b6a4965c33f4a0fb359e73199c8a60fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6a4965c33f4a0fb359e73199c8a60fe_JaffaCakes118
Size

6.7MB
MD5

b6a4965c33f4a0fb359e73199c8a60fe
SHA1

6eac7c7a044ec991cd8c88990c7d20527618b9b8
SHA256

ed8bdb8a1ae4a663cd373cb4faaa421f76c204d5fd19ab92ad52b0d4fc28941e
SHA512

d4ab6a9021313d6e52ec9a1d101f42b236a68d4f82a59141c7c07d97a13d1a327bbf411d88ebe594830eeaa9d8f555f3c97d5787d91b07f68cb6e84fae24ee5d
SSDEEP

98304:RPyn9ZMSOJxxxxpKe8rhs/tG5IpWHx/CuF90R+LLAObyGfi7FvYkNBeWeE8K6yW8:RCYSWcB5tYpBJeE8K6yWthKF25E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6a4965c33f4a0fb359e73199c8a60fe_JaffaCakes118

Files

b6a4965c33f4a0fb359e73199c8a60fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0fc5352393fe76cf712a6cb78a040a7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\backup\code\JoyMax\sro\SilkroadOnline\Client\Out\SRO_Client.pdb

Imports

gdi32

GetObjectA
GetDIBits
GetStockObject
GetDeviceGammaRamp
CreateFontA
BitBlt
SetPaletteEntries
SelectPalette
RealizePalette
CreatePalette
SetDIBColorTable
GetPixel
SetPixel
SetBkMode
SetTextColor
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
DeleteObject
DeleteDC
CreateCompatibleDC
AddFontResourceA
RemoveFontResourceA
SetDeviceGammaRamp
SelectObject
CreateDIBSection
GetGlyphOutlineA

advapi32

GetUserNameA
RegOpenKeyExA
FreeSid
EqualSid
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation

user32

SetWindowLongA
GetWindowLongA
CallWindowProcA
HideCaret
ShowCaret
GetKeyboardLayout
GetFocus
DestroyWindow
SetFocus
FindWindowA
IsWindow
GetWindow
SendMessageA
GetKeyState
GetWindowTextA
SetCursor
DefWindowProcA
PostQuitMessage
ChangeDisplaySettingsA
SystemParametersInfoA
EnumDisplaySettingsA
ClipCursor
GetClassLongA
GetMenu
SetMenu
CreateWindowExA
LoadMenuA
SetRect
RegisterClassA
DestroyMenu
GetIconInfo
EnableWindow
CheckRadioButton
CharNextExA
SetCursorPos
ClientToScreen
PostMessageA
GetWindowThreadProcessId
EndDialog
SetWindowPos
GetWindowRect
AdjustWindowRect
GetClientRect
GetDesktopWindow
RegisterClassExA
LoadCursorA
LoadIconA
ShowWindow
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
wsprintfA
IsCharAlphaA
DestroyAcceleratorTable
GetActiveWindow
GetDC
ReleaseDC
UpdateWindow
GetCursorPos
ScreenToClient
CharNextA
DialogBoxParamA
IsDlgButtonChecked
GetDlgItem
SetWindowTextA
GetSystemMetrics
MoveWindow
LoadStringA
SetForegroundWindow
MessageBoxA
LoadAcceleratorsA
RegisterHotKey
IsCharAlphaNumericA
PeekMessageA

imm32

ImmGetConversionStatus
ImmNotifyIME
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmGetProperty
ImmAssociateContext
ImmSetConversionStatus

d3dx9_30

D3DXLoadSurfaceFromSurface
D3DXMatrixTranspose
D3DXMatrixLookAtLH
D3DXMatrixOrthoLH
D3DXMatrixMultiply
D3DXMatrixTranslation
D3DXMatrixInverse
D3DXMatrixRotationY
D3DXVec3Transform
D3DXQuaternionRotationAxis
D3DXMatrixPerspectiveFovLH
D3DXMatrixRotationZ
D3DXFilterTexture
D3DXSaveTextureToFileA
D3DXLoadSurfaceFromMemory
D3DXMatrixRotationX
D3DXGetImageInfoFromFileInMemory
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXVec3Project
D3DXQuaternionRotationMatrix
D3DXAssembleShader
D3DXMatrixMultiplyTranspose
D3DXMatrixRotationAxis
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionMultiply
D3DXCreateTextureFromFileExA
D3DXVec3Normalize
D3DXCreateTextureFromFileA
D3DXLoadVolumeFromMemory
D3DXPlaneNormalize
D3DXVec3TransformCoord
D3DXPlaneIntersectLine
D3DXLoadVolumeFromVolume
D3DXPlaneFromPoints
D3DXMatrixRotationQuaternion

