bddd6e3619085790b2410e7e4c82cbd8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bddd6e3619085790b2410e7e4c82cbd8_JaffaCakes118
Size

1.1MB
MD5

bddd6e3619085790b2410e7e4c82cbd8
SHA1

8e3a5b2c1d9880ae41a7d945888af2b0f58066e8
SHA256

8c3a54d872c6fe286100998be897beffa239c09d1c68e68554df2f2db5866fca
SHA512

8571a33f7f1c998e13658d6bac0f55c09b7c838fb92475a3c4d7ef992b9a4fc38c9c781c92e0bd7fcb04278c5b1c7bc53518c6dfccec60ea976a45599dd675d5
SSDEEP

24576:39oJNVVRcm9hT0cF7YISi46TghrfjlBIghsa889acTxgyl:toJFRcm9ho/Th/lBIghsxL2

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PANZERScd/PANZERS.exe
unpack001/PANZERScd/RLD-CPKG.EXE

Files

bddd6e3619085790b2410e7e4c82cbd8_JaffaCakes118
.rar
PANZERScd/PANZERS.exe
.exe windows:4 windows x86 arch:x86

a9604e2f0a901c49246d200b5adc690d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
GetUserNameA

dsound

GetDeviceID
DirectSoundEnumerateA
DirectSoundCreate8

gdi32

DeleteObject
GetDeviceCaps
CreateSolidBrush
CreateBitmap

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
GetOEMCP
GetACP
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
SetFileTime
MultiByteToWideChar
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
SetConsoleCtrlHandler
FlushFileBuffers
SetFilePointer
ReadFile
WriteFile
GetFileType
GetStdHandle
LocalFileTimeToFileTime
SystemTimeToFileTime
LCMapStringA
LockResource
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetDriveTypeA
GetCurrentDirectoryA
SetUnhandledExceptionFilter
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
IsBadWritePtr
FatalAppExitA
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
GetVersion
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
TerminateProcess
ExitProcess
CreateDirectoryA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
MoveFileA
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
RaiseException
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetTickCount
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
UnmapViewOfFile
GetVersionExA
CreateFileW
CreateFileA
CreateFileMappingA
GetFileSize
MapViewOfFile
FindResourceW
FindResourceA
SizeofResource
LoadResource
LockResource
GetLastError
GetModuleHandleA
GetProcAddress
lstrcmpi
WideCharToMultiByte
GetFullPathNameA
LeaveCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
InitializeCriticalSection
InterlockedExchange
EnterCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
CreateThread
CloseHandle
OutputDebugStringW
DebugBreak
LoadLibraryA
FreeLibrary
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
Sleep
CompareFileTime
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
SetCurrentDirectoryA
GetCurrentThreadId

user32

EndPaint
DestroyWindow
UnregisterClassA
GetClientRect
FillRect
MoveWindow
BeginPaint
GetWindowPlacement
GetDC
ReleaseDC
TranslateMessage
DispatchMessageA
GetMessageA
PeekMessageA
MessageBoxA
GetSystemMetrics
ValidateRect
ShowWindow
MessageBoxW
LoadStringA
PostQuitMessage
SetWindowLongA
SetCursor
DefWindowProcA
SetCursorPos
SetTimer
KillTimer
GetKeyNameTextA
UpdateWindow
CreateWindowExA
AdjustWindowRect
RegisterClassExA
LoadCursorA
LoadIconA

winmm

timeGetTime

ws2_32

WSAStartup
htons
inet_addr
WSAIoctl
setsockopt
WSAEnumProtocolsA
socket
closesocket
htons
bind
sendto
recvfrom
ioctlsocket
WSAGetLastError
inet_ntoa
WSACleanup

wsock32

shutdown
recv
connect
send
htonl
getsockname
htonl
gethostname
gethostbyname
select
__WSAFDIsSet
getsockopt

binkw32

_BinkBufferClose@4
_BinkWait@4
_BinkSetSoundSystem@8
_BinkBufferLock@4
_BinkCopyToBuffer@28
_BinkBufferUnlock@4
_BinkBufferBlit@12
_BinkNextFrame@4
_BinkOpen@8
_BinkBufferOpen@16
_BinkClose@4
_BinkBufferSetScale@12
_BinkOpenMiles@4
_BinkDoFrame@4

