bcd5655a1a19705eac742c26bfcc1537_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bcd5655a1a19705eac742c26bfcc1537_JaffaCakes118
Size

648KB
MD5

bcd5655a1a19705eac742c26bfcc1537
SHA1

dfe167677acfd02e4bd9945403e66881c579c16e
SHA256

c920a455fb84aaff70473d70d4aeb755eb850af6e39e09b47249b686bbc91005
SHA512

c769b230f3d61ea8195ffab636c056c8c27d2b92bb4e3edb4e9be83527dc1195fa23123a5759179db2f5cadf3e4e9a5f2b1cc04d70ed356db151ca0fd09c0db5
SSDEEP

12288:3J9+3g2LwUHbnHcc1njUvqERAfUXKvEYO8vBrrmTsWlytXWC:ZhCHd1ovOfU6pHZr6TL2f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcd5655a1a19705eac742c26bfcc1537_JaffaCakes118

Files

bcd5655a1a19705eac742c26bfcc1537_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f9ac275855e66ed0669b929860d4b4db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\cA\GameRelease\z_debuginfo\mahjong_artifacts2.pdb

Imports

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ddraw

DirectDrawCreateEx

fmodex

?isPlaying@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?getUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
?overridePaused@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getNumChannels@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getNumDrivers@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getDriverName@System@FMOD@@QAG?AW4FMOD_RESULT@@HPADH@Z
?getDriver@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setDSPBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@IH@Z
?getDSPBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@PAIPAH@Z
?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_CHANNELINDEX@@PAVSound@2@_NPAPAVChannel@2@@Z
?getChannel@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAVChannel@2@@Z
?getMasterChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
FMOD_System_Create
?getLength@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?setPaused@Channel@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?stop@Channel@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z
?setPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?setLoopPoints@Channel@FMOD@@QAG?AW4FMOD_RESULT@@IIII@Z
?setVolume@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z

d3d8

Direct3DCreate8

user32

UnregisterClassA
GetWindowLongA
CreateWindowExA
DefWindowProcA
AdjustWindowRect
RegisterClassA
SetCursor
ScreenToClient
SetActiveWindow
IsIconic
GetKeyState
SetForegroundWindow
TranslateMessage
LoadIconA
PeekMessageA
IsWindowUnicode
GetCursorPos
ShowWindow
IsWindow
DispatchMessageA
LoadCursorA
GetWindowInfo
SendMessageA
SetWindowLongA
SetWindowPos
AdjustWindowRectEx
GetSystemMetrics
DestroyWindow
MessageBoxA

kernel32

SetEndOfFile
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetLocaleInfoA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
ReadFile
HeapReAlloc
VirtualAlloc
HeapSize
IsDebuggerPresent
TerminateProcess
RaiseException
GetSystemTimeAsFileTime
VirtualFree
HeapCreate
HeapDestroy
InterlockedDecrement
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateThread
MultiByteToWideChar
Sleep
GetModuleFileNameA
FatalExit
GetComputerNameA
CreateFileA
FindFirstFileW
MoveFileExA
AllocConsole
FreeLibrary
InterlockedIncrement
MoveFileExW
GetCurrentProcess
QueryPerformanceCounter
CreateDirectoryW
GetFileAttributesExA
GetTickCount
GetCurrentThread
WriteFile
InitializeCriticalSection
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
GetModuleFileNameW
CreateDirectoryA
GetStdHandle
FindFirstFileA
GetLastError
lstrcmpiA
GetProcAddress
EnterCriticalSection
FindClose
GetLocalTime
LoadLibraryA
FindNextFileA
GetModuleHandleA
FindNextFileW
GetFileAttributesExW
QueryPerformanceFrequency
DeleteCriticalSection
GetCurrentThreadId
SetThreadAffinityMask
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
DeleteFileA
WaitForSingleObject
SetEvent
CreateEventA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExitThread
VirtualQuery

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

dinput8

DirectInput8Create

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.garr
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9ac275855e66ed0669b929860d4b4db

Headers

File Characteristics

PDB Paths

Imports

advapi32

ddraw

fmodex

d3d8

user32

kernel32

shell32

dinput8

Sections

.text Size: 492KB - Virtual size: 491KB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 24KB - Virtual size: 22KB

.garr Size: 4KB - Virtual size: 4KB

.text
Size: 492KB - Virtual size: 491KB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 24KB - Virtual size: 22KB

.garr
Size: 4KB - Virtual size: 4KB