ab5342cf0c8be3ded9444d91dbb0d004_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab5342cf0c8be3ded9444d91dbb0d004_JaffaCakes118
Size

328KB
MD5

ab5342cf0c8be3ded9444d91dbb0d004
SHA1

c963d5e0737e755bf915932eca2cbc064000f530
SHA256

4595eb60373cade03a69a4ac2a2173676550f15fe266da0f3db1b67a22e842e2
SHA512

498fe655bb2be2e6dfc64de92fe89169d9341973fade4e3ef91808776973aba51f18049b69d59465f3166455b2bd72a902f9cf345b3793d94996c07e772fc648
SSDEEP

6144:AvBixRvSHo34l8R0grXkH8fQeewQeepQeesQee+0QeefQeegehPF9V6QQk/aYM61:A5q+E4u04XkAhbwQF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab5342cf0c8be3ded9444d91dbb0d004_JaffaCakes118

Files

ab5342cf0c8be3ded9444d91dbb0d004_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f5222901ffcd933330a5c148e189c665

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kload

editPlayerId
getRecordPlayerId
playerRecord
isTrainingMode
isEditMode
LogWithTwoNumbers
GetActiveDevice
LogWithNumberAndString
MasterCallNext
LogWithString
GetPESInfo
MasterHookFunction
LogWithNumber
RegisterKModule
HookFunction
SetBootserverVersion
UnhookFunction
Log
Debug

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

kernel32

SetEndOfFile
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
LCMapStringA
SetFilePointer
ReadFile
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringA
LCMapStringW
CompareStringW
SetEnvironmentVariableA
GetCPInfo
FindClose
FindNextFileA
FindFirstFileA
LoadLibraryA
GetProcAddress
GetModuleHandleA
WriteFile
GetLastError
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileA
CreateFileW
WideCharToMultiByte
GetVersionExA
CloseHandle
UnmapViewOfFile
IsProcessorFeaturePresent
Sleep
InterlockedExchange
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RaiseException
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
VirtualAlloc
IsBadWritePtr

Exports

Exports

bootCopyPlayerData
bootUnlockRect

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5222901ffcd933330a5c148e189c665

Headers

File Characteristics

Imports

kload

advapi32

kernel32

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 253KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 20KB - Virtual size: 25KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 744B

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 256KB - Virtual size: 253KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 20KB - Virtual size: 25KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 744B

.reloc
Size: 16KB - Virtual size: 12KB