ae4d68508f1d96dd73f9aa3867e96ee1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae4d68508f1d96dd73f9aa3867e96ee1_JaffaCakes118
Size

2.2MB
MD5

ae4d68508f1d96dd73f9aa3867e96ee1
SHA1

e1bd3ec4fb8abaa4f9ef1d789a9264feb91ea3c8
SHA256

555926e03bcd46980f0c0ea13514147f561fdc2b24ca9032762326e19ce7e24e
SHA512

d480c0b044036afb85ef8939cc49115ee9e555f75f5f7b3c0918c97e22e78c2396f2759e9b9a7f8335631ae0ec067b99297b0293b722c48fb4a046028a4e7841
SSDEEP

49152:K3kZFkmRUPzikizFO9o/sKosNRjUQkBjKY8BEjdBEBs4B46gZ+ZAtV:K3qFRUPzLizAE14KdBqdB6ZB4j+mV

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KOHack_v.4S/Hacko.exe
unpack001/KOHack_v.4S/KnightOnLine_1717/KnightOnLine.exe
unpack001/KOHack_v.4S/dinput8.dll

Files

ae4d68508f1d96dd73f9aa3867e96ee1_JaffaCakes118
.rar
KOHack_v.4S/AttackSettings.ini
KOHack_v.4S/Hacko.exe
.exe windows:4 windows x86 arch:x86

86632da30434ccfc050190a47fb559c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_acmdln
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
calloc
exit
memcpy
memset
_itow
??2@YAPAXI@Z
_wcsdup
??3@YAXPAX@Z
free
__p__commode

kernel32

GetModuleHandleA
GetTempPathW
GetModuleHandleW
GetModuleFileNameW
CreateFileW
SetFilePointer
CloseHandle
GetTempFileNameW
FreeLibrary
DeleteFileW
WriteFile
ReadFile
LoadLibraryW
GetProcAddress
GetStartupInfoA

user32

MessageBoxW

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KOHack_v.4S/KnightOnLine_1717/KnightOnLine.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.3MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 91KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 169KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KOHack_v.4S/LootList.ini
KOHack_v.4S/dinput8.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0f59d0be33614ade19fa8de73d0b9e82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dinput8.pdb

Imports

msvcrt

malloc
free
strchr
iswctype
towupper
_wsplitpath
_snwprintf
_wcsnicmp
_ftol
_except_handler3

kernel32

LeaveCriticalSection
SetEvent
DeleteCriticalSection
ResetEvent
WideCharToMultiByte
GetCurrentProcessId
IsBadReadPtr
IsBadWritePtr
lstrcpyW
lstrcmpW
FreeLibraryAndExitThread
WaitForSingleObject
FreeLibrary
GetLastError
WaitForMultipleObjects
SetThreadPriority
CreateThread
CreateEventW
LoadLibraryW
GetTickCount
lstrcmpiW
ReadFileEx
DuplicateHandle
GetCurrentProcess
LoadLibraryExW
ReleaseMutex
MulDiv
EnterCriticalSection
LocalAlloc
LocalReAlloc
SleepEx
ResumeThread
GetProcAddress
DisableThreadLibraryCalls
UnmapViewOfFile
MultiByteToWideChar
lstrlenA
IsBadCodePtr
CompareFileTime
lstrcpynW
GetSystemDirectoryW
GetPrivateProfileStringW
GetWindowsDirectoryW
WriteFileEx
Sleep
DeviceIoControl
SystemTimeToFileTime
GetLocalTime
HeapFree
HeapAlloc
GetProcessHeap
MapViewOfFile
CreateFileMappingW
CreateMutexW
LoadResource
FindResourceW
CreateProcessW
InitializeCriticalSection
GetVersionExW
CreateFileA
GetFullPathNameA
QueryPerformanceCounter
TerminateProcess
GetCurrentThreadId
SetUnhandledExceptionFilter
lstrlenW
GetSystemTimeAsFileTime
CreateFileW
ReadFile
SetFilePointer
GetFileSize
CloseHandle
GetModuleHandleW
GetModuleFileNameW
GetFullPathNameW
InterlockedExchange
LocalFree
InterlockedDecrement
InterlockedIncrement
GetVersion
UnhandledExceptionFilter

advapi32

SetEntriesInAclW
GetSecurityInfo
RegEnumValueW
RegDeleteKeyW
GetUserNameW
RegCreateKeyExW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
SetSecurityDescriptorControl
FreeSid
RegEnumKeyExW
RegSetKeySecurity
RegCreateKeyW
RegOpenKeyW
RegQueryValueW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

user32

CallWindowProcW
IsWindow
ToUnicodeEx
MapVirtualKeyExW
GetKeyboardLayout
GetActiveWindow
GetKeyNameTextW
GetKeyboardType
GetRawInputDeviceInfoW
GetRawInputDeviceList
PostMessageW
wsprintfW
CharUpperW
UnhookWindowsHookEx
GetWindowThreadProcessId
IsIconic
GetForegroundWindow
GetWindowLongW
CallNextHookEx
SetWindowsHookExW
PostThreadMessageW
MsgWaitForMultipleObjects
DefWindowProcW
CreateWindowExW
RegisterClassW
LoadIconW
LoadCursorW
DestroyWindow
DispatchMessageW
TranslateMessage
PeekMessageW
SetTimer
GetInputState
SystemParametersInfoW
IntersectRect
GetWindowRect
GetDesktopWindow
MapWindowPoints
GetClientRect
ReleaseCapture
SetCursorPos
mouse_event
GetAsyncKeyState
SetCapture
ClipCursor
ShowCursor
GetMessageTime
SendNotifyMessageW
GetCursorPos
GetSystemMetrics
MapVirtualKeyW
LoadStringW
keybd_event
IsRectEmpty
SubtractRect
RegisterWindowMessageW
SetWindowLongW
GetPropW
SetPropW
RemovePropW

Exports

Exports

DirectInput8Create
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86632da30434ccfc050190a47fb559c4

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 3KB

Headers

File Characteristics

Sections

Size: 1.3MB - Virtual size: 5.1MB

Size: 91KB - Virtual size: 388KB

Size: 169KB - Virtual size: 2.0MB

.rsrc Size: 56KB - Virtual size: 84KB

.data Size: 70KB - Virtual size: 72KB

.adata Size: - Virtual size: 4KB

0f59d0be33614ade19fa8de73d0b9e82

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 137KB

.data Size: 1KB - Virtual size: 38KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 56KB - Virtual size: 84KB

.data
Size: 70KB - Virtual size: 72KB

.adata
Size: - Virtual size: 4KB

.text
Size: 137KB - Virtual size: 137KB

.data
Size: 1KB - Virtual size: 38KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 6KB - Virtual size: 6KB