aed3655ff961f54a06220771fba076cf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

aed3655ff961f54a06220771fba076cf_JaffaCakes118
Size

20.1MB
MD5

aed3655ff961f54a06220771fba076cf
SHA1

e9d0e8b9e2290df0eb297922d6a98f82e58196f4
SHA256

455a31e3e5847bc5cf198d1bd527885a7998b3887c44bba24fbc2c898d2d41a4
SHA512

1627fb8de36bb010f9b4ec0be177e95591225d4f6d077f1277b627fb2696c0b08e5d3d5ea73a262a11454e3a1086ee9595f7447db893ca85e4c5e2f59c5df3be
SSDEEP

393216:K53zn1IssDf454/rPu7MrhdtLf5baZ/DLRxGof2kr3TRsGIDziK64IyQw:Kd1k4APHhd2Z/D90of/yDziHw

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/DXGame.dll
unpack002/LOADER.EXE
unpack002/MOVIE.EXE
unpack002/SEIYA.EXE
unpack001/155011551/seiya.exe

Files

aed3655ff961f54a06220771fba076cf_JaffaCakes118
.rar
155011551/SeiyaSource.rar
.rar
BACKUPME.BAT
DEBUG.TXT
.vbs
DXClipCTRL.cls
.vbs
DXClipStruct.cls
DXEnemyStruct.cls
DXFightCTRL.cls
.vbs
DXFightStruct.cls
DXGame.dll
.dll windows:4 windows x86 arch:x86

5b67e75dd074ecf6d4daf767a516ff51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord17

kernel32

GetCommandLineA
RtlUnwind
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
FreeEnvironmentStringsA
LoadLibraryA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
WriteFile
GetCurrentProcess
GetOEMCP
GetCPInfo
GetProcessVersion
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringA
InterlockedDecrement
FreeLibrary
FreeEnvironmentStringsW
lstrcmpA
GetCurrentThread
lstrcmpiA
GlobalGetAtomNameA
GetVersion
lstrcatA
lstrcpyA
GlobalAddAtomA
GlobalFindAtomA
LocalReAlloc
GetLastError
TlsGetValue
GlobalReAlloc
TlsSetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
TlsFree
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
GlobalFlags
LocalFree
LocalAlloc
lstrcpynA
GlobalFree
lstrlenA
GetModuleHandleA
GlobalUnlock
GetProcAddress
SetLastError
GetEnvironmentStrings
GetEnvironmentStringsW
GetStartupInfoA
GetCurrentThreadId

user32

GetMenu
GetClassInfoA
wsprintfA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
LoadIconA
ShowWindow
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetMenuItemID
GetDlgItem
DefWindowProcA
GetMenuItemCount
RegisterClassA
GetClassLongA
SetPropA
GetSubMenu
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
DestroyWindow
CreateWindowExA
UnhookWindowsHookEx
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
SetWindowsHookExA
GetDC
ReleaseDC

gdi32

CreateSolidBrush
SaveDC
DeleteDC
SelectObject
GetStockObject
RestoreDC
SetBkColor
SetMapMode
SetViewportOrgEx
SetTextColor
SetViewportExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
GetClipBox
ScaleWindowExtEx
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
CreateBitmap

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

SetMask
myTest
testFunc
vcAlpha
vcFade
vcStrech

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DXInput.cls
.vbs
DXMovie2CTRL.cls
.vbs
DXMovie2Struct.cls
DXMovieCTRL.cls
.vbs
DXMovieStruct.cls
.vbs
DXMusic.cls
DXScreen.bak
.vbs
DXScreen.cls
.vbs
DXSfcCTRL.cls
.vbs
DXSound.cls
.vbs
DXStoryCTRL.cls
.vbs
DXStoryStruct.cls
DXSurface.cls
DXWordCTRL.cls
.vbs
DXWordsStruct.cls
LOADER.EXE
.exe windows:4 windows x86 arch:x86

7992baf6e4c650a275a03ec7d4513239

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord305
ord307
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaObjVar
_adj_fpatan
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord313
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaLateMemCallLd
_CIatan
__vbaCastObj
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MOVIE.EXE
.exe windows:4 windows x86 arch:x86

d287c104513f119d687307eea1ed88d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
ord689
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
README.HTM
.html
SEIYA.EXE
.exe windows:4 windows x86 arch:x86

52f062963394be72fbf9123649fba840

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
ord690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaVarSetVarAddref
__vbaResume
__vbaCopyBytes
__vbaStrCat
__vbaBoolErrVar
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
ord558
_adj_fdiv_m32
__vbaAryDestruct
__vbaForEachCollObj
__vbaExitProc
ord593
ord300
ord301
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord598
ord305
__vbaFpR4
ord306
__vbaForEachCollVar
ord307
ord309
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
__vbaNextEachCollObj
__vbaVarZero
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
__vbaNextEachCollVar
__vbaObjVar
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaVarSetUnk
__vbaNew
__vbaUI1I2
_CIsqrt
ord310
__vbaVarAnd
ord311
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord312
ord711
ord313
_adj_fprem
_adj_fdivr_m64
ord317
ord716
__vbaFPException
ord318
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarLateMemStAd
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
__vbaVarDup
__vbaFpI2
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
__vbaCastObj
__vbaForEachVar
__vbaR8IntI4
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SEIYA.INI
SEIYA.SF5
SEIYA.SF_
Seiya.PDM
Seiya.pd_
Seiya.vbp
Seiya.vbw
apiModule.bas
frmBegin.frm
frmDebug.frm
frmEnd.frm
frmMain.frm
.vbs
frmMain.frx
funcModule.bas
.vbs
gameModule.bas
.vbs
graphicModule.bas
varModule.bas
xmlModule.bas
.vbs
155011551/seiya.exe
.exe windows:4 windows x86 arch:x86

395b530661c48eccc9649cfa151ee7e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
GetLastError
CreateFileA
GetModuleFileNameA
Sleep
WriteFile
SetFilePointer
GetFullPathNameA
CreateProcessA
ReadFile
CreateFileMappingA
lstrcpyA
SetCurrentDirectoryA
GetTempPathA
GetCurrentDirectoryA
SetLastError
ExitProcess
GetModuleHandleA
MapViewOfFile
HeapAlloc
lstrlenA
CreateDirectoryA
HeapFree
GetProcessHeap
GetFileSize
FormatMessageA
LocalFree
DeleteFileA
RemoveDirectoryA
GetTempFileNameA

user32

CreateDialogParamA
IsDlgButtonChecked
GetDlgItemTextA
EndDialog
DialogBoxParamA
DestroyWindow
SendDlgItemMessageA
SetFocus
CheckDlgButton
ShowWindow
wsprintfA
MessageBoxA
GetWindowRect
SetDlgItemTextA
GetDlgItem
MoveWindow
GetSystemMetrics

gdi32

SetTextColor
TextOutA
CreateFontIndirectA
DeleteObject
CreateSolidBrush
SelectObject
SetTextAlign

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
155011551/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

5b67e75dd074ecf6d4daf767a516ff51

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

winspool.drv

advapi32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 13KB

.reloc Size: 12KB - Virtual size: 9KB

7992baf6e4c650a275a03ec7d4513239

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

d287c104513f119d687307eea1ed88d4

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

52f062963394be72fbf9123649fba840

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 136KB - Virtual size: 133KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

395b530661c48eccc9649cfa151ee7e6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 13KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 136KB - Virtual size: 133KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 4KB