abcd5bf02b90e02bce2b5e3f7139f615_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

abcd5bf02b90e02bce2b5e3f7139f615_JaffaCakes118
Size

5.4MB
MD5

abcd5bf02b90e02bce2b5e3f7139f615
SHA1

b45be60eb36561fd6eb11ecc1a39f2dcef712c82
SHA256

678f0e07751772ec059d33b85b567af17b1aa9537c5dee5a013f2be6431b91c9
SHA512

37b897b278fb20f30e0a88d142ede799668e7b7959c10561e8543aa302839fb8f4ab49cd8340ad95496082af6ee021229944b91ac8e1c71b00cd297fb4d81e74
SSDEEP

98304:vohwEIvZ0hYDxkCF165aZca/+T7WfDTFBRhcpoU:wNIvZ0hY1JF165aZck+nWVjaP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abcd5bf02b90e02bce2b5e3f7139f615_JaffaCakes118

Files

abcd5bf02b90e02bce2b5e3f7139f615_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c4fca1effd1f370fbe74b35756a8a8a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

zlibwapi

ord46
ord2
ord26

elementskill

?Condition@ElementSkill@GNET@@SAHIAAUUseRequirement@2@H@Z
?PetLearn@ElementSkill@GNET@@SAHIAAUPetRequirement@2@H@Z
?GetAbility@ElementSkill@GNET@@SAHI@Z
?GetAbilityPercent@ElementSkill@GNET@@SAHI@Z
?GetName@ElementSkill@GNET@@SAPBGI@Z
?NextSkill@ElementSkill@GNET@@SAII@Z
?Query@VisibleState@GNET@@SAPBV12@HH@Z
?GetNativeName@ElementSkill@GNET@@SAPBDI@Z
?Create@ElementSkill@GNET@@SAPAV12@IH@Z
?GetRequiredBook@ElementSkill@GNET@@SAHIH@Z
?Query@TeamState@GNET@@SAPBV12@H@Z
?GetIcon@ElementSkill@GNET@@SAPBDI@Z
?GetRequiredMoney@ElementSkill@GNET@@SAHIH@Z
?GetRequiredSp@ElementSkill@GNET@@SAHIH@Z
?GetEffect@ElementSkill@GNET@@SAPBDI@Z
?GetExecuteTime@ElementSkill@GNET@@SAHIH@Z
?GetType@ElementSkill@GNET@@SADI@Z
?GetVersion@ElementSkill@GNET@@SAHXZ
?SetAbility@ElementSkill@GNET@@SAHIH@Z
?LearnCondition@ElementSkill@GNET@@SAHIAAULearnRequirement@2@H@Z
?Destroy@ElementSkill@GNET@@QAEXXZ
?LoadSkillData@ElementSkill@GNET@@SAXPAX@Z
?SetLevel@ElementSkill@GNET@@SAHIH@Z

kernel32

GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetFileAttributesA
GetModuleHandleA
Process32Next
ReadProcessMemory
OutputDebugStringA
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
lstrlenA
LoadLibraryA
GlobalMemoryStatus
HeapFree
GetProcessHeap
HeapAlloc
SystemTimeToFileTime
GetSystemTime
FlushInstructionCache
ReleaseMutex
IsBadWritePtr
QueryPerformanceCounter
QueryPerformanceFrequency
OpenFile
InterlockedExchange
GetWindowsDirectoryA
GetSystemDirectoryA
VirtualQuery
SetLastError
VirtualProtect
ResetEvent
SuspendThread
WriteFile
IsDBCSLeadByte
ExitProcess
CreateThread
SetThreadPriority
SetThreadPriorityBoost
DeleteCriticalSection
InitializeCriticalSection
IsProcessorFeaturePresent
GetVersionExA
ReleaseSemaphore
FindClose
ReadFile
CopyFileA
GetFileSize
GetExitCodeThread
WaitForMultipleObjects
TerminateThread
CreateFileA
GlobalAlloc
GlobalLock
GlobalUnlock
MapViewOfFile
CreateFileMappingA
GetCommandLineA
GetPrivateProfileStringA
GetPrivateProfileIntA
DuplicateHandle
FindFirstFileA
DeleteFileA
FindNextFileA
CompareStringA
GetLocalTime
SetEvent
WaitForSingleObject
ResumeThread
Sleep
IsDebuggerPresent
GetVersion
GetCurrentDirectoryA
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentThread
GetLastError
FreeLibrary
CloseHandle
GetCurrentThreadId
EnterCriticalSection
GetCurrentProcessId
GetCurrentProcess
LeaveCriticalSection
GetModuleFileNameA
IsBadReadPtr
GetTickCount
GetSystemInfo
UnmapViewOfFile
VirtualQueryEx
FormatMessageA
SetEndOfFile
SetFilePointer
GetFileType
WinExec
GlobalReAlloc
GlobalSize
GlobalFree
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegQueryValueExA
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
RegOpenKeyA

