c27579fde1ca4607d44fe9642d513fd9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c27579fde1ca4607d44fe9642d513fd9_JaffaCakes118
Size

220KB
MD5

c27579fde1ca4607d44fe9642d513fd9
SHA1

ab2744e323c469771b7071208fb114cc1c71a0f4
SHA256

f43b9be76c3361fc6799a11f13a7e33dac21b79fbd0f3fb48bf7ce3b9e849f88
SHA512

4f05c526b44e6ccb967e4a9f6c2d60f1ec5682856269660e64b0a71351e20013faf2f0a6ea9ae60f3ffad07ed9f09c91612e2a77d7c36895e097087ee06376e8
SSDEEP

3072:g8eUNostlL10GqIDVJteGXSPtbKRLLP6vdCAwMVtiWzOOgcyo94TWJUssWIBFhSq:rPjN13DVqGX3RLLPJAwSthakaTAqQtY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c27579fde1ca4607d44fe9642d513fd9_JaffaCakes118

Files

c27579fde1ca4607d44fe9642d513fd9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b4a309bdc8f344e854b6fce6a3be2a7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\perforce_data\dev\projects\tools\games for windows plugins\branches\main\builds\win32\release\application\GameExplorerUtilities.pdb

Imports

wtsapi32

WTSCloseServer
WTSFreeMemory
WTSEnumerateProcessesW
WTSOpenServerW

shlwapi

PathAddBackslashW
SHDeleteKeyW

kernel32

GetFileAttributesW
GetFullPathNameW
CreateFileW
MultiByteToWideChar
WaitForSingleObject
GetComputerNameW
GetLastError
CloseHandle
WriteFile
GetWindowsDirectoryW
OutputDebugStringW
GetCurrentProcessId
GlobalAlloc
LoadLibraryW
SizeofResource
GlobalUnlock
GlobalFree
LockResource
FindResourceW
LoadResource
GlobalLock
CreateFileA
FlushFileBuffers
ReadFile
DeleteFileW
IsDebuggerPresent
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
RaiseException
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA

advapi32

RegCreateKeyExW
RegEnumKeyW
LookupAccountSidW
RegSetValueExW
RegOpenKeyExW
RegSetValueW
RegCreateKeyW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
ord680
SHFileOperationW

ole32

CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

_Java_com_sigames_GameExplorer_Utilities_addGameExplorerTasks@20
_Java_com_sigames_GameExplorer_Utilities_initialiseNative@8
_Java_com_sigames_GameExplorer_Utilities_registerWithGameExplorer@20
_Java_com_sigames_GameExplorer_Utilities_registerWithMediaCenter@24
_Java_com_sigames_GameExplorer_Utilities_removeGameExplorerTasks@12
_Java_com_sigames_GameExplorer_Utilities_shutdownNative@8
_Java_com_sigames_GameExplorer_Utilities_unregisterFromGameExplorer@12
_Java_com_sigames_GameExplorer_Utilities_unregisterFromMediaCenter@20

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4a309bdc8f344e854b6fce6a3be2a7c

Headers

File Characteristics

PDB Paths

Imports

wtsapi32

shlwapi

kernel32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 116KB - Virtual size: 116KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 116KB