b469b5b5b94a83af79ada6984656f28f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b469b5b5b94a83af79ada6984656f28f_JaffaCakes118
Size

644KB
MD5

b469b5b5b94a83af79ada6984656f28f
SHA1

fba2268ee7ad2128d6d08385974f69dc6f3134e2
SHA256

e606a00933fdf2e931f8363e4be9953c13657bcf880a17cbf894c8d5ba4bffc0
SHA512

ee3ba547d89292592ec26cc494a46016311e2ae8eea8c2841dd8ee967c6527c83d643d304877782b254bda716e66c9a26ba43b16099757ea77421a7ada0b2683
SSDEEP

12288:5qLM7EAbmmLM7EAbmXmCm4JK5OVkZNMFX1B/:5f7vmL7vmXNm4U5FZaFXP/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b469b5b5b94a83af79ada6984656f28f_JaffaCakes118

Files

b469b5b5b94a83af79ada6984656f28f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4234972157dab1f7552ee0e93ecc9541

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetSystemTime
QueryPerformanceFrequency
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
GetLastError
SetCurrentDirectoryA
GetVersionExA
CreateDirectoryA
GetDiskFreeSpaceExA
lstrlenA
GetCurrentDirectoryA
CreateMutexA
LoadLibraryA
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange

user32

DispatchMessageA
LoadImageA
PeekMessageA
TranslateMessage
MessageBoxA

msvcr80

memset
memcpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strncpy
wcscpy_s
_strlwr
free
fwrite
??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
vsprintf
_stricmp
vsprintf_s
strchr
strncmp
_splitpath
??_U@YAPAXI@Z
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
sprintf_s
strstr
strcat_s
??_V@YAXPAX@Z
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
strcpy_s

engine_x86

GetEngineDllVersion
HideSplashscreen
CreateGame
?OnPaint@IGame@@QAEXXZ
?Initialize@IGame@@QAEHPADHPAUHICON__@@KK@Z
InitializeGameScriptFn
ShowSplashscreen
InitializeGameScript
DestroyGame
?GAME_REGISTRY_SUBKEY@@3PADA
?CD_NAME@@3PADA
UninitializeGameScript

filesystem_x86

?close@bfile_stdio@fs@@UAEXXZ
??_7bfile_stdio@fs@@6B@
?length@bfile_stdio@fs@@UAEIXZ
?read@bfile_stdio@fs@@UAEIPAXI@Z
?open@bfile_stdio@fs@@UAE_NPBDW4TYPE@EFSMode@@H@Z
?init@fs@@YA_NPBDH0_N1@Z
?add_source@fs@@YA_NPBDH@Z
?CrashClose@@YAXXZ
?shutdown@fs@@YAXXZ
?load_wide_string@fs@@YAPA_WPBD@Z
?root_path@fs@@YA?BV?$string_base@D@ttl@@PBD@Z

gdi32

DeleteObject

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

gamedll_x86

ShutdownGameScriptDLL
InitializeGameScriptDLL

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SKIDROW
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4234972157dab1f7552ee0e93ecc9541

Headers

File Characteristics

Imports

kernel32

user32

msvcr80

engine_x86

filesystem_x86

gdi32

advapi32

gamedll_x86

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 32KB

.rsrc Size: 520KB - Virtual size: 519KB

.SKIDROW Size: 80KB - Virtual size: 80KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 32KB

.rsrc
Size: 520KB - Virtual size: 519KB

.SKIDROW
Size: 80KB - Virtual size: 80KB