user32

GetClassNameA
GetWindowTextA
GetWindow
GetWindowThreadProcessId
GetKeyState
PostQuitMessage
OpenClipboard
GetClientRect
GetCapture
SetCursorPos
ClientToScreen
GetAsyncKeyState
ReleaseCapture
SetCapture
ScreenToClient
GetCursorPos
InvalidateRect
SetWindowPos
AdjustWindowRectEx
MessageBoxA
SetCursor
EndPaint
BeginPaint
ShowWindow
TranslateMessage
SetForegroundWindow
GetTopWindow
UpdateWindow
MoveWindow
GetSystemMetrics
AdjustWindowRect
CloseClipboard
SetClipboardData
EmptyClipboard
CreateCaret
SetCaretPos
GetKeyboardLayout
IsWindowVisible
CreateWindowExA
GetParent
WindowFromDC
EnumThreadWindows
SetRect
IntersectRect
DestroyCursor
LoadCursorFromFileA
GetDesktopWindow
SetTimer
KillTimer
GetDC
ReleaseDC
EnumWindows
UnhookWindowsHookEx
PtInRect
FindWindowA
GetWindowRect
IsRectEmpty
CallNextHookEx
GetActiveWindow

gdi32

SetTextAlign
SetBkColor
SetTextColor
SelectObject
PtInRegion
CreatePolygonRgn
CreateEllipticRgn
SetMapMode
CreateCompatibleDC
TextOutA
BitBlt
DeleteDC
GetStockObject
DeleteObject
CreateDIBSection
GetDeviceCaps

shell32

ShellExecuteA

ws2_32

gethostbyname
send
inet_ntoa
connect
ioctlsocket
setsockopt
htons
socket
closesocket
WSAGetLastError
recv
sendto
select
__WSAFDIsSet
getsockname
bind
WSACleanup
ntohs
WSAStartup
inet_addr

imm32

ImmGetCompositionStringW
ImmGetCandidateListW
ImmAssociateContext
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetDescriptionW
ImmGetProperty
ImmIsIME
ImmReleaseContext
ImmGetContext

d3d8

Direct3DCreate8

ddraw

DirectDrawCreate

dsound

ord11

ole32

CoFreeUnusedLibraries
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

speedtreert

?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?Authorize@CSpeedTreeRT@@SAXPBD@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
??3CSpeedTreeRT@@SAXPAX@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
??0STextures@CSpeedTreeRT@@QAE@XZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetDiscreteLeafLodLevel@CSpeedTreeRT@@QBEGM@Z
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??1CSpeedTreeRT@@QAE@XZ
??2CSpeedTreeRT@@SAPAXI@Z
??0CSpeedTreeRT@@QAE@XZ
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?GetTreeSize@CSpeedTreeRT@@QBEXAAM0@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z

