b5787c29d64929b388a7de5d7a058058_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b5787c29d64929b388a7de5d7a058058_JaffaCakes118
Size

17KB
MD5

b5787c29d64929b388a7de5d7a058058
SHA1

11fd5bbaa102a48dceae7920f444b569be6bc558
SHA256

b8ca1a6ee2d8139e9a613244da73d1686b3b64232cb6ed8f4b47f240e94ebc62
SHA512

ba0688f54ac444c1de1d891e626da441ba944b56799191d726e213d56f81f7908113cddd0bd216e7eb004717df1ac5e12ae0426946d62a9ce12e842932f8e947
SSDEEP

384:tL9W3g2d+PbrqIj2/mC6XaXM/jiv2NyW/ifovBxqt:a3+Pbrqh/x6qXM/Gv2F/ZvTQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/miniprocess.exe

Files

b5787c29d64929b388a7de5d7a058058_JaffaCakes118
.zip
miniprocess.exe
.exe windows:4 windows x86 arch:x86

2241e35e6d3d5aedeb323addfc67fd5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Temp\builds\wd.rad813DD\Client\Release\miniProcess.pdb

Imports

plibc32

?set@PathName@@QAEEABVString@Library@@@Z
?make@Directory@@SAEABVPathName@@@Z
?concat@PathName@@QAEEABVString@Library@@W4DirSepOption@1@@Z
??8String@Library@@QBEEPBG@Z
?deserialize@String@Library@@QAEKPAX@Z
?CScreenFlipPagesDC@@YAXPAU_CScreen@@PAUHDC__@@@Z
?WinProc@CAppStub@@MAEJPAUHWND__@@IIJ@Z
?GameLoop@CAppStub@@MAEXXZ
?Init@CAppStub@@UAEXPAUHINSTANCE__@@ABVString@Library@@PAUHWND__@@1PAXKKJJ@Z
??0Character@String@Library@@QAE@D@Z
?find@String@Library@@QBEKABVCharacter@12@K@Z
?substring@String@Library@@QBE?AV12@KK@Z
??1Character@String@Library@@QAE@XZ
?convert@StringConversions@Library@@YAEPADPBGJ@Z
??0String@Library@@QAE@PBG@Z
?getBuffer@String@Library@@QAEPAGK@Z
?decodeUTF8@StringConversions@Library@@YAEPAGPBDJ@Z
?releaseBuffer@String@Library@@QAEXXZ
?getLength@String@Library@@QBEKXZ
?encodeUTF8@StringConversions@Library@@YAEPADPBGJ@Z
??0String@Library@@QAE@XZ
??8String@Library@@QBEEABV01@@Z
?caseCompare@String@Library@@QBEJABV12@@Z
??4String@Library@@QAEABV01@ABV01@@Z
??0String@Library@@QAE@ABV01@@Z
??0String@Library@@QAE@PBD@Z
??YString@Library@@QAEABV01@ABV01@@Z
??1String@Library@@UAE@XZ
??BString@Library@@QBEPBGXZ

casino

?repaint@CWinApp@CasinoClient@@UAEXJJJJ@Z
?substKeywords@CApp@@UAE?AVString@Library@@ABV23@@Z
?schedule@CWinApp@CasinoClient@@UAEXPAVTimedNotify@@J@Z
?openURI@CWinApp@CasinoClient@@UAEXABVURI@@@Z
?parseURI@CApp@@UAEPAVEvent@@ABVURI@@@Z
?startGame@CApp@@UAEPAVGameModule@@PAVNamedValues@@PAV1@@Z
?bringToFront@CWinApp@CasinoClient@@UAEXXZ
?updateDownloadSpeed@CWinApp@CasinoClient@@MAEXK@Z
?loadDownloadSpeed@CWinApp@CasinoClient@@MAEXXZ
?updateNextSpeedTest@CWinApp@CasinoClient@@MAEXK@Z
?getNextSpeedTime@CWinApp@CasinoClient@@MAEKXZ
?Close@CWinApp@CasinoClient@@UAEXXZ
?setLastGameBadVersion@CWinApp@CasinoClient@@UAEXE@Z
?wasLastGameBadVersion@CWinApp@CasinoClient@@UAEEXZ
?ingorePatchedFile@CApp@@UAEEABVString@Library@@@Z
?showWindow@CWinApp@CasinoClient@@UAEXXZ
?restoreWindow@CWinApp@CasinoClient@@UAEXXZ
?getIsMinimized@CWinApp@CasinoClient@@UAEEXZ
?registerFonts@CWinApp@CasinoClient@@UAEEXZ
?unregisterFonts@CWinApp@CasinoClient@@UAEEXZ
?getUTCOffset@CWinApp@CasinoClient@@UAE?AVString@Library@@XZ
?showOptionsScreen@CWinApp@CasinoClient@@UAEEW4OptionsScreenTabs@CApp@@@Z
?show@MsgBox@@SAJPAVCApp@@ABVString@Library@@1K@Z
?notified@TimedNotify@@QAEXXZ
?releaseStringTable@CApp@@SAEABVString@Library@@@Z
?casinoName@CasinoSkin@@2VString@Library@@A
?load@CasinoSkin@@SAXPAVCApp@@@Z
?SetCurrentDirectoryW@CWinApp@CasinoClient@@IAEXXZ
?manifestDir@AppPath@@1VPathName@@A
?patchDir@AppPath@@1VPathName@@A
?tempDir@AppPath@@1VPathName@@A
?exeDir@AppPath@@1VPathName@@A
?InitCasinoUserSettings@CWinApp@CasinoClient@@QAEXXZ
?setHostAddr@CApp@@QAEXK@Z
?queueEvent@CWinApp@CasinoClient@@UAEXPAVEvent@@@Z
?showStatus@CWinApp@CasinoClient@@UAAXABVString@Library@@ZZ
?broadcastBalanceNotify@CWinApp@CasinoClient@@UAEXXZ
?getThirdPartyPID@CApp@@UAEABVString@Library@@XZ
?KillPreviousInstanceMutex@CWinApp@CasinoClient@@MAEXXZ
?ExistPreviousInstance@CWinApp@CasinoClient@@MAEEXZ
?InstallDialogID@CWinApp@CasinoClient@@UAEJXZ
?DownloadDialogID@CWinApp@CasinoClient@@UAEJXZ
?KillGame@CWinApp@CasinoClient@@MAEXXZ
?InitGame@CWinApp@CasinoClient@@MAEEXZ
??0CWinApp@CasinoClient@@QAE@XZ
??1CWinApp@CasinoClient@@UAE@XZ
?g_isSmall@@3EA
?substURIKeywords@CApp@@UAE?AVString@Library@@ABV23@@Z

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetLastError
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
GetCommandLineW
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
InterlockedExchange

user32

EndPaint
BeginPaint
ShowWindow
SetWindowPos
ReleaseCapture
TranslateMessage
SetCapture

gdi32

GetStockObject

msvcr80

??2@YAPAXI@Z
wcstoul
wcstol
??3@YAXPAX@Z
__CxxFrameHandler3
toupper
memset
free
malloc
realloc
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_itoa
_snprintf
_strdup

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2241e35e6d3d5aedeb323addfc67fd5c

Headers

File Characteristics

PDB Paths

Imports

plibc32

casino

kernel32

user32

gdi32

msvcr80

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 2KB