bfbc559c96e9fba6cbcd0900ed3f2658_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bfbc559c96e9fba6cbcd0900ed3f2658_JaffaCakes118
Size

1.9MB
MD5

bfbc559c96e9fba6cbcd0900ed3f2658
SHA1

fc67eeb12ea0ab7a0ee3413beacfc0dd0f18f6bf
SHA256

aaa1b82c60b1f27938a1ae60fa5503c5bade41b58130d45fccfc4c6ad9f28c3c
SHA512

a019f781e5c1fae5b2a4d07bbaba5d28e5f1292cfa957d4842389a7311633f8cef96e6bfcdf3f12c46d6c41647899dd0a740b0c3515fb41dcdd754142a64f407
SSDEEP

49152:OvpP2hAu+Eqev3b2nk/t6HJedVLWpCqCrgzoG:OvpUAu+Kbak/0SLW4jrg8G

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/l2phx.3.5.33.164/l2phx.3.5.33.164/LSPprovider.dll
unpack001/l2phx.3.5.33.164/l2phx.3.5.33.164/Plugins/x_als.dll
unpack001/l2phx.3.5.33.164/l2phx.3.5.33.164/l2ph.exe
unpack001/l2phx.3.5.33.164/l2phx.3.5.33.164/pcrelib.dll

Files

bfbc559c96e9fba6cbcd0900ed3f2658_JaffaCakes118
.rar
l2phx.3.5.33.164/l2phx.3.5.33.164/LSPprovider.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

WSPStartup

Sections

CODE
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 77B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

JCLDEBUG
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/a grade armor.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/a grade wep1.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/a grade wep2.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/a.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/am is gaidzio.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/b grade armor.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/baium hair.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/item is 2strong4you.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/javels.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/kitoks l2 apgauti Fell.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/mammon1.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/mammon2.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/nobles.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/potai y cl.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/reflect shieldas is mimi.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/s grade armor.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/s grade weapon(armor).pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/s grade wep.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/shotai.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/sudukai.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/tatoo.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/vogt dc is UnQ arba ArK.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Logs/vogti h seta is duff.pckt
.pckt .rtf
l2phx.3.5.33.164/l2phx.3.5.33.164/Plugins/x_als.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ChangeTimerThread
CreateAndRunTimerThread
DataPckToStrPck
DestroyTimerThread
GetALSStruct
GetPluginInfo
GetScriptVariable
GoFirstConnection
GoNextConnection
HexToString
HideUserForm
ReadC
ReadCEx
ReadD
ReadDEx
ReadF
ReadFEx
ReadH
ReadHEx
ReadQ
ReadQEx
ReadS
ReadSEx
SendPacket
SendPacketData
SendPacketStr
SetScriptVariable
SetStruct
ShowUserForm
StringToHex
WriteC
WriteCEx
WriteD
WriteDEx
WriteF
WriteFEx
WriteH
WriteHEx
WriteQ
WriteQEx
WriteS
WriteSEx
getConnectioidByName
getConnectionName

Sections

CODE
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

JCLDEBUG
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Anti target.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Auto target PK.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/AutoTarget.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Char Info.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Chat.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Doors action.script
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Doors action.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/FakeGM.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Hack Stats.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Invisible.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Magaz999Plus.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/NewScript.script
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Open Doors.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Radar.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/RunTitle.txt
.js
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Teleport hack.script
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/Teleport hack.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/announces.script
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/asd.script
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/aug.script
.js
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/augumentacija auto.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/augumentacija.script
.js
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/augumentacija.txt
.js
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/auto resas.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/auto ress.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/auto.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/enchant.script
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/pain.txt
.js
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/wh dupe l2off.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/Scripts/wh dupe l2off2.txt
l2phx.3.5.33.164/l2phx.3.5.33.164/l2ph.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

EurekaLog_AttachedFilesRequestEvent
EurekaLog_CallCreateThread
EurekaLog_CallExceptObject
EurekaLog_CallExitThread
EurekaLog_CallGeneralRaise
EurekaLog_CallResumeThread
EurekaLog_CustomButtonClickEvent
EurekaLog_CustomDataRequestEventEx
EurekaLog_CustomWebFieldsRequestEvent
EurekaLog_ExceptionActionNotifyEvent
EurekaLog_ExceptionErrorNotifyEvent
EurekaLog_ExceptionNotifyEvent
EurekaLog_HandledExceptionNotifyEvent
EurekaLog_LastDelphiException
EurekaLog_PasswordRequestEvent
EurekaLog_PasswordRequestEventEx
ExceptionManager

Sections

CODE
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 747B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 387B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 170KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 932KB - Virtual size: 932KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
l2phx.3.5.33.164/l2phx.3.5.33.164/l2ph_HOME-5B2B969CA6.elf
l2phx.3.5.33.164/l2phx.3.5.33.164/l2ph_NAMAI-C0XQ16NZF.elf
l2phx.3.5.33.164/l2phx.3.5.33.164/l2ph_SONYTAU-PC.elf
l2phx.3.5.33.164/l2phx.3.5.33.164/pcrelib.dll
.dll windows:4 windows x86 arch:x86

7938cbdc2ac68c2217ff14210a949bca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

Exports

Exports

pcre_compile
pcre_compile2
pcre_config
pcre_copy_named_substring
pcre_copy_substring
pcre_dfa_exec
pcre_dispose
pcre_exec
pcre_free_substring
pcre_free_substring_list
pcre_fullinfo
pcre_get_named_substring
pcre_get_stringnumber
pcre_get_stringtable_entries
pcre_get_substring
pcre_get_substring_list
pcre_info
pcre_maketables
pcre_refcount
pcre_study
pcre_version

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/ItemsID.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/Options.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/PacketsT1.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/PacketsT2.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/SkillsID.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/augmentsid.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/classid.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/npcsid.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/packetAion.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/packetsc4.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/packetsc5.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/packetst0.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/sysmsgid.ini
l2phx.3.5.33.164/l2phx.3.5.33.164/settings/windows.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 76KB - Virtual size: 76KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 77B

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 5KB

JCLDEBUG Size: 11KB - Virtual size: 11KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 80KB - Virtual size: 79KB

DATA Size: 3KB - Virtual size: 3KB

BSS Size: - Virtual size: 10KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 1024B - Virtual size: 984B

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 5KB

JCLDEBUG Size: 14KB - Virtual size: 14KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 2.8MB - Virtual size: 2.8MB

DATA Size: 49KB - Virtual size: 48KB

BSS Size: - Virtual size: 22KB

.idata Size: 15KB - Virtual size: 15KB

.edata Size: 1024B - Virtual size: 747B

.tls Size: - Virtual size: 387B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 170KB

.rsrc Size: 932KB - Virtual size: 932KB

7938cbdc2ac68c2217ff14210a949bca

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 5KB

CODE
Size: 76KB - Virtual size: 76KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 77B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 5KB

JCLDEBUG
Size: 11KB - Virtual size: 11KB

CODE
Size: 80KB - Virtual size: 79KB

DATA
Size: 3KB - Virtual size: 3KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 1024B - Virtual size: 984B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 5KB

JCLDEBUG
Size: 14KB - Virtual size: 14KB

CODE
Size: 2.8MB - Virtual size: 2.8MB

DATA
Size: 49KB - Virtual size: 48KB

BSS
Size: - Virtual size: 22KB

.idata
Size: 15KB - Virtual size: 15KB

.edata
Size: 1024B - Virtual size: 747B

.tls
Size: - Virtual size: 387B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 170KB

.rsrc
Size: 932KB - Virtual size: 932KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 5KB