads

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C-Hud by StaN.GomeZ/CLEO/blinkenbluten.cs
C-Hud by StaN.GomeZ/CLEO/c_timer.cs
C-Hud by StaN.GomeZ/CLEO/chud.cs
C-Hud by StaN.GomeZ/CLEO/radarflash.cs
C-Hud by StaN.GomeZ/CLEO4.chm
.chm
C-Hud by StaN.GomeZ/InterfaceEditor.asi
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
C-Hud by StaN.GomeZ/InterfaceEditor.ini
C-Hud by StaN.GomeZ/models/fonts.txd
C-Hud by StaN.GomeZ/models/hud.txd
C-Hud by StaN.GomeZ/models/txd/C_HUD.txd
C-Hud by StaN.GomeZ/vorbisFile.dll
.dll windows:5 windows x86 arch:x86

af994122bbfcf1c47f473141958b5364

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
LoadLibraryA
FindFirstFileA
DisableThreadLibraryCalls
FindClose

user32

MessageBoxA

vorbishooked

ord1
ord2
ord3
ord4
ord5
ord6
ord7
ord8
ord9
ord10
ord11
ord12
ord13
ord14
ord15
ord16
ord17
ord18
ord19
ord20
ord21
ord22
ord23
ord24
ord25
ord26
ord27
ord28
ord29
ord30
ord31
ord32
ord33
ord34

Exports

Exports

ov_bitrate
ov_bitrate_instant
ov_clear
ov_comment
ov_crosslap
ov_halfrate
ov_halfrate_p
ov_info
ov_open
ov_open_callbacks
ov_pcm_seek
ov_pcm_seek_lap
ov_pcm_seek_page
ov_pcm_seek_page_lap
ov_pcm_tell
ov_pcm_total
ov_raw_seek
ov_raw_seek_lap
ov_raw_tell
ov_raw_total
ov_read
ov_read_float
ov_seekable
ov_serialnumber
ov_streams
ov_test
ov_test_callbacks
ov_test_open
ov_time_seek
ov_time_seek_lap
ov_time_seek_page
ov_time_seek_page_lap
ov_time_tell
ov_time_total

Sections

.text
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 98B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C-Hud by StaN.GomeZ/vorbisHooked.dll
.dll windows:4 windows x86 arch:x86

8ec5f91b35a203372803c35e3faa6597

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ogg

ogg_sync_clear
ogg_stream_init
ogg_sync_wrote
ogg_sync_buffer
ogg_sync_init
ogg_stream_packetout
ogg_stream_pagein
ogg_stream_reset_serialno
ogg_page_serialno
ogg_sync_pageseek
ogg_sync_reset
ogg_page_granulepos
ogg_page_eos
ogg_stream_reset
ogg_page_continued
ogg_stream_packetpeek
ogg_stream_clear

vorbis

vorbis_synthesis_headerin
vorbis_block_clear
vorbis_comment_init
vorbis_info_clear
vorbis_comment_clear
vorbis_info_init
vorbis_packet_blocksize
vorbis_synthesis_halfrate
vorbis_synthesis_halfrate_p
vorbis_synthesis_restart
vorbis_synthesis_read
vorbis_synthesis_pcmout
vorbis_synthesis_blockin
vorbis_synthesis_trackonly
vorbis_info_blocksize
vorbis_block_init
vorbis_synthesis_init
vorbis_synthesis
_analysis_output_always
vorbis_synthesis_lapout
vorbis_window
vorbis_dsp_clear

kernel32

RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetStdHandle
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
RaiseException
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
ReadFile

Exports

Exports

ov_bitrate
ov_bitrate_instant
ov_clear
ov_comment
ov_crosslap
ov_halfrate
ov_halfrate_p
ov_info
ov_open
ov_open_callbacks
ov_pcm_seek
ov_pcm_seek_lap
ov_pcm_seek_page
ov_pcm_seek_page_lap
ov_pcm_tell
ov_pcm_total
ov_raw_seek
ov_raw_seek_lap
ov_raw_tell
ov_raw_total
ov_read
ov_read_float
ov_seekable
ov_serialnumber
ov_streams
ov_test
ov_test_callbacks
ov_test_open
ov_time_seek
ov_time_seek_lap
ov_time_seek_page
ov_time_seek_page_lap
ov_time_tell
ov_time_total

Sections

.text
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bf5b9ee4f2f6e86e77d82019a7dee5d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bass

kernel32

user32

Exports

Exports

Sections

.text Size: 139KB - Virtual size: 138KB

.text1 Size: 1024B - Virtual size: 624B

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 147KB

.data1 Size: 1024B - Virtual size: 928B

.trace Size: 8KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 15KB - Virtual size: 14KB

Headers

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 80KB

DATA Size: 1024B - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 8KB

UPX Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

af994122bbfcf1c47f473141958b5364

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

vorbishooked

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 4KB

.reloc Size: 98B - Virtual size: 108B

8ec5f91b35a203372803c35e3faa6597

Headers

File Characteristics

Imports

ogg

vorbis

kernel32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 40KB

.rdata Size: 4KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 12KB

.reloc Size: 1KB - Virtual size: 3KB

.text
Size: 139KB - Virtual size: 138KB

.text1
Size: 1024B - Virtual size: 624B

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 147KB

.data1
Size: 1024B - Virtual size: 928B

.trace
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 15KB - Virtual size: 14KB

CODE
Size: 36KB - Virtual size: 80KB

DATA
Size: 1024B - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 8KB

UPX
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 1KB - Virtual size: 4KB

.reloc
Size: 98B - Virtual size: 108B

.text
Size: 38KB - Virtual size: 40KB

.rdata
Size: 4KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 12KB

.reloc
Size: 1KB - Virtual size: 3KB