ftdriver

?CreateFTManager@@YAPAVIFTManager@@HHH@Z

shlwapi

StrToIntW
PathFindExtensionA
PathFileExistsA

wininet

InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetReadFile

msvcrt

_itoa
_strcmpi
_strnicmp
_strupr
_fileno
_CIsinh
_CIcosh
_CItanh
_CIfmod
modf
_HUGE
tolower
strpbrk
system
remove
rename
tmpnam
getenv
clock
strftime
mktime
difftime
_popen
tmpfile
clearerr
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_strlwr
_exit
_ecvt
_fcvt
_fpclass
_isnan
_copysign
??1exception@@UAE@XZ
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
memchr
frexp
ldexp
toupper
_snwprintf
wcsncmp
localeconv
strcoll
strtod
setvbuf
_pclose
tan
sin
pow
sqrt
strtoul
_isctype
__mb_cur_max
_pctype
_errno
strerror
_iob
getc
ungetc
_wcsicmp
atan2
_XcptFilter
sprintf
_ftol
__CxxFrameHandler
fclose
fwrite
fopen
strstr
_CIacos
ceil
acos
_CxxThrowException
wcslen
strrchr
atoi
_wtoi
localtime
time
memmove
_purecall
_except_handler3
strncpy
wcscmp
wcscpy
vswprintf
gmtime
free
rand
realloc
swprintf
fseek
__RTDynamicCast
_access
_CIpow
wcscat
wcsstr
swscanf
_stat
malloc
_CIasin
qsort
isdigit
wcsncpy
strncmp
fread
sscanf
ftell
floor
_findclose
_findnext
_findfirst
_wmkdir
wcsrchr
fgetws
fgetwc
strchr
fputs
_beginthreadex
_beginthread
fprintf
asctime
atof
_snprintf
printf
srand
fwprintf
strcspn
fgets
_stricmp
_local_unwind2
calloc
fscanf
vsprintf
wcschr
strncat
wcsncat
_vsnprintf
fflush
_wcslwr
_fstat
strtok
_chsize
_finite
_controlfp
longjmp
_setjmp3
isspace
isalpha
isalnum
_strdup
setlocale
exit
_assert
cos
fabs

winmm

timeGetTime

immwrapper

??0AMImmWrapper@@QAE@XZ
?Init@AMImmWrapper@@QAE_NPAUHINSTANCE__@@PAUHWND__@@PAD2@Z
?Release@AMImmWrapper@@QAE_NXZ
??1AMImmWrapper@@QAE@XZ
?ReleaseImmEffect@AMImmWrapper@@QAE_NAAPAVAMImmEffect@@@Z
?LoadImmEffect@AMImmWrapper@@QAE_NPADPAPAVAMImmEffect@@@Z
?Start@AMImmEffect@@QAE_NXZ
?Stop@AMImmEffect@@QAE_NXZ