d3d9

Direct3DCreate9

mss32

_AIL_init_sample@4
_AIL_open_stream@12
_AIL_set_stream_loop_count@8
_AIL_open_3D_listener@4
_AIL_set_file_callbacks@16
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_get_preference@4
_AIL_last_error@0
_AIL_open_digital_driver@16
_AIL_startup@0
_AIL_set_redist_directory@4
_AIL_shutdown@0
_AIL_close_3D_provider@4
_AIL_close_3D_listener@4
_AIL_set_3D_orientation@28
_AIL_set_3D_position@16
_AIL_sample_status@4
_AIL_3D_sample_status@4
_AIL_set_stream_volume_pan@12
_AIL_set_3D_sample_volume@8
_AIL_set_sample_volume_pan@12
_AIL_sample_volume_pan@12
_AIL_mem_free_lock@4
_AIL_decompress_ASI@24
_AIL_file_size@4
_AIL_file_read@8
_AIL_set_sample_file@12
_AIL_allocate_sample_handle@4
_AIL_set_3D_sample_file@8
_AIL_allocate_3D_sample_handle@4
_AIL_set_3D_sample_offset@8
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_sample_loop_block@12
_AIL_3D_sample_length@4
_AIL_start_sample@4
_AIL_set_sample_loop_count@8
_AIL_release_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_set_sample_playback_rate@8
_AIL_set_3D_sample_playback_rate@8
_AIL_set_3D_sample_distances@12
_AIL_stop_3D_sample@4
_AIL_start_3D_sample@4
_AIL_sample_playback_rate@4
_AIL_sample_granularity@4
_AIL_stop_sample@4
_AIL_resume_3D_sample@4
_AIL_resume_sample@4
_AIL_close_stream@4
_AIL_register_stream_callback@8
_AIL_start_stream@4

ole32

CoInitializeEx
CoUninitialize

Exports

Exports

?CHECKCDKEY@SSettings@@QAE_NPBD@Z
?Connect@SGameSpy@@QAEXXZ
?Create@SChatRoomMenu@@QAEXXZ
?Create@SSkirmishChatRoomMenu@@QAEXXZ
?CreateMsgTxtIni@SGameSpy@@QAEXXZ
?GetVersionString@SVersion@@QAE?AVSString@@H@Z
?Init@SGameSpy@@QAEXXZ
?Init@SMulti@@QAEXXZ
?InitStagingRoom@SGameSpy@@QAEXXZ
?InitTitleRoom@SGameSpy@@QAEXXZ
?Initialize@SSuperWindow@@AAEXXZ
?IsMap@SChatRoomMenu@@AAE_NPBD@Z
?IsMap@SSkirmishChatRoomMenu@@QAE_NPBD@Z
?LetMapDone@SPanzersCampaign@@QAEXXZ
?LetResultsDone@SPanzersCampaign@@QAEXXZ
?LoadGame@SPanzersCampaign@@QAE_NPBD@Z
?LoadGameBefore@SPanzersCampaign@@QAEXPBD@Z
?LoadSavedGameNames@SPanzersCampaign@@QAEXAAV?$SDArray@USLoadSaveName@@@@@Z
?LoadScenarioMenu@SSingleMenu@@AAEXXZ
?LoadUnitFiles@SUnitRegistry@@QAEXPBD_N@Z
?NextPicture@SMainCreditMenu@@AAEXXZ
?RefreshServers@SGameSpy@@QAEXXZ
?SaveGame@SPanzersCampaign@@QAE_NPBD0@Z
?SaveGameBefore@SPanzersCampaign@@QAE_NXZ

Sections

.sforce
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sforce
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sforce
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.brick
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.revolt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PANZERScd/RLD-CPKG.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 969B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PANZERScd/使用说明.txt
PANZERScd/精彩库游戏@jcku.com.url
.url

Sharing

General

Malware Config

Signatures

Files

a9604e2f0a901c49246d200b5adc690d

Headers

File Characteristics

Imports

advapi32

dsound

gdi32

kernel32

user32

winmm

ws2_32

wsock32

binkw32

d3d9

mss32

ole32

Exports

Exports

Sections

.sforce Size: 3.0MB - Virtual size: 3.0MB

.RDATA Size: 4KB - Virtual size: 4KB

.sforce Size: 72KB - Virtual size: 72KB

.RDATA Size: 4KB - Virtual size: 4KB

.sforce Size: 336KB - Virtual size: 336KB

.idata Size: 4KB - Virtual size: 4KB

.brick Size: 276KB - Virtual size: 276KB

.rsrc Size: 8KB - Virtual size: 8KB

.revolt Size: 8KB - Virtual size: 8KB

Headers

File Characteristics

Sections

Size: - Virtual size: 24KB

Size: 969B - Virtual size: 4KB

.sforce
Size: 3.0MB - Virtual size: 3.0MB

.RDATA
Size: 4KB - Virtual size: 4KB

.sforce
Size: 72KB - Virtual size: 72KB

.RDATA
Size: 4KB - Virtual size: 4KB

.sforce
Size: 336KB - Virtual size: 336KB

.idata
Size: 4KB - Virtual size: 4KB

.brick
Size: 276KB - Virtual size: 276KB

.rsrc
Size: 8KB - Virtual size: 8KB

.revolt
Size: 8KB - Virtual size: 8KB