kernel32

SizeofResource
LockResource
GlobalMemoryStatus
GlobalAlloc
LoadResource
RaiseException
RtlUnwind
HeapFree
HeapAlloc
FindResourceA
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetSystemInfo
SetLastError
GlobalFree
ExitThread
ExitProcess
FindNextFileA
FlushInstructionCache
SleepEx
ReleaseSemaphore
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FlushViewOfFile
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
lstrlenA
ReadFile
CloseHandle
GetFileSize
CreateFileA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
WideCharToMultiByte
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
ResetEvent
CreateEventA
DeleteFileA
WriteFile
CreateDirectoryA
SetCurrentDirectoryA
SetEvent
WaitForSingleObject
CreateThread
CompareStringA
GetModuleFileNameA
GetACP
MultiByteToWideChar
GetVersion
GetTickCount
Beep
GetProcAddress
GetModuleHandleA
CreateMutexA
WinExec
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
SetUnhandledExceptionFilter
FindClose
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetSystemDirectoryA
GetCommandLineA
FreeLibrary
LoadLibraryA
GetLocaleInfoA
GetThreadLocale
GetVersionExA
Sleep
IsDBCSLeadByte
lstrcmpA
OutputDebugStringA
UnhandledExceptionFilter
GetProcessHeap
GetStartupInfoA
GetWindowsDirectoryA
SetThreadPriority
GetExitCodeThread
TerminateThread
ResumeThread
SuspendThread
GetFileAttributesA
GetFullPathNameA
lstrcpynA
lstrcatA
lstrcpyA
MulDiv
QueryPerformanceFrequency
_lwrite
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
IsValidLocale
GetSystemTimeAsFileTime
GetStdHandle
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
TlsGetValue
TlsAlloc
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
HeapReAlloc
VirtualAlloc
FatalAppExitA
TlsSetValue
TlsFree
GetCurrentThread
TerminateProcess
IsDebuggerPresent
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
OpenProcess

shell32

SHGetSpecialFolderPathA
ShellExecuteA

wininet

InternetGetLastResponseInfoA
FtpSetCurrentDirectoryA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpDeleteFileA
FtpRenameFileA
InternetCloseHandle
FtpOpenFileA
FtpPutFileA
FtpGetFileA
FtpGetCurrentDirectoryA
InternetFindNextFileA
FtpFindFirstFileA
InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetWriteFile

urlmon

URLDownloadToFileA

ws2_32

connect
accept
getpeername
getsockopt
WSASendTo
getsockname
WSACreateEvent
WSASetEvent
setsockopt
WSARecv
WSAIoctl
shutdown
WSACleanup
WSAStartup
WSAGetOverlappedResult
WSAResetEvent
listen
WSASocketA
WSAGetLastError
recvfrom
sendto
bind
gethostbyname
inet_addr
closesocket
socket
htons
ntohs
WSASend
inet_ntoa
WSARecvFrom
ioctlsocket
WSACloseEvent
WSAWaitForMultipleEvents

dsound

ord11

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ddraw

DirectDrawCreateEx

iphlpapi

GetAdaptersInfo

winmm

mmioClose
mmioAscend
mmioRead
mmioDescend
mmioGetInfo
mmioCreateChunk
timeKillEvent
timeSetEvent
mmioOpenA
timeGetTime
mmioWrite
mmioAdvance
mmioSetInfo
mmioSeek

d3d9

Direct3DCreate9

ole32

CoUninitialize
CoInitialize
CoCreateGuid

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 712KB - Virtual size: 709KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fc5352393fe76cf712a6cb78a040a7d

Headers

File Characteristics

PDB Paths

Imports

gdi32

advapi32

user32

imm32

d3dx9_30

kernel32

shell32

wininet

urlmon

ws2_32

dsound

version

ddraw

iphlpapi

winmm

d3d9

ole32

Sections

.text Size: 5.8MB - Virtual size: 5.8MB

.rdata Size: 712KB - Virtual size: 709KB

.data Size: 132KB - Virtual size: 2.8MB

.rsrc Size: 40KB - Virtual size: 38KB

.text
Size: 5.8MB - Virtual size: 5.8MB

.rdata
Size: 712KB - Virtual size: 709KB

.data
Size: 132KB - Virtual size: 2.8MB

.rsrc
Size: 40KB - Virtual size: 38KB