Exports

Exports

eΗ�4��j͜p(>�F�X��[{��e�O��4��`00�X��rK��UI@d��Vs!ǵR�/H��U^��¹��8��sR�=`8 N��P�Bq��a�JUs�E%\�9��Z��t(u%�}|iQ��q&^4�[�s+�m��p;�I��Zt�ц��/ͩ�}m��d�dGeM�笊��z�M�^e�a�A�[)`i��8��+�Švu�g6+tMN�3T�� M�Hs3��ݴA]ӌ��R�K�QE�p!�d��z�i��c"��c�AD�Y`��%��S��u�,��y�8�O��NN��]&��Ј��^�+^{�PA.A��-��^�&R jW1,:�B\7�fS�,�@��0�¡�P`�+�Ϥg��R#��y��ű�M�d��`f`1qu�4ɄT�%��J M�=y6�hR�*�`�75�pe'n#�޼��с� �<��߯Fn�e��L��JRf;-��,��=)�之L��3�e��*TI��!��<%�� I6@��^o!�p��]��p��+�GF?��{��<�Ϯ�e�8yZ@��仗��Ȫ^ƆeP��۫��tf�N�Ҍ�8o��ϫ��RM�(��fW�?�]� �?��9E�/� ��ʪX��5 8��`��/.��m|��k�T�^��m��E�� (��,��+��w�.�g�^��}>&�1}ZE��AM��}9��p��O��A��M}B�mX��'��uNCF��nG��r�u9j�$Β�� H�~�"��F��ai�.xӺ� ^��Q��&��*-V�B�82�c��|cq�i��2B��ES�Rn�B� 9[M@��Z]��!C"��d�w��:`�5ϰ;X��/�8'N��cJ�Ƹ�Z� ��2��'�0^�=~a�e�u[v��u��f�R춑f��_56[�=�G,>^8�D^��*��u�x#ʢ��yH��7T�ę��*��Je/f��Pbv�J��v_��Q�6X��2͒=�`]G��:f��ʨh-�z�Q��E��h)�1�}�:s+��R�T� ��n� ��W3~u�k��Z y�p��ʣ �6��#�rZ_N冣�J/�|<��M%�8<��ٮ[�L��P��3sĄ��aw�6Zw.�8�(m)��J#�;]iD�/��q!H��:Zy--��̰��=��d�5?��ʒ|�Wd�O׻mK. �@9�K�HGQr��Bj��zJ�lg��Ju��?M{�� ,�t+^�)wxX@v��>!��c{��E��3If��'�W\��T:�AŘ�:�|+Q��x_�=�M��k�R��KT$�>.�p��8Y��W� �.�R n��P��;$��Iuk��D�i/�Q��岩L�ʖ/MR�b� ��LW-��7 #I7&�|bu��`�Ex[H�8��\�x#S=E�1O6��ݒ΢хޫc��`�_��N@��؀�"�Qk��<<�Z�P�x�B��GN(�� O��7��Eǅ��[s��v�222�+U��Y��Z,/�ֆ�/�d~ܨ%֋d�!M�Ѝ�O(.L��<��:Y��&� 6��-�G��:J�a��g�u��ւ�@$��8G#!�u'�x�~��:�L)��lOO��0>^�j;޵�@�N��{V.Qg�{e��\ig�}x��@9 *��#�gT��1'�s�p �v��{��ڻ&PF.�R��y+䃆 �4��%1XN��Bá�]�zҭ�/�S��n��'��T�&l��3��e��*F�� b@�b�bŷ�4�b��K�'b��ef��#+Yl��W��7|�Sz��7�{C--��{�#:C��m��-�V��*�K�O�q��z��J��;��M�$�P�ß�$*��"b��3�(��P*Υ#�$#Q��<��ͼ��J�t�-Y�aP|�c�c�O��?��IL��.܊@��@6˼ xB<t�c��x\��uxg ��B��"�fc(�Â�N;�e�ϛ �Ȉ@h�/�9��}��p�E��D�� r4�� n��4<+��<O̍��m�$T\2�P{��I�z�6�-��r�0��X��3PT��m�'k�HR�*N>%*9��s��ՠ}�sa��{aS�Q�]�H��|P�S�g�C1R�*�/�i�b1".1�0*�#!�J௯T�Ɣ�IEq�pgt*\b k��%U��Y!�'��3?م��`�]�q+��a��CŨp�6U�J�z|w%j�r�S�a��zjIvc5�k��Oɜ��Y�%Y&x��wAQy׈x�{�kqH��]��(�XR��6�`@7ru=�*��ol��hy�p��~|]Q�,��U@O��V6V�H�d]#�v��=��j^�u�j?qԂ��V;��ۥAU��x�R3$�1��yD�~Hˇˬ�hx G�t��w�R+K��pИ��G$^wW��FU��sJU+�|��u��{�0N4�^�!��`L%��t��\��Ӟ��b0��Ç8��kt��J��%�&��J�۲%��2�LAE�M�u3��+�R�H��OU3��0m\��90��?�� |9�D��t��Nh�&5~|,5HKw��CϟK�$��d"�}��q��.�R}��ib��S��p?�8$L!؍��~fp�� d�e3�A�I�σ�]�yX�� 8 L��*酮`��0�q�1RWX�$ߦtkƊ��C�!rX^~M?{�H��3�B��Ƽ��]��S{��<�U��މf9(�dma��p�3'[b{�w��+��f�>� I2�-ɀM�,�Ԝ;S��Yn��d(�I�]�w� F�p\ 7��^ؾ�Z+O*a��KAQ%�DSNk+�� F ��J��[

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 428KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 372KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c4fca1effd1f370fbe74b35756a8a8a9

Headers

File Characteristics

Imports

zlibwapi

elementskill

kernel32

advapi32

user32

gdi32

shell32

ws2_32

imm32

d3d8

ddraw

dsound

ole32

speedtreert

ftdriver

shlwapi

wininet

msvcrt

winmm

immwrapper

Exports

Exports

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 428KB - Virtual size: 426KB

.data Size: 372KB - Virtual size: 613KB

.tls Size: 8KB - Virtual size: 4KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.vmp0 Size: 48KB - Virtual size: 44KB

.vmp1 Size: 56KB - Virtual size: 54KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 428KB - Virtual size: 426KB

.data
Size: 372KB - Virtual size: 613KB

.tls
Size: 8KB - Virtual size: 4KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.vmp0
Size: 48KB - Virtual size: 44KB

.vmp1
Size: 56KB - Virtual size: 54KB